Microsoft has warned Windows users to be cautious against a rogueware (fake software) which calls itself Security Essentials 2010 as opposed to Microsoft Security Essentials which is a genuine security product from Microsoft.
Security essentials 2010 installs a fake virus scanner on your machine and blocks some processes. It also blocks access to the websites of some of the antivirus companies. It does this by downloading a Win32/Alureon component and another Layered Service Provider (LSP) component which monitors the TCP traffic sent by various Web browsers and blocking any traffic to certain domains.
Moreover, Security essentials 2010 charges you to scan and remove files on your machine, claiming the version you will have initially downloaded as a trial edition. This is contrary to Microsoft Security Essentials which is free for genuine Windows users.
Microsoft has blogged it here:
http://blogs.technet.com/mmpc/archive/2010/02/24/if-it-calls-itself-security-essentials-2010-then-it-s-possibly-fake-innit.aspx
Since couple of weeks back Microsoft has been working on secret Operation B49 to wipe out Waledac botnet. Waledac is one of the largest botnets active and having major presence in US and European countries. This botnet is believed to be actively sending spam messages and had capacity to send billions of spam mails per day. Microsoft's observation concluded that in just 18 days time the botnet has sent more than 650 million spam emails just to hotmail accounts. This operation ended successfully on Wednesday.
Researches from the University of Mannheim in Germany and Technical University Vienna in Austria published a research paper on Waledec botnet and showcased a method to control this botnet. Microsoft contacted those researchers this year and planned a major offensive against the Waledec botnet by planning to take control of all the command an control severs which were in hundreds and distributed across the globe.
Microsoft legal team took courts permission from District Court of Eastern Virginia. This was quite difficult but finally they managed to get the permission to temporary shutdown almost 277 Internet domains believed to be run by the Waledac bot for command and control.
This helped to cut off traffic between Waledac servers and zombies from source level. This disconnected the hacker groups connection between them and the zombie computers across the globe. Now remains the job of cleaning the zombie's.
We appreciate this move by Microsoft and congratulate them for able to get through the legal hurdles and making such a huge attempt to stop the new edge problem.
Now we have to wait and watch the gradual slow down of the botnet traffic and its after effect. We are sure this will surely have major effect on the botnets business. Even though it may be temporary but it is significant enough. We know that this will not stop these hackers all together but doing such action will definitely make their job more difficult. One should keep on doing such activity repeatedly to dismantle the hackers functioning network.
Friday, February 26. 2010
One has to be very careful when using search engine for looking for information or news on the latest hot topics. There are more chances of getting malware infection after visiting the websites listed in the results.
Malware authors are creating more and more webpages which are loaded with newly created malwares, fake softwares, roguewares. These webpages contains hundreds of most searched words on search engine. This improves chance of their infected web page getting listed on the search engine. These keywords are mostly of latest hot topics which increases the chance their link getting listed on first page of the search result. This technique is called as SEO (Search Engine Optimization) poisoning. There is more to this as SEO poisoning also involves exploiting the weakness in the way search engines are implemented. This way the hackers make sure their webpage links get listed immediately on first page.
Recent observations indicated SEO poisoning attempts on popular topics like, American Idol Winners, Tiger Woods confession, Olympic Games news, iPad related news. Search results of these hot topic had at least few links to the malicious webpages on the day they were most searched. Users who visit these infected pages had to face problems of scareware getting installed in the system which later try to make user pay for the services they used. And I guess everybody knows where this money goes.
Wednesday, February 24. 2010
Computer scientists at Rutgers University have demonstrated that rootkits (a familiar threat on PCs) can now attack your smartphones or upcoming tablet computers (like iPad).
Vinod Ganapathy, professor at Rutgers University in New Jersey says “Smart phones are essentially becoming regular computers. They run the same class of operating systems as desktop and laptop computers, so they are just as vulnerable to attack by malware.”
Rootkit attacks on smart phones or upcoming tablet computers could be more devastating because smart phone owners tend to carry their phones with them all the time. This creates opportunities for potential attackers to eavesdrop, extract personal information from phone directories, or just pinpoint a user’s whereabouts by querying the phone’s Global Positioning System (GPS) receiver. Smart phones also have new ways for malware to enter the system, such as through a Bluetooth radio channel or via text message.
The Rutgers researchers have shown that the malware in a mobile device can be even more devastating than the one on computer.
The whole story is here:
http://news.rutgers.edu/medrel/news-releases/2010/02/rutgers-researchers-20100222
Tuesday, February 23. 2010
Google recently launched Google Buzz had to roll back the automatic implementation of the service to its users after strong protest from its users. Google Buzz is nice add on service to all GMail users that helps add social features to their account. Buzz tries to make the social interaction of its users more live and real time that helped stay connected to more people in an new interesting way.
Google is known for such innovations and at the same time takes users security seriously. But with the launch of Buzz which was applied to all GMail users automatically had raised concerns about privacy policies followed by Google. Being a security professional I am aware how important privacy is for all the users.
Google is having huge collection of users personal information (can claim to be worlds largest). Google does have privacy policy in placed as to how such data is managed and stored. Billions of users trust Google with their data and believe that Google will use their information in way as outlined in privacy policy. But with the launch of Google Buzz most of the users were surprised to see that their contact list was turned into Google Buzz friends. This feature have different aspects like access to the list of friends through the Google profile for everyone on the friends list.
