Bogus Windows License Spam is in the Wild

October 26, 2012 by  
Filed under Security News

3,014 views  5 Comments
FaceBook Logo FB Comments

For everyone’s information:

Below is a screenshot of a new spam run in the wild, and the sender (whoever he, she, or it is) presents to recipients a very suspicious but very free license for Microsoft Windows that they can download.

Sounds too good to be true? It probably is.

 

01 MSWindowsLic 10221 Bogus Windows License Spam is in the Wild

From: {random email address}
Subject: Re: Fwd: Order N [redacted]
Message body:
Welcome,

You can download your Microsoft Windows License here -

Microsoft Corporation

Clicking the hyperlinked text leads recipients to a number of .ru websites hosting the file, page2.htm (screenshot below), which contains obfuscated JavaScript code that loads the Web page fidelocastroo(dot)ru(colon)8080/forums/links/column(dot)php.

 

02 blackhole1 Bogus Windows License Spam is in the Wild

 

This spam is a launchpad for a Blackhole-Cridex attack on user systems.

This method is likewise being used by the most recent campaign of the “Copies of Policies” spam, also in the wild.

Our AV Labs researchers have documented their findings in detail regarding these spam runs on our GFI Software Tumblr page. Please visit www.gfisoftware.tumblr.com.

Stay safe!

 

By Jovi Umawing @ http://www.gfi.com/blog



Google acquires VirusTotal

September 10, 2012 by  
Filed under Security News

8,180 views  6 Comments
FaceBook Logo FB Comments

VirusTotal goal is simple: to help keep you safe on the web. And we’ve worked hard to ensure that the services we offer continually improve. But as a small, resource-constrained company, that can sometimes be challenging. So we’re delighted that Google, a long-time partner, has acquired VirusTotal. This is great news for you, and bad news for malware generators, because:

  • The quality and power of our malware research tools will keep improving, most likely faster; and
  • Google’s infrastructure will ensure that our tools are always ready, right when you need them.

VirusTotal will continue to operate independently, maintaining our partnerships with other antivirus companies and security experts. This is an exciting step forward. Google has a long track record working to keep people safe online and we look forward to fighting the good fight together with them.

Source: VirusTotal Blog


Winners of [VirusExperts Giveaway] – Cloud System Booster Pro worth $19.95USD

September 5, 2012 by  
Filed under Security News

2,455 views  16 Comments
FaceBook Logo FB Comments

procsb 21 Winners of [VirusExperts Giveaway] – Cloud System Booster Pro worth $19.95USD

 

As we saw there is only 8 people participated in the Giveaway and we have 10 licences so all are Winners icon smile Winners of [VirusExperts Giveaway] – Cloud System Booster Pro worth $19.95USD . Congrats all on winning this great software to speed up your computers.

The Winners Are:

* Khaled Lakoud

* Luis Garza

* Anh Vuong

* Tedi Pribadi

* Azmi

* briareoushex

* Jerzy 65

* Fahim Amir

 

CONGRATULATIONS

 

Note: There is 2 Licences left anyone comment next will get it.

 



[SE-2012-01] New security issue affecting Java SE 7 Update 7

September 3, 2012 by  
Filed under Security News

1,949 views  10 Comments
FaceBook Logo FB Comments

Hello All,

On 30 Aug, an out-of-band patch was released by Oracle [1], which
among other things incorporated fixes for the issues exploited by
the recent Java SE 7 attack code (ClassFinder / MethodFinder bugs).

One of the fixes incorporated in the released update also addressed
the exploitation vector with the use of the sun.awt.SunToolkit class.
Removing getField and getMethod methods from the implementation of
the aforementioned class caused all of our full sandbox bypass Proof
of Concept codes [2] not to work any more (please note, that not all
security issues that were reported in Apr 2012 got addressed by the
recent Java update).

Today we sent a security vulnerability report along with a Proof of
Concept code to Oracle. The code successfully demonstrates a complete
JVM sandbox bypass in the environment of a latest Java SE software
(version 7 Update 7 released on Aug 30, 2012). The reason for it is
a new security issue discovered, that made exploitation of some of
our not yet addressed bugs possible to exploit again.

