Subscribe to Virus Experts – We Make Your Digital Life Secured RSS FeedSubscribe to Virus Experts – We Make Your Digital Life SecuredComments FEED

Browse > Home /

Symantec Loves VIPRE

July 14, 2011 by admin  
Filed under Security News

2 Comments

Our good friends over at Symantec love VIPRE so much, they’ve decided to use the logo in their new marketing campaign!

 

symantec1238123p thumb5 Symantec Loves VIPRE

 

We prefer our colors, of course (I like blue) but otherwise, not a bad copy of our logo.

 

vipre antivirus jpg thumb4 Symantec Loves VIPRE

 

Imitation is the sincerest form of flattery!

 

Alex Eckelberry -  GFI

 


Tags: , , , , , ,

GFI Software Enhances its Security Product Offering with the Acquisition of Sunbelt Software

July 14, 2010 by admin  
Filed under Security News

Leave a Comment

GFI Logo2 GFI Software Enhances its Security Product Offering with the Acquisition of Sunbelt Software

The company’s VIPRE technology will allow GFI to offer its own established antivirus product


Raleigh, NC – July 13, 2010 – GFI Software, a market leading provider of software infrastructure products for small and medium-sized enterprises, announced today that it has acquired Sunbelt Software and specifically its VIPRE® product suite. Terms of the transaction were not disclosed. The acquisition will allow GFI to merge VIPRE technology into GFI’s email security and web security solutions group, and will provide GFI with new security products consisting of world-class and innovative technology. The assets of Sunbelt’s software distribution business, started over 16 years ago and separate from the technology side of the company, will be divested into a separate entity and the company is exploring other strategic partnerships.


“Over the past several years, we have looked extensively for the best technologies, the best developers and the best management teams that will allow us to expand our current product offerings and to provide the best service we can to our customer base. We were impressed by the high quality and innovative technology that underlies Sunbelt’s VIPRE line of products and immediately saw strong synergies between the two companies. We have acquired a good, growing and cash-flow positive business that fits well within GFI’s strategic vision to consolidate our products and grow our business,” said Walter Scott, GFI’s CEO.

 

“Furthermore, Sunbelt’s technology is backed by a reliable, committed customer support team that provides great service – something so important for us. We see this investment in Sunbelt and its VIPRE technology as an excellent opportunity to increase our install base, drive the software globally through our international partner channel and also build our consumer market, which has a powerful drag-along effect on the SME and SoHo markets,” Mr. Scott added.

 

“The technologies developed by both companies are highly complementary and I have a hard time imagining a better combination,” said Alex Eckelberry, CEO of Sunbelt Software.  “Additionally, GFI and Sunbelt are rooted in similar business principles, with similar markets and a commitment to superlative customer service.”

 

About Sunbelt Software

Headquartered in Tampa Bay (Clearwater), Fla., USA, Sunbelt Software is a leading provider of Windows security software including enterprise antivirus, antispyware, email security, and malware analysis tools. Leading products include the VIPRE® and CounterSpy® product lines, Sunbelt Exchange Archiver™, CWSandbox™, and ThreatTrack™.

 

About GFI

GFI Software provides a single best source of web and mail security, archiving and fax, networking and security software and hosted IT solutions for small to medium-sized enterprises (SME) via an extensive global partner community. GFI products are available either as on-premise solutions, in the cloud or as a hybrid of both delivery models. With award-winning technology, a competitive pricing strategy, and a strong focus on the unique requirements of SMEs, GFI satisfies the IT needs of organizations on a global scale. The company has offices in the United States (North Carolina and California), UK (London and Dundee), Austria, Australia, Malta, Hong Kong and Romania, which together support hundreds of thousands of installations worldwide. GFI is a channel-focused company with thousands of partners throughout the world and is also a Microsoft Gold Certified Partner.

 

 

To view this release online, go to:

http://www.sunbeltsoftware.com/Press/Releases/?id=362

 

For more information:

GFI Software

Please email David Kelleher on dkelleher@gfi.com

GFI – Malta: Tel: +356 2205 2000; Cell: +356 7906 3606; Fax: +356 21382419.

URL: http://www.gfi.com.

 

Sunbelt Software

Please email Brian Alberti on sunbelt@daviesmurphy.com

Sunbelt – US: Tel: +1-781-418-2403

URL: http://www.sunbeltsoftware.com.

 

 

Tags: , , , , ,

Rogue Toolbars Serve Up Facebook Phishing Pages

March 26, 2010 by admin  
Filed under Security News

1 Comment

There are a number of Toolbars out there in the wild with a nasty sting in the tail for anybody using them to login to Facebook. We’ve seen two of these so far; it’s possible there are more.

 

 

Promoted as toolbars that allow you to cheat at popular Zynga games such as Mafia Wars, they appear to be normal at first glance with a collection of links to various websites and other features common to this type of program.

 

21885d8e400128addceb60a4df32d318 Rogue Toolbars Serve Up Facebook Phishing Pages

Should the end-user hit the “Facebook” button, however, things start to go wrong very quickly. In testing, what opened up for us wasn’t the real Facebook login screen – it was a verified Facebook Phish.

