February 22, 2012

You are here: Home / Archives for Antivirus

McAfee Says Malware Surpassed 75 Million Samples in 2011

February 22, 2012 By Leave a Comment

(LiveHacking.Com) – McAfee has released its Q4 2011 Threat Report (a PDF) and it shows that last year McAfee collected over 75 million unique malware samples! It also shows that 2011 was by far the busiest periods for mobile malware with Android the number one target for writers of mobile malware.

The most common type of Android malware is the for-profit SMS-sending Trojans, which earn cyber-criminals significant amounts of money by sending messages to premium services. The rooting Android devices is getting easier and easier and there are now apps which combine vulnerability exploits to root phones with the click of a button. However the downside of this is that malware writers can repackage the very same root exploits apps with malware.

There is a sliver of good news in that the overall growth of PC malware is on the decline and is much lower that this time last year. The report also noted a continued decline in Fake AV malware with AutoRun and password-stealing Trojan malware showing only slight declines. However the context of this is that McAfee’s cumulative number of unique malware samples exceeded the 75 million samples.

In Q4 2011, the most common type of remote attack was via vulnerabilities in Microsoft Windows remote procedure calls. This was followed by a very close race between SQL-injection and cross-site scripting attacks. The result is that the number of reported data breaches has more than doubled since 2009 with more than 40 breaches publicly reported in Q4 alone.

“Although the release of new malware slowed a bit in Q4, mobile malware continued to increase and recorded its busiest year to date,” Dave Marcus, Director, Security Research at McAfee said in a blog post.

Filed Under: Android, Antivirus, Malware Tagged With: , ,

McAfee to Patch Two Vulnerabilities in its SaaS for Total Protection

January 20, 2012 By

(LiveHacking.Com) – Two vulnerabilities have been found in McAfee’s SaaS for Total Protection, one of which allows a customer’s system to be used as a spam relay. The problem, which was exposed on British art firm Kaamar Limited’s blog earlier this week, has been gaining more and more public attention and now McAfee has started to release information about the issues and details of patches.

As spammers have started to exploit the flaw a number of McAfee’s customers have had their emails blocked after their IP addresses were blacklisted by anti-spam services. “It is believed that thousands of computers have been compromised so far, with more being affected every day,” said Kaamar in its original blog.

“The second issue has been used to allow spammers to bounce off of affected machines, resulting in an increase of outgoing email from them. Although this issue can allow the relaying of spam, it does not give access to the data on an affected machine. The forthcoming patch will close this relay capability,” wrote David Marcus Director, Security Research at McAfee.

According to an update on McAfee’s blog, the the patch for the spam issue is now rolling out to customers, and everyone should have the update shortly.

Filed Under: Antivirus, News, Vulnerability Tagged With: , ,

Norton Source Code Was Stolen in 2006 According to Symantec

January 19, 2012 By

(LiveHacking.Com) – The hacking group calling itself “Lords of Dharmaraja” caused a stir recently when they claimed to have stolen the source code for Norton Antivirus. Symantec, the makers of Norton Antivirus, quickly denied the allegations say that the hackers had source code for for Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2 which are both more than five years old. However Symantec have now acknowledged that source code for a 2006 version its Norton security products did in fact get stolen.

“Upon investigation of the claims made by Anonymous regarding source code disclosure, Symantec believes that the disclosure was the result of a theft of source code that occurred in 2006,” said Symantec spokesperson Cris Paden. “We believe that source code for the 2006-era versions of the following products was exposed: Norton Antivirus Corporate Edition; Norton Internet Security; Norton SystemWorks (Norton Utilities and Norton GoBack); and pcAnywhere.”

“Due to the age of the exposed source code, except as specifically noted below, Symantec customers – including those running Norton products — should not be in any increased danger of cyber attacks resulting from this incident,” he continued. “Customers of Symantec’s pcAnywhere product may face a slightly increased security risk as a result of this exposure if they do not follow general best practices. Symantec is currently in the process of reaching out to our pcAnywhere customers to make them aware of the situation and to provide remediation steps to maintain the protection of their devices and information.”

Affected products include:

  • Norton Antivirus Corporate Edition
  • Norton Internet Security
  • Norton SystemWorks (Norton Utilities and Norton GoBack)
  • pcAnywhere 12.0, 12.1 and 12.5
  • Symantec Endpoint Protection v11.0, which is four years old
  • Symantec AntiVirus v10.2, which is five years old code, and a product that has been discontinued

Symantec go on to say that “customers of Symantec’s pcAnywhere product may face a slightly increased security risk as a result of this exposure. Symantec is currently in the process of reaching out to our pcAnywhere customers to make them aware of the situation and to provide remediation steps to maintain the protection of their devices and information.”

