Articles about Anti-Virus

Vigilante VXer FIXES SOHOpeless routers

Threat boffin Mario Ballano says VXers have broken into a host of routers creating a botnet dedicated solely to securing and hardening the devices. The Symantec security man says the botnet first detected in November last year has not launched a single denial of service attack or undergone any form of black hat activity in the …
Darren Pauli, 02 Oct 2015

Rusky antivirus company FIRE BOMBED for research blogs

Russian ATM VXers have firebombed the research lab of an anti-virus firm after its researchers refused to retract reverse engineering analysis of their malware. The attack followed email threats by the group calling itself the 'Syndicate' to the Moscow company which sold the Shield antivirus product that prevented the gang's …
Darren Pauli, 30 Sep 2015

AVG to flog your web browsing, search history from mid-October

Changes in the privacy policy of AVG's free antivirus doodad will allow it to collect your web browsing and search history – and sell it to advertisers to bankroll its freemium security software products. The changes will come into play on 15 October, according to the Czech-based biz in a blog post. The revised privacy policy …
John Leyden, 21 Sep 2015
Shaun of the Dead

'I may be winning this ad-blocker game, but I hate it. I'm outta here (with $100k). Buh-bye'

QuoTW We do hope you've enjoyed this week of botched Apple updates, unlikely Linux lovers and surprise birthday gifts. Here are our favourite quotes. Bitcoin backers have had a long and contentious relationship with sovereign states, and this week they got some unwanted recognition from the US. The Commodity Futures Trading …
Team Register, 20 Sep 2015
No junk mail. Pic: gajman, Flickr

The last post: Building your own mail server, part 2

Feature Last week, I explained the reasoning behind setting up your own mailserver, and the choice of software that I'll be using for it. This week, it's time to get hands on and show you how to do it. One word of advice, though: this is my configuration, and there are lots of options for tweaking, not to mention different ways to do it …
Nigel Whitfield, 19 Sep 2015

'I promise you I will win', says completely sane presidential candidate John McAfee

QuoTW This week new iStuffs were showcased, a scary luggage hack popped up and a gaming icon turned 30. Now for some of the best quotes from the past seven days. America's favourite gun-toting anti-virus tycoon John McAfee has thrown his hat in to the 2016 presidential race. McAfee has made himself the official cyber party …
Team Register, 13 Sep 2015

TorrentLocker scum have better email lists than legit devs, telcos

Spammers deploying the TorrentLocker ransomware are so good at targeting victims that their poison emails hit the mark more frequently than those sent by legitimate software companies and professional marketers. Trend Micro's just analysed the malware in a report titled TorrentLocker Landscape: Targeting Even More Victims in …
Darren Pauli, 09 Sep 2015
The Day the Earth Stood Still

Gloves on as Googler deposits foul zero-day on Kaspersky lawn

Google security man Tavis Ormandy has revealed a dangerous remote zero day vulnerability in Kaspersky kit that grants attackers system privileges. The bug is a remote "zero interaction" buffer overflow affecting default installation configurations of the latest anti-virus software versions. "So, about as bad as it gets," …
Darren Pauli, 08 Sep 2015
man_from_uncle_648

Viral virus bunfight: Dr Web tested rivals like Kaspersky Lab

Russian anti-malware firm Dr.Web tested rivals to see if they blindly accepted malware reports shared through cross-industry intelligence systems like Kaspersky Lab, according to investigative reporter Brian Krebs. However, Dr.Web stopped short of using services such as VirusTotal to trip up rivals, the focus of fiercely …
John Leyden, 02 Sep 2015
bang_648

Sysadmin ignores 25 THOUSAND patches, among other sins

On-call And that's one of the easier chores our reader found himself faced with in a new temp job. Most weekends, our On-Call feature looks at the odd situations readers find themselves in when called to do something on a client site or in the dead of night. This week we're making an exception for reader “Bill”, who rates himself as “ …
Simon Sharwood, 23 Aug 2015

