Avira and Virus News

Avira with Windows-7-compatible IT security solutions on show at it-sa 2009

kyler@compsecglobal.com (Kyle Reiners) — Mon, 28 Sep 2009 18:51:03 -0500

Tettnang, 28 September 2009 Avira is planning to show its extensive product portfolio for protecting against viruses and threats from the Internet on stand 6-318 at the it-sa 2009 IT security show, which is to be held in Nuremberg from 13 to 15 October 2009. As well as virus protection for Windows environments, Avira will also be showing its security solutions for Linux/Unix, as well as its recently revised gateway solutions. The Avira AntiVir MailGate and Avira AntiVir WebGate Suite products are aimed at small and medium-sized businesses, as well as businesses at enterprise level, and feature excellent detection and protection performance.

Aviras virus guards already have their shields up at gateway level and intervene before harmful content can actually penetrate a companys network. Thus, Avira AntiVir WebGate Suite uses configurable black and white listing to include or exclude specific domains from its checks. This solution uses the associated URL database to recognize phishing, malware, spam and fraudulent URLs automatically. AntiVir MailGate secures email communications for businesses by checking inbound and outbound messages on the mail server as they happen. This enables even small and medium-sized businesses to protect their entire network by promptly recognizing possible threats.

Safety first: obligations on training institutions
Continue reading "Avira with Windows-7-compatible IT security solutions on show at it-sa 2009"

Test on aBetter...

news@nod32usa.com (Greg Hewitt-Long) — Tue, 18 Aug 2009 12:41:56 -0500

This is only a test!

Grand Jury Indicts Three for Hack Attacks

nancy@compsecglobal.com (Nancy Pursley) — Tue, 18 Aug 2009 09:58:58 -0500

Sharon Gaudin, Computerworld

A Miami, Fla., man and two Russians today were indicted by a grand jury in New Jersey on charges of conspiring to commit some of the largest data breaches in U.S. history.

Albert Gonzalez, 28, and the two as-of-yet-unnamed Russian citizens are charged with running an international scheme to steal more than 130 million credit and debit card numbers along with personal identifying information from five companies, including Heartland Payment Systems, Inc., 7-Eleven, Inc. and Hannaford Brothers Co. The two other companies were not named in the indictment because their breaches have not yet been made public.

"This represents another major step forward in our efforts to prosecute individuals responsible for these major data breaches," said Assistant U.S. Attorney Erez Liebermann, who is prosecuting the case with Assistant U.S. Attorney Seth Kosto. "It also further illustrates the ability of the U.S. to work with foreign law enforcement in these international cases and track down people even when they use sophisticated means."

The data breach at Heartland, which is based in Princeton, N.J., is considered to be one of the largest data breaches involving credit cards ever reported in the U.S. Heartland said earlier this year that it has already spent or set aside more than $12.6 million to cover costs related to the intrusion there.

The data breach at Hannaford resulted in the reported theft of up to 4.2 million credit and debit card numbers from its systems.

Continue reading "Grand Jury Indicts Three for Hack Attacks"

Hackers Put Social Networks Such as Twitter in Crosshairs

nancy@compsecglobal.com (Nancy Pursley) — Mon, 17 Aug 2009 11:40:36 -0500

By Jeremy Kirk, IDG News Service

Web sites such as Twitter are becoming increasingly favored by hackers as places to plant malicious software in order to infect computers, according to a new study covering Web application security vulnerabilities.

Social-networking sites were the most commonly targeted vertical market according to a study of hacking episodes in the first half of the year. The study is part of the latest Web Hacking Incidents Database (WHID) report, released on Monday. In 2008, government and law enforcement sites were the most-hit vertical markets.

Social networks are "a target-rich environment if you count the number of users there," said Ryan Barnett, director of application security research for Breach Security, one of the report's sponsors, which also includes the Web Application Security Consortium.

Twitter has been attacked by several worms, and other social-networking platforms such as MySpace and Facebook have also been used to distribute malware. That's often done when an infected computer begins posting links on social-networking sites to other Web sites rigged with malicious software. Users click on the links since they trust their friends who posted the links, not knowing their friend has been hacked.

The WHID sample set is small, encompassing 44 hacking incidents. The report only looks at attacks that are publicly reported and those with which have a measurable impact on an organization. The WHID's data set is "statistically insignificant" compared to the actually number of hacking incidents, but shows overall attacker trends, Barnett said.

Other data showed how Web sites were attacked. The most common attack was SQL injection, where hackers try to input code into Web-based forms or URLs (Uniform Resource Locators) in order to get back-end systems such as databases to execute it. If the input is not properly validated -- and malicious code ignored -- it can result in a data breach.

Other methods used include cross-site scripting attacks, where malicious code gets push to on a client machine, and cross-site request forgery, in which a malicious command is executed while the victim is logged into a Web site.

