May 17, 2012

You are here: Home / Archives for Antivirus

ClamAV Version 0.97.2 Released

July 27, 2011 By

ClamAV Logo(LiveHacking.Com) – The ClamAV development team has released version 0.97.2 of its open source anti-virus. This update includes fixes for problems with the bytecode engine, Safebrowsing detection, hash matcher, and other minor issues.

ClamAV is an open source cross-platform anti-virus engine designed for detecting Trojans, viruses, malware and other malicious threats. ClamAV 0.97.2 is available to download for Linux and Unix distributions from the project’s web site.

The ClamAV team have also announced a new service called “Third Party web interface”. It will allow selected individuals/organizations to publish ClamAV Virus Databases (CVD) through the ClamAV mirror network.

ClamAV source code is released under the GNU General Public License (GPL).

Filed Under: Antivirus, ClamWin, News Tagged With: ,

Bohu Trojan is Designed to Disable Cloud-Based Antivirus

January 21, 2011 By

A recent blog entry from the Microsoft Malware Protection Center details information about a new malware (called Win32/Bohu.A) which is specifically designed to disable and mislead cloud-based antivirus software.

Cloud-based antivirus software differs from traditional antivirus software in that the antivirus client (running on the PC) sends important threat data to a server for backend analysis, and subsequently receives further detection and removal instruction.

The Bohu Trojan originates in China where there is a predominate use of cloud-based antivirus software. Once a Windows based machine is infected the malware installs different network level filters to disrupt and block the antivirus client accessing the backend antivirus services on the Internet.

As well as writing random data at the end of its key payload components to avoid hash-based detection, Bohu also installs a Windows Sockets service provider interface (SPI) filter to block the antivirus network traffic as well as a Network Driver Interface Specification (NDIS) filter. The NDIS filter then stops the antivirus client from uploading data to the server by looking for the server addresses in the data packets.

Filed Under: Antivirus, Cloud Computing Tagged With: , ,

Trend Micro’s Chairman Says iOS is More Secure Than Android. But Is He Right?

January 14, 2011 By

Trend MicroThe chairman and one of the founders of Trend Micro, the Japanese Security and Anti-Virus company, has revealed in a recent interview that he believes that the Android platform is more susceptible to attacks than Apple’s iOS.

Speaking to Bloomberg Chang said “Android is open-source, which means the hacker can also understand the underlying architecture and source code”. Which seems to be the exact opposite of what Google have found with its Chrome web browser and its reward program.

In contrast Chang says that Apple’s sandbox in iOS “isolates the platform, which prevents certain viruses that want to replicate themselves or decompose and recompose to avoid virus scanners”.

His comments come just after the launch of Trend Micro’s Mobile Security for Android. The $3.99 app can block viruses, malicious programs and unwanted calls. Are Chang’s comments just good marketing or does he have a point? Leave your comments below.

Filed Under: Android, Antivirus, Apple Tagged With: , , ,

PandaLabs Releases 2010 Annual Security Report

January 7, 2011 By

PandaLabs, the antimalware laboratory of Panda Security – The Cloud Security Company – has released its 2010 Annual Security Report, which details an extremely interesting year of cyber-crime, cyber-war and cyber-activism. The full report is available at: http://press.pandasecurity.com/press-room/panda-white-paper/.

In 2010, cyber-criminals created and distributed one-third of all existing viruses, creating 34 percent of all malware that has ever existed and been classified by the company. Panda Security’s proprietary Collective Intelligence system, which automatically detects, analyzes and classifies 99.4 percent of all malware received, currently stores 134 million unique files, out of which 60 million are malware (viruses, worms, Trojans and other computer threats).

Despite these dramatic numbers, the report highlights some good news. PandaLabs discovered that the speed at which the number of new threats is growing has actually decreased when compared to 2009. Every year since 2003, new threats grew by at least 100 percent every year, but in 2010, the increase was approximately 50 percent.

Banker Trojans still dominate the ranking of new malware that appeared in 2010 (56 percent of all samples), followed by viruses and worms. In addition, a fairly recent newcomer to the malware landscape, rogueware (fake antivirus software) already comprised 11.6  of all the malware gathered in the Collective Intelligence database, and has become a category, that despite appearing only four years ago, has created great havoc among users. For a visual representation of the breakdown of malware categories, please visit: http://www.flickr.com/photos/panda_security/5299741783/.

The countries leading the list of most infections are Thailand, China and Taiwan, with 60 to 70 percent of infected computers (data gathered from the free scanning tool Panda ActiveScan in 2010). To see a graph of how other countries ranked, please visit: http://www.flickr.com/photos/panda_security/5299741647/.

2010 witnessed hackers exploit social media, the positioning of fake websites (BlackHat SEO techniques) and zero-day vulnerabilities as its primary methods of infection. Spam also kept its position as one of the main threats in 2010, despite the fact that the dismantling of certain botnets (like the famous Operation Mariposa or Bredolab) prevented many computers from being used as zombies to send spam. This created a positive effect in spam traffic worldwide. Last year, approximately 95 percent of all email traffic globally was spam, but this dropped to an average of 85 percent in 2010.

