Articles about Anti Virus

Boffins bag side-channel bugs before they bite

Rowhammer and similar side-channel attacks aren't caught by anti-virus, so a bunch of US boffins have set about working out how to catch their signatures. Once considered the stuff of laboratories and spies, side-channel attacks have become increasingly practical. Rowhammer, for example, is a software-only way to flip bits in …
FACEPALM

Kaspersky fixing serious certificate slip

Updated Kaspersky is moving to fix a bug that disabled certificate validation for 400 million users. Discovered by Google's dogged bug-sleuth Tavis Ormandy, the flaw stems from how the company's antivirus inspects encrypted traffic. Since it has to decrypt traffic before inspection, Kaspersky presents its certificates as a trusted …

Trend Micro AV nukes innocent Sharepoint code, admins despair

Trend Micro's antivirus software has flagged benign Sharepoint code as potentially malign and nuked the files, causing the Microsoft package to fall over. After installing a dodgy update, Trend's OfficeScan tool removes a harmless JavaScript file from Sharepoint, leaving crashing servers in its wake. Aggrieved admins have …
John Leyden, 08 Dec 2016
backdoor_648. Pic via Shutterstock

Crims using anti-virus exclusion lists to send malware to where it can do most damage

Advanced malware writers are using anti-virus exclusion lists to better target victims, researchers say. Software vendors use exclusion lists to explain the files and directories that antivirus software should ignore to avoid false positives and ensure an application's proper operations. Such lists are common: Citrix …
Darren Pauli, 07 Dec 2016
Weapon of the information wars from Shutterstock

Sysadmin figures out dating agency worker lied in his profile

On-Call Thank the Galactic Spirit it's Friday: your correspondent is beat! But not so beat I can't dip into the On-Call mailbag to dredge up another story in which your fellow Reg readers explain how they've rescued clients and colleagues from chronologically-inconvenient computational cock-ups. This week, meet “Hal”, who tells us …
Simon Sharwood, 02 Dec 2016
botnet

Online criminals iced as cops bury malware-spewing Avalanche

On November 30, simultaneous raids in five countries by the FBI, Europol, and the UK's National Crime Agency (NCA) finally shuttered the Avalanche criminal network that has been spewing malware and money laundering campaigns for the past seven years. The Avalanche network was a system of 600 servers around the world that were …
Iain Thomson, 01 Dec 2016

Oh no, software has bugs, we need antivirus. Oh no, bug-squasher has bugs, we need ...

Flaws in security products are among the most commonly encountered desktop software vulnerabilities, according to a new study. Eleven of the 46 products that made it into monthly top 20 most vulnerable product charts between August and October were security packages, Secunia reports. Products from vendors including AlienVault …
John Leyden, 29 Nov 2016

Symantec doubles down on consumer security by buying LifeLock

Symantec has bought identity theft protection firm LifeLock for $2.3bn. The deal, announced Sunday, represents a brave bid by Symantec to shore up a consumer security business eroded by dwindling anti-virus sales. Selling Norton consumer security alongside identity protection and remediation services from LifeLock will enable …
John Leyden, 21 Nov 2016
Speed

Windows Server 2016 persistent memory support supercharges storage IO

Analysis The best IO is... no IO. Windows Server 2016 has code to supercharge data storage IO speed by not treating it as IO anymore. It uses storage-class memory (SCM) as a persistent store, one that is on the memory bus, close to the CPU, and doesn't lose its contents when power is lost, an NVDIMM-N type device. That can be …
Chris Mellor, 28 Oct 2016

Search engine results increasingly poisoned with malicious links

Malware threats in search results are getting worse despite the best efforts of Google and other vendors. The number of infected results has been increasing year by year since 2013 despite the application of multiple tools and technologies designed to exclude dodgy links, according to a study by independent anti-virus testing …
John Leyden, 28 Oct 2016

Spam scum ping global blacklists to wreck rep

Malware authors are consulting IP blacklists designed to help fight spam in a bid to avoid detection and increase inbox hit rates. The novel abuse allows malware authors to determine if they have infected clean and benign machines. "This malware is interesting because it contains a hardcoded list of commonly known blacklist …
Darren Pauli, 21 Oct 2016
Embarrassed/exhausted man sits in front of laptop in hipstery office. Photo by Shutterstock

Email security: We CAN fix the tech, but what about the humans?

