Antivirus News

Avira AntiVir Personal - FREE Antivirus is a reliable free antivirus solution, that constantly and rapidly scans your computer for malicious programs such as viruses, Trojans, backdoor programs, hoaxes, worms, dialers etc. Monitors every action executed by the user or the operating system and reacts promptly when a malicious program is detected.

Avira AntiVir Personal is a comprehensive, easy to use antivirus program, designed to offer reliable free of charge virus protection to home-users, for personal use only, and is not for business or commercial use. Available for Windows or UNIX. 

Download:
http://www.free-av.com/en/trialpay_download/1/avira_antivir_personal__free_antivirus.html 

Download (Softpedia) :
http://www.softpedia.com/progDownload/AntiVir-Personal-Edition-Download-6527.html

Download (Download.com):
http://download.cnet.com/Avira-AntiVir-Personal-Free-Antivirus/3000-2239_4-10322935.html?part=dl-10322935&subj=dl&tag=button&cdlPid=11012914

Now that was so fast that even Owen Thor Walker (AKILL) and Michael Calce (Mafiaboy) should envy the short cybercrime-to-job offer cycle here. 17 years old Mikeyy Mooney, the author/spreader of StalkDaily/Mickeyy XSS worm that exploited Twitter through trivial web application vulnerabilities during the weekend, has landed a job as a web applications developer at exqSoft Solutions.

Do you fancy him? I don’t, and so do others. Here’s why you shouldn’t, as well as the implications of what is slowly becoming a dangerous trend.

Image the villains vs cybercrime task force, an internationally recognized team including Romanian phishers, ex-carding kings now politicians, initiators of the first major DDoS attack that hit the most popular web sites in 2000 (including ZDNet) and who else are we missing? Oh yeah, the Pinch malware authors, but ’sadly�?� they’re in jail.

Cutting the sarcasm, this most recent hire indicates an emerging trend and sends a wrong signal. Namely, that conducting unethical pen-testing against a top web property’s web applications in order to put the proof of concept code into action by launching a worm in order to prove the obvious, can indeed land you a job offer. A similar case happened in July, 2008, when a XSS worm at Justin.tv infected 2,525 profiles in order to prove the obvious - the site’s ‘wormability�?�. Back then I pointed out the same concern :

Now, proof of concept of what exactly remains questionable, since if the research community was to exploit every site vulnerable to SQL injections or high profile sites vulnerable to critical XSS flaws, in order to embedd a counter within and then come up with fancy graphs saying this is the number of people that could have been affected by this flaw, we would be dealing with more PoCs next to the real security incidents executed by malicious parties.

It’s important to point out that exqSoft Solutions appears to be fully aware of the basics of guerrilla PR campaigns. The company established in 2000 is nowhere to be found in the public space, that’s of course until it hires Mikeyy Mooney to make a mainstream media appearance for the very first time.

Who’s next on the hiring spree? From a web application security perspective, that could easily be the Asprox botnet authors, having SQL injected over 1.5 million pages (500, 000 sites), making Mikeyy’s XSS worm look like a bit of a shy one.

Kaspersky Lab has produced new anti-virus software specifically for mobile phones.

The new Anti-Virus Mobile software will cover Windows Mobile and Symbian phone and be officially launched next week at the RSA Conference 2007 in San Francisco.

It includes signatures downloaded to the devices over their Internet connections, either via WAP or the Net. The updates can be installed using a scheduler or by hand. It includes screening of spam sent via SMS and can restrict incoming messages according to a blacklist or whitelist (banned or approved).

More malware screening will be added as it becomes more apparent which exploits mobile hackers choose to use, said the company CTO Eugene Kaspersky. “We don’t know which way the criminals will go. With new technologies, it is probable there will be new attacks.”

At the moment, Kaspersky says, neither makers of mobile devices nor service providers are taking responsibility for blocking threats. But he predicts that in the future, the security model will mimic that for computers: hardware providers, service providers and customers all will have specialised offerings for mobile computing.

So far, Kaspersky says he has seen viruses that send SMS messages from smart phones to numbers that charge the sender. As more businesses, including banks, offer services via smart phones, criminals will pay more attention, he says.

“In the future, as prices drop and smart phones are more common, the situation will become more critical,” Kaspersky says. Anti-Virus Mobile will be available later this quarter and will cost $30 per user.

