Antivirus News

Shortly after Symantec reported the discovery of a trojan called Mdropper.W, Microsoft confirmed that the trojan can penetrate systems through a hole in Word. In security advisory 932114, Microsoft adds, however, that only the outdated Word 2000 for Windows is vulnerable. More recent versions and Word for Mac OS are reportedly not affected. Furthermore, Microsoft says that attacks are quite rare.

There is currently no patch or workaround. Microsoft has not announced whether one would be released next Patch Tuesday or ahead of time, merely stating that one was being worked on. The list of outstanding patches for Microsoft software should thus only be a bit longer for a short time.

Aside from Symantec and Microsoft as part of Windows Live OneCare, the scanners of AntiVir, BitDefender, F-Secure, Kaspersky and Trend Micro have now been equipped with signatures that detect the infected Word document being circulated.

Security experts have reported that a slightly changed version of the contaminated document is in circulation; while AntiVir, BitDefender, F-Secure, Kaspersky and Trend Micro can reportedly detect it, the scanners of Symantec and OneCare apparently cannot.

Japanese law enforcement authorities have taken down what they claim to be a massive spam operation responsible for sending out more than five billion junk emails over a two-month period in the summer of 2006. A total of four men were arrested including Yoshimitsu Hirono, president of large Japanese dating site Takumi Tsushin, based in Tokyo.
The police believe he was responsible for the orchestration of a massive spam operation that saw tens of millions of people receiving unwanted messages every day in July and August last year. In order to carry out their mass mailing the group built and operated a 128-strong computer cluster that was physically located in China and was remotely accessed from Japan. It was used to mass-mail advertising material for Hirono�??s dating site utilising a huge illegal database of Japanese email addresses. The Takumi Tsushin dating site is believed to have significantly profited from the spamming operation, boosting client numbers and making up to $1 million every month. Police say the four men who were detained in connection with this case have already admitted their guilt.

According to a report in the Daily Mainichi, the spamming group used China as a base not only to cover their tracks, but also because running costs there are much lower. Over the past years China has consistently performed as one of the top spam-relaying countries, second only to the US.

Two alleged cybercriminals are waiting to hear if they will have to go to jail for their part in creating and running a 1.5-million-strong botnet. Dutch authorities are hoping that the presiding judge at the court in the southern city of Breda will send the two unnamed individuals, who are 20 and 28 years old, to prison for a maximum of three years.

Police arrested the two men in their homes in Loop op Zand and Rijswijk back in 2005. In what has been the biggest cybercrime investigation in the legal history of the Netherlands, the prosecution claim to have proved both men created a massive network of bot computers. In order to hijack the 1.5 million PCs they used a special worm known as �??Toxbot�?�. Additionally, Dutch media have claimed that the pair were involved with the Russian Internet mafia and helped to write a Trojan called �??Wayphisher�?� that was used to steal private financial data from victims in Europe and US.

The prosecution service in the Netherlands has also alleged that the criminal group carried out cyberblackmailing. It is claimed the men threatened to carry out a Denial of Service attack on US advertising firm 180Solutions Inc., previously known as Zango Inc. The American company has in the past been linked with illicit promotion techniques and surreptitious installation of its products. Another claim from the police has been that the two men participated in phishing attacks, stealing financial data and gaining access to e-banking and PayPal accounts. These stolen funds were then used to fund the purchase of computer and other electronic goods, such as gaming consoles. Now, though, the prosecution hopes that money will be recouped: apart from the jail sentence it has asked the judge to impose large monetary fines totalling some 60 thousand Euros on the accused. A final verdict will be returned on 30 January.

17 Jan 2007 , Cupertino, CA : Symantec Corp. (NASDAQ: SYMC) today announced Veritas Storage Foundation 5.0 High Availability (HA) for Windows, a comprehensive solution that delivers data and application availability for Microsoft Windows environments. It combines two industry-leading solutions — Storage Foundation for Windows and Veritas Cluster Server — together with enhanced usability tools to simplify storage management, high availability and disaster recovery for mission-critical Windows applications such as Microsoft Exchange, SQL Server, and SharePoint Portal Server.