Last month’s Mr Chow ransomware attacks serve as a timely reminder that security should be at the top of any business IT strategy. Ransomware is on the increase, at least according to the FBI and while it is not all email borne, it is an example of how sophisticated hackers and criminals are getting with technology. Certainly …

How does a hybrid infrastructure fit my accreditations?

Security-related certifications such as ISO 27001 and, more particularly, the Payment Card Industry Data Security Standard (PCI-DSS), have stringent requirements regarding the controls on infrastructure, how data is routed and stored around it, and so on. Particularly in the cloud components of a hybrid setup, the control you …
Dave Cartwright, 06 Oct 2016

35,000 ARRIS cable modems at risk from firmware dumper bot

Hackers have exploited a back door in more than 35,000 ARRIS modems, making off with firmware and certificates, according to security researcher Bernardo Rodrigues. ARRIS makes cable modems and associated home networking kit. It recently shipped a patch to address 2015 zero day which at the time of disclosure impacted 600,000 …
Darren Pauli, 15 Sep 2016
Man relaxes, stretches out, outs his feet up on a cloud.... Fun but hammy stock pic. Photo by Shutterstock

Get ready for Cloud 3.0, the age of Platform-as-a-Service

Promo Cloud computing is evolving rapidly, and new ideas about “Cloud 3.0” will be featured this week at Huawei Connect 2016, the company's flagship conference in Shanghai. Huawei characterises the mid-2000s boom in server virtualisation as Cloud 1.0. Cloud 2.0 was all about infrastructure-as-a-service, with special emphasis on …
David Gordon, 31 Aug 2016
LInux nutella

Linux malware? That'll never happen. Ok, just this once then

Russian security outfit Dr. Web says it's found new malware for Linux. The firms says the “Linux.Lady.1” trojan does the following three things: Collect information about an infected computer and transfer it to the command and control server. Download and launch a cryptocurrency mining utility. Attack other computers of …
Simon Sharwood, 11 Aug 2016
Thanks, I suppose. Woman contemplates unwanted gift. Photo by Shutterstock

Brit network O2 hands out free Windows virus with USB pens

A marketing campaign by O2 that sent customers USB-embedded pens backfired last week – after it transpired a number of devices contained a "Windows-specific virus." The UK cellphone network sent out the USB pens to its business customers followed by a marketing email encouraging them to download a free eBook. That was then …
Kat Hall, 08 Aug 2016

Three times as bad as malware: Google shines light on pay-per-install

As some point you have probably downloaded a "free" piece of software only to find it has come with a whole host of other unwanted friends that go on to redirect your browser search bar or inject ads where there weren't any before. This is the world of pay-per-install (PPI) and Google, along with New York University and the …
Kieren McCarthy, 05 Aug 2016

Kaspersky upends sofa, finds US$50k for bug bounties

Kaspersky Lab has bowed to the probably inevitable and kicked off a bug bounty programme. The company – whose products have, like everyone in the anti-virus space, been targeted by everyone from Project Zero's Tavis Ormandy down to mum's-basement script kiddies – is hosting bounty at HackerOne. The bounty starts with its …

SentinelOne's $1m ransomware guarantee dismissed as PR stunt

A “ransomware guarantee” from security outfit SentinelOne has been dismissed by critics as a marketing stunt. Ransomware is currently the biggest scourge of internet security, affecting corporates and consumers alike. So self-styled next generation endpoint security firm SentinelOne unsurprisingly created waves with a pledge …
John Leyden, 29 Jul 2016

