Antivirus News

Two alleged cybercriminals are waiting to hear if they will have to go to jail for their part in creating and running a 1.5-million-strong botnet. Dutch authorities are hoping that the presiding judge at the court in the southern city of Breda will send the two unnamed individuals, who are 20 and 28 years old, to prison for a maximum of three years.

Police arrested the two men in their homes in Loop op Zand and Rijswijk back in 2005. In what has been the biggest cybercrime investigation in the legal history of the Netherlands, the prosecution claim to have proved both men created a massive network of bot computers. In order to hijack the 1.5 million PCs they used a special worm known as �??Toxbot�?�. Additionally, Dutch media have claimed that the pair were involved with the Russian Internet mafia and helped to write a Trojan called �??Wayphisher�?� that was used to steal private financial data from victims in Europe and US.

The prosecution service in the Netherlands has also alleged that the criminal group carried out cyberblackmailing. It is claimed the men threatened to carry out a Denial of Service attack on US advertising firm 180Solutions Inc., previously known as Zango Inc. The American company has in the past been linked with illicit promotion techniques and surreptitious installation of its products. Another claim from the police has been that the two men participated in phishing attacks, stealing financial data and gaining access to e-banking and PayPal accounts. These stolen funds were then used to fund the purchase of computer and other electronic goods, such as gaming consoles. Now, though, the prosecution hopes that money will be recouped: apart from the jail sentence it has asked the judge to impose large monetary fines totalling some 60 thousand Euros on the accused. A final verdict will be returned on 30 January.

MicroWorld Technologies, provider of anti virus and content security products, presents a free Security Check up and repair for Virus and other malwares in computers, as part of its New Year celebrations.

MWAV 8.x from MicroWorld comes with come new power packed features to enhance its detection power and usability. Apart from the new and improved GUI, MWAV now detects and removes Spywares and Adwares, while also cleaning the registry entries made by these harmful programs.

“Many a times the first time users of MWAV are shocked to find out some nasty Trojans and spywares in their computers for months and years,” says Manoj Mansukhani, head, technology and marketing, MicroWorld Technologies.

“This free check up will benefit several computer users, while giving them a first hand experience of our technological edge over the competitors”.

The MWAV is simple in terms of installation of the software, as it consists of downloading and running the toolkit to scan the computer right away. MWAV even provides an option to add it to the startup list of programs on the PC so that the toolkit scans computer. The free version of MWAV can be downloaded from http://www.mwti.net/products/mwav/mwav.asp. This version will scan and clean the computer of any threats with the latest updates up to 15th February 2007.

“We are witnessing unprecedented growth in business volumes and market explorations in the last year, owing to intension of creating and enhancing a Futuristic Security Intelligence in each of them,” says Govind Rammurthy, CEO, MicroWorld Technologies.

MicroWorld updates its virus vaccines every hour in all its products, giving protection against Viruses, Worm, Trojans, Trojan Clickers, vulnerability exploits, Trojan Downloaders, Spyware, Adware, Keyloggers, Backdoors and Rootkits and many other such breeds.

Gagar CC is a Trojan that connects to a certain IP address and downloads
another Trojan called Alanchum.MU. The latter, in turn, downloads the
following malware onto the infected computer:

* Duel.A: This worm uses specific techniques in its code in order to
hide while it is active.

* Nuwar.B: This Trojan spreads via email and downloads another Trojan,
Gagar.CB, onto the infected computer.

* Spammer.ER: This is a Trojan that provides the email addresses to
which to send Nuwar.B.

The second Trojan we are looking at this week is Mitglieder.LX.  This
malicious code downloads a file from several web pages and runs it on
the computer. The downloaded file is a variant of the Bagle worm.  It
passes itself off as a crack (a tool for removing protection from
original software) for a certain program.

RaHack.BB is a worm with no destructive effects.  Its main purpose, as
with all worms, is to spread to other computers. It can infiltrate
computers which have the Radmin remote-administration application by
exploiting weak passwords. Similarly, if the compromised computer is
part of a network, RaHack.BB will try to access shared resources on the
network and copy itself to them.

All users that want to know whether their computers have been attacked
by these or other malicious code can use ActiveScan, the free, online
solution available at: www.pandasoftware.com/activescan. This allows
users to thoroughly scan their computers if they suspect they have been
infected.

MADRID, December 26, 2006

Panda ClientShield with TruPreventTM Technologies, Panda�??s security solution designed to protect workstations from Internet threats, has obtained certification by ICSA Labs, an independent division of Cybertrust, in the Anti-Spyware for Windows XP Professional category.