The WHID found that defacing Web sites is still the most common motivation for hackers. However, the WHID includes the planting of malware on a Web site as defacement, which also points to a financial motivation. Hacked computers can be used to send spam, conduct distributed denial-of-service attacks and for stealing data.

"Ultimately they [the hackers] want to make money," Barnett said.

Our Comment: Be careful what you click on especially on these social networking sites.

Original Article

ESET Named One of America's Fastest-Growing Private Companies by INC. Magazine for the Third Consecutive Year

nancy@compsecglobal.com (Nancy Pursley) — Fri, 14 Aug 2009 10:43:47 -0500

ESET Ranks No. 379 on the 2009 Inc. 500 with Three-Year Sales Growth of 667.4 Percent

SAN DIEGO August 13, 2009 - ESET, the leader in proactive threat protection, today announced that Inc. Magazine has ranked it among the fastest-growing private companies for the third consecutive year. Distinguished as No. 379 among the top 500 organizations, ESET grew at an impressive rate of 667.4 percent, ranking eighth among the top security companies and 11 in the top 50 businesses in San Diego-Carlsbad-San Marcos, Calif. area.

âBeing acknowledged by Inc. Magazine as one of the fastest growing companies is further testament to our continued leadership in the security market,â said Anton Zajac, president and CEO of ESET, LLC. âWe attribute our continued success to our loyal customers, product quality and employee dedication.â

ESET develops software solutions that deliver instant, comprehensive protection against evolving computer security threats. ESET Smart Security, an integrated antivirus, antispyware, antispam and personal firewall solution, was named CNET âEditorsâ Choiceâ in April 2009 and finished first among its peers in a leading consumer publication in June 2009. ESET NOD32 Antivirus consistently achieves the highest accolades in all types of comparative testing, including 57 VB100 awards, which is the most in the industry. ESET products are available in more than 160 countries and are represented by an extensive global partner network.

âIf you want to know which companies are going to change the world, look at the Inc. 500,â said Inc. editor Jane Berentson. âThese are the most dynamic, fast-growth companies in the nation, the ones finding innovative solutions to problems, creating smart systems, and inventing products we soon discover we can't live without. The Inc. 500 list is Inc. Magazineâs tribute to American business ingenuity and ambition.â

Our Comment: Go ESET!

Original Article

Australian charged with infecting 3,000 computers

nancy@compsecglobal.com (Nancy Pursley) — Thu, 13 Aug 2009 10:38:38 -0500

ADELAIDE, Australia -

A 20-year-old Australian man has been charged with infecting more than 3,000 computers around the world with a virus designed to capture banking and credit card data, police said Thursday.

The man, whose name will not be released until he appears in an Adelaide court on Sept. 4, has been charged with several computer offenses that carry prison terms of up to 10 years, South Australia state police Detective Supt. Jim Jeffery said in a statement.

Police also uncovered information that will identify other offenders, Jeffery said.

The man, who lives in the state capital, Adelaide, is also accused of illegally creating a capacity to disable computer systems by bombarding them with unwanted traffic from up to 74,000 computers he controlled around the world. This type of sabotage is known as a distributed denial of service attack.

Police have not said whether the man allegedly used stolen banking information to commit identity fraud.

The arrest followed a three-month investigation involving state and federal computer crime detectives.

Our Comment: One down, thousands to go.

Original Article

Cyber Attackers Empty Business Accounts in Minutes

nancy@compsecglobal.com (Nancy Pursley) — Fri, 07 Aug 2009 09:48:24 -0500

By Robert McMillan, IDG News Service

The criminals knew what they were doing when they hit the Western Beaver County School District.

They waited until school administrators were away on holiday, and then during a four-day period between Dec. 29 and Jan. 2, siphoned US$704,610.35 out of two of the school district's bank accounts. Western Beaver's financial institution, ESB Bank, managed to reverse some of the transfers, but the Pennsylvania school district was out more than $441,000.

On July 9, Western Beaver sued ESB to try and recover the money, but security experts say that it's just one of many organizations that have been hit in recent months by a disturbing new type of financial fraud that can often leave the victim holding the bag.

Fraudsters are taking advantage of the widely used but obscure Automated Clearing House (ACH) Network in order to pull off their attacks. This financial network is used by financial institutions to handle direct deposits, checks, bill payments and cash transfers between businesses and individuals.

In April, ACH fraudsters moved $1.2 million out of a Sugar Land, Texas, importer called Unique Industrial Products, according to a report in the Houston Chronicle. They did this by hacking into the company's computers and then authorizing 39 transfers to move the money out of Unique Industrial's account. Although the bulk of the money was recovered, scammers made $150,000 from the attack -- not bad for 30 minutes of work.

