bytebyte :: Blog

Alwil Software - makers of avast products - has finally shelved its name in favor or the far more accessible company name AVAST Software.

 http://www.avast.com/pr-avast-software-is-the-new-company-na

 from Sophos Labs -  Graham Cluley's blog

Hackers exploit Oscar film awards to spread scareware

http://www.sophos.com/blogs/gc/g/2010/03/08/hackers-exploit-oscar

Just a note - I was wondering how long the Facebook functionality (picture and link) would persist in eduspaces blog environment. At first, functionality was fulfilled (seemingly in total) across all layers, that is page able to render Facebook feature in Public view (and granted - in my browsers).

I was surprised that the functionality ported in the first place anyway....but maybe try some other time...<--- trivial pursuit

Oh look its back again - perhaps when I edited this post, Facebook link was auto refreshed. Yes, functional across all layers, in Chrome, IE8, browsers.

Hackers exploit Oscar film awards to spread scareware

 17 April 2010 - okay, seems the picture (Facebook functional) no longer ports in Firefox                                                

What is happening to the once impregnable search algorithm?

http://www.avast.com/pr-malware-gangs-profit-from-seo

Hmm...google - I never bothered to play with their PageRank system, but I did notice that when they did their monthly change in the search algorithm, I would disappear down the listings. That is, others, obviously many were part-paying advertisers (historically 50% advantage), would be promoted above me. And fair enough too. But now....it doesn't happen anymore!!

I realise many of the people who come to this site will be working from within the security of the system shield of their education institution. However, many others will also need to do some of their work at home, or elsewhere 'in the wild', where they would be expected to provide their own system security. So I think better they know what these Fake AV look like.

Probably the most recent incidence - this is from Microsoft

 http://blogs.technet.com/mmpc/archive/2010/02/24/if-it-calls-itself-security-essentials-2010-then-it-s-possibly-fake-innit.aspx

trendmicro - a little bit dated - but similar type Fakes are still very common

http://blog.trendmicro.com/pick-your-poison-koobface-or-fakeav/

Internet Storm Center - some good feedback on this page

 http://isc.sans.org/diary.html?storyid=7144

Generally, Fake AVs pop out of nowhere and tell you that your computer is heavily infected with trojans and whatever else, and then offer you protection against viruses using the name of a commonly known antivirus brand.   

10 immutable Laws of Security

http://technet.microsoft.com/en-us/library/cc722487.aspx

From Microsoft Technet library

The Laws have since been revisited in Technet Magazine - security watch

I would presume browser vulnerabilities as opposed to desktop vulnerabilities 

"78 percent of the total reported vulnerabilities affected Web technologies, such as Web servers, applications, Web browsers, Plugins and ActiveX, which is a significant increase from last year" 

 http://blogs.zdnet.com/hardware/?p=6094

Be careful out there.                       

 Find safe-browser technologies that really work

http://windowssecrets.com/comp/091105#story1

 Take  a malware infection and view the extent of the damage.

 Virus causes £500,000 IT damage
http://news.bbc.co.uk/2/hi/uk_news/england/london/8237085.stm

Sourced from avast webforum.

avast! Blog -- Various info from avast staff -- Win32:Induc, new concept of file infector?

http://blog.avast.com/2009/08/19/win32induc-new-concept-of-file-infector/

I run Microsoft Security Essentials as resident antimalware on this particular machine that I am using, alongside my resident antivirus, which is obviously avast! antivirus. Here is the report on Win32:Induc from Microsoft security portal -- report is dated 18th Aug so Definition: 1.63.1599.0 applies to that date.

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Virus%3aWin32%2fInduc.A&threatid=2147627628 

testing a new desktop defence is not just about sitting inside a walled garden reading event logs and waiting for alerts... 

All my computers now run Firefox browser except for this laptop, which runs Internet Explorer and has google search as its home page. I am sticking with Microsoft on this project because I am trialing their new antivirus / antispyware solution, which is called Microsoft Security Essentials. Today is day one for me - June 26 2009.

What is testing without taking a few risks.
I've already broken one rule by running two resident antivirus at the same time. I just could not go to the web without the tried and true resident avast antivirus and at the same time I am querying whether the new Microsoft solution (MSE) is an antivirus as we have come to understand the term. I could be wrong, of course, and I stand to get crunched if this trial all turns to custard.

On top of that I am leaving a door open for malware to come through, by running the ASK toolbar as a permanently active sound and video recorder - that is, I do not have to turn my recorder on at all, it runs 24/7 such that anything that I play on the web - video or audio - becomes automatically recorded. Testing should not be all hard work, it also helps if you have a bit of fun - as above, where I am recording a video by Last Town Chorus. The ASK toolbar is custom-build and is not used for search, which task is taken care of by having the google search box as my front page.

I've highlighted with a red rectangle the defence plan as it currently stands in my system tray. I have outlined below the various defence solutions and their purpose.

Personal firewall --- Outpost 2009

Virus detection and identification --- Microsoft Security Essentials

Resident antivirus --- avast antivirus

System Monitor --- Scotty on duty at WinPatrol

Not nice to be conveniently provided with an example of drive-by malware attack.

http://securitylabs.websense.com/content/Alerts/3405.aspx

The alert from Websense security Labs would indicate that the insertion of malcode into poorly defended websites and servers for drive-by attacks is increasingly becoming the new face of malware perpetration. Anti-malware agencies are very aware of this recent trend, which over the last year, and particularly in the last 6 months, has increased to almost critical proportions, such that broadcast media - radio, TV, and especially web - are now alerting computer users on a daily basis.

Here is where our recent alert was sparked. The ZDNet bloggers being alerted by the Websense report.

http://blogs.zdnet.com/security/?p=3476&tag=nl.e589

My source for the alert provides a good indication of how the problem becomes acted upon. Avast have been quick to respond to these kinds of alerts.

http://forum.avast.com/index.php?topic=45793.msg383758#msg3837

Because the malware initially resides off the computer user's system and instead sits on a website or server, the onus is on owners and webmasters to take appropriate action once they have been alerted to the infection.

Otherwise the outcome is obvious - whoever clicks the site will have the malware injected into their computer system. In worse case scenario, the injection may activate dormant trojans and viral malware that had been dowloaded at an earlier period, and were patiently waiting the trigger to execute their malicious payloads.

But hold on a minute, weren't we told it was going to be the other way round? Weren't we told that Conficker was going to explode out of our computers and connect with botnets all around the world? Well that is a very possible scenario as well, and that will likely happen, but it will happen more as an everyday occurence, hurting people personally and businesses or networks individually, rather than manifesting as the scourge against humankind that hollywood science fiction might make it out to be.

This is why it is important to protect yourself at an individual level - yourself, your family, your business, your network - on an everyday basis through constant and updated security surveillance. You always need the most recent updates to your systems, your programs and apps, and your browsers - when Windows updates fail, for example, this may be your first signal that you have malware problems.

Obviously, malware perpetration will be changing on a never-ending basis despite certain trends like drive-by attacks becoming the flavor of the times. This will always be the nature of the beast. There are clear indications that Gumblar, a more recent derivative, and inheritor and further propagator of viral infestations that plagued servers through 2008, has supplanted conficker as the prime spreader of malware infections.

http://news.cnet.com/8301-1009_3-10251779-83.html

The most recent alert initiated by Websense would indicate that the trend to drive-by malware attacks from infected websites and servers has yet to reach a peak. It is up to owners and webmasters, who administer these infected sites and servers, to act promptly and securely to clean up their acts.

This is the kind of thing that we want to see.

http://forum.avast.com/index.php?topic=45819.0