Computer Security Articles

Published by José Manuel Bernal, February 2011

We are happy to announce that we just released Panda Cloud Antivirus version 1.4

If you are reading this after seeing a “Panda Cloud Antivirus has upgraded automatically!” message on your traybar, then you already have this latest version installed and running.

If you don’t have Panda Cloud Antivirus installed yet you can download it from www.cloudantivirus.com

What’s new at the latest Cloud Antivirus version?

This version includes the following improvements:

• New notification system. This system is integrated in the console and displays the most appropriate message to users depending on the characteristics of their product (type of version installed, time elapsed since the product was installed, whether the Panda Security Toolbar has been installed or not).
• URL filtering toolbar compatible with Internet Explorer 9 and Firefox 4.
• The ‘Free’ and ‘Pro’ texts have been included in the antivirus main screen in order to clearly identify the installed product.
• Fixed translation errors.

Panda Cloud Antivirus version free and Panda Cloud Antivirus version paid

The basic version will remain free, and those who wants to buy superior version with more features and tech support can pay for the Pro one for 29,99.

Panda Cloud Antivirus Support Forum

I’d like to encourage anybody who needs help to contact me or any other moderator through our support forum. I am sure we can be of great help to answer any questions you might have.

You will have a whole support team available to you, including the following moderators: budee, GoneToPlaid, Ibrad09, intrepid44, kilps, Shadowman and swejuggalo. Also, I’d like to take this opportunity to thank them all for their great job.

Take part in the forum and tell us your opinion!

Note: More information in Panda Cloud Antivirus Blog

Antivirus System 2011 is a rogue security product in the UnVirex family that pretends to find malicious code on a victim’s machine in order to frighten him or her into purchasing this useless application.

Antivirus System 2011 graphic interface

(Click on graphic to enlarge)

How to remove Antivirus System 2011:

If  Antivirus System 2011 has infected your pc, you should remove it immediately. Click here to use VIPRE to remove Antivirus System 2011 from your computer now.

CSA DISCLAIMER: This video taken from YouTube. As well as any other video found on this site is not hosted here, it just embedded, and it taken randomly by our system from video hosting services like YouTube, Metacafe, and others. Therefore, we are not responsible for any copyright violations, video materials, hacking or cracking activities, or any other. If you have any legal issues, please contact the appropriate host site.

Welcome to the first installment of a brand new Naked Security column, Flaming Retort!

Some of the topics we write about on this site provoke spirited comments from our readers, both here and on our Facebook page. Unsurprisingly – this is the internet, after all! – some of these comments represent what one might politely call an uncompromising position. And not a few of them are outright flames.

Flaming Retort does not exist not to praise our readers’ best flames, nor to repeat them merely in the name of perverse humour, nor to return fire in the wearisome tradition of a flame war.

The goal of Flaming Retort is to comment on one or two recent flames which represent a position which a significant minority seem to believe, but which isn’t quite as true or as certain as they might think.

To kick off, then, we’ll consider malware on Linux. Naked Security writer Carole Theriault mentioned last week that Sophos had just won (yet another!) VB100 award for Ubuntu.

That’s right. Anti-virus on Linux.

As you can imagine, it wasn’t long before we had our first outspoken comment:

I object to running a Windows virus scanner on my *nix systems just to help prevent the spread of viruses to/from Windows machines. They want to run an insecure system, so be it, but leave me out of it. And certainly don't expect me to expend my CPU cycles to try (in vain) to solve Windows' security issues."

Wow! With friends like that, who needs enemies? As a follow-up remarked:

I buy and sell diseased animals intended for use as food. Never mind, I don't eat meat, I don't care.

Nice attitude.

Ouch. Hot dog, anyone?

The first comment doesn’t actually say that Unix is secure by design. It takes an “us-and-them” attitude, and simply says that “they” are insecure. But a later comment wasn’t so equivocal, stating explicitly that:

The architecture of Linux prevents malware from being a self-propagating problem.

That’s not exactly a flame, but it’s certainly a grandstanding position. And it would be lovely if it were true. But it’s not. The architectures of Windows and Linux are surprisingly similar – they’re much more alike than they are different – and although Linux malware is, happily, very rare, there is nothing about the architecture of the operating system which prevents it.