 

d8e980ffdef44563033875c46f14a510 Rogue Toolbars Serve Up Facebook Phishing Pages

 

Taken to apps-facebook-inthemafia(dot)tk, only the anti-phish protection in both IE and Firefox would probably have saved the end-user from entering their details into the fake page. mafiamafiamafiamafia(dot)t35(dot)com was also flagged on Phishtank, and it looks like we arrived just in time to catch the suspicious activity taking place because the t35 URL was deactivated shortly after.

 

The story doesn’t end there, however – once the above domain went down at around 5:20 GMT, it was around 90 minutes or less before the toolbars were now pointing to a fresh URL!

 

df0674402f65c75ab78e8dafbd2059be Rogue Toolbars Serve Up Facebook Phishing Pages

 

As you can see from the above screenshot, the toolbars now took end-users to apps-inthemafias-facebook(dot)tk, which was a cover for another t35 URL: mafiawars200uk(dot)t35(dot)com. Again, it wasn’t too long before the domain looked like this:

 

4116fd6e2b3433e304fd090b85b5ebb8 Rogue Toolbars Serve Up Facebook Phishing Pages

 

Currently, the toolbars we have point to the real Facebook URL – the obvious danger is that they could suddenly switch to another fake site and continue harvesting Facebook logins. I’ve reported both Toolbars (which can be created by anyone through this Community Toolbar form) to Conduit, and hopefully action will be taken shortly. If we see any new phish pages linked to, I’ll update this entry.

 

For now, some handy tips:

1) If you install a toolbar from the ourtoolbar(dot)com domain, pay attention to what kind of toolbar it is. Does it promise “cheats” for Zynga games? If so, you might want to avoid logging into Facebook by clicking buttons on the toolbar itself.

2) If you do click a Facebook button on one of these toolbars, are you taken to a .tk domain? If so, check at the bottom of the page – the phish page creators are a little lazy, and have left a rather large clue that you’re not on the real Facebook site:

35008700301bfdef7660e5cfd9bbdef3 Rogue Toolbars Serve Up Facebook Phishing Pages

Adverts and a T35 hosting notice – probably a bit of a giveaway (you can also View Source in your browser and confirm you’re on a T35 domain and not Facebook).

 

We detect this as Trojan.Fbphishbar. Thanks to Adam Thomas from Sunbelt’s Malware Research Team for additional testing.

 

 

by paperghost at sunbeltblog.blogspot.com


Tags: , , , , , ,

Tests Show Problems With AV Detections

February 7, 2010 by admin  
Filed under Security News

Leave a Comment

Dateline: Moscow.

 

Here at a security press conference held by Kaspersky Lab, the company demonstrated how some malware detections are easily triggered by innocuous programs.

 

The problem arises when one vendor detects a threat. Samples are often passed on to other vendors, through multi-scanning services like VirusTotal. The fact that another vendor, particularly a respected one like Kaspersky, detects a threat is enough of a reason to take a serious look at the sample.

 

After suspecting such problems, Kaspersky created a test which demonstrated the phenomenon. They wrote a series of simple and innocuous programs, compiled them, created false detections for them in their engine, and then submitted the files to Virustotal. Only Kaspersky detected the files at this point.

 

But standard procedure with VirusTotal is that if at least one of the products detects a submitted sample, it is submitted to the others who didn’t detect it. The idea is that they can then analyze the file and create their own detection.

 

Instead, what they found was that other companies were creating detections for the false submissions from Kaspersky. The programs create some variables and perform simple mathematical operations on them. They don’t even touch the file system. Kaspersky provided me with the programs and the source code.

 

Click on these to see some of the detections:

 

But it turns out that the fact that Kaspersky was detecting the threats was not the only reason the others were. The real problems were the aggressive heuristics in the products and that fact that only a static scan was performed.

 

And there is something suspicious about a program that appears to do nothing and then exits. Other vendors I communicated with on the matter said that the behavior was not surprising and that a live on-access detection on a system with their product installed would not be the same. For instance, F-Secure said that “[o]n the end users Windows box, these alerts would show up as a prompt, asking the user whether he really trusts the program. In addition, we have massive whitelist databases in our back-ends, so such prompts would only appear from new, unknown applications.”

 

I suspected that the compiler used to generate the samples might itself be an issue, so I asked Kaspersky about it. They used the mingw crosscompiler, a gcc version for Linux that generates Win32 binaries. It’s possible that the same source code compiled with Microsoft Visual Studio would have generated a different reaction in the anti-malware products, not that it should make a difference. But Kaspersky then creates a “hello world” program with the same compiler and settings and uploaded it to VirusTotal; hours later, even though there were no Kaspersky detections, 2 other products called the sample “suspicious”.

 

This problem is not entirely new; Hispasec Sistemas Lab of Spain, the company that operates VirusTotal, wrote about it a few months ago (original Spanish, Google translation to English). As they point out, the volume of samples coming into company labs is so enormous that the vast majority has to be handled by automated analysis processes, and perhaps they are designed to be a little more paranoid than humans.

 

Kaspersky Lab has written an Analyst’s Diary entry on the issue as well.

 

By Larry Seltzer from PCMag.com

 

 

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,