This raises the question of is Google using personal data of its users in a way it is authorized to?
Monday, February 22. 2010
For years, PC users have been suffering from phishing threats. But now, the newest phishing attack targets users of Microsoft's Xbox console.
The phishing site (hosted in Timor-Leste) collects Xbox user’s account information (which is Windows Live E-mail address and Password). These Xbox Live accounts are then traded for real world cash (on sites such as e-bay).
You may be phished via:
- Email messages that appear to be from a coworker or friend with links to a web site or asking for information about you or your account(s)
- An instant message that appear to come from someone in your friends list with a link to a web site
- An email appearing to come from XBOX or Microsoft
- A "Spoof" web site, pretending to be an Xbox LIVE website with a Windows Live ID login page
Single most important thing to remember is: Do not reveal your login credentials or other information about you or your account(s).
So if you are an Xbox user, beware!!
Thursday, February 18. 2010
If your system has restarted after applying the MS10-015, this might be a sign that your system is infected with the notorious W32.Alureon malware. It is one of complex and advanced piece of malware which is been in existence for quite sometime now. Some of the function it is loaded with are modification of DNS settings, search hijacking, and click fraud. It infects the system critical drivers with whose help it tries to avoid being detected by security products. In the recent version of this malware we seen it is able to infect the miniport driver associated with the hard disk of the operating system, this gives the malware full control on disk activity.
Here is a list of filenames used by this malware:
atapi.sys
iaStor.sys
nvata.sys
nvstor32.sys
nvstor.sys
nvgts.sys
nvatabus.sys
SiSRaid.sys
IdeChnDr.sys
iastorv.sys
For example: ‘atapi.sys’ resides at the following location:
%windir%\system32\drivers\atapi.sys
Quick Heal users are well protected by this malware as we have the detection. We will post more information on this soon.
Wednesday, February 17. 2010
The MITRE Corporation has come out with 2010 CWE/SANS Top 25 Most Dangerous Programming Errors. They have presented the data in such a neat fashion which is quite helpful for all the developer community. So you may be a developer, tester, designer, teacher or system administrator. There are lot of things one can learn out of it.
The list features the most dangerous programming errors one can make and what impact it can have. How it becomes a major vulnerability that can get exploited based on the real data of vulnerabilities reported in 2010.
The compilation and report has lot to learn for each of us from mistakes made by others. One can use this top 25 list in lot of situations to secure the software.
Please visit below URL for more details.
http://cwe.mitre.org/top25/index.html
Monday, February 15. 2010
Adobe software is second only to Microsoft when it comes to number of exploits used in targeted hacker attacks. Last week Adobe published a fix for Flash that addresses a critical vulnerability in Flash. We advise all our users to upgrade to new version of Flash Player.
It is also expected that Adobe will release out of the cycle patch for its most popular Acrobat Reader by tomorrow.
We recommend all our users to keep watch on Adobe's update/patch release news and immediately apply the fix as soon as they are available to avoid any exploit attempts.
Thursday, February 11. 2010
A new wave of the phish mail of Income tax department (Govt. of India) earlier blogged by Sanjay
here, have been seen in our radar from today morning.
Just started to see mails targeting Bank of India too.
We have released update to protect all our user.
Friday, February 5. 2010
Yesterday Microsoft released the February bulletin. This month they plan to release 13 bulletin, five rated Critical, seven rated Important, and one rated Moderate - addressing 26 vulnerabilities. Eleven of the bulletins affect Windows and the remaining two affect Office.
The recently published Advisory 980088, "Vulnerability in Internet Explorer Could Allow Information Disclosure" fix is not planned for the this bulletin release. To protect implement the workarounds and mitigations as mentioned in
Advisory 980088.
To find more information on the security updates
click here
Thursday, February 4. 2010
Core Security Technologies published the details of vulnerability (advisory ID CORE-2009-0625) what could be called as one of the critical vulnerability. The vulnerability can get exploited by cyber criminals to infect users computers visiting the specially crafted web pages. Core Security has reported the vulnerability to Microsoft since more than 8 months now and finally published the vulnerability with sample POC code.
Microsoft standard response can be found at:
http://www.microsoft.com/technet/security/advisory/980088.mspx
Looking at the wide scope to which it affects, it will not be too long that we will see the vulnerability being exploited by the hackers.
We will be monitoring for cases related to this exploit.
Thursday, February 4. 2010
Christopher Tarnovsky, a researcher at Flylogic Engineering made it possible to hack TPM which was considered as most secure. TPM - Trusted Platform Module chips which are considered as hardware based industry standard securing chip designed by Trusted Computing Group is being used my many vendors for storing encryption keys and implementing security and is used by Microsoft's BitLocker.
It was considered as virtually impossible for hackers to hack this chip internals and reach the secured data it has.
The hack has not been made public but has surely opened debate on how secure these devices are.
More details can be found at:
NETWORKWORLD
Monday, February 1. 2010
Lots of people are eager to have their hands on just announced iPad by Apple. Even though the official release is months ahead many individuals as well as enterprises too are thinking of the best use they can make of iPad. At the same time it is also been observed that people are thinking of security issues it may have.
Our opinion on this can be put as:
It is difficult to say right now until we too have hands on this device or at least have some details of the technology behind the product. If the iPad uses the same technology, protocols, encryption which they have used in iPhone then it is likely to have some security issues. This can be the cause of concern but we will have to wait and watch.