(Be careful of claiming that something is impossible in computer security. A single counter-example will knock you off your pedestal. And 12,238 counter-examples will leave you reeling. That’s the number of unique IP numbers SophosLabs enumerated, between May and July 2008, which were infected with the Linux/Rst-B virus. In 2008, this virus was already more than six years old. And we only counted computers on which the virus was running as root. It doesn’t call home if it’s not running as root, so the total number of active infections was probably significantly higher.)

So here’s my flaming retort to the Linux-heads out there:

* Linux malware exists. It’s not a huge problem. It’s easily avoided. But don’t be in denial. There’s no “magic smoke” inside your operating system which renders you automatically immune to a determined cybercrook.

* Windows systems aren’t invariably less secure than those running Linux. You may know how to secure a Linux system more tightly and more easily than a Windows one. But other Linux admins might not. And accept at least some Windows admins will know how to secure their systems to a standard as high as yours.

* An injury to one is an injury to all. Stopping malware and spam even though it won’t harm you directly is just the sort of altruism which the internet needs. Please don’t be aloof about the problems which affect everyone.

Full story: Naked Security – Sophos

CSA DISCLAIMER: This video taken from YouTube. As well as any other video found on this site is not hosted here, it just embedded, and it taken randomly by our system from video hosting services like YouTube, Metacafe, and others. Therefore, we are not responsible for any copyright violations, video materials, hacking or cracking activities, or any other. If you have any legal issues, please contact the appropriate host site.

Posted by Blanca Carton, January 2011

Every year, PandaLabs, Panda Security’s anti-malware laboratory, publishes an annual malware report discussing the year’s most virulent threats. In 2010, this task was made all the more difficult as PandaLabs had to analyze and shift through no less than 20 million new viruses.

This report is also used as the basis for the company’s ‘Virus Yearbook’, which rather than a definitive list of threats that have infected most computers or caused more damage, is simply a summary of some of the viruses that, for one reason or another, have caught our eye.

Here are the Top Five:

1. The mischievous Mac lover: This title has been earned by a remote-control program with the worrying name of HellRaiser.A. It only affects Mac systems and needs user consent to install on a computer. Yet once installed, it can take remote control of the system and perform a whole host of functions… it can even open the DVD tray!
2. The Good Samaritan: Surely some of you will have guessed… Bredolab.Y comes disguised as a message from Microsoft Support claiming that a new security patch for Outlook has to be installed immediately… But watch out! If you download it you will have installed the SecurityTool rogueware, which will start telling you that your system is infected and that you should buy a certain solution to fix it. Of course, if you pay for the program, you will never receive it, it will not resolve the problem and that’s the last you will see of your money…
3. Linguist of the year: Our award for the linguist of the year goes to MSNWorm.IE. This virus, which in itself is nothing special, is distributed via Messenger with a link tempting the user into viewing a photo… in 18 languages!
4. The most annoying: Remember how viruses used to be? Or those ‘jokes’ that once installed would ask: “Are you sure you want to close the program? Yes – No?”. No matter what you clicked, the same screen would appear: “Are you sure you want to close the program?”, time and time again, enough to try the patience of a saint… Well that’s what this worm does: Oscarbot.YQ. Once it is installed, start praying, or doing yoga, or meditating… whatever you can think of, because it will drive you mad. Every time you close it, another screen opens asking another question, or opening a browser window, or… The most annoying, without a doubt.
5. Insect of the year: We would like to make special mention of the Mariposa (Butterfly) botnet, which was dismantled in March and led to the arrest of the creators thanks to the collaboration between Panda Security, the Spanish Civil Guard, FBI and Defense Intelligence… Like a true insect, it fed on the nectar of other people’s computers, flitting from one to another… and compromised a total of 13 million computers around the world.

How to protect yourself against attacks

The first rule is to use your common sense. If you receive an email message with attachments from a dubious source, delete it.

Be careful when surfing the Web. Avoid downloading programs from unknown websites. And even if you know the source, stay alert and take all necessary precautions before opening them.