“Customers are placing more of their mission critical applications on the Windows platform. They need storage management solutions that provide higher availability and better disaster recovery than ever before,” said Laura DuBois, research director, Storage Software at IDC. “Storage Foundation HA for Windows offers enterprises unique capabilities in non-disruptive storage operations, scalable high availability, and disaster recovery solutions — along with centralized storage visibility and control that are must-have requirements for Windows environments.”

Software Infrastructure Standardization for the Data Center
Veritas Storage Foundation helps manage explosive data growth, optimize storage hardware investments, provide unparalleled application availability and drive down operational costs via a set of standard tools for Windows, Linux, and UNIX environments. Storage Foundation for Windows introduces new capabilities to help users standardize their storage and high availability software infrastructure.

New to this release is Veritas Storage Foundation Basic for Windows, a free version of Storage Foundation for Windows, designed for edge-tier and infrastructure workloads, enabling customers to leverage Storage Foundation for Windows and capitalize on the benefits of a standard infrastructure solution across every server in their data center. Storage Foundation Basic for Windows includes Dynamic Multi-pathing (DMP) and runs on physical and virtual servers with system configurations that do not exceed 4 volumes or 2 physical processors in a single physical system. Storage Foundation Basic for Windows is available for download at www.symantec.com/sfbasic.

Customers standardizing on Storage Foundation for Windows and DMP can leverage the broadest storage array support of any multi-pathing solution — including support for leading array families from EMC, HP, HDS, IBM, Network Appliance, and Sun — to achieve the most agility and highest return on their storage hardware investments. Customers also have the flexibility to choose the storage network infrastructure that best fits their needs. Symantec is the only vendor fully certified with Microsoft’s MPIO framework for both Fibre Channel HBA StorPort and Microsoft iSCSI software. Additionally, Storage Foundation for Windows introduces advanced iSCSI SAN management capabilities including automated discovery, management, and configuration of IP-based SANs.

“Standardization on Storage Foundation HA for Windows allows customers to have more flexibility in their storage hardware decisions and drives down operational costs by enabling them to use a single tool,” said Rob Soderbery, senior vice president of Symantec’s Storage Foundation Group. “This release has furthered the ROI of standardization by reducing the cost of deploying Storage Foundation on every server and enabling customers to have visibility and centralized control of storage management, high availability, and disaster recovery capabilities across their entire data center.”

Improved Storage Manageability and Performance
Storage Foundation for Windows enables customers to drive down operational cost while improving mission critical application service level agreements by introducing a set of new capabilities for improving manageability and performance. Symantec will add support for Storage Foundation Management Server, which provides comprehensive visibility and control throughout the data center infrastructure. This multi-host management capability enables IT organizations to centrally manage their application, server, and storage environments, leading to rapid problem resolution, simplified data migrations, higher service levels, and reduced risk of human error. Storage Foundation Management Server will support Storage Foundation for Windows 4.x and 5.0, Veritas Volume Replicator Option, and Storage Foundation for Windows Basic, which means customers can view and manage all such instances of Storage Foundation across their entire data center through a single, unified tool.

Administration costs are also reduced by a set of new configuration wizards which make storage, cluster, and replication installation set up times more than 50 percent faster and allow administrators to use a simple GUI to schedule point-in-time copies when using the FlashSnap Option.

To ensure that customers can realize the highest levels of performance, Storage Foundation for Windows adds a set of new application performance enhancing capabilities including:

�?? Dynamic optimization of storage volume layout improves performance by up to 40 percent with its automated track aligned volume capability;
�?? Four new load-balancing algorithms for DMP allow granular performance tuning for Microsoft Exchange and SQL Server applications; and
�?? Veritas FlashSnap Option offers up to 60 percent better snapshot performance

“Ease-of-use is imperative when setting up clusters, taking point-in-time copies, recovering disk space and ensuring proper server configurations,” said Jerry Craft, assistant vice president and manager of network services, Farmers and Merchants Bank of Long Beach, California. “The wizards introduced in Veritas Storage Foundation 5.0 HA for Windows will help my team save time and reduce errors, while taking the guesswork out of traditionally resource-intensive, yet critical storage management tasks.”