Net scum respect their elders so long as it leads to p0wnage

Net scum are employing both cool new attacks like the Angler exploit kit and oldies-but-goodies such as macroviruses in their undergoing something of a generational clash, with Cisco reporting both Word macros and the sophisticated Angler exploit kit are the most popular attack vectors this year. Blackhats dumped macros as an …
Darren Pauli, 20 Aug 2015

Ransomware blueprints published on GitHub in the name of education

Turkish security bod Utku Sen has published what appears to be the first openly available source code for ransomware – free for people to use and spread. The "Hidden Tear" ransomware, available to GitHub, is a functional version of the malware the world has come to hate; it uses AES encryption to lock down files and can …
Darren Pauli, 18 Aug 2015

Kaspersky Lab denies tricking AV rivals into nuking harmless files

Kaspersky Lab deliberately fed bogus malware to its rivals to sabotage their antivirus products, two anonymous former employees allege. Kaspersky says the accusations are false. Reuters reported today that two ex-Kaspersky engineers claim they were tasked with tricking competing antivirus into classifying benign executables …
John Leyden, 14 Aug 2015

John McAfee launches cert authority but it's got a POODLE problem

Eccentric infosec man John McAfee is now the proprietor of a Certificate Authority named BlackCert. Fresh from a shootout friendly discussion with police over drug and firearm possession, the one-time anti-virus boss has made what is badged as a disruptive play into SSL. BlackCert will offer unlimited use of SSL certificates …
Darren Pauli, 13 Aug 2015
botnet

Bunitu botnet crooks sell your unencrypted VPN traffic for £££

Cyber-crooks behind the Bunitu botnet are selling access to infected proxy bots as a way to cash in from their network. Users (some of whom may themselves be shady types, as explained below) who use certain VPN service providers to protect their privacy are blissfully unaware that back-end systems channel traffic through a …
John Leyden, 11 Aug 2015

Five-star Flash phish filched from Hacking Team targets bigwigs

The DarkHotel global advanced threat actor group is targeting suit-wearing types with an old-school HTML application stuffed with the Adobe Flash exploit borrowed from stolen Hacking Team data. The flaws were quickly patched after the Hacking Team goring in July, but DarkHotel appears to have started targeting the exploits …
Darren Pauli, 11 Aug 2015

'Cops KNOW WHO I AM and I don't believe their hearts were truly in the shootout'

QuoTW It was a week of Firefox flaws, unruly Windows and big game news. Here were our favorite quotes from the past seven days: We may have arrived in the Windows 10 era but over in Wales, IT still parties like it's 2001. NHS systems have been found to still be running the ancient operating system Windows XP on their desktops. …
Team Register, 09 Aug 2015

Slippery Windows Updates' SOAP bubbles up SYSTEM priveleges

Blackhat 2015: Microsoft has bungled Windows Server Update Services (WSUS), according to hackers Paul Stone and Alex Chapman, with insecure defaults that let them hijack OS updates. Attackers that have previously gained admin privilege on a target system can elevate themselves to system-level access by skipping the normal signed update …
Darren Pauli, 07 Aug 2015
Xen project hypervisor logo

Xen hardens up with zero-footprint guest introspection code

The Xen Project's had a nasty run with security of late, thanks to a run of five bad bugs, but has revealed plans to improve matters in the forthcoming version 4.6 of its open-source hypervisor. The Project's new weapon is called libbdvmi and addresses the fact that running security software on a guest virtual machine can be …
Simon Sharwood, 05 Aug 2015

Sun? In Blighty? Nah, just build that rooftop data centre, it’ll be fine

On-Call Welcome again to On-Call, our regular tale of things that happen when readers are called in to fix big messes on weekends and evenings. Before we get to this week's tale, a quick reminder we've some prizes for new submissions as part of our Sysadmin Day celebrations. Write to me if you've a story of being called out to do …
Simon Sharwood, 02 Aug 2015

