Articles about Anti-Virus
Vigilante VXer FIXES SOHOpeless routers
Threat boffin Mario Ballano says VXers have broken into a host of routers creating a botnet dedicated solely to securing and hardening the devices.
The Symantec security man says the botnet first detected in November last year has not launched a single denial of service attack or undergone any form of black hat activity in the …
Rusky antivirus company FIRE BOMBED for research blogs
Russian ATM VXers have firebombed the research lab of an anti-virus firm after its researchers refused to retract reverse engineering analysis of their malware.
The attack followed email threats by the group calling itself the 'Syndicate' to the Moscow company which sold the Shield antivirus product that prevented the gang's …
AVG to flog your web browsing, search history from mid-October
Changes in the privacy policy of AVG's free antivirus doodad will allow it to collect your web browsing and search history – and sell it to advertisers to bankroll its freemium security software products.
The changes will come into play on 15 October, according to the Czech-based biz in a blog post. The revised privacy policy …
'I may be winning this ad-blocker game, but I hate it. I'm outta here (with $100k). Buh-bye'
QuoTW
We do hope you've enjoyed this week of botched Apple updates, unlikely Linux lovers and surprise birthday gifts.
Here are our favourite quotes.
Bitcoin backers have had a long and contentious relationship with sovereign states, and this week they got some unwanted recognition from the US.
The Commodity Futures Trading …
The last post: Building your own mail server, part 2
Feature
Last week, I explained the reasoning behind setting up your own mailserver, and the choice of software that I'll be using for it. This week, it's time to get hands on and show you how to do it. One word of advice, though: this is my configuration, and there are lots of options for tweaking, not to mention different ways to do it …
'I promise you I will win', says completely sane presidential candidate John McAfee
QuoTW
This week new iStuffs were showcased, a scary luggage hack popped up and a gaming icon turned 30.
Now for some of the best quotes from the past seven days.
America's favourite gun-toting anti-virus tycoon John McAfee has thrown his hat in to the 2016 presidential race. McAfee has made himself the official cyber party …
TorrentLocker scum have better email lists than legit devs, telcos
Spammers deploying the TorrentLocker ransomware are so good at targeting victims that their poison emails hit the mark more frequently than those sent by legitimate software companies and professional marketers.
Trend Micro's just analysed the malware in a report titled TorrentLocker Landscape: Targeting Even More Victims in …
Gloves on as Googler deposits foul zero-day on Kaspersky lawn
Google security man Tavis Ormandy has revealed a dangerous remote zero day vulnerability in Kaspersky kit that grants attackers system privileges.
The bug is a remote "zero interaction" buffer overflow affecting default installation configurations of the latest anti-virus software versions.
"So, about as bad as it gets," …
Viral virus bunfight: Dr Web tested rivals like Kaspersky Lab
Russian anti-malware firm Dr.Web tested rivals to see if they blindly accepted malware reports shared through cross-industry intelligence systems like Kaspersky Lab, according to investigative reporter Brian Krebs. However, Dr.Web stopped short of using services such as VirusTotal to trip up rivals, the focus of fiercely …
Sysadmin ignores 25 THOUSAND patches, among other sins
On-call
And that's one of the easier chores our reader found himself faced with in a new temp job. Most weekends, our On-Call feature looks at the odd situations readers find themselves in when called to do something on a client site or in the dead of night.
This week we're making an exception for reader “Bill”, who rates himself as “ …
Net scum respect their elders so long as it leads to p0wnage
Net scum are employing both cool new attacks like the Angler exploit kit and oldies-but-goodies such as macroviruses in their undergoing something of a generational clash, with Cisco reporting both Word macros and the sophisticated Angler exploit kit are the most popular attack vectors this year.
Blackhats dumped macros as an …
Ransomware blueprints published on GitHub in the name of education
Turkish security bod Utku Sen has published what appears to be the first openly available source code for ransomware – free for people to use and spread.
The "Hidden Tear" ransomware, available to GitHub, is a functional version of the malware the world has come to hate; it uses AES encryption to lock down files and can …
Kaspersky Lab denies tricking AV rivals into nuking harmless files
Kaspersky Lab deliberately fed bogus malware to its rivals to sabotage their antivirus products, two anonymous former employees allege. Kaspersky says the accusations are false.