GOP delegates suckered into connecting to insecure Wi-Fi hotspots

A Wi-Fi hack experiment conducted at various locations at or near the Republican National Convention site in Cleveland, US, underlines how risky it can be to connect to public Wi-Fi without protection from a VPN. The exercise, carried out by security researchers at Avast, an anti-virus firm, revealed that more than 1,000 …
John Leyden, 21 Jul 2016
Image by KYTan http://www.shutterstock.com/gallery-1088876p1.html

Asian nations mull regional 'Europol' in fight against cybercrime

RSA APAC A closed-door meeting of cabinet ministers from more than a dozen countries met yesterday to mull the creation of a Europol-style organisation to crack down on cyber crime in the region and abroad, The Register has learned. The Asian organisation is conceptual only, but has support from countries including China, Malaysia, …
Darren Pauli, 21 Jul 2016

Flaws found in security products from AVG, Symantec and McAfee

Updated Hundreds of security products may not be up to the job, researchers say, thanks to flawed uses of code hooking. The research is the handiwork of EnSilo duo Udi Yavo and Tommer Bitton, who disclosed the bugs in anti-virus and Windows security tools ahead of their presentation at the Black Hat Las Vegas conference next month. …
Darren Pauli, 20 Jul 2016

Symantec, Intel carve out diminishing slice of growing security market

Worldwide security software revenues rose 3.7 per cent to reach $22.1bn in 2015, according to analyst Gartner. Security information and event management (SIEM) remained the fastest-growing sub segment of the cybersecurity biz last year, experiencing 15.8 per cent growth. By contrast, consumer security software recorded a 5.9 …
John Leyden, 14 Jul 2016

Avast woos AVG shareholders with $1.3bn buyout offer

Avast is offering to buy anti-virus rival AVG for $1.3bn. AVG shareholders are being offered $25.00 per share in cash, a 33 per cent mark-up on the closing share price on Wednesday. AVG, Avast and rival Avira are the three main players in the market for freebie anti-virus scanners for Windows. All make their money by offering …
John Leyden, 07 Jul 2016
Image: Serazetdinov http://www.shutterstock.com/fr/pic-114819721/stock-vector-illustration-of-a-strong-blast-of-brain.html

Zero-interaction remote wormable hijack hole blasts Symantec kit

Scores (or thousands, or millions) of enterprise and home Symantec users are open to remote compromise through multiple now-patched (where possible) wormable remote code execution holes described by Google as 'as bad as it gets'. The flaws are "100 percent" reliable against Symantec's Norton Antivirus and Endpoint according to …
Darren Pauli, 29 Jun 2016
Undrey http://www.shutterstock.com/gallery-950635p1.html

Lenovo Solution Center portal patched to shutter hacker god mode hole

Lenovo has patched a dangerous hole in its rebuilt Solution Center that could allow attackers to gain god mode access on hacked machines and to kill running processes including anti-virus. The pre-installed OEM software helps users update Lenovo tools and manage features like firewalls. Attackers with existing but …
Darren Pauli, 27 Jun 2016
Cheban's blingy watch

Sirin Labs' Solarin isn't for pro-privacy bankers. It's for rich execs who want bling

El Reg got hands-on with the Solarin $14,000 ultra-high-end Android smartphone during a trip to Tel Aviv this week. As previously reported, the Solarin handset is an Android-based smartphone pitched at privacy-conscious executives and the ultra-wealthy. The smartphone comes with a 24 megapixel camera and integrated 3D audio …
John Leyden, 20 Jun 2016

Man-in-the-middle biz Blue Coat bought by Symantec: Infosec bods are worried

Analysis Symantec’s deal to to buy Blue Coat, the controversial web filtering firm, for $4.65bn will bolster its enterprise security business. But some security experts are concerned about the potential for conflict of interest created by housing Symantec’s digital certificate business and Blue Coat’s man-in-the-middle SSL inspection …
John Leyden, 14 Jun 2016
Laptop user, photo via Shutterstock

