Mamutu 3.0 – 1 year subscription for free (GOTD)

How safe is your PC really?

To put it succinctly: Why signature-based security software is not enough

Normal security software recognizes Malware using Signatures, a type of digital fingerprint. What is problem with this? No fingerprint means no recognition. This means that the Malware must first be known to the manufacturer of the security software before it is possible to create a fingerprint allowing it to be recognized. The fingerprint database on your PC is then updated online on a daily basis. Only then can the Malware be recognized.

 

You are probably now thinking: “What about new Malware that manufacturer of the security software has never seen? They have no way of making a fingerprint of this…”. Exactly!

This is where the behavior-based Malware defense of Mamutu comes into play. It does not use a fingerprint to recognize dangerous software but rather on the basis of the behavior of the software. This allows Mamutu to recognize new Malware long before the signature databases have been updated. These types of Malware attacks are known as Zero-Day attacks. In addition to this, behavior-based Malware recognition is the only efficient way of recognizing Malware that has been built for a single specific attack, e.g. for industrial espionage.

 

The perfect security enhancement

Mamutu recognizes and reports the following types of behavior:

• Backdoor related behavior
• Spyware related behavior
• HiJacker related behavior
• Worm related behavior
• Dialer related behavior
• Keylogger related behavior
• Trojan Downloader related behavior
• Injection of code into other programs
• Manipulation of programs (patching)
• Invisible installations of software
• Invisible Rootkit processes
• Installation of services and drivers
• Creation of Autostart entries
• Manipulation of the Hosts file
• Changes of the browser settings
• Installation of debuggers on the system
• Simulated mouse and keyboard activity
• Direct disk sector access on harddisk
• Changes of the system group policies [NEW!]

 

Full control over internal system activities

You can now decide for yourself what programs are allowed to start on your PC and what actions may be performed. Detailed application rules are now available, allowing you to individually specify the permitted behavior of every application:

• Monitor application, but allow specific activities
  Select this option to always allow particular specific behavior of a program. In certain situations a benign program can contain a function that is very similar to a damaging function and is thus reported. If you are sure that this action is actually not dangerous then you can allow it. All other types of dangerous behavior are still reported.
• Always block this application
  Select this option to permanently block a particular program. You can also use this feature to provide child protection by preventing other PC users from starting a particular application.
• Exclude from protection
  Select this option to completely exclude an application from the monitoring process. Use this when you always trust an application and are sure that it does not execute any damaging actions.

 

Bonus feature: Application protection

You can use the application rules to protect specific programs from third-party manipulation. For example, this feature is used to prevent Mamutu from being terminated by Malware in order to disable the protection. You can also make use of this feature. You can protect your Browser and other important programs from being illegally terminated.

 

 

The program is available for $27.00 (1-year subscription), but it will be free for a limited-time offer by giveawayoftheday.com.

 

Download Mamutu 3.0 now

 

 

 

The Web Security Strategy for Your Organization

In today’s business world, internet usage has become a necessity for doing business.  Unfortunately, a company’s use of the internet comes with considerable risk to its network and business information.

 

Web security threats include phishing attacks, malware, scareware, rootkits, keyloggers, viruses and spam.  While many attacks occur when information is downloaded from a website, others are now possible through drive-by attacks where simply visiting a website can infect a computer.  These attacks usually result in data and information leakage, loss in productivity, loss of network bandwidth and, depending on the circumstances, even liability issues for the company.  In addition to all this, cleanup from malware and other types of attacks on a company’s network are usually costly from both the dollar aspect as well as the time spent recovering from these web security threats.

 

Fortunately, there are steps a company can take to protect itself from these web security threats.  Some are more effective than others, but the following suggestions should help narrow down the choices.

 

 

 

Employee internet usage policy

The first and probably the least expensive solution would be to develop and implement an employee internet usage policy.  This policy should clearly define what an employee can and cannot do when using the internet.  It should also address personal usage of the internet on the business computer.  The policy should identify the type of websites that can be accessed by the employee for business purposes and what, if any, type of material can be downloaded from the internet.  Always make sure the information contained in the policy fits your unique business needs and environment.