Finally, to be completely protected it is essential that you have an antivirus installed and updated, regardless of whether your operating system is Windows or Mac.

Remember, if you have any questions about the operation of your product, you can always find the answers in the articles published on the Panda Security support website, in the videos posted on our YouTube Support Channel or by contacting our expert technicians through the Tech Support forum.

===============================================================================

This is an extract from the Post published by PandaLabs Recaps Year of Malware with its Virus Yearbook 2010

Kasperesky Lab says the anti-virus source code that one of its employees stole three years ago and distributed online cannot harm customers of the company’s current products.

Full story: Network World on Security

Anti-Malware 5.0 beta is out – Anti-virus of the year 2009 award!

Full story: a-squared – English

AVG Antivirus is a rogue security product that impersonates the real AVG anti-virus application. It pretends to find malcode on a victim’s machine in order to frighten him or her into purchasing this useless application. It’s the latest in the FakeXPA family, replacing Antivirus8.

VIPRE detection name: AVG-Antivirus.FakeXPA

AVG Antivirus rogue graphic interface

(Click on graphic to enlarge)

AVG Antivirus rogue installer

(Click on graphic to enlarge)

AVG Antivirus rogue fake alerts

 

(Click on graphic to enlarge)

(Click on graphic to enlarge)

 How to remove AVG Antivirus:

If  AVG Antivirus has infected your pc, you should remove it immediately. Click here to use VIPRE to remove AVG Antivirus from your computer now.

Full story: Rogue Antispyware

Best free antivirus We’ve added lots of NEW freebies since we did the video! antivirus-software.tech.officelive.com UPDATES: www.youtube.com FREEBIES with tech support: antivirus-software.tech.officelive.com What is the best free antivirus software? As we mentioned in the video, the best free antivirus software is actually a combination of several different free software programs. If you combine the right programs, you will have a good level of protection for your computer. The free software will protect you from virus, malware, spyware, hackers, phishing, scams, fraud web sites, and a lot more. All of the freebies on our list will give you real time protection against threats both known and unknown. In order to give your computer a high level of protection, you need the following: (1) antivirus (2) antispyware (3) firewall (4) secure web browser (5) anti-hack tool (6) fraud, scam, and phishing filter (7) a good sandbox to isolate your browser and other programs while they are running.. We are only going to recommend the very best free antivirus software and security tools. All of these are ones that we have tested and we know that they work. Be sure to un-install any antivirus or antispyware software you currently have on your computer before you install anything from the list. Here are the freebies: 1. Antivirus: Avira or Avast. 2. Antispyware: Malwarebytes or Spyware Doctor. 3. Firewall: Zone Alarm or PC Tools Firewall Plus. 4. Secure web browser: Explorer 8 and/or …

avast! sports fans around the world want to know: Will the world’s most popular free antivirus program make it to Super Bowl XLV?

Yes, it would be a long shot. But I’m betting that if avast! shows up at the number one event for American football, it will be instantly recognized by thousands of supporters.

Recent months have showed avast! steadily moving up the sporting ranks, getting a foothold in a variety of arenas. If avast! can handle NBA basketball and professional wrestling, – it can handle professional (American) football.

Last week, avast! showed up at the NBA Washington Wizards-Milwaukee Bucks game. Dan Steinberg, the  Washington Post’s sports blogger caught the announcement and posted it.  Sure enough, he soon had over ten viewers confirming, that was an “avast! virus database has been updated”. And, the game announcers were quick too, turning off the news before the entire avast! update news had been completed.

In November, the avast! update was one of the highlights to the match between A.J. and Nikki Bella, two professional women wrestlers, during their bout at the UK’s Manchester Arena. Fans were able to hear the complete message from avast! – along with some comments by the announcers.

What are the odds that avast! will show up at Super Bowl XLV in Arlington, Texas? I would say better than 1:1, but it would most likely be a stealth appearance.

Avast! now has around 120 million live users, computers that have gotten a virus database update within the past 30 days. That is a fair chunk of the world’s PCs. Within the United States, AVAST Software is the number one antivirus vendor. That is according to a December 2010 release from OPSWAT, a US-based software management firm.