Thank you.

Best Regards,
Adam Gowdiak

---------------------------------------------
Security Explorations
http://www.security-explorations.com
"We bring security research to the new level"
---------------------------------------------

References:
[1] Oracle Security Alert for CVE-2012-4681

http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html
[2] SE-2012-01 Proof of Concept Codes (technical information)
    http://www.security-explorations.com/en/SE-2012-01-poc.html
Source: http://www.seclists.org


Hot Off the Web: New Java 0-Day Vulnerability

August 28, 2012 by  
Filed under Security News

1,998 views  12 Comments
FaceBook Logo FB Comments

java vulnerability 150x1501 Hot Off the Web: New Java 0 Day Vulnerability

 

The latest buzz on security and vulnerability these past few days revolves around Java, a software development platform originally created by Sun Microsystems and now owned by Oracle. Websites often run Java programs in them, normally as applets (.jar), in order to “provide interactive features to web applications that cannot be provided by HTML alone”. Initial reports reveal that the exploit used to take advantage of the vulnerability found in Java 7—version 1.7, updates 0 to 6—is an applet called applet.jar (Note that names of malicious files can change in the future).

Our friends at FireEye first uncovered the new 0-day Java Runtime Environment (JRE) vulnerability being exploited in the wild. It is leveraged by online criminals to perform targeted attacks, regardless of the Internet browser used or how updated it is. “The number of these attacks has been relatively low, but it is likely to increase due to the fact that this is a fast and reliable exploit that can be used in drive-by attacks and all kinds of links in emails.” said Andre’ M. DiMino and Mila Parkour of DeepEnd Research in their blog entry. An official patch from Oracle is yet to be released; however, our friends at DeepEnd are distributing a temporary fix, courtesy of Michael Schier, to system administrators only and by request. The said patch allows the execution of the exploit but stops the payload.

Once the vulnerability is successfully exploited, a binary is dropped on the compromised system. Based on initial reports, the binary is hi.exe (MD5: 4a55bf1448262bf71707eef7fc168f7d), whichGFI VIPRE Antivirus already detects as Trojan.Win32.Generic!BT.

Although earlier releases of Java do not have the said JRE vulnerability, security researchers advised against downgrading to versions 1.6 and below as flaws inherent to those versions can still affect users. Instead, users are advised to disable Java on their browser for the time being until an official patch is made available. It is expected in October based on their triannual Java patch release schedule.

Stay safe!

Jovi Umawing @ gfi.com (SOURCE)


[VirusExperts Giveaway] – Cloud System Booster Pro worth $19.95USD

August 27, 2012 by  
Filed under Protection Tools, Security News

3,870 views  12 Comments
FaceBook Logo FB Comments

procsb 21 [VirusExperts Giveaway] – Cloud System Booster Pro worth $19.95USD

 

Cares Your PC Tenderly & Boosts Your PC Performance Ultimately

With one-click boost mode, Cloud System Booster cleans and optimizes Windows-based systems by throwing out junk files, disabling unneeded services, cleaning up 3rd party applications generated junks, and repairing registry errors. What makes Cloud System Booster distinctive is its use of cloud-based technology to make sure you are cleaning, optimizing and repairing your system with the most up-to-date user-supplied data on your software.

 

procsb 31 [VirusExperts Giveaway] – Cloud System Booster Pro worth $19.95USD

 

Mini Cute Mode

With innovative design, Mini Cute Mode will give a fresh idea and feeling of PC optimization software. It’s mini, light, cute and easy to use. There is no need for you to open the main screen of Cloud System Booster to optimize your PC now if you give a try for Mini Cute Mode.

 

Why Choose Cloud System Booster to Boost Your PC Performance?