 

 

Employee education

Train your employees to recognize web security threats and how to lower the risk of infection.  In today’s business environment, laptops, smartphones, iPads, and other similar devices are not only used for business purposes, but also for personal and home use.  When devices are used at home, the risk of an infection on that device is high and malware could easily be transferred to the business network. This is why employee education is so important.

 

 

Patch management

Good patch management practices should also be in place and implemented using a clearly-defined patch management policy.  Operating systems and applications, including browsers, should be updated regularly with the latest available security patches. The browser, whether a mobile version used on a smartphone or a full version used on a computer, is a primary vector for malware attacks and merits particular attention. Using the latest version of a browser is a must as known vulnerabilities would have been addressed

 

 

Internet monitoring software

Lastly, I would mention the use of internet monitoring software.  Internet monitoring software should be able to protect the network against malware, scareware, viruses, phishing attacks and other malicious software.  A robust internet monitoring software solution will help to enforce your company’s internet usage policy by blocking connections to unacceptable websites, by monitoring downloads, and by  monitoring encrypted web traffic going into and out of the network.

 

There is no single method that can guarantee 100% web security protection, however a well thought-out strategy is one huge step towards minimizing risk that the network could be targeted by the bad guys.

 

 

This guest post was provided by Sean McCreary on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. More information: GFI web security software.

 

All product and company names herein may be trademarks of their respective owners.

Verify My Account Spam Runs Rampant On Facebook

Before Investing in an Anti-spam Filter Know What to Look For

 

 

With a high percentage of emails directed at your inbox being spam, a good anti-spam filter is an absolutely vital piece of your email infrastructure. Knowing what to look for can help make the difference between a well-tuned email system, and a crawling mess of spam messages using up storage space and wasting users’ time. Before you go out and install the first anti-spam filter you find, here are some of the key things to consider.

 

Cloud-based or on-premise

There are hosted anti-spam filtering solutions that offer greater economies of scale, making them more affordable than in-house solutions. These can combine anti-spam with anti-malware, and filter out spam and other nasty stuff before it uses up your bandwidth or impacts your server’s storage and performance. The only downsides are that they represent a subscription service with monthly costs, and as an outsourced solution, some admins miss having the on-site control.

 

On-premise solutions are purchased (though they may have monthly or annual subscription costs for updates) so they can be capitalized, and by being in-house, the admins can have total control whenever they want.

 

Choose the solution that works best with your administrative style and costing strategy. If you choose an on-premise solution, make sure you select one that is server based, not client based. The administrative overhead of managing a server at your edge is much lower than trying to administer an agent installed on every client, and the licensing costs will likely be far less as well. Centralizing the anti-spam filter will make it easier to maintain, and will prevent spam messages from taking up space on users inboxes, and on your mailbox servers.

 

Spam detection methods

There are a variety of ways to detect and block spam. No single way is fully effective; you need a product that combines methods for a defense-in-depth approach. Bayesian filtering is a very effective way to detect spam, but it must be ‘trained’ to your environment. Whitelists need to be in place to minimize false positives that could block critical business communications. Keyword lists should also be an option for companies whose business might include words that others would consider spam. Other approaches include SMTP header analysis, blacklists, using SPF records to reduce spoofing, and reputation services. By combining the analysis of these multiple methods you ensure the maximum effectiveness of your anti-spam filter, while minimizing false positives.

 

User self-service

Whitelisting business partners and customers, and checking the quarantine folder for blocked messages, can both become major tasks for the helpdesk. Look for anti-spam filter solutions that offer user self-service, both for adding senders to the whitelist, and for enabling users to release quarantined messages themselves, or by delivering spam to the user’s junk mail folder.

 

Reporting

Today’s management is all about the metrics. Look for an anti-spam filter that includes robust reporting and that includes the ability to use this information in dashboards or for computing SLAs. Spam is one of those problems that no one notices as long as your anti-spam filter is doing a good job, but that becomes a major issue if a spam message slips through.

