Antivirus News

Shortly after Symantec reported the discovery of a trojan called Mdropper.W, Microsoft confirmed that the trojan can penetrate systems through a hole in Word. In security advisory 932114, Microsoft adds, however, that only the outdated Word 2000 for Windows is vulnerable. More recent versions and Word for Mac OS are reportedly not affected. Furthermore, Microsoft says that attacks are quite rare.

There is currently no patch or workaround. Microsoft has not announced whether one would be released next Patch Tuesday or ahead of time, merely stating that one was being worked on. The list of outstanding patches for Microsoft software should thus only be a bit longer for a short time.

Aside from Symantec and Microsoft as part of Windows Live OneCare, the scanners of AntiVir, BitDefender, F-Secure, Kaspersky and Trend Micro have now been equipped with signatures that detect the infected Word document being circulated.

Security experts have reported that a slightly changed version of the contaminated document is in circulation; while AntiVir, BitDefender, F-Secure, Kaspersky and Trend Micro can reportedly detect it, the scanners of Symantec and OneCare apparently cannot.

Trend Micro will begin shipping its Certified for Windows Vista Internet security suite on 30 January.

The security firm’s Internet Security 2007 has been available for Windows XP and older versions since September 2006. But the full suite will shortly be made available for Vista users.

For Windows Vista consumers just wanting antivirus and anti-spyware, the company announced that the Certified for Windows Vista Trend Micro AntiVirus plus AntiSpyware 2007 will be available on the same day.

The Vista product incorporates the Trend Micro PC-cillin engine and anti-malware protection along with a host of new features addressing root-kits, spyware, phishing, spam, hacking, viruses, Wi-Fi attacks, smartphone threats and the growing number of ID threats.

The subscription also includes TrendSecure online security services.

Ben Fathi, corporate vice president of the Security Technology Unit at Microsoft, said: “Our security partners play a vital role in the early adoption, development and delivery of Microsoft technologies.”

When you buy a product (be it hardware or software), it is natural to assume that it will work perfectly out of the box. On the contrary, this isn’t always true, especially for the software industry, where most companies release patches/updates to resolve problems discovered during the product’s effective life cycle. Microsoft is no stranger to this concept and has been practicing this ever since the company existed. Security issues are particularly problematic to both personal and company’s productivity and in the bigger picture, a corporation’s well operand Microsoft is always on their toes to provide solutions for their customers so that they would be less prone to malware attacks and the likes. One such instance that we vividly recall was the annoying malware issue plaguing the early days of Windows XP with Service Pack 1 (SP1) which caused system slowdowns and forced shutdowns. The malware problems then were so chaotic that Microsoft followed up with SP2 to put an end to those security flaws.

Like it or not, security problems can’t be wished away with a magic wand. Even till today, Microsoft along with other third parties like Trend Micro and McAfee are constantly tracking malware activities and providing solutions to their customers on a weekly basis. Statistics show that up to one billion people in the world are using computers and have networking capabilities. Out of which 30 percent are potential cyber-victims to security threats. In today’s context, cyber-victims are not just victims of malware attacks that mess up their computer systems. A large portion of the online attacks happening today are in the area of online identity theft and fraud transactions resulting from visiting phishing sites. With so many security concerns hanging over our heads, Microsoft isn’t taking things lightly with their upcoming operating system (OS). In fact, security is a major focus in the development of Windows Vista to ensure its users can work and play on the new OS confidently and securely. You can expect a lot of new changes in Windows Visa that stands out from the current Windows XP operating system.

On that note, you might ask us what differences exist between Windows XP and Windows Vista with regards to security. That’s what this article is all about and we’ll show you some of the security benefits that Windows Vista users will gain when they migrate from Windows XP.
The Real Security Center is on Vista

In Windows XP SP2, there is a feature known as the Security Center within the control panel that allows you to quickly view and manage basic security related options (such as your firewall, Internet options and automatic updates settings). This one-stop center in XP is very handy and it is only natural that it gets ported over to Windows Vista. The concept behind the ‘one-stop center’ will remain, but you can expect more flexibility and features on Windows Vista to thwart those nasty attacks off your system. You’ll find several new options in the latest security center, so we’ll be stepping through each of them one at a time. To start off, here’s how the Security Centers differ of the old and new:-

A nuisance known as “tab-jacking” may soon begin stalking internet users, according to security experts.

Tab-jacking involves exploiting a feature found in the latest internet browsers, including Microsoft’s new version of Internet Explorer, IE7, and the rival open source browser Firefox. Both programs let users open several web pages within a single browser window and switch between them quickly by clicking on the tabs at the top of the window.

The aim is to make surfing simpler while also using less of the computer’s memory, since new browser windows do not need to be opened. However, it may also open up new opportunities for so-called adware programs, claims Ed English, chief technology officer of security firm Trend Micro, based in California, US.