What Make Cloud System Booster Stand out?
Surely downright cleaning efficiency! We develop this PC optimization program for the sole purpose—to enable peak system performance with speedy yet full cleaning. To make it simply clear, Cloud System Booster is a resolute system booster with fast speed and comprehensive cleaning effects.
Nice GUI Design for Easy Use as well as Vivid Function Presentation
You are enabled to fully clean your system with one-click solution, which is embodied by the cloud-shaped Boost button on the main screen. Our users have been considerably increasing day by day and all feedbacks give applauds for our GUI design. We will continue to follow this minimalism art with downright cleaning effects. No bells and whistles.
Ideal Choice to Personalize Your Taste with “Chameleon” Feature
With “Chameleon” feature on Cloud System Booster, you can either use the default classic black as the background or personalize the skin taste by simply dropping the picture you like to the “chameleon” menu and thus custom the screen background to add a splash of style, even with effective system booster.
Convenient yet Considerate System Care with Cloud System Booster
Frequently, basic Windows system services like proxy server settings or system restore management are needed for better use of the system. Again, this very need could be met by Cloud System Booster. In the setting menu of Cloud System Booster, there are several submenu settings: NET for proxy server setting, Restore for system restore (the restore points is created daily by default), which makes the system restore fairly easy, and so on. Besides, Cloud System Booster could be also scheduled to scan your system and do cleaning for enhanced system performance. Such a thoughtful, handy pc cleaner for you all.

 

Key Features and Benefits

Powerful Cleaner to Clean and Free up Disk
It scans and analyzes entire computers in as little as one second, and cleans computer by several aspects, including junk data on disk, registry, and more unneeded Windows files. Cloud System Booster’s engine is fast and powerful, and it scans deeply and thoroughly than traditional system cleaner and optimization tool.
Disable Unneeded Services and Optimize PC
Services are small helper programs that aid larger applications. By customizing which services are active and which are disabled, Cloud System Booster can optimize your computer to make it perform at its peak. It optimizes network connection to accelerate surfing speed and make internet speed run smoother.
One Click to Perform a Scan and Execute Through Cleaning and Fixing
Cleaning computers, fixing PC errors, and optimizing System are not difficult by the one-click solution provided by Anvisoft. After setting your own-defined scanning and cleaning or fixing modules, you can simply click the Boost button to execute completely PC cleaning, optimizing and repairing. It’s designed PC novices without thinking.
Typical Expert Mode for Professional PC Fix
If you are a tech professional, Cloud System Booster will also satisfy your requirements. Go to expert mode by clicking EXPERT button on the right corner, and select the module you want to scan, and also you could select or deselect items you want to scan in your system.
Chameleon – Change Skin with Simple Drop
You will not miss this amazing function of Cloud System Booster. It’s nothing related to system optimization or cleaning function, but it is fun and easy to use yet really shines your eyes. You can select and make your favorite pictures to be the background or skin of Cloud System Booster. Automatically Boosts PC and Makes PC Run at a Peak Performance Automatically boosts PC when PC is idle in background. It also can care PC at a scheduled time automatically without disturbing your work. Schedule an appropriate time to perform the boost by your right choice, and you don’t need to execute it manually any more.
Online Cloud Database
Cloud System Booster allows you to download and install the latest online cloud database automatically or at a scheduled time. It keeps your PC running smoothly and efficiently with frequently updated online database.

 

Cloud System Booster Pro License Giveaway Contest

 

To participate in the Giveaway, simply leave a comment below to register for the contest and like our page on facebook. A valid email address must be entered in the “Mail” field. And do NOT post email address inside comments to avoid spam.  The Giveaway will end on September 3, 2012. Winners will be selected randomly according to random.org, and will be announced before  September 4, 2012 .

 

 

 


Email Systems – Ensuring Viruses Aren’t an Issue

August 9, 2012 by  
Filed under Security News

2,311 views  4 Comments
FaceBook Logo FB Comments

It is really easy to run your own email infrastructure. Even systems like Microsoft Exchange can be deployed to manage your organization’s email infrastructure. Setting up a system is only a small part of what needs to be done; it is also important that any system you set up on the network is secure. Security is really a big job, and with email servers, you need to take other things into consideration besides keeping your Exchange Server secure – how your users will be affected. Let’s focus on one major problem – viruses. Viruses can affect your Exchange Server, or any other email infrastructure you might have set up, as well as your users’ machines.

 

How should one tackle the virus problem?

