Antivirus News

Kaspersky Lab has produced new anti-virus software specifically for mobile phones.

The new Anti-Virus Mobile software will cover Windows Mobile and Symbian phone and be officially launched next week at the RSA Conference 2007 in San Francisco.

It includes signatures downloaded to the devices over their Internet connections, either via WAP or the Net. The updates can be installed using a scheduler or by hand. It includes screening of spam sent via SMS and can restrict incoming messages according to a blacklist or whitelist (banned or approved).

More malware screening will be added as it becomes more apparent which exploits mobile hackers choose to use, said the company CTO Eugene Kaspersky. “We don’t know which way the criminals will go. With new technologies, it is probable there will be new attacks.”

At the moment, Kaspersky says, neither makers of mobile devices nor service providers are taking responsibility for blocking threats. But he predicts that in the future, the security model will mimic that for computers: hardware providers, service providers and customers all will have specialised offerings for mobile computing.

So far, Kaspersky says he has seen viruses that send SMS messages from smart phones to numbers that charge the sender. As more businesses, including banks, offer services via smart phones, criminals will pay more attention, he says.

“In the future, as prices drop and smart phones are more common, the situation will become more critical,” Kaspersky says. Anti-Virus Mobile will be available later this quarter and will cost $30 per user.

Shortly after Symantec reported the discovery of a trojan called Mdropper.W, Microsoft confirmed that the trojan can penetrate systems through a hole in Word. In security advisory 932114, Microsoft adds, however, that only the outdated Word 2000 for Windows is vulnerable. More recent versions and Word for Mac OS are reportedly not affected. Furthermore, Microsoft says that attacks are quite rare.

There is currently no patch or workaround. Microsoft has not announced whether one would be released next Patch Tuesday or ahead of time, merely stating that one was being worked on. The list of outstanding patches for Microsoft software should thus only be a bit longer for a short time.

Aside from Symantec and Microsoft as part of Windows Live OneCare, the scanners of AntiVir, BitDefender, F-Secure, Kaspersky and Trend Micro have now been equipped with signatures that detect the infected Word document being circulated.

Security experts have reported that a slightly changed version of the contaminated document is in circulation; while AntiVir, BitDefender, F-Secure, Kaspersky and Trend Micro can reportedly detect it, the scanners of Symantec and OneCare apparently cannot.

When chip and PIN was rolled out across Britain on 14 February 2006, it was presented as a major step against bankcard fraud and a foolproof way of securing card payments. Since then there have been several scares, but overall the system proved to be secure and an important asset in fighting retail fraud.

However, new research from Cambridge has put a major doubt over the robustness of chip and PIN terminals against tampering. The method involves reprogramming a handheld payment terminal, making it possible to record private payment details that are keyed in by the user during the payment operation. According to researchers at Cambridge University, who have sounded the alarm bells, their idea could be easily replicated and criminals could substitute �??fake�?� payment terminals without shoppers suspecting anything.

APACS, Britain�??s payment clearing organisation, has already acknowledged the seriousness of the problem and admitted it is in talks with payment terminal manufacturers to see what can be done to protect users. An APACS spokesperson has also tried to allay people�??s fears, saying that experts carried out the reprogramming operation under lab conditions and it is not a �??realistic threat to retailers�?�. The organisation also underlined the fact that chip and PIN payment terminals were described to be �??tamper-resistant�?�, not �??tamper-proof�?�. This has not been the first hacking incident involving the new payment system: in 2006 Shell had to suspend chip and PIN from its petrol stations after it was revealed that as much as £1 million was siphoned off by criminals who tampered with payment terminals. Chip and PIN users were also warned in 2006 that cloned cards could be used to withdraw money abroad, where terminals only read the ma! gnetic strip of the card.

A rootkit-cloaked worm is being heavily spammed to users as an attachment to “Happy New Year!” messages, a security researcher warned Friday.
The new worm, dubbed “Tibs” by Kaspersky Lab but pegged as a “Nuwar” variant by Trend Micro, comes disguised as a file attachment named “postcard.exe,” said Ken Dunham, director of VeriSign iDefense’s rapid response team, in an e-mail. Users who launch the executable will infect their PCs.

With antivirus signature updates still thin and over 160 servers spamming the new worm, the threat is significant, added Dunham. “The period of greatest risk is through the New Year’s holiday, when antivirus protection is the lowest for this new threat and users are most apt to click on a ‘New Year’s’ related message,” he said. “Everyone should be on guard for e-mails and other content potentially harboring malicious code during the holiday period.”

On at least one network the worm is generating as many as five spammed messages a second, iDefense reported.