'Plague Scanner' controls multiple AV engines, for $0.00

Security researcher Robert Simmons has released a tool that offers a new level of stealth to the malware cat-and-mouse skirmish by shrouding binary analysis. "Plague Scanner" is a free on-premise anti-virus framework - a class of tool that drives multiple anti-virus scanners at once - and is the only free alternative to …
Darren Pauli, 27 Jul 2015

Three Estonians jailed for malware spree that infected 4 MILLION computers

Three Estonians have been sentenced to a cumulative 11 years for their cybercrime activities which infected more than four million computers with malware across more than 100 countries. The three crims, who were sent down by US District Judge Lewis A. Kaplan in Manhattan on Thursday, were: Timur Gerassimenko, 35, who received …

Norton for Windows 10 is NOT a box-borking beta, insists Symantec

A recent update to Norton designed to add compatibility for Windows 10 is incompatible with mainstream Windows releases, according to some users. Symantec is denying that these issues are anything worse than teething problems, although this has so far failed to placate critics. Users are loudly complaining about borked Win 8. …
John Leyden, 20 Jul 2015

Cyber-security's dirty little secret: It's not as bad as you think

New research from the Global Commission on Internet Governance has reached a surprising conclusion: cyberspace is actually getting safer. The report [PDF] starts from a simple enough premise: while we are constantly told that incidents of cyberattacks and online security threats are increasing, are they growing relative to the …
Kieren McCarthy, 18 Jul 2015

FireEye intern nailed in Darkode downfall was VXer, say the Feds

A former intern at security company FireEye has been arrested for creating and selling the slick and sophisticated Dendroid malware program after being caught in a global police sting that obliterated the Darkode cybercrime forum. Prosecutors say that Morgan Culbertson, 20, of Pittsburgh, was most recently working as a …
Darren Pauli, 16 Jul 2015

Malwarebytes slurps startup, hopes to belch out Mac malware zapper

Security software firm Malwarebytes is moving into the Mac security software market with the acquisition of a start-up and the launch of its first anti-malware product for Apple computers. Malwarebytes Anti-Malware for Mac is designed to detect and remove malware, adware, and PUPs (potentially unwanted programs). The release …
John Leyden, 15 Jul 2015

VXers charge Nintendo fans then p0wn their data

Palo Alto Networks researchers Cong Zheng and Zhi Xu are warning of a new form of malware that is masquerading as a paid Nintendo emulator for Android devices. The Gunpoder malware takes the form of an app packaged with the Airpush ad library making it difficult for anti-virus engines to detect. Zheng and Xu say the ads help …
Darren Pauli, 09 Jul 2015
management regulation2

As the US realises it's been PWNED, when will OPM heads roll?

Heads are set to roll at the Office of Personnel Management as director Katherine Archuleta continues to receive a grilling from Senate committees, who are beginning to realise that the country's entire intelligence workforce has been utterly pwned, probably by a hostile nation. Archuleta, alongside OPM's Chief Information …
Freescale Internet of Things overview

We need to know about the Internet of Things, say US Senators

As US lawmakers call on the Government Accountability Office to assess the world of the Internet of Things, Eugene Kaspersky has unloaded on the thingification of home appliances. A bipartisan group of US Senators (Brian Schatz and Cory Booker for the Democrats, Deb Fischer and Kelly Ayotte for the Republicans) released the …
Dragon

NOD32 AV remote root wormable hack turns corporate fleets to meat

Google Project Zero bod Tavis Ormandy has disclosed a "trivial" means of remotely hack the ESET NOD32 antivirus platform. Ormandy's finding prompted the Slovak company to rush a patch a day before his disclosure overnight. The remote-root exploit is potentially wormable and, he said, of practical value to criminals. "Any …
Darren Pauli, 25 Jun 2015
man_from_uncle_648

GCHQ: Security software? We'll soon see about THAT

The UK's spook agency GCHQ has been working with the National Security Agency to subvert anti-virus software, according to the latest piece of spoon-fed Snowden info reported on The Intercept. According to Glenn Greenwald's rag, spooks reverse-engineered software products in order to obtain intel – a tactic that will surely come …
Kat Hall, 23 Jun 2015