 

Exchange Infrastructure:

When it comes to protecting your Exchange infrastructure from viruses, the first thing that comes to mind is to simply set up an antivirus solution on the Exchange Server. This is obviously possible but tricky. Unlike a desktop, installing the antivirus alone is not enough. You’re free to do it if you really want to, but rest assured it will have a substantial negative impact on your Exchange Server’s performance. In order to ensure a good performance, there are various files you have to exclude from being scanned each time they are accessed. The reason behind this is that these files will be accessed by the system as soon as new emails are received for processing.

 

It is also important to ensure that you do not rely exclusively on your antivirus software for virus protection. Many viruses spread by leveraging software flaws, so performing regular patch management can greatly reduce the possible vulnerabilities for viruses to exploit.

 

Your Users:

The next step is that of safeguarding your users’ inboxes from viruses. Email is a popular vector for distribution of many different malware types, including viruses. There are many ways we can tackle this problem. The easiest way would be to deploy a simple antivirus solution on every single desktop, but is this really enough? If you move your antivirus system server side you can have greater control. Such server side products offer advanced features when it comes to antivirus as well – from multiple antivirus engines protecting your users, to features such as sandboxing and various other heuristic techniques to detect even custom-made malware that antivirus companies might have yet identified or provided protection against.

 

Preventing malware from reaching users is also essential because this lowers the risk that an employee will click on phishing links or attachments that lead to or contain malware.

 

Installing an email system such as Microsoft Exchange is only the first part of the job. Securing the infrastructure itself is not enough either. You must ensure that your users’ usage of the infrastructure is safe in itself. While doing this will involve some extra work, in the long run it will save you considerable amounts of both time and money!

 

This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Learn more about what the right mail server antivirus solution for your company should include.

 


All product and company names herein may be trademarks of their respective owners.

 

 


3 Features Your Mail Server Antivirus Must Include

July 5, 2012 by  
Filed under Security News

1,245 views  5 Comments
FaceBook Logo FB Comments

 

mail servers 3 Features Your Mail Server Antivirus Must Include

 

Viruses and malware are complex pieces of code that can execute a wide variety of functions in an unlimited number of ways. In fact, at their core, a malware or virus is no different than any other program.

 

This means it is not easy for an antivirus solution to determine whether a file is legitimate, or if it is in fact some kind of malware. Home desktop-based systems are protected sufficiently well with most antivirus solutions. Assets on home machines are likely to be of limited value, so cost savings and simplicity are more important than the product having advanced technologies.

 

However, when we’re talking about a mail server system the situation changes drastically.  The risks are much higher. If a piece of malware reaches a user’s machine, then it is highly probable that the user will do something that will execute it. Users often have a false sense of security, believing that the mail server’s antivirus system will block any and all threats. Such reasoning could spell disaster for your business, leading to downtime, delays, lost productivity, material losses and, potentially, also customers.

 

So what should we be looking for in a mail server antivirus solution?

 

1. Multiple Antivirus Engines:

Traditionally, antivirus solutions work by having the vendor identify a new malware, creating rules that will detect said malware, and finally distributing those rules as an update to their software.

 

There are two pitfalls when using this method. A particular antivirus vendor might be late to the party, thus leaving users exposed until their software is patched. Therefore, the more antivirus engines there are protecting your server, the lower the risk will be that the server is not protected at any point in time.

 

The second is that no one is perfect. In general, different variants of a particular piece of malware are released. This means that antivirus vendors must analyze each one and develop individual rules when no single rule can be applied to all or a group of them. It is possible that a vendor might miss one, or more, of these variants. Multiple antivirus engines provide you with a multi-layered approach, so if one fails the other will not, and so on.

 

 

2. Heuristic Analysis:

The manual analysis of a malware file to create specific rules for it is just one method an antivirus solution can use to detect malware. Advanced antivirus systems also utilize a technology known as “heuristic analysis”.

 

This analyzes how a malware program works, what functions it uses, what behavior it has and what tasks it will execute if ran. Using this data the heuristic analysis procedure determines if a program is likely to be malicious or safe, without having to run it and suffer any potential infection. This system is ideal to detect new viruses that have not yet been analyzed by antivirus vendors, as well as custom-made malware that has been specifically designed to target your organization and would never have reached the antivirus vendors for analysis.