The security intelligence firm’s research has identified more than a dozen pieces of malicious code — including zombie-making bot Trojans — installed by Tibs after it has gained a foothold on a PC. Two rootkits are also installed to mask the malware from antivirus scanners, and the worm also disables the Windows firewall, as well as several security programs, including F-Secure’s BlackLight rootkit scanner. The worm spreads by spamming itself to addresses it steals from the user’s files.

“This is a classic iceberg threat,” said Dunham, “where multiple codes are installed and then protected with rootkit technology.”

Moscow-based Kaspersky Lab on Thursday updated its consumer security product line with beta support for Microsoft’s Windows Vista, the next-generation operating system that will roll out to retail the end of next month.

Maintenance Pack 2 for both Kaspersky Anti-Virus 6.0 (KAV) and Kaspersky Internet Security (KIS) 6.0 adds Vista support to the pair of programs, which debuted in May 2006. Current users can download the update free of charge.

“Many of our users have expressed interest in Vista, and we are providing a clear path for them to do so,” Steve Orenberg, company president, said in a statement. “Customers can confidently continue to enjoy protection from Kaspersky regardless of which operating system they choose.”

Kaspersky is only the latest security vendor to update its consumer line to account for Vista. Symantec, for example, has had betas of Vista versions of its Norton AntiVirus and Norton Internet Security available for several weeks.

The maintenance pack for KAV and KIS can be downloaded from several Kaspersky FTP servers.

Spain’s Guardia Civil has this Thursday claimed to have broken up an important cybercriminal gang that carried out phishing attacks in the country. A total of six people were detained in the province of Malaga in the south of Spain following a year-long investigation carried out by the authorities in Navarre, a province in the northeast of the country.

The gang is thought to have been led by a 19-year-old youth of Moroccan origin. At least five of the gang’s members have been named as Moroccans, while the sixth detainee, a 21-year-old woman, originally came from Ceuta, a Spanish enclave in North Africa. The leader of the gang is a well-known hacker who has been involved in the business since he was 12 years old. Spanish authorities believe him to be one of the most eminent hackers in Europe at the moment.

Operation “Siluro”, as Spanish investigators named it, began after a complaint registered in Elizondo, Navarre, in April this year. From then on the police began monitoring phishing campaigns in Spain and looking for similarities that could lead them to identify the perpertators. Having collected the necessary evidence they carried out organised raids in the Malaga region, finding at least 500 fake bankcards and a lot of counterfeit European passports in the process. The group is known to have collected personal banking details on at least 20,000 persons and held a database of 200,000 emails that was used in their phishing campaigns. Another peculiar method was to offer a half-price online mobile phone account charging service. Users attracted by the offer entered their bank details, which were then collected for later use in fraud operations. In order to launder stolen money they employed cybermules who transferred funds for a cut of the sum, as well as other methods suc! h as making online purchases. In order to hide their trail the group used hacked computers and also hijacked unprotected wi-fi connections.

Spanish authorities have so far declined to quantify the damages caused by this gang, but the figure is thought to be “extremely significant”. Vicente Ripa, a representative of Navarre’s regional government tasked with explaining the operation to the press, called it an amazing success, citing the nature of the crime and the size of the gang that was apprehended. This is not the only success Spanish cybercrime fighters have enjoyed this year: Spain’s National Police dismantled another sizeable criminal group last September, detaining 23 people in the three coastal regions of Catalonia, Valencia and Andalusia.

A pump and dump scam has been publicly uncovered by the US Securities and Exchange Commission. The scam involved the manipulation of stock prices by means of using hijacked trading accounts. According to a press release from the SEC Russian national Evgeny Gashichev, owner of Estonian-based and Belize-registered trading firm Grand Logistic, carried out the scam.

The alleged scam was carried out between August and October this year. Mr Gashichev is thought to have pocketed more than $350,000 from at least 25 incidents of pumpimg and dumping stocks. His modus operandi was quite straightforward: he purchased low-priced and low-traded stocks of small companies in the name of his Grand Logistic firm and pumped up their value by using illegally obtained usernames and passwords from other online brokerage accounts. This was done to simulate trading activity and manipulate the price of stocks, which he subsequently sold on at a profit, using the same stolen trading accounts.

The SEC has been investigating the case and has now obtained an asset freeze ruling on Grand Logistic from a federal court in Manhattan. It is unknown how many accounts were actually hijacked by Mr Gashichev, but steps are now being taken to return the funds that were stolen and taken outside the US in the scam operation. His current whereabouts are unknown, but the SEC believes him to be a resident of St. Petersburg, Russia. He is also known to have frequently travelled to Tallinn, Estonia, to carry out his business. The SEC is currently working on the case with its Estonian counterparts. Linda Chatman Thomsen, Director of the SEC’s Division of Enforcement, warned potential fraudsters, “Account intrusions combine securities fraud, identity theft and hacking. Our action today demonstrates, once again, that the Commission will seek out and stop those who would prey on investors, in whatever manner.”