It is believed that around 20 million users of AVG’s free anti-virus software will lose their protection on February 18 because they have not downloaded the next version.

Grisoft, the company behind the software warned users of its free anti-virus package last year that the software was being upgraded; users need to download the new edition, version 7.5.

Anyone still on version 7.1 of the free software will find that it stops working on February 18, the cut-off date set by Grisoft.

The company said that of the 45 million people across the world who use its free edition, roughly half are still using the old version, and will not be protected from new viruses after the cut-off date.

This could have major side-effects, such as allowing virus writers to target unprotected AVG users and take over their PCs to be used for sending further viruses or carry out other criminal activity.

Unlike normal upgrades, which are downloaded and installed automatically by the program, the new edition requires a complete reinstallation.

A representative of Grisoft said that because the new version includes large files, it is easier for users to download it from the website.

Users have the option of upgrading to the free version 7.5 or the paid-for edition which includes technical support and some additional features, such as a firewall.

Phishing attacks have outnumbered e-mails infected with viruses and Trojan horse programs for the first time, according to security experts.

Security mail services vendor MessageLabs reported on Monday that in January 2007, one in 93.3 e-mails (1.07 percent) comprised some form of phishing attack. There were fewer e-mails — one in 119.9, or 0.83 percent — infected with viruses.

The difference in the ratio of phishing to virus attacks is partly due to virus attacks becoming more targeted and no longer occurring as one large outbreak. This includes the recent Storm Worm and Warezov attacks, according to MessageLabs.

“If you look at infected e-mail traffic for January, it’s very spiky,” Mark Sunner, chief technology officer at MessageLabs, told ZDNet UK.

“With Storm Worm, there are clear spikes, then drops down to normal levels,” Sunner said. “It’s as though someone is turning on the tap briefly, then letting it abate.”

Phishing attacks have become more sophisticated, according to MessageLabs. As online merchants and banks have shifted toward two-factor authentication, there has been a rise in sophisticated “man in the middle” phishing tools and Web sites, though such attacks are still quite rare.

Two-factor authentication often involves the user keying in pseudorandomly generated codes — for example, from a key fob — as well as entering a password. This is designed to foil attacks where information is harvested using keyloggers; the code can be used only once.

One particular form of man-in-the-middle attack tries to circumvent this by effectively hijacking a user session. Users are duped into visiting a spoofed portal, hosted on a compromised machine. Information entered, such a bank details and codes, is relayed through the compromised machine to the real bank site. Once the users have validated themselves on the real system through the compromised relay, hackers kill the user connection through the relay and take over the session.

Phishing e-mails are also becoming more personalised, according to Sunner, making such confidence tricks more believable. This includes phishers sending links to people for spoof sites of banks that the intended victims actually use, as opposed to randomly hitting a section of the population.

“We’re continuing to see a real increase in the targeted nature of messages across the board. Phishing is becoming more personalised,” Sunner said.

More phishing sites are now using Flash content rather than HTML in an attempt to evade anti-phishing technology deployed in Web browsers.

Security vendor Sophos confirmed that it also saw more phishing than malicious-software activity in January. “More e-mail at the moment does appear to be phishy rather than containing malicious attachments,” said Graham Cluley, senior technology consultant at Sophos. “The trend has been for the proportion of infected e-mail to drop for a while now.”

However, Cluley warned that this indicated a shift in infection methods toward Web-based attacks rather than a shift from malicious software to phishing.

“More and more of the bad guys are moving towards Web-based attacks,” he said. “That means that the e-mail itself may not contain a malware attachment but instead a Web link to a site or download that would then infect you with a Trojan horse.

“We shouldn’t necessarily conclude that the malware problem is diminishing; it just may be changing its nature,” Cluley added.

Sophos is seeing approximately 5,000 new malicious URLs every day hosting malicious software or drive-by downloads of unwanted content, Cluley said.

Shortly after Symantec reported the discovery of a trojan called Mdropper.W, Microsoft confirmed that the trojan can penetrate systems through a hole in Word. In security advisory 932114, Microsoft adds, however, that only the outdated Word 2000 for Windows is vulnerable. More recent versions and Word for Mac OS are reportedly not affected. Furthermore, Microsoft says that attacks are quite rare.