Security settings

Adware programs can be installed on a PC unwittingly, but they can also exploit software bugs or lowered security settings to wriggle onto a machine. Such programs may generate unwanted pop-up web pages or redirect a browser to different pages. Soon, English says, these pests may start hijacking web browser tabs too.

Researchers at Trend Micro created a prototype program that demonstrates how easily an adware program could take control of a browser’s tabs.

The effect could be more annoying than pop-up adverts, English claims, since the nuisance could be buried among genuine ones.

The problem will also remain as long as the adware responsible remains on a computer. “Even if the user manually shuts down the hijacked browser tab, when he next restarts, the adware tab will be restored,” English says.

Increasing threat

English believes that tab-jacking may increase once Microsoft’s new operating system is released this year, as this comes bundled with IE7.

Mikko Hypponen chief research officer at Finnish computers security firm F-Secure agrees that adware writers will be unable to resist tab-jacking. “I think it’s inevitable,” he says.

Hypponen is also concerned that the trick could provide another way to carry out financial scams. Hijacked tabs could perhaps be made to replace legitimate pages, posing as the log-in page for an online bank, for example.

Microsoft did not respond to requests for comment by time of posting.

Social networkin g sites like YouTube, Orkut and MySpace, that were a mad rage among young netizens last year, may be hot targets for virus attacks this year. 
 
Research by F-Secure tells us about dangerous vulnerabilities in Cross Site Scripting (XSS) that is used on some of these sites. Niraj Kaushik, country manager, Trend Micro (India & SAARC) speculates, �??Web threats will impact consumers and corporations alike through confidential information leakage, identity theft, bot infection, adware/spyware installation, and the like.�?� 
 
In 2007, Trend Micro also expects to see the bot threat grow with its creators finding newer methods to install them in users machines. �??More ingenious social engineering and software vulnerabilities will be the likeliest candidates for this,�?� adds Kaushik. 
 
In 2005, security pundits declared there was a marked decrease in the growth rate of spam and some major networks such as AOL even reported a modest decrease in spam volumes. Spam filter efficacy was high worldwide so much that many found themselves in agreement with Bill Gates who said �?? �??the spam problem was solved�?�. 
 
However, by end 2005, spam volumes increased 200 per cent. And this surge continues in 2007. Predictably, spam volumes will again more than double and spam throughput is expected to again triple, putting strain on global email infrastructure and causing disruptions in legitimate email delivery, predicts a security report by IronPort. 
 
Spammers are adopting techniques used by virus writers for years and that�??s the alarming bit. Spammers will develop a new strain or variant of spam and might send out a very limited trial quantity to see how effective the new strain is against spam filters. Once spammers are confident that they have created a content set that will get through most spam filters, they will launch a very large-scale attack, warns IronPort. 
 
Windows Vista�??s arrival in 2007 will only add to the frown lines. Says Vishal Dhupar, managing director, Symantec India, �??Be ready to witness an increased attacker interest and motivation in the coming year. Consumers and businesses will soon start to migrate to Windows Vista and there may be more threats that target this new operating system as adoption rates increase.�?� 
 
Security report by Symantec notes that macro-based viruses that have increased from zero outbreaks in 2005 to 15 outbreaks in 2006, are to be watched carefully in 2007 Macro-based viruses are viruses that reside inside Microsoft files such as Word and Excel files. 
 
These viruses can be very potent, since many email administrators rely on attachment file type filtering to limit exposure to new outbreaks. Furthermore, Word and Excel files are much more familiar to end users, resulting in higher open and infection rates than more esoteric attachment file types. 
 
Parasitic malware will make a comeback, says McAfee. �??Even through parasitic malware accounts for less than 10 per cent of all malware (90 per cent of malware is static), it seems to be making a come back. Parasitic infectors are viruses that modify existing files on a disk, injecting code into the file where it resides. When the user runs the infected file, the virus runs too.�?� 
 
Popular polymorphic parasitic file infectors identified in 2006 had stealth capabilities and could download Trojans from compromised ites. 

A recent wave of web worms appearing on social networking websites represent a new generation of more sophisticated computer worms.

Early forms of the computer threats classified as “worms” were intended more for causing havoc or were designed for proof-of-concept purposes to determine if vulnerabilities could be exploited.

Recently, however, new worms have been discovered on social networking sites such as MySpace, which are designed to steal data.

These new worms employ cross-site scripting (XSS) flaws found on many websites.

XSS is defined on the Whatis.com website as a security exploit in which the attacker inserts malicious codes into a link that appears to be from a trustworthy source. When the user clicks on the link, the embedded programming is submitted as part of that user’s web request and can execute on the user’s computer, typically allowing the attacker to steal information.

Web server applications that generate the web pages dynamically are vulnerable to this type of exploit if they fail to validate user input.