Reuters reported today that two ex-Kaspersky engineers claim they were tasked with tricking competing antivirus into classifying benign executables …
John McAfee launches cert authority but it's got a POODLE problem
Eccentric infosec man John McAfee is now the proprietor of a Certificate Authority named BlackCert.
Fresh from a shootout friendly discussion with police over drug and firearm possession, the one-time anti-virus boss has made what is badged as a disruptive play into SSL.
BlackCert will offer unlimited use of SSL certificates …
Bunitu botnet crooks sell your unencrypted VPN traffic for £££
Cyber-crooks behind the Bunitu botnet are selling access to infected proxy bots as a way to cash in from their network.
Users (some of whom may themselves be shady types, as explained below) who use certain VPN service providers to protect their privacy are blissfully unaware that back-end systems channel traffic through a …
Five-star Flash phish filched from Hacking Team targets bigwigs
The DarkHotel global advanced threat actor group is targeting suit-wearing types with an old-school HTML application stuffed with the Adobe Flash exploit borrowed from stolen Hacking Team data.
The flaws were quickly patched after the Hacking Team goring in July, but DarkHotel appears to have started targeting the exploits …
'Cops KNOW WHO I AM and I don't believe their hearts were truly in the shootout'
QuoTW
It was a week of Firefox flaws, unruly Windows and big game news.
Here were our favorite quotes from the past seven days:
We may have arrived in the Windows 10 era but over in Wales, IT still parties like it's 2001. NHS systems have been found to still be running the ancient operating system Windows XP on their desktops. …
Slippery Windows Updates' SOAP bubbles up SYSTEM priveleges
Blackhat 2015:
Microsoft has bungled Windows Server Update Services (WSUS), according to hackers Paul Stone and Alex Chapman, with insecure defaults that let them hijack OS updates.
Attackers that have previously gained admin privilege on a target system can elevate themselves to system-level access by skipping the normal signed update …
Xen hardens up with zero-footprint guest introspection code
The Xen Project's had a nasty run with security of late, thanks to a run of five bad bugs, but has revealed plans to improve matters in the forthcoming version 4.6 of its open-source hypervisor.
The Project's new weapon is called libbdvmi and addresses the fact that running security software on a guest virtual machine can be …
Sun? In Blighty? Nah, just build that rooftop data centre, it’ll be fine
On-Call
Welcome again to On-Call, our regular tale of things that happen when readers are called in to fix big messes on weekends and evenings.
Before we get to this week's tale, a quick reminder we've some prizes for new submissions as part of our Sysadmin Day celebrations. Write to me if you've a story of being called out to do …
'Plague Scanner' controls multiple AV engines, for $0.00
Security researcher Robert Simmons has released a tool that offers a new level of stealth to the malware cat-and-mouse skirmish by shrouding binary analysis.
"Plague Scanner" is a free on-premise anti-virus framework - a class of tool that drives multiple anti-virus scanners at once - and is the only free alternative to …
Three Estonians jailed for malware spree that infected 4 MILLION computers
Three Estonians have been sentenced to a cumulative 11 years for their cybercrime activities which infected more than four million computers with malware across more than 100 countries.
The three crims, who were sent down by US District Judge Lewis A. Kaplan in Manhattan on Thursday, were: Timur Gerassimenko, 35, who received …
Norton for Windows 10 is NOT a box-borking beta, insists Symantec
A recent update to Norton designed to add compatibility for Windows 10 is incompatible with mainstream Windows releases, according to some users.
Symantec is denying that these issues are anything worse than teething problems, although this has so far failed to placate critics.
Users are loudly complaining about borked Win 8. …
Cyber-security's dirty little secret: It's not as bad as you think
New research from the Global Commission on Internet Governance has reached a surprising conclusion: cyberspace is actually getting safer.
The report [PDF] starts from a simple enough premise: while we are constantly told that incidents of cyberattacks and online security threats are increasing, are they growing relative to the …
FireEye intern nailed in Darkode downfall was VXer, say the Feds
A former intern at security company FireEye has been arrested for creating and selling the slick and sophisticated Dendroid malware program after being caught in a global police sting that obliterated the Darkode cybercrime forum.