The test conducted by ICSA Labs laboratories provides a dual-perspective analysis. On one hand, it focuses on the capacity to block the entrance of spyware and, on the other, examines the detection of this type of software once it has become installed on the computer. Subject to different tests during the analysis, Panda ClientShield with TruPreventTM Technologies passed 100% of the test attacks, thereby obtaining the above-mentioned certification.

ICSA Labs certifications formally acknowledge the effectiveness of the software analyzed against Internet risks and threats, in addition to its user protection capacity. Therefore, the Panda Software product certified by these laboratories is guaranteed to protect against spyware both before and after it has installed on a computer.

Spyware detection, category in which Panda ClientShield with TruPreventTM Technologies has obtained certification, is becoming increasingly important due to the fact that this type of malicious software is one of the greatest risks posed by the Internet. Spyware programs gather data relative to the affected user�??s web surfing habits and preferences.

Panda ClientShield with TruPreventTM Technologies is aimed at workstations in corporate environments. With its low resource consumption and high performance level, this security software is capable of protecting against virus, worms, Trojans and all kinds of malware, in addition to filtering spam, blocking the use of spyware, dialers and other tools normally used by hackers. Administration is simple and fast thanks to the solution�??s integration in the AdminSecure console, which considerably reduces update time and, therefore, the risk of your corporate computers becoming infected.

Panda ClientShield includes TruPreventTM Technologies. These technologies, developed by Panda Software, block all types of attacks from unknown viruses and intruders, even when the antivirus hasn�??t yet been updated.

This certification of Panda ClientShield comes in addition to those received by other products, both corporate and consumer, with respect to detection of viruses and Trojans. In fact, prior to this, Panda ClientShield with TruPreventTM Technologies had already obtained certification in the Client/Server Antivirus for Windows XP Professional and Windows 2003 category. For more information on the characteristics, certifications and awards given to this product, please visit the following website:
http://www.pandasoftware.com/products/clientshield.

Proof-of-concept code for an unpatched vulnerability in all supported versions of Windows, including Vista, has gone public, prompting alerts from security vendors and a warning from its Russian discoverer that the flaw may be dangerous.

It is the first Windows Vista exploit made public since the operating system was released to volume license customers Nov. 30.

According Symantec and eEye Digital Security, the bug is a memory corruption vulnerability that pops up when the MessageBox function is called; eEye pegged the threat as “medium,” while Symantec labeled it as a “privilege escalation,” a type of threat generally considered low on the security scale. An attacker would need authorized access to a PC to exploit the bug.

The code first showed up on a Russian hacker site, and was subsequently posted to milw0rm.com.

Mike Reavy, program manager with the Microsoft Security Response Center, acknowledged that the team was “closely monitoring” the situation even as the holidays approached.

“Initial indications are that in order for the attack to be successful, the attacker must already have authenticated access to the target system. Of course these are preliminary findings,” Reavy wrote on the center’s blog early Friday.

Windows 2000 SP4, Windows XP SP1 and SP2, Windows Server 2003 SP1, and Windows Vista are at risk, Reavy added.

The Russian researcher who first reported the bug to Microsoft on Dec. 16, however, observed that the vulnerability may be more dangerous than the “Less critical” rating that Danish bug tracker Secunia assigned. “There is potential remote exploitation vector if some service uses user-supplied input for MessageBox() function,” wrote “ZARAZA U 3APA3A” on the Full Disclosure security mailing list.

Reavy downplayed the Vista-is-vulnerable angle. “While I know this is a vulnerability that impacts Windows Vista, I still have every confidence that Windows Vista is our most secure platform to date,” he said. Microsoft has touted Vista, which released to corporations late last month and will debut Jan. 30 in consumer PCs, as significantly more secure than earlier versions of Windows.

Reavy also recommended users turn on a firewall, apply all Microsoft security updates, and install and/or update antivirus and anti-spyware software to protect their PCs.

Additional information on the threat will be posted to the center’s blog, or if necessary, in the form of a security advisory, the mechanism Microsoft uses to inform users of possible defensive workarounds in lieu of, or prior to, a security update.

PandaLabs has reported the appearance of a new spyware program:

- Appeared: 12/21/2006

- Name of the new program: Adware/MalwareAlarm (Alias: Win32/Adware.SpySheriff)

- Type: Spyware; Subtype: Adware

- Means of propagation: Download from malicious web pages.

- Distribution: Low.