The popular MySpace website was first hit with the Samy worm in October.

Adam Biviano, a senior systems engineer at security firm Trend Micro, said a MySpace.com user, called Samy, had created a “malicious” profile by taking advantage of a flaw in the website’s design. The profile, when viewed, automatically activated a code to add the visitor to Samy’s “friends” list. Additionally, the malicious code would be copied into the victim’s profile, so when that person’s profile was viewed, the infection spread.

According to Biviano, “The infection stays on the website and almost creates a denial-of-service attack, because there is an exponential explosion of entries in your friends list that will eventually consume the infrastructure.”

The apparent intent of the Samy worm creator was to increase his popularity on the social networking site. In terms of numbers of “friends,” it worked.

In an e-mail interview posted on Google Blogoscope, the young author said: “It didn’t take a rocket or computer scientist to figure out that it would be exponential, I just had no idea it would proliferate so quickly.”

“When I saw 200 friend requests after the first eight hours, I was surprised. After 2,000 a few hours later, I was worried,” he said.

“Once it hit 200,000 in another few hours, I wasn’t sure what to do but to enjoy whatever freedom I had left, so I went to Chipotle and ordered myself a burrito. I went home and it had hit 1,000,000.”

The Samy worm demonstrated the ease with which cross-site scripting could be used as an exploit and was quickly followed by a major phishing attack later in October.

One such exploit changes a user’s profile to include links to a pornographic website that hosts spyware.

Hackers are finding cross-site scripting “holes” in numerous large websites.

According to computer firm CGI, sites such as CNN.com, Time.com, Ebay, Yahoo, Apple computer, Microsoft, Zdnet, Wired and FBI.gov have one form or another of XSS bugs.

Protecting yourself will involve work.

For specific suggestions on steps to take consider visiting the website www.cgisecurity.com and searching for the article: xss-faq.

John Millar is the president of Digital Boundary Group, a London-based information technology security services firm. This article, written with the assistance of Deborah Washburn, a security specialist, contains general comment and suggestions. Digital Boundary may be reached at 519-652-6898. E-mail him at jmillar@digitalboundary.net.

KUALA LUMPUR: Trend Micro Inc, a provider of security software, hardware and services has published its 2006 Threat Report and 2007 Forecast.  

The report forecasts a further increase in web threats next year. Web threats are defined as those that use the Internet to perform malicious and often self-perpetuating activities.  

Malicious attackers are increasingly using public networking sites to hide their malware, with unsuspecting users downloading malicious files, often triggering multiple infection routines. 

Money remains the primary driver behind the majority of threats. Web-based threats have increased by almost 15% since last December accounting for almost half-a-million reports this year. 

2006 saw the disappearance of large virus outbreaks, replaced instead by smaller targeted or regional attacks.  

A targeted attack focuses its aim on a particular group of people �?? such as a specific company or user group.  

Regional attacks are similar, but target a country or region with a carefully crafted piece of malware using some type of event that would be of importance to the target group.  

Outbreaks are quite different in this new situation, affecting fewer users and often combining multiple pieces of malware to create one blended threat. 

Trend Micro anticipates that this trend will continue to be used by attackers in 2007 and beyond.

Japanese software maker Trend Micro Inc. has developed technology to help thwart a form of spam that’s tough to crack �?? e-mail sent in the form of scanned images, a senior executive said on Friday.

Spam filters are generally efficient in scanning ordinary text messages as computers can search quickly for specific words or word patterns, which serve as red flags in identifying junk mail.

But spammers have learned to get around those programs by using imaging software to essentially make copies of text messages and turn them into graphic images that cannot be scanned using conventional methods.

About 40 percent of all spam messages are image-based, compared with about 10 percent a year ago, according to McAfee Inc., another software company that specializes in Internet security.

Trend Micro plans to introduce software in the first quarter of 2007 next year to allow companies to scan image-based spam without requiring huge amounts of processing power that can slow down email traffic.

“We believe it addresses most types of image spam that we’re seeing in the world today,” Trend Micro Director of Product Development Paul Moriarty said in an interview.

The company filed a U.S. patent application related to the technology in the middle of November, Moriarty said.

Analysts said that to detect graphic-based spam, companies currently need to use optical character recognition programs to convert those images back into text for scanning.

That process can be time-consuming and tax the resources of corporate computer networks, said Andrew Jaquith, a computer security analyst with technology researcher Yankee Group.

“It’s very processor-intensive. It’s not an easy thing. You’ve got to crack the image open. You’ve got to look at a lot of bytes,” Jaquith said.

Trend Micro declined to say how its new software will handle that technology challenge.

BOSTON - Security software maker Trend Micro has developed technology to help thwart a form of spam that’s tough to crack: e-mail sent in the form of scanned images, a senior executive said Friday.