Prosecutors say that Morgan Culbertson, 20, of Pittsburgh, was most recently working as a …
Malwarebytes slurps startup, hopes to belch out Mac malware zapper
Security software firm Malwarebytes is moving into the Mac security software market with the acquisition of a start-up and the launch of its first anti-malware product for Apple computers.
Malwarebytes Anti-Malware for Mac is designed to detect and remove malware, adware, and PUPs (potentially unwanted programs). The release …
VXers charge Nintendo fans then p0wn their data
Palo Alto Networks researchers Cong Zheng and Zhi Xu are warning of a new form of malware that is masquerading as a paid Nintendo emulator for Android devices.
The Gunpoder malware takes the form of an app packaged with the Airpush ad library making it difficult for anti-virus engines to detect.
Zheng and Xu say the ads help …
As the US realises it's been PWNED, when will OPM heads roll?
Heads are set to roll at the Office of Personnel Management as director Katherine Archuleta continues to receive a grilling from Senate committees, who are beginning to realise that the country's entire intelligence workforce has been utterly pwned, probably by a hostile nation.
Archuleta, alongside OPM's Chief Information …
We need to know about the Internet of Things, say US Senators
As US lawmakers call on the Government Accountability Office to assess the world of the Internet of Things, Eugene Kaspersky has unloaded on the thingification of home appliances.
A bipartisan group of US Senators (Brian Schatz and Cory Booker for the Democrats, Deb Fischer and Kelly Ayotte for the Republicans) released the …
NOD32 AV remote root wormable hack turns corporate fleets to meat
Google Project Zero bod Tavis Ormandy has disclosed a "trivial" means of remotely hack the ESET NOD32 antivirus platform.
Ormandy's finding prompted the Slovak company to rush a patch a day before his disclosure overnight. The remote-root exploit is potentially wormable and, he said, of practical value to criminals.
"Any …
GCHQ: Security software? We'll soon see about THAT
The UK's spook agency GCHQ has been working with the National Security Agency to subvert anti-virus software, according to the latest piece of spoon-fed Snowden info reported on The Intercept.
According to Glenn Greenwald's rag, spooks reverse-engineered software products in order to obtain intel – a tactic that will surely come …
FLICK my FLINT and SNIFF my TREE on the streets of Naples
Something for the Weekend, Sir?
Youtube Video
"See Naples and die" the saying goes. After visiting the city recently, I can believe it. Hang around there long enough and you’ll be dead.
The likely causes of your imminent death in Naples are many: you might be run over by a motor scooter, stumble into a pothole in the broken pavements, get hit by falling …
CISOs' newest fear? Criminals with a big data strategy
CIO Manifesto
We again gathered an eclectic mix of IT execs including some CISOs, CTOs etc, in a secret bunker to discuss whether we’re winning the security battle. OK, the “bunker” was a meeting room under the Soho Hotel, but not only are we not winning, it is not even clear what winning actually means.
On Target
Our IT execs happily …
Confusion reigns as Bundestag malware clean-up staggers on
A malware infestation at the Bundestag is proving harder to clean up than first predicted, with several unconfirmed local reports going as far as suggesting that techies might have to rebuild the entire network from scratch.
As previously reported, a state-sponsored attack is suspected for the widespread infection of systems …
It's 2015 and Microsoft has figured out anything can break Windows
Microsoft head software engineer Lee Holmes says Windows 10 applications will now be able to plug into installed anti-virus platforms to better combat malicious scripts.
Holmes says the Windows 10 Antimalware Scan Interface (AMSI) will allow apps and services to use anti-virus to find badness operating in memory.
He says most …
Trustwave: Here's how to earn $84,000 A MONTH as a blackhat
Exploit kit traders and ransomware slingers are in one of the most profitable industries in the world, landing a whopping 1,425 percent profit margin for raiding legitimate trade.
Figures from infosec firm Trustwave show the blackhats who are enjoying what appears to be a current boom can score outrageous amounts of money by …
MS scolds businesses for failing to eradicate 7-year-old malware
Zero-day threats and custom malware get all the publicity, but age-old malware strains including ZeuS and Conficker remain active in UK corporates.
“The bad guys don’t have to be smart, they can use something that’s 7-8 years old,” Stuart Aston, chief security advisor at Microsoft UK, told delegates at the RSA Unplugged mini- …
The oracle knows all. Not THAT Oracle, of course
Something for the Weekend, Sir?