FLICK my FLINT and SNIFF my TREE on the streets of Naples

Something for the Weekend, Sir? Youtube Video "See Naples and die" the saying goes. After visiting the city recently, I can believe it. Hang around there long enough and you’ll be dead. The likely causes of your imminent death in Naples are many: you might be run over by a motor scooter, stumble into a pothole in the broken pavements, get hit by falling …
Alistair Dabbs, 20 Jun 2015
Register Roundtable at the Soho hotel

CISOs' newest fear? Criminals with a big data strategy

CIO Manifesto We again gathered an eclectic mix of IT execs including some CISOs, CTOs etc, in a secret bunker to discuss whether we’re winning the security battle. OK, the “bunker” was a meeting room under the Soho Hotel, but not only are we not winning, it is not even clear what winning actually means. On Target Our IT execs happily …
Dominic Connor, 19 Jun 2015
The Bundestag in Berlin. Pic: Hernán Piñera

Confusion reigns as Bundestag malware clean-up staggers on

A malware infestation at the Bundestag is proving harder to clean up than first predicted, with several unconfirmed local reports going as far as suggesting that techies might have to rebuild the entire network from scratch. As previously reported, a state-sponsored attack is suspected for the widespread infection of systems …
John Leyden, 12 Jun 2015

It's 2015 and Microsoft has figured out anything can break Windows

Microsoft head software engineer Lee Holmes says Windows 10 applications will now be able to plug into installed anti-virus platforms to better combat malicious scripts. Holmes says the Windows 10 Antimalware Scan Interface (AMSI) will allow apps and services to use anti-virus to find badness operating in memory. He says most …
Darren Pauli, 12 Jun 2015

Trustwave: Here's how to earn $84,000 A MONTH as a blackhat

Exploit kit traders and ransomware slingers are in one of the most profitable industries in the world, landing a whopping 1,425 percent profit margin for raiding legitimate trade. Figures from infosec firm Trustwave show the blackhats who are enjoying what appears to be a current boom can score outrageous amounts of money by …
Darren Pauli, 10 Jun 2015

MS scolds businesses for failing to eradicate 7-year-old malware

Zero-day threats and custom malware get all the publicity, but age-old malware strains including ZeuS and Conficker remain active in UK corporates. “The bad guys don’t have to be smart, they can use something that’s 7-8 years old,” Stuart Aston, chief security advisor at Microsoft UK, told delegates at the RSA Unplugged mini- …
John Leyden, 04 Jun 2015
Homer Drooling

The oracle knows all. Not THAT Oracle, of course

Something for the Weekend, Sir? We’ve reached the end of an extended, hot, steamy and sweaty session that has been going on practically non-stop for several days – just me and four willing young women. One of them suddenly sits up, looks into my eyes and whispers those magic words: “I have a quick question.” Oh lordy, here we go. It’s almost five o’clock on …
Alistair Dabbs, 30 May 2015
De Vaartkapoen. Pic: Bianca Bueno

Security software's a booming market. Why is Symantec stumbling?

Worldwide security software revenue totalled $21.4bn in 2014, a 5.3 per cent increase from 2013's revenue of $20.3bn, according to the serious bean counters at Gartner. A decline in consumer security software and endpoint protection — areas that together account for 39 per cent of the market — was more than offset the strong …
John Leyden, 27 May 2015
HoloLens Skype

Skype hauled into court after refusing to hand call records to cops

Skype has been called to appear before a court in Belgium after refusing to hand over customer data following a request for assistance in a criminal investigation. A court in Mechelen near Brussels wanted "data from messages and calls exchanged on Microsoft-owned Skype", a regulatory requirement that a Belgian telecoms operator …
John Leyden, 26 May 2015

2.8 million victims squared up by malicious Minecraft apps

ESET researcher Lukas Stefanko says a whopping 2.8 million users have downloaded malicious Minecraft Android applications. Stefanko found 30 malicious apps uploaded to the Google Play store over nine months masquerading as Minecraft cheats and tip guides. "All of the discovered apps were fake in that they did not contain any of …
Darren Pauli, 25 May 2015
Our happy travellers surrounded by armed police at LAX