Simplified Clustering with Veritas Cluster Server
Veritas Cluster Server, the most sophisticated high availability and disaster recovery solution for Windows environments, also introduces new features designed to improve manageability and reduce administration burden of providing high availability. Cluster Server’s secure, web-based Cluster Management Console simplifies the task of managing, monitoring, and configuring multiple clusters for Windows, Linux, and Unix, running in multiple data centers. Cluster Server significantly reduces operational costs by providing the same comprehensive protection across physical and virtual server environments including Windows, VMware, and Microsoft Virtual Server.

Cluster Server also includes Fire Drill, which enables organizations to regularly test disaster recovery scenarios without exposing production applications to risk and downtime. The new step-by-step wizard-driven workflow simplifies the task of configuring Fire Drill, data replication, and high availability/disaster recovery solutions for Exchange, SQL Server, Oracle, and other applications. It also reduces risk to the business by preemptively and proactively identifying potential configuration issues before they occur by monitoring any configuration drift among cluster nodes.

For mission-critical applications that require coordination of application clustering and remote data protection, the Veritas Volume Replicator (VVR) Option has added the ability to coordinate snapshots at both the primary and/or a remote secondary location for consistent backup or disk-based disaster recovery solutions. Additionally, with the new bunker replication feature of the VVR Option, organizations can select a data replication strategy of replicating data over any distance without losing a single transaction–a recovery point objective of zero over any distance. Symantec is the only company providing this level of protection for heterogeneous server and storage environments.

About Symantec
Symantec is a global leader in infrastructure software, enabling businesses and consumers to have confidence in a connected world. The company helps customers protect their infrastructure, information, and interactions by delivering software and services that address risks to security, availability, compliance, and performance. Headquartered in Cupertino, Calif., Symantec has operations in 40 countries. More information is available at www.symantec.com.

   BEIJING, Jan. 12 — Chinese search engine Baidu.com Inc has teamed up with Symantec Inc to help the international Internet security giant market its antivirus software.    The strategic partnership will put Symantec products on China’s most popular search engine.

    The Symantec software will be integrated into Baidu’s antivirus channel, where users can place orders for the Norton Antivirus series, Beijing-based Baidu said yesterday.

    ”We believe we can offer our users a better experience by making the leading Internet security solution from Symantec available on our site,” said Zhu Hongbo, Baidu’s chief operating officer.

    Baidu launched its online antivirus service in November last year amid the company’s efforts to complete its business portfolio and make money from individual consumers, rather than rely heavily on corporate payments for advertising services.

    The effort began in 2005 when Baidu began offering a movie page that provides both free and paid contents targeting individual Web users.

    Three overseas antivirus software companies including McAfee and domestic firms such as Kingsoft Corp have signed contracts with Baidu to free virus analysis, downloads and other services on its cyber platform.

    The antivirus product market grew 5.9 percent to 285 million yuan in the third quarter last year and was highly competitive. Symantec held a 15 percent share of the market during the period, trailed by Trend Micros Enterprise China, which took a 13 percent share.

    Beijing Rising Antivirus Software led with a 22 percent share, according to Analysys International, a Beijing-based research firm.

(Source: Shanghai Daily)

It appears that a previously reported issue where Symantec LiveUpdate (for Norton AntiVirus) was failing to run properly on some Mac OS X systems has been resolved on the server-side.

MacFixIt reader Rick Night writes:

“Running LiveUpdate now updates LiveUpdate to the promised v. 4.0.3. I ran it today and saw no adverse changes in the Subscription Expiration date of my newly re-installed NAV. Everything seems to be in order now.”

Moscow-based Kaspersky Lab on Thursday updated its consumer security product line with beta support for Microsoft’s Windows Vista, the next-generation operating system that will roll out to retail the end of next month.

Maintenance Pack 2 for both Kaspersky Anti-Virus 6.0 (KAV) and Kaspersky Internet Security (KIS) 6.0 adds Vista support to the pair of programs, which debuted in May 2006. Current users can download the update free of charge.

“Many of our users have expressed interest in Vista, and we are providing a clear path for them to do so,” Steve Orenberg, company president, said in a statement. “Customers can confidently continue to enjoy protection from Kaspersky regardless of which operating system they choose.”