Tech support locker scam poses as failed Microsoft Update

Cybercrooks have put together a new scam that falls halfway between ransomware and old school browser lockup ruses. The new class of “tech support lockers” rely on tricking users into installing either a fake PC optimiser or bogus Adobe Flash update. Once loaded the malware mimicks ransomware and locks users out of their …
John Leyden, 20 May 2016

Phishing scam targets ... actual fishermen in eastern Ukraine

Security firm ESET has uncovered a long running cyber-espionage campaign in Ukraine, and seemingly targeted at separatists. Operation Groundbait is a targeted attack most likely run from within Ukraine by as yet unidentified politically motivated hackers. The region is a hotspot for malware-based spying campaign thanks largely …
John Leyden, 18 May 2016
Broken CD with wrench

Malware scan stalled misconfigured med software, mid-procedure

A user or reseller who couldn't be bothered configuring their antivirus properly has hit the headlines for interrupting doctors trying to insert a vascular catheter into a patient. As the FDA's Adverse Event Report says, an hourly malware scan stalled a Merge Healthcare Hemo unit, which collects patient vital signs, displays …
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Suck on this: White hats replace Locky malware payload with dummy

Pranksters have infiltrated the control system behind the infamous Locky ransomware and replaced the malware’s main payload with a dummy file. Locky normally spreads using malicious and disguised JavaScript inside email attachments supposedly containing an invoice or similar. Malicious messages are sent to prospective marks in …
John Leyden, 05 May 2016
dunce_cap_648

TLS proxies: insecure by design say boffins

Have you ever suspected filters that decrypt traffic of being insecure? Canadian boffins agree with you, saying TLS proxies – commonly deployed in both business and home networks for traffic inspection – open up cans of worms. In their tests, “not a single TLS proxy implementation is secure with respect to all of our tests, …
Picard frustrated

Half of people plug in USB drives they find in the parking lot

A new study has found that almost half the people who pick up a USB stick they happen across in a parking lot plug said drives into their PCs. Researchers from Google, the University of Illinois Urbana-Champaign, and the University of Michigan, spread 297 USB drives around the Urbana-Champaign campus. They found that 48 …
Shaun Nichols, 11 Apr 2016
money_currencies_648

Baddies' brilliant plan to get mobile malware whitelisted: Bribery

Criminals have resorted to bribes in order to smuggle malware into the source code of mobile gaming apps. The scam, in which malware authors bribed the employees of a legitimate mobile games company in China to embed malware into mobile apps, was uncovered by security researchers from Check Point. The bribe ensured that …
John Leyden, 11 Apr 2016

Patch out for 'ridiculous' Trend Micro command execution vuln

A bug in its software meant that Trend Micro accidentally left a remote debugging server running on customer machines. The flaw, discovered by Google’s Project Zero researcher Tavis Ormandy, opened the door to command execution of vulnerable systems (running either Trend Micro Maximum Security, Trend Micro Premium Security or …
John Leyden, 31 Mar 2016
Edge supports JavaScript extensions in the latest preview build

We wrap our claws around latest pre-Build Windows 10 preview

Microsoft is releasing preview versions of Windows 10 at a rapid rate, perhaps in preparation for its Build developer conference later this week in San Francisco. Build 14295, released late last week, followed just 8 days after Build 14291, which introduced Extensions for the Edge browser as well as an updated Maps app. There …
Tim Anderson, 29 Mar 2016

PC World's cloudy backup failed when exposed to ransomware

The shortcomings of consumer-grade backup services in protecting against the scourge of ransomware have been exposed by the experiences of a UK businesswoman. Amy W, who runs a small business in the Newbury, Berkshire area, was convinced that the KnowHow cloud was the only backup technology she'd ever need1 when she bought a …
John Leyden, 22 Mar 2016

The bill for Home Depot after its sales registers were hacked: $19.5m

Home Depot will pay at least $19.5m in compensation to the 50 million customers hit by hackers who infiltrated the chain's sales tills in 2014. The US home improvement warehouse will create a $13m fund to reimburse shoppers and spend a further $6.5m providing a year's worth of identity protection for those impacted. Those are …
Kieren McCarthy, 17 Mar 2016
dumb_and_dumber_648