 

 

Remember, whether cloud-based or on-premise, a good anti-spam filter offers you defense in depth, economical licensing, reduces the administrative overhead, and supports users for routine tasks.

 

This guest post was provided by Ed Fisher on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. More information: GFI email archiving.

All product and company names herein may be trademarks of their respective owners.

Android Threat Tackles Piracy Using Austere Justice Measures

Fake System Tools Spread to Japan

Late last year, we talked about how fake system diagnostic tools were becoming the next step in the evolution of FAKEAV malware. These variants started to affect Japanese users as well.

 

Fake system diagnostic tools such as this variant named System Defragmenter were first discovered in October 2010. These tools very frequently change their names. At present, we are aware of at least 30 different names/aliases that these tools use. Cybercriminals may believe that changing their products’ names makes detecting and removing these much more difficult.

 

None of this should be taken to mean that conventional fake antivirus attacks have gone away, however. Last week, a very high-profile attack involving a rogue antivirus detected by Trend Micro as TROJ_FAKEAV.SMTV hit Twitter. Many users fell prey to this when they clicked links that used the goo.gl URL shortener to lead to this FAKEAV variant’s download.

 

Attacks involving fake diagnostic tools are similar to traditional FAKEAV attacks. A fake tool appears to function like a real system diagnosis tool though its supposed diagnostic functions never work. Once users’ PCs are infected by such a tool, these repeatedly displayed fake warnings saying that the system is suffering from hard disk problems.

 

Inexperienced users may worry and panic over these problems. They may end up paying for additional “tools” and giving cybercriminals their personal information such as email addresses and credit card numbers. Like FAKEAV, these fake diagnosis tools will cause many problems for users.

 

Infection Vectors

Fake diagnostic tools may arrive via several different infection vectors:

• Users visit malicious sites and manually download and install malicious files.
• Users visit malicious sites that are riddled with exploits, which silently install malicious files in the background.

 

The tactics cybercriminals use to distribute fake diagnostic tools are broadly similar to those used for FAKEAV malware. Cybercriminals may lead users to their own sites by using Black Hat Search Engine Optimization (SEO) poisoning or to compromised legitimate sites. Cases where these fake tools are installed without the users’ knowledge may lead them to think the fake tools are actually legitimate programs, allowing the attacks to succeed.

 

System Defragmenter is detected as TROJ_FAKEAL.GG. While the sites that distribute it are now inaccessible, similar attacks did not stop from being launched, albeit using constantly changing names and sites. Understanding how these attacks are conducted will help users avoid becoming their victims.

 

Its installer uses the same icon as Windows Update.

Fourteen minutes after the tool is installed, it displays a fake alert in the user’s notification area.

 

 

Here are some of the other names the fake diagnostic tools use:

• Check Disk
• Defragmenter
• Disk Doctor
• Disk Optimizer
• Disk Repair
• DiskOK
• EasyScan
• FastDisk
• GoodMemory
• Hard Drive Diagnostic
• HDDControl
• HDDDefragmenter
• HDDDiagnostic
• HDDFix
• HDDHelp
• HDDPlus
• HDDLow
• HDDRecovery
• HDDRepair
• HDDRescue
• HDDTools
• MemoryFixer
• MyDisk
• QuickDefrag
• Scan Disk
• Scanner
• Smart HDD
• Support Tool 2011
• System Degragmenter
• Ultra Defragger
• Win Defrag
• Win Defragmenter
• Win Scanner

 

Solutions and Workarounds

Trend Micro free tools can clean systems that have been affected by System Defragmenter. However, users have to first go around one of this malware’s behaviors—monitoring the execution of applications—so that some security tools like HijackThis as well as files in the C:\Windows and C:\Program Files folder will not run and instead display the following:

 

Users will have to terminate the malware process first. The procedure starts by determining the file name that malware used. To do this, follow these steps:

1. Right-click the shortcut (System Defragmenter) on the desktop and select Properties.
2. Check and note the file name, which is usually made up of random characters. In the following screenshot, the file name used was 1181500.exe.

After taking note of the file name, open Task Manager by pressing Ctrl+Alt+Delete and use it to terminate the fake tool’s process.