According to Natalya Kaspersky, CEO of Kaspersky Lab, Microsoft is unlikely to be at the vanguard of anti-virus, despite the securityenhancements of Vista and its standalone anti-malware product, OneCare.

Kasperksy claims there are three reasons why the software giant will struggle to muscle in on anti-virus vendors�?? territory.

Firstly, Microsoft�??s poor reputation in the securityfield. Says Kaspersky: �??Microsoft solutions are still perceived as being insecure or full of securityloopholes. The loopholes in Windows and MS Office applications are due, above all, to their extraordinary popularity �?? hackers across the world are always going to hack programs used by the majority. Given this, I am afraid that Microsoft�??s new anti-virus solutions may suffer the same fate, as virus writers will create malware that is designed primarily to evade detection by OneCare.�?�

Secondly, Kaspersky points to the speed at which anti-virus vendors must respond to new threats as another of Microsoft�??s weaknesses. �??All vendors face the same dilemma �?? either detect the maximum possible number of malicious programs, even at the risk of false positives; or avoid false positives at the risk of failing to detect malicious programs.

�??Just remember the media frenzy which broke out when Microsoft’s anti-virus flagged Gmail as being malicious. Given Microsoft�??s brand and reputation, it simply cannot afford to make such high-profile mistakes. As Microsoft will need to check each potential false positive with its legal department, response times to new threats will, inevitably, be slow.�?�

Finally, Kaspersky highlights detection rates as crucial to the commercial success of any anti-virus product. �??The detection rate is a very important characteristic of any anti-virus product. When OneCare was put through its paces by AV-Test GmbH at the University of Magdeburg as recently as September and November, the results from both tests indicated a detection rate that was fairly low by the standards of most anti-virus products.�?�

Kaspersky does, however, believe that Microsoft will in the future improve its anti-virus offering, but not to a level that will represent a threat to established anti-virus vendors. �??OneCare will improve its detection rates and take its place among its competitors; and it will offer user-friendly features �?? something Microsoft has always been good at. However, OneCare is unlikely to become a leader either in terms of response times to new threats, or in terms of detection rates.�?�

Kaspersky concluded by advising consumers that, despite securityenhancements to Vista, anti-virus remains crucial when operating any PC: �??Windows Vista does have a number of features that improve security, but it still cannot guarantee protection against malware. A standalone anti-virus solution is, therefore, a must.

�??Consumers can protect their PCs by choosing either a Microsoft solution, or one from an independent anti-virus company. When choosing a solution, makes sure that it�??s from a trustworthy vendor; and that it will reliably protect against malware. And last but not least, choose a solution that�??s Vista-compatible. A reputable anti-virus vendor will include this information in the system requirements.�?�

A 16-year-old has been charged in New Zealand with running an online scam and defrauding people of some $50,000. The teenager, who has a long criminal history, has been sent to a secure facility while awaiting trial, where he could face a five-year jail sentence.

It is believed he learned his computer skills while attending a special training course, which the police sent him on in the belief that it would help his personal development. He then used his parents�?? computer to post spyware on a message board, infiltrating his victims�?? computers and stealing personal data. He then used these details to milk people�??s bank accounts for money, stealing a total of about $50,000, while the largest single theft was of $6,323. Even though only $15,000 has been recovered so far, all the affected banks in New Zealand have agreed to pay back the money to their customers.

News of this teenager�??s online scam have come on the back of claims that organised cybercrime gangs have become adept at recruiting young technology students and even financing studies for some of them. As cybercrime becomes more widespread, profitable and organised, and attacks are becoming more sophisticated, criminal groups are targeting younger individuals and grooming them for operations. And whereas before it might have been curiosity or a desire to show off that led teenagers to become hackers, now it�??s the money that attracts them to cybercrime.

Downloaders hoping to get a free version of Microsoft’s Windows Vista OS (operating system) are getting more than they bargained for: a password-stealing Trojan.

Security researchers Sunbelt Software have confirmed that the Trojan is contained in a program called ‘windows vista all versions activation 21.11.06.exe’, which has been circulating on message boards, according to a report.

The program claims to be a ‘crack’ designed to unlock pirated copies of Vista, which was made available to Microsoft’s volume licensing customers last week.

In fact it installs malware known as Trojan-PSW.Win32.LdPinch.aze, which attempts to steal passwords and send them back to an attacker, according to security researchers Kaspersky, which first noticed the Trojan in early October.

Users who have come into contact with the supposed crack have reportedly found that Norton Antivirus and Eset’s NOD32 failed to detect the Trojan, though other antivirus programs did stop infections from occurring.

Microsoft has said it expects Vista to see the fastest adoption of any OS it has ever launched. Most analysts have taken a more cautious line, with many businesses saying they’ll wait for up to two years before planning an upgrade.