We’ve reached the end of an extended, hot, steamy and sweaty session that has been going on practically non-stop for several days – just me and four willing young women. One of them suddenly sits up, looks into my eyes and whispers those magic words: “I have a quick question.”
Oh lordy, here we go. It’s almost five o’clock on …
Security software's a booming market. Why is Symantec stumbling?
Worldwide security software revenue totalled $21.4bn in 2014, a 5.3 per cent increase from 2013's revenue of $20.3bn, according to the serious bean counters at Gartner.
A decline in consumer security software and endpoint protection — areas that together account for 39 per cent of the market — was more than offset the strong …
Skype hauled into court after refusing to hand call records to cops
Skype has been called to appear before a court in Belgium after refusing to hand over customer data following a request for assistance in a criminal investigation.
A court in Mechelen near Brussels wanted "data from messages and calls exchanged on Microsoft-owned Skype", a regulatory requirement that a Belgian telecoms operator …
2.8 million victims squared up by malicious Minecraft apps
ESET researcher Lukas Stefanko says a whopping 2.8 million users have downloaded malicious Minecraft Android applications.
Stefanko found 30 malicious apps uploaded to the Google Play store over nine months masquerading as Minecraft cheats and tip guides.
"All of the discovered apps were fake in that they did not contain any of …
Governance the key if you don't want mobile workers escaping your control
Mobile computing is great. No longer are we chained to our desks when using technology and doing proper work. Not only are laptops getting smaller, lighter and cheaper, it is also possible to do real, productive stuff even more freely using phones and tablets.
As is always the case in computing, though, the positives of …
Blocking mobile adverts just became that little bit easier
For those mobile operators wanting to block adverts and prevent them reaching subscribers' screens (all in the name of reducing bandwidth usage and saving customers’ money of course) Israeli tech company Shine can make that happen.
“There is a lot of grey in there between advertisers and publishers,” said Roi Carthy, the …
Ex-NSA security bod fanboi: Apple Macs are wide open to malware
A former NSA staffer turned security researcher is warning that bypassing typical OS X security tools is trivial.
Patrick Wardle, a former NSA staffer and NASA intern who now heads up research at crowd-sourced security intelligence firm Synack, found that Apple's defensive Gatekeeper technology can be bypassed allowing unsigned …
F*cking DLL! Avast false positive trashes Windows code libraries
A misfiring signature update from anti-virus developer Avast triggered all sorts of problems on Wednesday.
Avast acted promptly by withdrawing the definition update but not before numerous users had fallen foul of the problem. The withdrawn update incorrectly labelled various libraries (dlls) on Windows PCs as potentially malign …
Nasty Dyre malware bests white hat sandboxes
Seculert CTO Aviv Raff says a nasty piece of malware linked to widespread destruction and bank account plundering has become more dangerous with the ability to evade popular sandboxes.
Raff says the Dyre malware ducks popular sandbox tools by detecting the number of cores in use.
The known but effective and previously unused …
CHEATER! Test labs out AV vendor for using rival's engine
Chinese anti-virus vendor Qihoo 360 has been caught cheating on benchmarking tests by submitting versions running A-V engines from rival Bitdefender.
The company has been reprimanded by established testing outfits Virus Bulletin, Av-Comparatives, and AV-Test which withdrew its 2015 certifications.
In a joint statement [PDF] the …
When THINGS attack! Defending data centres from IoT device-krieg
When good fridges turn bad. It may sound like science fiction, but security experts are warning that the growing prevalence of interconnected “thingbots” is opening up businesses to all sorts of bother.
Security-as-a-Service provider Proofpoint warned recently that more than 750,000 Phishing and SPAM Emails had been launched …
US hospitals to treat medical device malware with AC power probes
Two large US hospitals will in the next few months begin using a system that can detect malware infections on medical equipment by monitoring AC power consumption.
The unnamed hospitals will be the first in a list to test the add-on monitoring platform dubbed WattsUpDoc to check for potentially life-threatening malware running …
CozyDuke hackers targeting prominent US targets
A newly discovered group of cyber-spies are closely targeting high profile US targets, possibly including both the White House and the State Department.
The so-called CozyDuke hackers make extensive use of spear-phishing, sometimes using emails containing a link to a hacked (otherwise legitimate) websites such as "diplomacy.pl …