 

Using HijackThis, take note of any or all of the registry entries that the malware added. HijackThis can then remove these entries to stop the malware from running whenever the system starts. (The suspicious entries have been enclosed in a red box.)

 

 

 

Source: http://blog.trendmicro.com

New variant of cross-platform Boonana malware discovered

Last week we spoke about the Boonana cross-platform malware, using a malicious Java applet to deliver a cross-platform attack that attempts to download further malware to computers running Windows, Unix and Mac OS X.

 

Since then some we have seen variants of the original Boonana attack. The samples we have seen have been functionally the same, with the hackers behind them seemingly having obfuscated their code to try and waltz around detection.

 

Their attempts haven’t been good enough to get past Sophos’s products so far (including our new free anti-virus for Mac home users), and we haven’t had to update our generic detection method.

 

In the samples we have analysed to date, the attack specifically targets Windows and Mac OS X systems, and just happens to infect other platforms that run Java. Depending upon the flavour of Unix, it doesn’t usually complete its ‘life cycle’ if you’re not running Windows or Mac OS X systems.

 

Of course, we will update our detection of Troj/Boonana should we see new variants that require it.

 

In the meantime, watch this video I made last week demonstrating the original version of this attack on Windows, Mac OS X and Ubuntu:

 

By Graham Cluley @ nakedsecurity.sophos.com

Cross-platform worm targets Facebook users

A new member of the Koobface family of malware has been making the headlines in the last 24 hours. The reason why the threat, which is sometimes being referred to as “Boonana”, has been getting so much attention is that it doesn’t just infect Windows, but targets Mac OS X and Linux computers too.

 

This incarnation of the Koobface worm appears to have been spread via Facebook in messages asking “is this you in this video”.

 

IMPORTANT! PLEASE READ. Hi <username>. Is this you in this video here : <link>

 

Clicking on the link takes you to an external website that displays an image of a woman (grabbed from the Hot Or Not website).

 

 

Visitors to the webpage who want to see more are prompted to give permission for an applet called JPhotoAlbum.class to be run from inside a Java Archive (JAR) called JNANA.TSA.

 

 

Whether you are running Windows, Mac OS X or Linux on your computer, if you give permission for the highly obfuscated Java app to run then the malware will sneakily download a variety of programs from the internet which it will then execute on your computer.

 

Files which can be downloaded include:

applet_hosts.txt
cplibs.zip
jnana_12.0.tsa
jnana.pix
OSXDriverUpdates.tar
pax_wintl.crc
pax_wintl.zip
rawpct.crc
rawpct.zip
rvwop.crc
rvwop.zip
VfxdSys.zip
WinStart.zip

 

Sophos detects various components of the attack as Troj/KoobStrt-A, Troj/KoobInst-A, Troj/KoobCls-A, Troj/Agent-PDY, Troj/DwnLdr-IOX, and Troj/DwnLdr-IOY. In addition, Sophos’s web protection blocks access to the malicious webpages.

 

Don’t forget to always be careful about what links you click on, even if they appear to have been shared by someone you know on Facebook.

 

And if you’re a user of Linux or Mac OS X, don’t think that the malware problem only exists on Windows. Malicious hackers are becoming increasingly interested in targeting other platforms, and if users of your operating system have a reputation for being dismissive of malware warnings on your preferred OS, the bad guys may consider you a soft target.

 

By Graham Cluley @ nakedsecurity.sophos.com

 

 

 

Get Advanced SystemCare PRO Edition for FREE

Original Price:

NOW Free Giveaway

Read more

How to protect yourself from Facebook Places

After earlier roll-outs in the USA and Japan, Facebook has now opened up its location-sharing service in the UK.

 

In a breakfast briefing in London, Facebook explained that the new service would make it easier for users to share where they were.

 

But hang on a minute – I don’t want to share where I am. And I don’t want other people to be able to share my location either.

 

I came back late last night after a few days away on a business trip, to find that my next door neighbour had been burgled. So I want to have total control over when (and if) my location is shared and who gets told my location.

 

Read more

Next Page »