- Effects: Informs users of the existence of false (non-existent) threats on their computers. This is a strategy to get users to buy a security application that supposedly eliminates these non-existent threats.

- Other features. The spyware goes resident in the computer and, from time to time, shows an on-screen message informing that the system is infected and needs disinfecting.

- Detected by Panda Software solutions: Yes, by the signature file dated 12/21/06

Panda Software will publish updated information about this threat in the Virus Encyclopedia at http://www.pandasoftware.com/com/virus_info/encyclopedia/

Always use effective security solutions to combat spyware. Panda Software products incorporate one of the best anti-spyware technologies on the market, as acknowledged by such prestigious publications as PC World USA or PC Magazine. Also, Panda Software solutions that incorporate the TruPrevent(tm) proactive protection technologies can detect unknown spyware through behavioral analysis, with no need for updates. More information about Panda Software’s anti-spyware technologies at http://www.pandasoftware.com

Spain’s Guardia Civil has this Thursday claimed to have broken up an important cybercriminal gang that carried out phishing attacks in the country. A total of six people were detained in the province of Malaga in the south of Spain following a year-long investigation carried out by the authorities in Navarre, a province in the northeast of the country.

The gang is thought to have been led by a 19-year-old youth of Moroccan origin. At least five of the gang’s members have been named as Moroccans, while the sixth detainee, a 21-year-old woman, originally came from Ceuta, a Spanish enclave in North Africa. The leader of the gang is a well-known hacker who has been involved in the business since he was 12 years old. Spanish authorities believe him to be one of the most eminent hackers in Europe at the moment.

Operation “Siluro”, as Spanish investigators named it, began after a complaint registered in Elizondo, Navarre, in April this year. From then on the police began monitoring phishing campaigns in Spain and looking for similarities that could lead them to identify the perpertators. Having collected the necessary evidence they carried out organised raids in the Malaga region, finding at least 500 fake bankcards and a lot of counterfeit European passports in the process. The group is known to have collected personal banking details on at least 20,000 persons and held a database of 200,000 emails that was used in their phishing campaigns. Another peculiar method was to offer a half-price online mobile phone account charging service. Users attracted by the offer entered their bank details, which were then collected for later use in fraud operations. In order to launder stolen money they employed cybermules who transferred funds for a cut of the sum, as well as other methods suc! h as making online purchases. In order to hide their trail the group used hacked computers and also hijacked unprotected wi-fi connections.

Spanish authorities have so far declined to quantify the damages caused by this gang, but the figure is thought to be “extremely significant”. Vicente Ripa, a representative of Navarre’s regional government tasked with explaining the operation to the press, called it an amazing success, citing the nature of the crime and the size of the gang that was apprehended. This is not the only success Spanish cybercrime fighters have enjoyed this year: Spain’s National Police dismantled another sizeable criminal group last September, detaining 23 people in the three coastal regions of Catalonia, Valencia and Andalusia.

Once again, Panda Software has published its annual list of those malicious codes. Happily there were no Code Reds in the bunch. None of them were severe enough to have caused any serious epidemics. But without further ado, here are this year’s ‘winners’:*The most moralistic — This award goes to the spyware Zcodec which, among other actions, monitors whether users access certain web pages with pornographic content. This may simply be a way of determining whether the user is a frequent visitor to these types of pages in order to send personalized advertising. On the other hand, perhaps the author of this spyware just has voyeuristic tendencies.

*The worst job applicant — The Eliles.A worm sends out CVs all over the place. It even sends them out to users’ cell phones. It would seem that it has little confidence in its own job prospects.

*The most sensationalist — Sensational headlines have always made an impact; now they are even being used by viruses. Of all those that appeared in 2006, Nuwar.A wins hands down with its declaration of the start of the Third World War.

*The most tenacious — They say that all good things come to an end. It’s a shame that the creators of the Spamta worms haven’t heard the saying. Otherwise, they might have stopped sending wave after wave of almost identical variants of this malicious code.

*The most competitive — Once the Popuper spyware has installed itself on a computer, it runs a pirated version of a well-known antivirus application. Far from trying to do the user a favor, it is actually trying to eliminate any possible rival from the computer. It seems that the fight for supremacy has also reached the world of Internet threats.

*The most diligent — In general, phishing messages are aimed at gathering confidential information such as credit card numbers or account access details in order to steal money. However, this isn’t the case with BarcPhish.HTML, which goes much further, collecting information including expiry dates, CVVs (Card Verification Value), last names, membership numbers, five-digit codes, account numbers, etc. No doubt the creator was thinking “better too much than too little.”