That means that there is a high probability that at least one computer in the announcers’ booth will have avast! antivirus software.

And now, get ready for the bad news. It is quite easy, a one-click operation, to turn on the Silent Gaming function in avast!. Users can even decide select what alerts they want to hear, choosing perhaps a virus alert but not the routine update announcements.

The top football analysts should be able to figure this out. So, avast! will likely be at the Super Bowl, but it will just be silently running a defensive pattern on announcers’ computers, keeping them from getting sacked by a sneak malware attack.

We just will never hear about it. But with 100,000 fans in the stadium and maybe another 150 million watching on TV, we are certainly hoping for a vocal appearance.

Full story: avast! blog

See how KAV 2009 handles hundreds of infections like trojans, rogue antivirus, popups, downloaders, fake system alerts and everything else under the sun! Is it worth your money? Find out!

Antivirus companies and malicious software makers are in a continual battle. Antivirus developers attempt to identify and block malicious software, and the malicious software developers want to evade detection so their products can succeed to earn them money.

The recently released Symantec Report on Attack Toolkits and Malicious Websites discusses how malicious software is increasingly being bundled into attack kits and how those kits are being sold in the underground economy and used in a majority of online attacks. One aspect of the report discusses the various forms of obfuscation methods built into these kits to avoid detection by antivirus sensors and researchers.

A major part of this obfuscation arms race is called a “FUD cryptor.” FUD in this case does not stand for “fear, uncertainty, and doubt,” but rather for “fully undetectable” or “fully undetected.” FUD cryptors are increasingly showing up in sophisticated attack kits and their purpose is to obfuscate a malicious executable file’s contents so that it can still run as it was intended, but remain unrecognizable to antivirus software.

Antivirus signatures look for certain strings or patterns in files in order to locate known malicious executables. Because a substantial effort goes into the creation of these signatures before they can be distributed to customers, with the increasing popularity of malicious software creation toolkits, ostensibly it has become easier to create new malcode than it is to create signatures to block it. For antivirus companies to keep up, a single signature would need to block more than one piece of malware.

The FUD cryptor software encrypts the contents of a malicious executable file (the payload) and combines it with a small stub program. The stub’s job is to decrypt and execute the original malicious program at runtime. In order to make the resulting executable file unique, the FUD program uses a new encryption key every time it runs. The encryption process turns the payload into what looks like completely random data, changing any data that antivirus signatures would use to block the original malicious software.

The payload is completely obfuscated from antivirus detection, but the stub portion remains. The stub is a more difficult portion to obfuscate, because it must remain executable in order to properly perform its job of decrypting and running the original executable. Since the payload changes for each instance, antivirus signatures have to match on the stub portion in order to be able to match more than a single individual piece of malware.

In order to obfuscate the stub program, a unique stub generator (USG) can be used. The generator might insert random data in certain unused locations of the stub. It might insert randomized executable operations that have no effect. It might substitute or reorder certain portions of the code. The USG attempts to create a stub that is both unique and that contains as small of an unchanging portion of code as possible to make signature creation more difficult.

Once a particular piece of malware has been made undetectable and released into the wild it is only a matter of time until antivirus companies identify and block it. This necessitates the reapplication and possibly the reengineering of the FUD process, escalating the arms race over time.

It is expected that a FUD product will have a relatively short useful lifespan before antivirus companies can reliably detect executables that have been created by it. This lifespan can be days, weeks, or several months at most.

Because of the detection arms race, a range of FUD cryptor products and services has sprung up in the underground economy. There are stand-alone products designed to operate on EXE files, and there are malicious software creation toolkits that include FUD-crypting options as both standard and optional features. Applying FUD techniques to a Trojan can also be provided as a pay-per-use service. The report discusses advertisements in the underground economy in which these services are offered, and FUD services are generally included in most popular and better-maintained toolkit releases. In fact, a significant reason for users to purchase support for major toolkits is the repeated reapplication of FUD crypting to keep the resulting Trojans undetectable.