 

 

3. Sandbox:

Sandboxing is a more advanced system that is quite similar to heuristic analysis. Some malware programs are so sophisticated that they can actually rewrite themselves, a process known as polymorphism.

 

This type of malware may seem harmless when it is first analyzed by a heuristics system, however, upon execution, it changes itself in to a malicious file, eluding detection.

 

A sandbox system runs the malware in a virtual, contained environment. It allows the malware to run, while the sandbox monitors everything the program does. In this way it can discover if it is malicious or not based on the program’s behavior. Thus, even if the malware is polymorphic, the antivirus solution will identify it when the malware runs in the virtual environment. Sandboxing provides another layer of protection and allows for great detection levels and accuracy.

 

An antivirus solution for a mail server requires far more advanced functionality than desktop solutions have. If you have an email server, adopting a solution that uses the above technologies will give you a very high level of protection and prevent nasty stuff from doing anything. And, as always, prevention is better than cure.

 

This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Learn more about what the right mail server antivirus solution for your company should include.


All product and company names herein may be trademarks of their respective owners.

 

 



7 Reasons to Consider Hosted Email Security

June 7, 2012 by  
Filed under Security News

4,535 views  1 Comment
FaceBook Logo FB Comments

Companies looking to provide the best defenses for their email users have a number of choices available out there. While many admins will prefer to implement a solution within their own datacenter, others are finding that hosted email security solutions are a great way to go. If you are looking to reduce your hardware sprawl and take advantage of the power of the cloud, a hosted email security solution may be just what you are looking for. If you are trying to decide if it’s right for you, here are seven reasons why it could be the email security solution that best suits your company needs:

1.     Effective Protection

Hosted email security providers focus on one thing; email. They have the processing power to run multiple engines for filtering spam and malware without slowing down the data flow or skipping over anything. The volume of messages they process enables them to quickly identify new spam campaigns and protect their customers from the latest phishing campaigns.

2.     Bandwidth Savings

If you look closely at how much bandwidth you use on processing mail and compare it to how much legitimate mail gets to your users’ inboxes, you may be amazed by just how much of your limited bandwidth is used up moving spam. Hosted email security filters out all the junk before it ever hits your network, saving tons of bandwidth for more important things.

3.     Lower Your Costs

Hosted email security is a very cost effective way to protect your users. Many services offer varying payment terms, keeping your costs low and letting you pay only for what you need.

4.     Better defense against attacks

Hosted email security providers have the bandwidth and capacity to handle even the largest spikes in volume from the latest bot-net attacks that could take smaller networks down from the sheer volume of spam. With a hosted email security system in place, your network won’t even notice the spam storms that can strike without warning.

5.     Extend the useful life of your existing systems

What could you do if each of your mail servers was suddenly twice as powerful as it is now? Could you handle more or your current users with fewer servers? Hosted email security breathes new life into your server by greatly reducing their workload. It’s like an instant hardware upgrade.

6.     Added Fault Tolerance

Hosted email security providers have redundant Internet connections, datacenters, and servers, but that’s not the only fault tolerance they provide. If your servers or Internet circuit is down, they can store mail for delivery to you once your system is back online, and some even offer a web portal your users can access to send and receive email, even when your systems are offline.

7.     Archiving

Archiving is becoming a major requirement for many companies, either from a compliance requirement or just to preserve intellectual property. Hosted email security solutions already process all your email, so it is a natural fit to add email archiving into the service offering.

So if you are planning to add email filtering to your messaging system, consider these seven reasons to go for a hosted email security solution and see whether it better fits your company budget and needs..

This guest post was provided by Casper Manes on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Learn more about the benefits of using hosted email security.

All product and company names herein may be trademarks of their respective owners.

 


Survey: UK Lags US in Using the Cloud to Combat Spam [INFOGRAPHIC] – By GFI

March 6, 2012 by  
Filed under Security News

4,363 views  1 Comment
FaceBook Logo FB Comments

Spam may not be the headline-grabbing topic it once was, but as our research friends in the GFI Labs continue to point out, spam and phishing attacks are still a preferred tactic of cybercriminals.