2010: Cyber-crime, Cyber-war and Cyber-activism

2010 was truly the year of cyber-crime, cyber-war and cyber-activism. Although cyber-crime has existed for many years, cyber-war became a much more active and aggressive part of the malware landscape. The most notorious was Stuxnet, a new worm that targeted nuclear power plants and managed to infect the Bushehr plant, as confirmed by the Iranian authorities. Simultaneously, a new worm appeared called “Here you have,” that was created by a terrorist organization known as “Brigades of Tariq ibn Ziyad.” According to this group, their intention was to remind the United States of the 9/11 attacks and call for respect for the Islamic religion as a response to Pastor Terry Jones’ threat of burning the Quran.

And even though some aspects are still to be clarified, Operation Aurora was also in the spotlight. The attack, allegedly launched from China, targeted employees of large multinationals by installing a Trojan on their PCs that could access all their confidential information.

2010 also witnessed the emergence of new phenomenon called cyber-protests or hacktivism. This phenomenon, made famous by the Anonymous group, is not actually new, but grabbed the headlines in 2010 for the coordinated DDoS attacks launched on copyright societies and their defense of WikiLeaks’ founder Julian Assange.

Social Networks in the Spotlight

Besides offering information about the main security holes in Windows and Mac, the 2010 Annual Security Report also covers the most important security incidents affecting the most popular social networking sites. Facebook and Twitter were the most affected, but there were also attacks on other sites including LinkedIn and Fotolog. There were several techniques used for tricking users on these sites, such as hijacking Facebook’s “Like” button, stealing identities to send out messages from trusted sources, exploiting vulnerabilities in Twitter to run Javascript code and distributing fake apps that redirect users to infected sites.

The full report is available at http://press.pandasecurity.com/press-room/panda-white-paper/. Visit the PandaLabs blog for more information about these and other threats.

Source:[Panda Security]

Filed Under: Antivirus, Panda Security, Security Report Tagged With: , , , , ,

Multiple Vulnerabilities in ClamAV

December 20, 2010 By

Arkadiusz Miskiewicsz from ClamAV has reported about multiple vulnerabilities in ClamAV anti-virus.
These issues could be exploited by an attacker to cause denial-of-service conditions or potentially execute arbitrary code in the context of the application. All the versions prior to ClamAV 0.96.5 are vulnerable.

References:

Filed Under: Antivirus, ClamWin, Vulnerability Tagged With: , , ,

Microsoft Has Released Version 2 of Security Essentials (MSE)

December 17, 2010 By

Microsoft has released version 2 of Security Essentials (MSE), its anti-malware and virus protection software for Windows.

According to Microsoft website, Microsoft Security Essentials provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software. Microsoft Security Essentials is a free download from Microsoft that is simple to install and easy to use.

Microsoft Security Essentials 2 is available to download for Windows XP Service Pack 2 or later, Windows Vista and Windows 7. Microsoft has also released the 2010 edition of its Forefront Endpoint Protection solution for corporate customers.

Microsoft has released version 2 of Security Essentials (MSE), its anti-malware and virus protection software for Windows.

According to Microsoft website, Microsoft Security Essentials provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software. Microsoft Security Essentials is a free download from Microsoft that is simple to install and easy to use.

Microsoft Security Essentials 2 is available to download for Windows XP Service Pack 2 or later, Windows Vista and Windows 7. Microsoft has also released the 2010 edition of its Forefront Endpoint Protection solution for corporate customers.

Filed Under: Antivirus, Microsoft, Microsoft Security Essentials, Security Tagged With: , , , , , ,

ClamWin Free Antivirus: Bad False Positive

November 20, 2010 By

ClamWin virus signatures and scanner updates caused the free ClamWin (ClamAV for Windows) virus scanner a false positive and move large numbers of files into quarantine on Windows systems. On the ClamWin forum, various users reported that 25,000 files, including system files, were moved into quarantine.

The issue has reportedly been fixed, but some users are struggling to restore their systems. The quarantined files have been listed in the ClamScanLog.txt file at log folder and this file could be used to restore the system.

How to recover quarantined files if you have the logs?

1. Check if you have the log file with quarantine info in it.
The log files are located:

Path:
Win7 and Vista: C:\Users\All Users\.clamwin\log\ClamScanLog.txt
XP: C:\Documents and Settings\All Users\.clamwin\log\ClamScanLog.txt

If there is no quarantine info on the logs there is still a chance it would be in your TEMP folder. It should start with tmp and look like this:

Path:
XP: C:\Documents and Settings\user\Local Settings\Temp\tmp0bx8st
Win7 and Vista: C:\Users\user\AppData\Local\Temp\tmp0bx8st

If you can’t locate these logs, then unfortunately the only way to restore is to copy the files manually.
2. Download and unzip http://files.clamwin.com/QRestore1.0.zip Works on Windows XP and above. DISCLAIMER – There is no warranty for this software. USE AT YOUR OWN RISK
3. Run the QRestore.exe and click File-Open and navigate to the log file
4. The program will process the log and show the quarantined files.
5. You may highlight files you wish to restore and click File-Restore Selected. If you wish to restore all files then click File-Restore All.
6. When the restore process is complete the program will open the report.

ClamWin, the Free Antivirus program for Microsoft Windows operating system. ClamWin Free Antivirus is used by more than 600,000 users worldwide on a daily basis. It comes with an easy installer and open source code.

Source:[http://forums.clamwin.com/viewtopic.php?t=3096]

Filed Under: Antivirus, ClamWin Tagged With: , ,
Newer Posts »