Because of the seesaw nature of signature-based detection, the next step in detecting malware is behavior- and reputation-based technologies not depending on signatures. If effective, tricks such as FUD cryptors may be made obsolete by improvements to behavior- and reputation-based detection.

For a more in-depth look at FUD-cryptors, attack kits, and how these things are affecting the threat landscape, please download the Symantec Report on Attack Kits and Malicious Websites.

Full story: Symantec Connect – Security Response – Blog Entries

Twitter has been resetting passwords for accounts that started distributing links promoting fake antivirus software in an attack that used Google’s Web address shortening service to conceal the links’ destination.

Full story: Computerworld Security News

It's better to check twice a site than infect your computer.

Full story: MalwareCity Blog

The Emsisoft malware research team has discovered a new outbreak of the  Antivirus Scan adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.AntivirusScan.

Antivirus Scan is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new file/directory:

• %UserProfile%\Local Settings\Temp\%random%\
• %UserProfile%\Local Settings\Temp\%random%\%random%.exe

Create/modify new registry entry:

• HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\Download
  RunInvalidSignatures = 0×00000001 (1)

• HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\PhishingFilter
  EnabledV8 = 0×00000000 (0)
  Enabled = 0×00000000 (0)

• HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings
  ProxyOverride = <local>

• HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\Associations
  LowRiskFileTypes = .exe

• HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\Attachments
  SaveZoneInformation = 0×00000001 (1)

• HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run
  %random% = %UserProfile%\Local Settings\Temp\%random%\%random%.exe

• HKEY_CURRENT_USER\software\%random%
  knkd = 0×00000001 (1)
  id = 8.6
  ready = 0×00000001 (1)

• HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles01\Software\Microsoft\windows\CurrentVersion\Internet Settings
  ProxyEnable = 0×00000001 (1)

• HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\Download
  CheckExeSignatures = no

• HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings
  ProxyEnable = 0×00000001 (1)
  ProxyServer = http=127.0.0.1:8074

Screenshots:

How to remove the infection of Antivirus Scan (Adware.Win32.AntivirusScan)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Full story: Emsisoft New Malware Blog

CSA DISCLAIMER: This video taken from YouTube. As well as any other video found on this site is not hosted here, it just embedded, and it taken randomly by our system from video hosting services like YouTube, Metacafe, and others. Therefore, we are not responsible for any copyright violations, video materials, hacking or cracking activities, or any other. If you have any legal issues, please contact the appropriate host site.

CSA DISCLAIMER: This video taken from YouTube. As well as any other video found on this site is not hosted here, it just embedded, and it taken randomly by our system from video hosting services like YouTube, Metacafe, and others. Therefore, we are not responsible for any copyright violations, video materials, hacking or cracking activities, or any other. If you have any legal issues, please contact the appropriate host site.

Throughout the year I keep a watchful eye on dozens of antivirus products, seeking new versions that need testing and evaluation. I peruse the independent lab tests and perform my own hands-on tests, challenging each product to clean up malware-infested test systems and to shield a clean test system from attack. Some do better at cleanup, others excel at blocking, while the very best handle both sides of the job with skill. PCMag’s latest roundup brings together our evaluations for thirty different antivirus products.

Absolutely every computer user should run antivirus protection. Short on cash? That’s not a problem. Quite a few free solutions exist. Ad-Aware Free Internet Security 9.0, our Editors’ Choice for free antivirus protection, actually out-scores most of the for-pay products. If your budget can stretch to buying a premium product, naturally Ad-Aware Pro Internet Security 9.0 offers even better protection. Ad-Aware Pro and Webroot AntiVirus with Spy Sweeper 2011 share the Editors’ Choice honor for premium antivirus products.

Do read the full roundup. It reviews trends in current antivirus products, identifies special features for some, and includes full-scale charts of how the products performed in my malware removal and blocking tests. Don’t see your favorite product? Chances are good it’s listed on the “Antivirus Apps Awaiting Update” page. Naturally you can link from the article to full-scale reviews for any of the product mentioned, so you can make a truly informed decision on which one will protect your own special PC.