Spam filters are generally efficient in scanning ordinary text messages as computers can search quickly for specific words or word patterns, which serve as red flags in identifying junk mail.

But spammers have learned to get around those programs by using imaging software to essentially make copies of text messages and turn them into graphic images that cannot be scanned using conventional methods.

About 40 percent of all spam messages are image-based, compared with about 10 percent a year ago, according to McAfee Inc another software company that specializes in Internet security.

Trend Micro plans to introduce software in the first quarter of 2007 next year to allow companies to scan image-based spam without requiring huge amounts of processing power that can slow down email traffic.

“We believe it addresses most types of image spam that we’re seeing in the world today,” Trend Micro Director of Product Development Paul Moriarty said in an interview.

The company filed a U.S. patent application related to the technology in the middle of November, Moriarty said.

Analysts said that to detect graphics-based spam, companies currently need to use optical character recognition programs to convert those images back into text for scanning.

That process can be time-consuming and tax the resources of corporate computer networks, said Andrew Jaquith, a computer security analyst with technology researcher Yankee Group.

“It’s very processor-intensive. It’s not an easy thing. You’ve got to crack the image open. You’ve got to look at a lot of bytes,” Jaquith said.

Trend Micro declined to say how its new software will handle that technology challenge.
By: Jim Finkle

London �?? October 9, 2006 �?? Trend Micro Incorporated (TSE: 4704, NASDAQ: TMIC), a leader in network antivirus and content security, today announced InterScan�?� Messaging Security Appliance, a comprehensive solution for enterprises to address email-based threats including spam, phishing, bots, spyware, and viruses, as well as content compliance.

With the release of InterScan Messaging Security Appliance customers can receive the same superior email security on either software or an appliance, enabling them to pick the solution that best fits their network environment.   While InterScan Messaging Security Appliance offers the same security features and flexible policy implementation as its software predecessor�??InterScan Messaging Security Suite�??the appliance form factor provides high throughput with hardware redundancy to ensure continuous security.

InterScan Messaging Security Appliance offers comprehensive email protection at the gateway.  This solution provide anti-spam and anti-phishing protection, award winning antivirus that includes IntelliTrapTM technology to combat zero-day threats, as well as providing flexible content filtering to support regulatory compliance, assist with corporate governance, and prevent loss of confidential information.  In addition, all of this protection is seamlessly integrated and centrally managed in the Web-based InterScan Messaging Security Appliance console.

To achieve industry-leading spam catch rates with very low false positives, Trend Micro has armed its customers with dual-layer spam protection called Spam Prevention Solution. Trend Micro Network Reputation Services provides the initial layer of protection by stopping a majority of mail-based threats at the connection layer before they even reach the gateway. The reputation services verify IP addresses of incoming email against the world�??s largest, most trusted reputation database, and use a dynamic reputation service to identify new spam and phishing sources, stopping even zombies and botnets when they first emerge. 

A new version of Network Reputation Services is integrated into InterScan Messaging Security Appliance in addition to being available as a standalone service. Released today, Network Reputation Services provides a new portal that allows customers to set policies for their specific email environment while also enabling customers to easily set specific email blacklist/whitelist policies. One policy-setting feature, for example, restricts email based on the geographical origin or ISP of potential email senders.

The second layer of InterScan Messaging Security Appliances spam protection is a powerful and elegantly architected composite engine.  This engine filters spam and phishing emails at the gateway through advanced heuristics, statistical analysis, signature filtering, whitelists, blacklists, and other anti-spam techniques.  This combined approach catches any remaining threats before they reach the inbox. The robust composite engine also detects non-English spam, providing additional support for global companies.

�??We feel that Trend Micro has a solid strategy in place for continuous product development and improvement and this shows specifically with InterScan Messaging Security Appliance,�?� said Antonio Traetto, Global Messaging Manager, Rexam. �??With the hardware and software coming from Trend Micro, we can have all support coming from one central place, which saves support time, effort and reduces warranty costs.�?�

The InterScan Messaging Security Appliance is one of the messaging security components of Trend Micro�??s Enterprise Protection Strategy, which is the most comprehensive and effective security solution framework available for today�??s enterprise. This framework includes products that secure the network at all entry points from the gateway to the desktop.

�??Trend Micro remains the global leader in gateway security because we never lose sight of product innovation�??everything from new and improved levels of threat protection to catering to the form-factor preferences of our broad customer base,�?� said Max Cheng, general manager Trend Micro enterprise business operations. �??With the release of InterScan Messaging Security Appliance, Trend Micro is combining its best-of-breed email security with the performance advantages of a hardware appliance to specifically address customers with exceptionally demanding network requirements.�?�
 
Pricing and Availability
InterScan Messaging Security Appliance is currently available worldwide.  North American pricing starts at $20,180. Other models are available to support up to 25,000 users per device.