Kaspersky is only the latest security vendor to update its consumer line to account for Vista. Symantec, for example, has had betas of Vista versions of its Norton AntiVirus and Norton Internet Security available for several weeks.

The maintenance pack for KAV and KIS can be downloaded from several Kaspersky FTP servers.

Phishers have branched out beyond e-mail, a security researcher said, and are now exploring both VoIP and text messaging as attack avenues.Voice over IP is attractive to identity fraudsters, said Zulfikar Ramzan of Symantec’s Advanced Threat Research group, in a company blog entry Tuesday, because it’s an affordable way to dial large numbers of phone numbers. Dubbed “vishing” for voice phishing, “such attacks can be conducted cheaply enough that phishers might see a sufficient return on their investment,” Ramzan said. Phishers substitute phone numbers for URLs in traditional e-mailed come-ons or dial consumers directly, circumventing e-mail entirely.

Another tactic, said Ramzan, is “smishing,” for SMS phishing. “A victim might receive a phone [text] message saying that he or she will be charged $x per day if a fictitious order at a particular Web site isn’t cancelled,” he said. “In a panic, the victim then visits the site to cancel the order [but] in the process the victim will end up with malicious software on his or her machine.”

Symantec also has accumulated evidence that shows that some phishers are collecting user names and passwords fast enough to defeat two-factor authentication number generators and are using one-time, quickly disposed URLs to avoid site blacklisting, a common anti-phishing technique.

“Phishers have demonstrated that they really mean business,” Ramzan said. “Their attacks have become more frequent, more varied, and quite frankly more innovative. We must continuously out-innovate them and persistently redouble our efforts.”

Of all the things to be exploited by a worm, who’d expect your security software? But one research company says it’s happening and it’s a new trend. See who’s getting exploited in the Top Threat section.

Last week we had two new attacks on Microsoft Word and this week another one cropped up. Get the status on the whole situation in the Yet Another Word Vulnerability section.
Microsoft mistakenly issued an update for their Mac Office 2004 last week. See what happened and how Microsoft is going to make it right in the Mistaken Mac Fix section.

Are you a Bank of America customer? The Sitekey feature is there for your safety, but you still have to be careful about it, as is demonstrated in this week’s Top Phish.

QuickBooks users regularly endanger themselves because the product requires them to give excessive privileges to users. But there’s a way to run QuickBooks 2006 as a non-Administrator. See this week’s Security Tip for details.

You meet a lot of strange people buying and selling online, and some of them are trying to steal from you or dupe you into committing crimes for them. See an example of this sort of thing in this week’s Bonus Security Tip.

DEP/NX has been included in CPUs for years to prevent malware attacks, but it’s generally turned off by default because of incompatibility with legitimate software. This may be changing; See the DEP/NX Advances section for the reasons why.

A hacker’s attempt to blackmail his company backfired, and now he’s headed for the pokey. Read about this and other news in the Security Watch Story Feed.

New York - A worm is attacking personal computers via a known flaw in popular antivirus software from Symantec Corp, as hackers make the unusual move of using a non-Microsoft product to infiltrate PCs.eEye Digital Security, an Aliso Viejo, California, vulnerability-management company, said it discovered the worm, which it dubbed “Big Yellow”, late on Thursday in its “honeypot”, a network for collecting malicious programs. A Symantec spokesperson wasn’t immediately available for comment.

Big Yellow enters machines through a security hole in the remote management interface of versions of Symantec AntiVirus and Symantec Client Security to take complete control of the computer.

Once infected with the worm’s malicious “bot” program, the PC can be networked by an attacker with other computers in a “botnet” and used to attack others on the internet.

eEye urged corporate information-technology departments to fix the flaw, which eEye discovered in late May, using a patch issued by Symantec at that time. It also said network operators should take steps to deploy overdue security patches for other non-Microsoft applications.

“Many IT departments have not yet deployed this patch, as heretofore they have not considered their desktop security applications as a point of vulnerability,” eEye said in a press release.

“IT urgently needs to understand that the new vector for attack will not come from Microsoft, but from the myriad applications that are scattered throughout its network.”