Symantec Loves VIPRE

Our good friends over at Symantec love VIPRE so much, they’ve decided to use the logo in their new marketing campaign!

 

 

We prefer our colors, of course (I like blue) but otherwise, not a bad copy of our logo.

 

 

Imitation is the sincerest form of flattery!

 

Alex Eckelberry -  GFI

 

Free DE-Cleaner by Avira, Kaspersky and Symantec for Anti-Botnet

DE-Cleaner powered by Avira

Minimum Requirements for the DE-Cleaner powered by Avira:

• Computer from Pentium, at least 266MHz
• Windows XP with at least SP 2, (32 oder 64 Bit)
• Windows Vista (32 oder 64 Bit, SP 1 or higher recommended) Windows 7 (32 or 64 Bit)
• At least 150 MB free disk space
• At least 192 MB memory on Windows XP
• At least 512 MB memory on Windows Vista, Windows 7
• Internet connection for Updating und first time Download
• Please note: At the moment there is no DE-Cleaner available for Linux or Mac OS. Since Internet criminals mainly concentrate on and attack Windows based computers.

Read more

Intel sells anti-virus business, waits 12 years, buys anti-virus business

The big news in the IT security industry today is the announcement that Intel plans to acquire McAfee for a jaw-dropping $7.68 billion.

 

Yes, that’s “billion”. Oh to have such pocket money.

 

Of course, those of us with long memories will know that Intel is no stranger to the computer security industry.

 

Indeed they used to have their own anti-virus product (Intel LanDesk Virus Protect) which they sold to Symantec in 1998.

 

 

Now, Intel is purchasing Symantec’s arch-enemy McAfee and re-entering the business.

 

Read More…

 

 

Perform a security scan by Symantec Security Check

Is your computer safe from online threats? The Security Scan performs the following tests and offers recommendations based on the results:

Hacker Exposure Check
Checks whether your computer allows unknown or unauthorized Internet communications.

Windows Vulnerability Check
Checks whether basic information about your computer, including your PC’s network identity, is exposed to hackers.

Trojan Horse Check
Checks whether your computer is safe from Trojan horses.

 

 

Tests Show Problems With AV Detections

Dateline: Moscow.

 

Here at a security press conference held by Kaspersky Lab, the company demonstrated how some malware detections are easily triggered by innocuous programs.

 

The problem arises when one vendor detects a threat. Samples are often passed on to other vendors, through multi-scanning services like VirusTotal. The fact that another vendor, particularly a respected one like Kaspersky, detects a threat is enough of a reason to take a serious look at the sample.

 

After suspecting such problems, Kaspersky created a test which demonstrated the phenomenon. They wrote a series of simple and innocuous programs, compiled them, created false detections for them in their engine, and then submitted the files to Virustotal. Only Kaspersky detected the files at this point.

 

But standard procedure with VirusTotal is that if at least one of the products detects a submitted sample, it is submitted to the others who didn’t detect it. The idea is that they can then analyze the file and create their own detection.

 

Instead, what they found was that other companies were creating detections for the false submissions from Kaspersky. The programs create some variables and perform simple mathematical operations on them. They don’t even touch the file system. Kaspersky provided me with the programs and the source code.

 

Click on these to see some of the detections:

• http://www.virustotal.com/analisis/5aee7…1264831301
• http://www.virustotal.com/analisis/0de6d…1264867956
• http://www.virustotal.com/analisis/b2a11…1264867934
• http://www.virustotal.com/analisis/7e79b…1264867923
• http://www.virustotal.com/analisis/0b974…1264831241
• http://www.virustotal.com/analisis/0b974…1264867640

 

But it turns out that the fact that Kaspersky was detecting the threats was not the only reason the others were. The real problems were the aggressive heuristics in the products and that fact that only a static scan was performed.

 

And there is something suspicious about a program that appears to do nothing and then exits. Other vendors I communicated with on the matter said that the behavior was not surprising and that a live on-access detection on a system with their product installed would not be the same. For instance, F-Secure said that “[o]n the end users Windows box, these alerts would show up as a prompt, asking the user whether he really trusts the program. In addition, we have massive whitelist databases in our back-ends, so such prompts would only appear from new, unknown applications.”

 

I suspected that the compiler used to generate the samples might itself be an issue, so I asked Kaspersky about it. They used the mingw crosscompiler, a gcc version for Linux that generates Win32 binaries. It’s possible that the same source code compiled with Microsoft Visual Studio would have generated a different reaction in the anti-malware products, not that it should make a difference. But Kaspersky then creates a “hello world” program with the same compiler and settings and uploaded it to VirusTotal; hours later, even though there were no Kaspersky detections, 2 other products called the sample “suspicious”.

 

This problem is not entirely new; Hispasec Sistemas Lab of Spain, the company that operates VirusTotal, wrote about it a few months ago (original Spanish, Google translation to English). As they point out, the volume of samples coming into company labs is so enormous that the vast majority has to be handled by automated analysis processes, and perhaps they are designed to be a little more paranoid than humans.

 

Kaspersky Lab has written an Analyst’s Diary entry on the issue as well.

 

By Larry Seltzer from PCMag.com

 

 

Microsoft Warns of IE Exploit Code in The Wild

Microsoft on Monday said it is investigating a possible vulnerability in Internet Explorer after exploit code that allegedly can be used to take control of computers, if they visit a Web site hosting the code, was posted to a security mailing list.

Read more

New Version of Fujacks Worm ( W32.Fujacks.CB ) Discovered By Symantec

W32.Fujacks.CB is a worm that spreads through removable drives and network shares. It may download files on to the compromised computer.

Note: This threat has been renamed from Trojan.Matem.

Threat Assessment

Wild

• Wild Level: Low
• Number of Infections: 0 – 49
• Number of Sites: 0 – 2
• Geographical Distribution: Low
• Threat Containment: Easy
• Removal: Easy

Damage

• Damage Level: Medium
• Payload: Downloads a remote file on to the compromised computer.
• Modifies Files: Modifies the hosts file.

Distribution

• Distribution Level: Medium
• Target of Infection: Shared drives

 Writeup By: Fergal Ladley and Asuka Yamamoto

For More TECHNICAL DETAILS ( Click Here )

Scan Your Computer For Viruses, Spyware, Adaware With Norton Security Scan For Free

 

Symantec corporation made a tool called Norton security scan, its a tool that using last Norton Virus definitions with scan and detect viruses, spyware, adware and other risks in your computer, so its a useful tool for who want to make sure his computer is safe even if he has other Antivirus products and its free to use for scanning and detect but not removing, if you want to remove the viruses you can upgrade it to Norton 360.

Instructions to Install Norton Security Scan

Step 1	Click here to start download
Step 2	Click “Save File” in the window that appears.
Step 3	Click on the “Tools” menu in Firefox. You will see a window displaying your downloads.
Step 4	Look for “Setup.exe” in the “Downloads” window and click the “Open” link next to “Setup.exe”.
Step 5	Your software will now install.

New Sality Virus In Sight ( Virus.Win32.Sality.aa Win32/Sality.AM W32/Sality.ah )