There is currently no patch or workaround. Microsoft has not announced whether one would be released next Patch Tuesday or ahead of time, merely stating that one was being worked on. The list of outstanding patches for Microsoft software should thus only be a bit longer for a short time.

Aside from Symantec and Microsoft as part of Windows Live OneCare, the scanners of AntiVir, BitDefender, F-Secure, Kaspersky and Trend Micro have now been equipped with signatures that detect the infected Word document being circulated.

Security experts have reported that a slightly changed version of the contaminated document is in circulation; while AntiVir, BitDefender, F-Secure, Kaspersky and Trend Micro can reportedly detect it, the scanners of Symantec and OneCare apparently cannot.

Centralized eMail Security at the Mail Server level just got better and a lot more advanced in technology. The pioneer of innovations in AntiVirus, AntiSpam and Content Security, MicroWorld Technologies today launched MailScan 5 for Mail Servers, the comprehensive Mail Security Solution at the Mail Gateway of organizations and business houses.

(PRWeb) January 22, 2007 — eMail is a vital part of the present day business communication for enterprises of all segments and sizes. And it’s of paramount importance to safeguard the email infrastructure from a multitude of threats like Viruses, Worms, Trojans, Backdoors, Spamming and Phishing.

“If you are talking about a comprehensive, end-to-end protection for Mailing Systems, it ought to be right there at the Mail Gateway,” said Govind Rammurthy, CEO of MicroWorld Technologies, at the launch of MailScan 5.

“With the new version of MailScan, we empower the Mail administrator with some future defining technologies that can intelligently detect and block all kinds of malicious programs in mails, filter out spam with impeccable accuracy and enforce a comprehensive Mail Security Policy for the entire organization. While we sharpen our precision in nailing down individual challenges in email security, never do we lose sight of the complete picture.”

MailScan works at “TCP/IP Port level” and hence does not require an additional machine to act as a gateway. It’s powered by the revolutionary ‘MicroWorld WinSock Layer’ technology, the first of its kind in the world. Data packets coming at different TCP/IP ports are assembled at the MWL Layer and get scanned for Malware before and after the Mail Server sends or receives mails.

With MailScan 5, MicroWorld is introducing to the world a revolutionary technology in Spam Fighting named as NILP (Non Intrusive Learning Patterns). Govind Rammurthy explained what the technology is all about,

“NILP is an advanced Spam Filtering method based on the principles of Artificial Intelligence, with the ability to analyze each email according to the Behavioral Patterns of the user and take an informed decision there after. This system comes with an inbuilt capability to learn on its own and makes the most accurate decisions in weeding out spam.”

Some key features of MailScan are a combination of other technologies used for multi-layered Spam Filtering, Power to block Image Spam, TCP Connections, LDAP Authenticated Administration, Real-Time Antivirus, Advanced Heuristics, Attachment Filtering, Autogenerated Spam Whitelist, Attachment & eMail Archiving, Real-Time Content Scanner, Integrated Mail Security Policies, Customized Disclaimers and Extensive Reports.

About MicroWorld
MicroWorld Technologies (www.mwti.net) is the developer of the world’s most advanced AntiVirus and Content Security software eScan for Desktops and Servers. Its gateway-level email security software, MailScan, is a comprehensive mail scanner for SMTP/POP3 Mail Servers. MicroWorld Winsock Layer (MWL) is the revolutionary technology underlying these products, powering them to several certifications and awards by some of the most prestigious testing bodies, notable among them being Virus Bulletin, Checkmark, TUCOWS, Red Hat Ready and Novell Ready. On the Network Security side, MicroWorld offers a powerful, futuristic network firewall branded as eConceal.

To learn more, kindly visit http://www.mwti.net.

Japanese law enforcement authorities have taken down what they claim to be a massive spam operation responsible for sending out more than five billion junk emails over a two-month period in the summer of 2006. A total of four men were arrested including Yoshimitsu Hirono, president of large Japanese dating site Takumi Tsushin, based in Tokyo.
The police believe he was responsible for the orchestration of a massive spam operation that saw tens of millions of people receiving unwanted messages every day in July and August last year. In order to carry out their mass mailing the group built and operated a 128-strong computer cluster that was physically located in China and was remotely accessed from Japan. It was used to mass-mail advertising material for Hirono�??s dating site utilising a huge illegal database of Japanese email addresses. The Takumi Tsushin dating site is believed to have significantly profited from the spamming operation, boosting client numbers and making up to $1 million every month. Police say the four men who were detained in connection with this case have already admitted their guilt.