Filed Under: Antivirus, News, Security Tagged With: , ,

Confusion over Lords of Dharmaraja Hackers

January 12, 2012 By

(LiveHacking.Com) – The hacking group calling itself “Lords of Dharmaraja” came into the spotlight a few days ago when it claimed it had a copy of the source for Norton Antivirus. Symantec, the makers of Norton Antivirus, quickly clarified the situation and confirmed that the hackers had a) only access to some API documentation and b) did have some source code, but it was for Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2 which are both more than five years old.

What isn’t really appreciated is that this little known hacking group first came to the attention of authorities last year when it began posting documents including a memo that triggered a U.S. investigation into a possible cyber-attack by Indian military intelligence. It now appears as if that memo was fake, but the security breach was not.

Reuters has obtained a large digital cache what emails that were posted by the group before being taken down by sites like PasteBin. Many of these emails, which were sent between April and October of last year, were addressed to Bill Reinsch, a member of an official U.S. commission monitoring economic and cyber-security relations between the US and China. It now seems that the hackers created these memos simply to draw attention to their work, or to taint relations between India and the United States.

It is still unclear how Symantec’s source code ended up with the Lords of Dharmaraja.

Filed Under: Antivirus, News, Security Tagged With: , ,

Hackers Steal Source Code to Norton AntiVirus?

January 9, 2012 By

(LiveHacking.Com) – Symantec, the company behind Norton AntiVirus, has confirmed that a group of hackers has stolen portions of source code for two of its security products. The hackers, who call themselves The Lords of Dharmaraja, have posted at least twice to Pastebin claiming to have access to the source code for Norton Antivirus:

“Now we release confidential documentation we encountered of Symantec corporation and it’s Norton AntiVirus source code which we are going to publish later on, we are working out mirrors as of now since we experience extreme pressure and censorship from US and India government agencies.”

But according to a statement released from Symantec the information released is just a document from 1999, that describes an application programming interface (API) for the virus Definition Generation Service. “This document explains how the software is designed to work (what inputs are accepted and what outputs are generated) and contains function names, but there is no actual source code present,” Cris Paden, senior manager of corporate communication for Symantec told SecurityWeek.

Both posts have now been removed from Pastebin, which is quite unusual as it is normally a safe haven for hackers to post anything from stolen credit card numbers to cracked passwords.

The latest news from from Symantec, via SecurityWeek, is that the products in question are Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2, and not any of its consumer products under the “Norton” branded. Further in a statement relased on Facebook Symantec said “The code involved is four and five years old. This does not affect Symantec’s Norton products for our consumer customers. Symantec’s own network was not breached, but rather that of a third party entity.”

Many governments require companies such as Symantec to submit their source code for inspection to prove they are not spying on the government. This is where the hackers could have got hold of the code. Comments posted by Yama Tough on Google+ and Pastebin seem to confirm this idea in that they suggest that the Symantec code was taken from an Indian government server.

Filed Under: Antivirus, News, Security Tagged With: , ,

Windows 8 Will Come With Built-in Anti-virus Software

September 15, 2011 By

(LiveHacking.Com) - It has been revealed that Microsoft will ship Windows 8 with built-in anti-virus software. This doesn’t come as too much of a surprise as Microsoft has been making a free anti-malware suite, called Microsoft Security Essentials, for a couple of years now. But it didn’t ship with Windows, you had to download it separately.

Since Windows Vista, Microsoft has bundled Windows Defender with the OS, but Defender is only detects and removes spyware. it is not an anti-virus or anti-malware application.

At the company’s BUILD conference, where Windows 8 is being shown to developers, Michael Angiulo – Corporate Vice President of Windows Planning and Ecosystem – demonstrated an early version of Windows 8 that automatically scanned an infected USB flash disk from which a tablet was booting.

Steven Sinofsky, president of Microsoft’s Windows and Windows Live division, said with Microsoft “have taken Defender and we’ve actually built a whole new range of protection, all the way up though anti-malware, anti-virus.” This means that Windows 8 users will be getting out-of-the-box protection against malware, as well as a firewall and parental controls.

Filed Under: Antivirus, Microsoft, Microsoft Security Essentials Tagged With:

Intel and McAfee Unveil DeepSAFE

September 14, 2011 By

(LiveHacking.Com) – As part of the Intel Developer Forum in San Francisco, Intel and McAfee have unveiled DeepSAFE, a new technology that is sandwiched between the OS and the CPU allowing anti-malware programs to gain an additional vantage point in the computing stack to better protect systems.

With DeepSAFE, McAfee and Intel are working to combine the power of hardware and software to create more sophisticated ways to prevent attacks. The new technology was demonstrated on stage. A system running the DeepSAFE technology was able to detect and stop a zero-day (i.e. a previously unknown) rootkit called Agony from infecting a system in real time. This technology is expected to launch in products later in 2011.