Governance the key if you don't want mobile workers escaping your control

Mobile computing is great. No longer are we chained to our desks when using technology and doing proper work. Not only are laptops getting smaller, lighter and cheaper, it is also possible to do real, productive stuff even more freely using phones and tablets. As is always the case in computing, though, the positives of …
Dave Cartwright, 21 May 2015
shutterstock_222258445-roadblock

Blocking mobile adverts just became that little bit easier

For those mobile operators wanting to block adverts and prevent them reaching subscribers' screens (all in the name of reducing bandwidth usage and saving customers’ money of course) Israeli tech company Shine can make that happen. “There is a lot of grey in there between advertisers and publishers,” said Roi Carthy, the …
Simon Rockman, 19 May 2015
apple mac malware vxer

Ex-NSA security bod fanboi: Apple Macs are wide open to malware

A former NSA staffer turned security researcher is warning that bypassing typical OS X security tools is trivial. Patrick Wardle, a former NSA staffer and NASA intern who now heads up research at crowd-sourced security intelligence firm Synack, found that Apple's defensive Gatekeeper technology can be bypassed allowing unsigned …
John Leyden, 07 May 2015

F*cking DLL! Avast false positive trashes Windows code libraries

A misfiring signature update from anti-virus developer Avast triggered all sorts of problems on Wednesday. Avast acted promptly by withdrawing the definition update but not before numerous users had fallen foul of the problem. The withdrawn update incorrectly labelled various libraries (dlls) on Windows PCs as potentially malign …
John Leyden, 07 May 2015
Tiltshift Manipulated Sandpit by https://www.flickr.com/photos/mmichaelis/ cc 2.0 attribution https://creativecommons.org/licenses/by/2.0/

Nasty Dyre malware bests white hat sandboxes

Seculert CTO Aviv Raff says a nasty piece of malware linked to widespread destruction and bank account plundering has become more dangerous with the ability to evade popular sandboxes. Raff says the Dyre malware ducks popular sandbox tools by detecting the number of cores in use. The known but effective and previously unused …
Darren Pauli, 04 May 2015
Cheat by https://www.flickr.com/photos/sohelparvezhaque/ CC 2.0 attribution https://creativecommons.org/licenses/by/2.0/

CHEATER! Test labs out AV vendor for using rival's engine

Chinese anti-virus vendor Qihoo 360 has been caught cheating on benchmarking tests by submitting versions running A-V engines from rival Bitdefender. The company has been reprimanded by established testing outfits Virus Bulletin, Av-Comparatives, and AV-Test which withdrew its 2015 certifications. In a joint statement [PDF] the …
Darren Pauli, 01 May 2015
Internet of Things

When THINGS attack! Defending data centres from IoT device-krieg

When good fridges turn bad. It may sound like science fiction, but security experts are warning that the growing prevalence of interconnected “thingbots” is opening up businesses to all sorts of bother. Security-as-a-Service provider Proofpoint warned recently that more than 750,000 Phishing and SPAM Emails had been launched …
Rachel Willcox, 27 Apr 2015

US hospitals to treat medical device malware with AC power probes

Two large US hospitals will in the next few months begin using a system that can detect malware infections on medical equipment by monitoring AC power consumption. The unnamed hospitals will be the first in a list to test the add-on monitoring platform dubbed WattsUpDoc to check for potentially life-threatening malware running …
Darren Pauli, 27 Apr 2015
The US White House. Pic: Roman Boed

CozyDuke hackers targeting prominent US targets

A newly discovered group of cyber-spies are closely targeting high profile US targets, possibly including both the White House and the State Department. The so-called CozyDuke hackers make extensive use of spear-phishing, sometimes using emails containing a link to a hacked (otherwise legitimate) websites such as "diplomacy.pl …
John Leyden, 22 Apr 2015