According to a report in the Daily Mainichi, the spamming group used China as a base not only to cover their tracks, but also because running costs there are much lower. Over the past years China has consistently performed as one of the top spam-relaying countries, second only to the US.

Two alleged cybercriminals are waiting to hear if they will have to go to jail for their part in creating and running a 1.5-million-strong botnet. Dutch authorities are hoping that the presiding judge at the court in the southern city of Breda will send the two unnamed individuals, who are 20 and 28 years old, to prison for a maximum of three years.

Police arrested the two men in their homes in Loop op Zand and Rijswijk back in 2005. In what has been the biggest cybercrime investigation in the legal history of the Netherlands, the prosecution claim to have proved both men created a massive network of bot computers. In order to hijack the 1.5 million PCs they used a special worm known as �??Toxbot�?�. Additionally, Dutch media have claimed that the pair were involved with the Russian Internet mafia and helped to write a Trojan called �??Wayphisher�?� that was used to steal private financial data from victims in Europe and US.

The prosecution service in the Netherlands has also alleged that the criminal group carried out cyberblackmailing. It is claimed the men threatened to carry out a Denial of Service attack on US advertising firm 180Solutions Inc., previously known as Zango Inc. The American company has in the past been linked with illicit promotion techniques and surreptitious installation of its products. Another claim from the police has been that the two men participated in phishing attacks, stealing financial data and gaining access to e-banking and PayPal accounts. These stolen funds were then used to fund the purchase of computer and other electronic goods, such as gaming consoles. Now, though, the prosecution hopes that money will be recouped: apart from the jail sentence it has asked the judge to impose large monetary fines totalling some 60 thousand Euros on the accused. A final verdict will be returned on 30 January.

17 Jan 2007 , Cupertino, CA : Symantec Corp. (NASDAQ: SYMC) today announced Veritas Storage Foundation 5.0 High Availability (HA) for Windows, a comprehensive solution that delivers data and application availability for Microsoft Windows environments. It combines two industry-leading solutions — Storage Foundation for Windows and Veritas Cluster Server — together with enhanced usability tools to simplify storage management, high availability and disaster recovery for mission-critical Windows applications such as Microsoft Exchange, SQL Server, and SharePoint Portal Server.

“Customers are placing more of their mission critical applications on the Windows platform. They need storage management solutions that provide higher availability and better disaster recovery than ever before,” said Laura DuBois, research director, Storage Software at IDC. “Storage Foundation HA for Windows offers enterprises unique capabilities in non-disruptive storage operations, scalable high availability, and disaster recovery solutions — along with centralized storage visibility and control that are must-have requirements for Windows environments.”

Software Infrastructure Standardization for the Data Center
Veritas Storage Foundation helps manage explosive data growth, optimize storage hardware investments, provide unparalleled application availability and drive down operational costs via a set of standard tools for Windows, Linux, and UNIX environments. Storage Foundation for Windows introduces new capabilities to help users standardize their storage and high availability software infrastructure.

New to this release is Veritas Storage Foundation Basic for Windows, a free version of Storage Foundation for Windows, designed for edge-tier and infrastructure workloads, enabling customers to leverage Storage Foundation for Windows and capitalize on the benefits of a standard infrastructure solution across every server in their data center. Storage Foundation Basic for Windows includes Dynamic Multi-pathing (DMP) and runs on physical and virtual servers with system configurations that do not exceed 4 volumes or 2 physical processors in a single physical system. Storage Foundation Basic for Windows is available for download at www.symantec.com/sfbasic.

Customers standardizing on Storage Foundation for Windows and DMP can leverage the broadest storage array support of any multi-pathing solution — including support for leading array families from EMC, HP, HDS, IBM, Network Appliance, and Sun — to achieve the most agility and highest return on their storage hardware investments. Customers also have the flexibility to choose the storage network infrastructure that best fits their needs. Symantec is the only vendor fully certified with Microsoft’s MPIO framework for both Fibre Channel HBA StorPort and Microsoft iSCSI software. Additionally, Storage Foundation for Windows introduces advanced iSCSI SAN management capabilities including automated discovery, management, and configuration of IP-based SANs.