Like masochism? Run a PC? These VXers want to help you pwn yourself

Masochistic Windows users have been given a helping hand from hackers, in the form of step-by-step instructions on how to get their PCs infected with malware. A recent malware-slinging banking trojan campaign targeting Germany last week comes with explicit instructions for the recipients describing how to get their computers …
John Leyden, 14 Mar 2016

'You've been hacked, pay up' ... Ransomware forces your PC to read out a hostage note

Ransomware miscreants have developed a strain of malware that lets victims known that their computer has been encrypted verbally. The Cerber ransomware encrypts users' files using AES encryption before demanding an extortionate payment of 1.24 Bitcoins ($500) in order to supply a private key needed to decrypt files. The …
John Leyden, 07 Mar 2016

McAfee gaffe a quick AV kill for enterprising staff

Intel Security has fixed a flaw that made it possible to shut down its McAfee Enterprise virus engine, thereby allowing the installation of malware and pirated software. The hotfix addresses an issue that Agazzini Maurizio, senior security advisor at Rome-based consultancy Mediaservice, first warned about 15 months ago. McAfee …
Darren Pauli, 07 Mar 2016

Borked ESET antivirus update says entire web is too risky to browse

Surfers who rely on ESET anti-virus are having a hard time surfing the web following a misfiring anti-virus update, pushed out on Monday morning. The update is stopping people who apply it from browsing most of the internet, including ESET’s own site. Sites such as Amazon, MSN and more are falsely being labelled as …
John Leyden, 29 Feb 2016
fail

Comodo's 'security' kit installed a lame VNC server on PCs on the sly

Google's Project Zero has found yet another blunder in Comodo's internet "security" software – a VNC server enabled by default with a predictable password. Earlier this month, Googler Tavis Ormandy pointed out that Comodo's custom web browser, dubbed Chromodo, was about as unsafe as a lace condom thanks to terrible security …
Iain Thomson, 18 Feb 2016

Google ninjas go public with security holes in Malwarebytes antivirus

Malwarebytes is rushing to plug security flaws in its software that allow miscreants to sling malware at its customers. The antivirus firm says it has addressed server-side vulnerabilities that were reported by Google Project Zero researcher Tavis Ormandy in November. However, security holes remain in the client-side software …
John Leyden, 02 Feb 2016

Angler exploit kit now hooking execs with Xmas Flash hole

The Angler exploit kit is again sailing the cyber seas and pillaging with impunity, adding one of the more recent machine-hijacking Flash holes to its arsenal. The integration of Adobe Flash vulnerability (CVE-2015-8651) patched last month solidifies Angler's position as the most popular and effective exploit kit on …
Darren Pauli, 28 Jan 2016

Brazilian whacks: as economy tanks, cyber-crooks samba

Brazil's economy may be hurtling towards recession but its online criminal underground is booming with wannabe hackers and carders racing to get a cut, research finds. Trend Micro's work is the latest in a series of papers it has published in recent months that examine regional online crime economies including North America, …
Darren Pauli, 13 Jan 2016
shutterstock_222258445-roadblock

Predictable: How AV flaw hit Microsoft's Windows defences

Could it be that time spent by Microsoft on software security counts for naught? Possibly - based on the findings of an investigation by enSilo that found some of the best-known AV names are susceptible to new vulnerabilities. The results are alarming, suggesting an entire of ecosystem unwittingly opening a back door into …
John Leyden, 11 Dec 2015

Hackers add exploit kit to article asking 'Is cyber crime out of control?'

Hackers have hosed an article published by The Guardian using the world's nastiest exploit kit Angler to pop the machines of exposed readers. The attack firmly answers the article's headline positing the question 'is cybercrime out of control', based on arguments in a book by one Misha Glenny. Angler is the most capable and …
Darren Pauli, 11 Dec 2015