New Symbian Malware On The Scene

New versions of mobile operating like Apple’s iOS and Google’s Android may be in the news of late, but for all the publicity both receive older Symbian operating systems still make up around half of all smartphones sold in 2009. Advanced Threat Researcher Paul Ferguson came across a new suspicious application running on the S60 platform:

 

 

Calling itself ZvirOK, the application has one primary payload: to send a text message to the number 7250, with the text mumym xxx joker90. The intent behind this is unclear: perhaps it could be related to pay services frequently provided by mobile operators. This could cost the user money, particularly if these fees are high. Beyond that, however, no one can really say for sure.

 

Trend Micro products detect this malicious application as SYMBOS_FLOCK.I. The Python script responsible for sending the text message is detected as TROJ_FLOCK.I.

 

Free Trend Micro Internet Security 2010 (OEM) Original Product Key For One Year

Now you can get it free Trend Micro Internet Security 2010 for one year. For more information about Trend Micro Internet Security 2010 Click here.

 

How to Install and activate:

HouseCall – Free Online Virus Scan NEW v7.1

HouseCall is Trend Micro’s highly popular and capable on-demand scanner for identifying and removing viruses, Trojans, worms, unwanted browser plugins, and other malware.

 

 

HouseCall 7 features an intuitive interface and the ability to perform fast scans that target critical system areas and active malware. It also leverages the Trend Micro Smart Protection Network™ to help ensure that scans catch the latest threats.

 

 

HouseCall 7.1 improves on the recently released HouseCall 7.0 by providing a full system scan option and an option to scan only specific folders. It adds support for 64-bit versions of Windows Vista™ and Windows™ 7.

 

 

HouseCall provides a quick and easy check for threats regardless of the protection status of your existing security solution. For more information about HouseCall, please read the Frequently Asked Questions.

 

 

What’s new in HouseCall?

• Full system and custom scan options allow users to specify which folders to scan (new in 7.1).
• Quick scan option offers targeted scanning of critical system areas and active threats, reducing scan times to within a few minutes.
• Stand-alone, browser-independent implementation eliminates compatibility issues associated with browser-activated scanners.
• Smart Scan technology refers to patterns in the cloud, delivering the latest protection while reducing download times.
• Smart Feedback shares threat information with the Smart Protection Network, which correlates data from a global intelligence network to quickly discover new threats.
• Review and restore lets you check and compare scan results and recover files.
• Enhanced detection and cleanup addresses rootkits and other sophisticated threats.

 

Download HouseCall 7.1 (32-bit) | Download HouseCall 7.1 (64-bit)

 

Getting Started with HouseCall

1. Click Download HouseCall to begin. Please note that HouseCall requires a small download before it can scan your computer.
2. You can choose to save a copy of the launcher (HousecallLauncher.exe) and use it to quickly starts scan. Remember to visit this page occasionally to get the latest copy of the launcher.
3. It is recommended that first-time users select the Quick Scan option, which is available in addition to the Full Scan or Folder Scan options.
4. Enabling the Smart Feedback setting helps increase the strength of the Smart Protection Network by sharing malware and threat data as part of our global neighborhood watch program. No personally identifiable information is gathered as part of participation.

Related Blogs

Adobe Exploit puts Backdoor on Computers

Bogus Sponsored Link Leads to FAKEAV

Apart from SEO poisoning, cybercriminals have found another avenue to proliferate FAKEAV malware—bogus sponsored links (sitio patrocinados in Spanish). Just recently, Trend Micro researchers were alerted to malicious search engine ads that appeared in Microsoft’s Bing and AltaVista, among others, when a user searches the string “malwarebytes.” (Malwarebytes is a free antivirus product, but of course, not a FakeAV.) Clicking the malicious URL points the user to an executable file named MalwareRemovalBot.exe-1 (detected by Trend Micro as TROJ_FAKEAV.DMZ).

 

Figure 1. Malicious banner ad on Bing

Figure 2. Malicious banner ad on AltaVista

Upon execution, the rogue antivirus displays false information that the system is infected with files that do not even exist.

Figure 3. Fake scan results

In the past, cybercriminals employed the same tactic when it hitchhiked on Trend Micro. Some Google searches then showed banner ads that led to a fraudulent Trend Micro website.

 

Though the ads may not appear in all regions, all users are still strongly advised to be extra careful when clicking links in search engines. Users connected to the Trend Micro Smart Protection Network are protected from this attack as it detects and blocks all malicious URLs.

 

 

by Erika Mendoza (Threat Response Engineer) at Trendmicro.com

 

How to Maximize the Malware Protection of Your Removable Drives (Manually)

Removable drives are one of the most common infection vectors for malware today. Worms propagate via these vectors to proliferate their payload and ultimately, infect more users.

 

Users need to perform some countermeasures to secure their systems. One way of doing this is to protect removable drives against worms using the Autorun feature.

 

One popular way of protecting removable drives is by creating a folder or file and renaming it as AUTORUN.INF. It could enable the malware to automatically run on the system even without the users executing it. By creating this file beforehand, ideally, worms would not be able to run in this way.

 

However, this method is not perfect. Worms can delete the existing AUTORUN.INF file or folder, and then replace it with a malicious version. This would negate any protection placed by the user on the said file. However, by using file permissions to restrict changes, the AUTORUN.INF file can be protected more effectively.

 

Note: Make sure that your external drive is formatted using NTFS, as this procedure uses a specific feature of NTFS. If your removable drive is formatted using either FAT or FAT32, back up any data on the said drive first and reformat using NTFS. This may require Windows Vista or Windows 7.

 

• Create a new folder in the root directory of the removable disk and rename it as “AUTORUN.INF.”

• Create four more folders in the same location and named it as “recycle,” “recycler,” “recycled,” and “setup” respectively.

Note: The folders recycle, recycler, recycled and setup are optional but it is recommended for users to create these as malware often use these names/titles.

 

• Open a command prompt (cmd.exe) and go to the root directory of your removable drive.

 

• Set the folder attributes using the following DOS command:

attrib autorun.inf /s /d –a +s +r

Figure 1. Setting the folder attributes

• Set the privilege level of the folder using the following DOS command:

cacls autorun.inf /c /d administrators

Figure 2. Setting the privilege level of the folder

• Select ‘Y’ and press enter when the message, “Are you sure (Y/N)?” is prompted.

• To test it, try to delete, modify, rename, copy, or open the created folder. If you cannot perform any of these functions, then the procedure is successful.

Figure 3. When the user deletes the created folder, the system displays this message prompt.

In addition to the above procedure, users may also choose to use hardware means of protection. Certain removable drives have an external switch that prevents the device from being written to. This would prevent malware from making any modifications to the drive, including the AUTORUN.INF file. However, as this may prove to be somewhat inconvenient, it is still a good idea to use the procedure shown above.

by Christian Potencia (Threat Response Engineer) at trendmicro.com

Koobface Tweets

Twitter is a very popular platform for expressing whatever is on a user’s mind, making it a favorite target of malware authors. Trend Micro has published several blog entries that discussed attacks on Twitter. Now, the creators of Koobface included a new component in the malware to target the vast number of Twitter users. They’ve come up with the latest update to the Koobface loader binary and other known Koobface components that target social networking sites like Facebook, MySpace, Hi5, Bebo, Tagged, and Netlog.

Read more