Todd Gebhart, co-president of McAfee said:

“This is a tremendous shift for McAfee and one of the biggest innovations in the security industry’s history. McAfee DeepSAFE uses hardware features already in the Intel processors to provide security beyond the OS. From this unique vantage point, DeepSAFE can apply new techniques to deliver a whole new generation of protection in real time to prevent malicious activity and not just detect infections.”

Filed Under: Antivirus, Malware Tagged With: , ,

Cybercrime Bigger Than Global Black Market in Marijuana, Cocaine and Heroin combined

September 8, 2011 By

(LiveHacking.Com) - The new Norton Cybercrime Report has put the cost of cyber crime to the world’s economy at $388bn annually, a figure that is greater than the combined global market for marijuana, cocaine and heroin ($288bn). Another startling statistic is that cybercrime costs are more than 100 times the annual expenditure of UNICEF ($3.65 billion).

The report, which was compiled using data from 24 countries, says that 431m adults experienced cybercrime in the last year. That is more than a million victims every day or 14 adults every second.

In terms of viruses and malware, the report notes that:

  • 4 in 10 adults surveyed do not have an up-to-date security software suite to protect their personal information online
  • 54% of online adults have experienced viruses or malware on their computers
  • 6 in 10 users of free AV software reported viruses and malware attacks
With regards to protection against viruses and malware, the report says that inadequate security software exposes people unnecessarily to the dangers of computer viruses and malware. With many failing to do the single easiest thing to prevent cyberattacks – i.e. install a full security suite – adults globally are going online, for considerable amounts of time, unprotected against the most common types of cybercrime.
And it is this last part which possibly reveals the true nature of the report. Although I don’t doubt the facts and figures, highlighting things like “6 in 10 users of free AV software reported viruses and malware attacks” and that the “single easiest thing to prevent cyberattacks” is to “install a full security suite” reminds us that this report is published by Norton/Symantec who want to sell you their security software.
Filed Under: Antivirus, Security, Security Report Tagged With: , ,

Adobe Flash Player Responsible for 7 of Top 10 Vulnerabilities

August 16, 2011 By

(LiveHacking.Com) - Kaspersky Lab has published its malware report for the second quarter of 2011 and it has found that seven of the current top ten vulnerabilities are in Adobe Flash Player and the other three in Java. This means that for the first time Microsoft products have disappeared from this list. Kaspersky put this down to “improvements in the automatic Windows update mechanism and the growing proportion of users who have Windows 7 installed on their PCs.”

According to the report, navigating the web remains the riskiest activity on the Internet, with malicious URLs that serve exploit kits, bots, ransomware Trojans, etc. being the most frequently detected objects online.

In terms of geography, every second computer in India was at risk of local infection at least once in the past three months.

“Over the last few years, India has been growing steadily more attractive to cybercriminals as the number of computers in the country increases steadily. Other factors that attract the cybercriminals include a low overall level of computer literacy and the prevalence of pirated software that is never updated,” explains Yury Namestnikov, Senior Virus Analyst at Kaspersky Lab. “Botnet controllers see India as a place with millions of unprotected and un-patched computers which can remain active on zombie networks for extended periods of time.”

Whereas the five safest countries in terms of the level of local infections are: Japan, Germany, Denmark, Luxembourg and Switzerland.

The report also warns users about fake antivirus programs. During the second quarter of 2011, the number of fake antivirus programs detected globally by Kaspersky Lab began to increase: the number of users whose computers blocked attempts to install counterfeit software increased 300 per cent in just three months.

Filed Under: Antivirus, Malware, Security Report Tagged With:

Windows XP is Petri Dish For Rootkit Infections

July 29, 2011 By

(LiveHacking.Com) – A six month study, by the AVAST Virus Lab, has found that 74% of rootkit infections originated from Windows XP machines, compared to 17% for Vista and only 12% from Windows 7 machines.

Window XP is the most common PC operating system with around 49% of avast! antivirus users running it compared to the 38% with Windows 7 and the 13% with Vista.

And the problem seems to be that there are a large number of pirate copies of XP which don’t run automatic updates as they can’t be validated by the Windows Genuine Advantage validation process. This leaves the out-of-date and upatched OS open to all kinds of attack, even old ones long patch by Microsoft.

“Because of the way they attack – and stay concealed – deep in the operation system, rootkits are a perfect weapon for stealing private data” said Przemyslaw Gmerek, the AVAST expert on rootkits and lead researcher.

Cybercriminals are continuing to fine-tune their attack strategy with the Master Boot Record (MBR) remaining their favorite target for even the newest TDL4 rootkit variants.
The study found that rootkits infecting via the MBR were responsible for over 62% all rootkit infections. Driver infections made up only 27% of the total. The clear leader in rootkit infection were the Alureon(TDL4/TDL3) family, responsible for 74% of infections.

Experts from AVAST Software will be attending the upcoming Blackhat events in Las Vegas on August 3-7, 2011.

Filed Under: Antivirus, Security Report Tagged With: , , , , , , ,
« Older Posts