“Standardization on Storage Foundation HA for Windows allows customers to have more flexibility in their storage hardware decisions and drives down operational costs by enabling them to use a single tool,” said Rob Soderbery, senior vice president of Symantec’s Storage Foundation Group. “This release has furthered the ROI of standardization by reducing the cost of deploying Storage Foundation on every server and enabling customers to have visibility and centralized control of storage management, high availability, and disaster recovery capabilities across their entire data center.”

Improved Storage Manageability and Performance
Storage Foundation for Windows enables customers to drive down operational cost while improving mission critical application service level agreements by introducing a set of new capabilities for improving manageability and performance. Symantec will add support for Storage Foundation Management Server, which provides comprehensive visibility and control throughout the data center infrastructure. This multi-host management capability enables IT organizations to centrally manage their application, server, and storage environments, leading to rapid problem resolution, simplified data migrations, higher service levels, and reduced risk of human error. Storage Foundation Management Server will support Storage Foundation for Windows 4.x and 5.0, Veritas Volume Replicator Option, and Storage Foundation for Windows Basic, which means customers can view and manage all such instances of Storage Foundation across their entire data center through a single, unified tool.

Administration costs are also reduced by a set of new configuration wizards which make storage, cluster, and replication installation set up times more than 50 percent faster and allow administrators to use a simple GUI to schedule point-in-time copies when using the FlashSnap Option.

To ensure that customers can realize the highest levels of performance, Storage Foundation for Windows adds a set of new application performance enhancing capabilities including:

�?? Dynamic optimization of storage volume layout improves performance by up to 40 percent with its automated track aligned volume capability;
�?? Four new load-balancing algorithms for DMP allow granular performance tuning for Microsoft Exchange and SQL Server applications; and
�?? Veritas FlashSnap Option offers up to 60 percent better snapshot performance

“Ease-of-use is imperative when setting up clusters, taking point-in-time copies, recovering disk space and ensuring proper server configurations,” said Jerry Craft, assistant vice president and manager of network services, Farmers and Merchants Bank of Long Beach, California. “The wizards introduced in Veritas Storage Foundation 5.0 HA for Windows will help my team save time and reduce errors, while taking the guesswork out of traditionally resource-intensive, yet critical storage management tasks.”

Simplified Clustering with Veritas Cluster Server
Veritas Cluster Server, the most sophisticated high availability and disaster recovery solution for Windows environments, also introduces new features designed to improve manageability and reduce administration burden of providing high availability. Cluster Server’s secure, web-based Cluster Management Console simplifies the task of managing, monitoring, and configuring multiple clusters for Windows, Linux, and Unix, running in multiple data centers. Cluster Server significantly reduces operational costs by providing the same comprehensive protection across physical and virtual server environments including Windows, VMware, and Microsoft Virtual Server.

Cluster Server also includes Fire Drill, which enables organizations to regularly test disaster recovery scenarios without exposing production applications to risk and downtime. The new step-by-step wizard-driven workflow simplifies the task of configuring Fire Drill, data replication, and high availability/disaster recovery solutions for Exchange, SQL Server, Oracle, and other applications. It also reduces risk to the business by preemptively and proactively identifying potential configuration issues before they occur by monitoring any configuration drift among cluster nodes.

For mission-critical applications that require coordination of application clustering and remote data protection, the Veritas Volume Replicator (VVR) Option has added the ability to coordinate snapshots at both the primary and/or a remote secondary location for consistent backup or disk-based disaster recovery solutions. Additionally, with the new bunker replication feature of the VVR Option, organizations can select a data replication strategy of replicating data over any distance without losing a single transaction–a recovery point objective of zero over any distance. Symantec is the only company providing this level of protection for heterogeneous server and storage environments.

About Symantec
Symantec is a global leader in infrastructure software, enabling businesses and consumers to have confidence in a connected world. The company helps customers protect their infrastructure, information, and interactions by delivering software and services that address risks to security, availability, compliance, and performance. Headquartered in Cupertino, Calif., Symantec has operations in 40 countries. More information is available at www.symantec.com.