 

To get a better sense of how businesses are coping with spam, we conducted a survey this month of 200 US and 200 UK IT decision makers at businesses with between five and 1,000 employees. While we assumed businesses continue to struggle with spam, we were surprised to learn how many businesses are not taking advantage of the latest technology available to them to combat these threats and better defend their networks.

 

An overwhelming majority of survey respondents—72% in the US and 75% in the UK—state they receive too much spam. Not a terribly surprising stat, but when asked about the volume of spam they were dealing with over the last year, more than 80% of respondents in both regions reported no decrease in the amount of spam plaguing their networks. In fact, 53% of US respondents and 61% of UK respondents report that spam volumes actually increased during the last year. Only about 15% of respondents saw a decrease in spam.

 

Seeing those numbers, it’s no surprise that 70% of respondents rate their anti-spam solution as either marginally effective or not effective at all. So what solutions are these businesses using to defend their networks? Here’s a breakdown:

 

Anti-Spam Solution

US

UK

Rely on anti-spam capabilities of an antivirus suite

48%

46%

Rely on an anti-spam software solution

20%

19%

Rely on a cloud-based solution

14%

8%

Rely on an anti-spam gateway appliance

11%

22%

Do not use an anti-spam solution

5%

5%

 

There are some interesting findings revealed here.

 

First, while the heavy reliance on the anti-spam capabilities of an antivirus security suite is nearly identical in both regions, it is not among the smallest businesses where that is most prevalent. The highest percentage of businesses (about 65%) in the US and UK saying they rely on their antivirus suite for spam protection was among businesses with 50 – 99 employees. It was not among businesses with fewer than 50 employees, where one would expect less robust IT security awareness and expertise.

 

Second, it appears that US businesses have been quicker than their UK counterparts to adopt cloud-based solutions to battle spam and phishing attacks before they reach their network. More than 14% of US businesses are already using a cloud-based solution to combat spam compared to only 8% of businesses in the UK.

 

GFI Software is a strong proponent of a multi-layered approach to mail security. A comprehensive anti-spam solution incorporates a combination of defenses located on premise and in the cloud, which GFI Software provides through its GFI MailEssentialsGFI MailSecurityand GFI MailEssentials Complete Online™ product offerings. GFI MailEssentials Complete Online is the latest addition to GFI Software’s mail defense suite. This cloud-based service delivers fast, accurate response against inbound and outbound spam attacks and full defense against viruses, Trojans, spyware, worms, bots, rootkits, zero-hour exploits and other threats.

 

Businesses Know The Dangers of Spam

When asked about their top concerns about spam, security clearly topped the list. In the US, 29% of respondents say their top concern was malicious links and files often harbored in spam, while 22% cite how spam leaves their company and employees vulnerable to phishing attacks. In the UK, 23% and 22% of respondents cite malicious links and files, and potential phishing attacks, respectively, as their top concerns. Additionally, 20% of UK IT decision makers say spam’s impact on the responsiveness of their mail servers was their top concern.

 

Finally, nearly 90% of all respondents in both regions say they regularly educate employees about the risks of opening spam that arrives in their inbox. But are they doing enough? 40% of businesses in the UK and 44% of businesses in the US say their networks have been compromised as a result of employees opening malicious links or by responding to information requests contained within spam. Until businesses take full advantage of the latest technologies available to them to better block spam, they’re going to have to rely heavily on a well-educated employee base. We can probably all agree that is not enough.

 

How do you combat spam? Do any of these findings surprise you?

 

Here’s our infographic visualizing the survey’s US data:

spam survey 2012 US2 Survey: UK Lags US in Using the Cloud to Combat Spam [INFOGRAPHIC]   By GFI

View the UK version of the infographic


Survey Methodology

The independent blind survey of 200 US and 200 UK IT decision makers organizations with between five and 1,000 employees was conducted by Opinion Matters on behalf of GFI Software. Download the full survey results.

 

By Jarred LeFebvre @ www.gfi.com/blog/