Full story: Security Watch

CSA DISCLAIMER: This video taken from YouTube. As well as any other video found on this site is not hosted here, it just embedded, and it taken randomly by our system from video hosting services like YouTube, Metacafe, and others. Therefore, we are not responsible for any copyright violations, video materials, hacking or cracking activities, or any other. If you have any legal issues, please contact the appropriate host site.

Published by Leyre Velasco, January 2011

As the saying goes: an image is worth a thousand words. That is why, and because the motto of Technical Support at Panda Security is to help our customers, as we mentioned in our recent post New contents in our YouTube channel, we have uploaded new narrated videos to YouTube which will help you resolve your most frequently asked queries regarding the functionality of your antivirus.

Today, we would like to present a new video which will guide you through the Panda antivirus 2011/2010/2009 activation process. The popularity of this video continues to increase, as, in just two weeks, it has already been played 1895 times, so we hope it is useful to you.

What do you think? Leave your comments on YouTube, because your opinion will help us to improve!

We advise you to subscribe to the Support channel to find out about the latest videos! Anyway, we’ll keep you posted from La Piazza.

Finally, let us remind you that you can find the answer to any queries you might have about your product in the articles posted on the Panda Security support website, or contact our expert technicians in the Tech Support forum.

DrWeb — The updated versions come with the more stable scanner and file monitor, optimized updating routines and fine-tuned Control Center interface. A separate key file is now used to active Dr.Web for Mac OS X Server

Products have also been supplemented with new features such as desktop scanning.

A number of errors including critical issues that might cause the disruptive shutdown of the scanner and file monitor have been fixed. An issue that didn’t allow the anti-virus to disarm infected files which had non-Latin filenames has also been resolved.

In order to update the anti-viruses, use corresponding updated distribution files to install the products without removing the existing installations.

View the original article at DrWeb Blog

To provide free antivirus security means making the product available for people to download.  Obviously, the number of downloads is then a good indication of how popular the product is (well, it needs to be taken with grain of salt… there is more to it than just one number … but it’s a good indication, nonetheless )

First, we got a note from CNet a week or so ago that avast! was the 2^nd most-downloaded antivirus on download.com in 2010 (behind AVG).  Moreover, avast! has the highest editors’ and users’ ranking, which naturally put smiles on our faces.  Download.com is the single biggest downloading site in the world, so to be second there is a great achievement. (BTW, all the best to AVG for the top spot and we hope we will switch places with them this year )

Yesterday, a story from PC World popped-up via the alert notification… advising users “…looking for high-quality free software…“ to check out the “…best-reviewed and most-popular program…”. Yes, avast! Free Antivirus is their TOP choice and download for 2010.  Thank you, PC World!

Btw, both articles are here:

http://download.cnet.com/8301-2007_4-20024438-12.html

http://www.pcworld.com/downloads/collection/collid,1660-order,4/files.html

That got me thinking:  how did we do overall in 2010?   Download.com is the biggest and PC World is certainly influential, but there are more downloading sites out there.  Aside from Download.com, we monitor and have the stats for:   Softpedia.com, Brothersoft.com, Softonic.com, 01net.com in France, Html.it in Italy,   Chip.de in Germany, Dobreprogramy.pl in Poland, Softportal.com in Russia, Superdownloads.com.br and Baixaki.com.br in Brazil, and several others in smaller countries.

In total, we did really well in 2010! Combining all downloads from the sites we measure,  avast! is the MOST downloaded free antivirus with a total of 141,320,488 downloads.   AVG came second with 132 million, followed by 105 million downloads of Avira.

Not a bad year

Full story: avast! blog

Antivirus Action is a rogue security product that pretends to find malicious code on a victim’s machine in order to frighten him or her into purchasing this useless application.

VIPRE detection Trojan.Win32.Generic.pak!cobra

Antivirus Action sale screen

(Click on graphic to enlarge)

Antivirus Action graphic interface

 
(Click on graphic to enlarge)

How to remove Antivirus Action:

If Antivirus Action has infected your PC, you should remove it immediately. Click here to use VIPRE to remove Antivirus Action from your computer now.

Full story: Rogue Antispyware