*The biggest snooper — In this case, it was not a difficult choice. WebMic.A is a malicious code that can record sounds and images, using a microphone and WebCam connected to the computer. Of course this is not the sort of uninvited guest you would like to have on your PC.

*The most mischievous — Nedro.B is a worm that seems to get bored after it has infected a computer. Perhaps that’s why it decides to change icons, prevent access to tools, hide file extensions, delete options from the Start menu… and basically cause chaos. Maybe this seems entertaining to someone, but it certainly isn’t for the users.

*The most chaste — Malicious codes that spread across P2P networks use enticing filenames in order to get users to download them voluntarily on to their computers. For this reason, many of these names have pornographic connotations. However, among the more than 37,000 different names used by FormShared.A, none of them make any reference to sex. That’s some kind of record.

*The most archaic — Seemingly there are still some retro virus creators around. Whoever created the DarkFloppy.A worm appears not to have heard of e-mail, instant messaging or P2P systems, as the propagation method they’ve chosen to spread this malicious code is — floppy disks.

*The most promiscuous — This title goes without a doubt to Gatt.A. This malicious code can infect any platform that it is run on: Windows, Linux, etc.

*The most deceitful — SafetyBar supposedly offers security information and anti-spyware downloads. However, the problem is that once downloaded, these programs then warn the user that the computer is infected by non-existent threats.

Panda Software advises users to ensure they have reliable anti-virus software installed and kept up-to-date daily.

GLENDALE, Calif., Dec. 14 /PRNewswire/ — Panda Software has announced the compatibility of its product line with the new Microsoft Windows Vista operating system. It has launched the “Windows Vista Information Center” where users will find information about the compatibility of Panda Software products with the new operating system.

New users will be able to download beta versions and final versions of Panda Software products that support Windows Vista. Existing users of Panda Software’s 2007 consumer line will automatically get the new versions compatible with Windows Vista for free as soon as the final release versions are available.

Currently, users can download Windows Vista-compatible beta versions of Panda Antivirus 2007, the fast and light antivirus for home users, and Panda ClientShield, Panda Software’s solution for protecting corporate workstations.

Panda Antivirus 2007 is the lightest antivirus in Panda Software’s consumer product line. This new easy-to-use solution offers complete protection against known and unknown Internet threats, with a minimal use of system resources. The new Panda Antivirus 2007 is aimed at home-users whose use of the Internet does not require a complete security suite. It has been designed to install and forget, protecting the system automatically from the moment it is installed.

Panda ClientShield with TruPrevent(TM) Technologies is a global protection solution for workstations in corporate environments. With its high- performance, low-consumption solution, it protects against viruses, worms, Trojans and all types of malware. It can also filter spam and block the use of spyware, dialers and other hacking tools. Administration is quick and simple due to the integration with the AdminSecure console, considerably reducing update time and therefore the risk of infection for corporate workstations. It also includes TruPrevent(TM) Technologies to protect workstations from unknown viruses and threats.

About Panda Software, USA

Panda Software (www.pandasoftware.com) is a world-class developer and provider of integrated security solutions designed to neutralize viruses, hackers, Trojans, spyware, phishing, spam and other pervasive Internet threats. With Panda Software’s revolutionary TruPrevent(TM) Technologies, the company’s innovative products are on the leading-edge of intelligent security solutions, ensuring clients are protected even against new threats that have yet to be identified. PandaLabs, the most rapid response laboratory in the industry, delivers comprehensive updates to users, providing a worldwide response to malware 24 hours a day, 7 days a week, all year round.

For further information, please visit www.pandasoftware.com.

Hackers are planning to target social networking sites such as MySpace and Facebook in a multi-billion-dollar “cyberwar” next year, security experts warn.

Network security experts predicted cybercriminals will launch a campaign to gather personal information from users of the popular websites.

Details including age, sex, marital status and locale are available on the sites, and malicious users plan to trawl the networking websites collecting this data and picking targets for phishing scams.

Hackers will also focus on instant messenger users and web-based phone services to steal people’s identities and commit other online crime.

Graham Cluley, senior consultant at Sophos, said: “The huge popularity of sites such as MySpace means it is an increasingly attractive target for criminals, who are always looking for new ways to gather information.”

“If the hackers know you have a particular interest, this can be used to target you in a phishing attack. They know what you’re into and can exploit this to obtain more information from you such as credit card details,” he said. “People are putting far too much information online and into the hands of identity thieves. Young people in particular, need to be very careful as it may come back to haunt them.”