"ACH fraud continues to grow, especially in this current economic downturn where unemployment is at very high levels," said Jeffery Dertz, a partner in the insurance practice group with Blackman Kallick, a Chicago-based accounting and consulting firm.

Criminals can make millions of dollars per day with ACH fraud, investigators say. And while consumers are protected from this type of fraud, the rules for corporations and organizations are not as clear-cut, so sometimes victims like Western Beaver find themselves having to pay.

Continue reading "Cyber Attackers Empty Business Accounts in Minutes "

57 Virus Bulletin VB100 Awards for ESET

kyler@compsecglobal.com (Kyle Reiners) — Thu, 06 Aug 2009 17:51:24 -0500

SAN DIEGO â August 4, 2009 â ESET, the leader in proactive threat protection, today announced that its flagship ESET NOD32 Antivirus has captured a record 57th VB100 award from Virus Bulletin, the widely-respected independent comparative testing group. ESET NOD32 Antivirus is still the only product with more than 50 VB100 awards and continues to lead the industry with the highest detection rates combined with zero false positives â the winning formula in malware prevention. August's report focused on the Windows Vista platform. Almost one-third of the field failed the test, with only 22 of the 34 entries awarded the VB100 designation.

Virus Bulletin introduced its first VB100 award in 1998, and conducts several comparatives every year, rotating its platforms between Linux, Windows, Windows servers and Novell Netware. In order to display the VB100 logo, an antivirus product must meet two criteria: (1) Demonstrate it detects all "In-the-Wild" viruses during both on-demand and on-access scanning; and, (2) Generate no false positives when scanning a set of clean files. Since the inception of VB100 awards in 1998, ESET's antivirus products continue to boast a success rate of over 96 percent - the industry's highest. Most antivirus vendors have success ratios in the 50 â 75 percent range.
Continue reading "57 Virus Bulletin VB100 Awards for ESET"

White House Still Seeking Cybersecurity Czar

nancy@compsecglobal.com (Nancy Pursley) — Thu, 06 Aug 2009 09:42:00 -0500

By Reuters

WASHINGTON - President Barack Obama is still searching for the right person to lead the fight against an epidemic of cybercrime, the White House said on Tuesday as it came under fire following the resignation of a top cybersecurity adviser.

Melissa Hathaway, who led a 60-day White House review of cyber policies, resigned and said she had withdrawn her application for the position of cybersecurity coordinator out of frustration over the administration's delays in filling the post.

"I wasn't willing to continue to wait any longer because I'm not empowered right now to continue to drive the change," Hathaway, who also worked on cybersecurity issues for the Bush administration, told The Washington Post.

Obama promised in May that he would personally decide who would become cybersecurity coordinator to lead the fight against an epidemic of cybercrime, which threatens the computer networks that underpin the U.S. economy.

Industry officials have pushed for someone to be appointed to the job. Republican Senator Susan Collins, who has worked closely with the Democratic president on many issues, blasted Hathaway's departure as a sign of the Obama administration's lack of leadership in cybersecurity.

"The loss of her expertise on this issue is unfortunate," Collins, the ranking Republican on the Senate homeland security committee, said in a statement.

She said the White House should not appoint a cybersecurity czar but should work with Congress to appoint a "cyber leader" at the Department of Homeland Security.

Continue reading "White House Still Seeking Cybersecurity Czar"

ESET compatibility with Windows 7

kyler@compsecglobal.com (Kyle Reiners) — Wed, 05 Aug 2009 18:27:04 -0500

Microsoft has notified software developers that some of the technologies used by security, backup, disk utility and network management programs are incompatible with the Windows Vista to Windows 7 upgrade process. This is a direct result of Microsoftâs design decisions and impacts most antivirus solutions that scan network data.
Continue reading "ESET compatibility with Windows 7"

After Links to Cybercrime, Latvian ISP Is Cut off

nancy@compsecglobal.com (Nancy Pursley) — Wed, 05 Aug 2009 10:44:17 -0500

By Robert McMillan, IDG News Service

A Latvian ISP linked to online criminal activity has been cut off from the Internet, following complaints from Internet security researchers.

Real Host, based in Riga, Latvia was thought to control command-and-control servers for infected botnet PCs, and had been linked to phishing sites, Web sites that launched attack code at visitors and were also home to malicious "rogue" antivirus products, according to a researcher using the pseudonym Jart Armin, who works on the Hostexploit.com Web site. "This is maybe one of the top European centers of crap," he said in an e-mail interview.

"It was a cesspool of criminal activity," said Paul Ferguson a researcher with Trend Micro.

The ISP was disconnected from the Internet by its upstream provider, Junik, on Monday, after its provider, TeliaSonera told it to stop servicing Real Host or face sanctions Armin said.

Real Host was considered a "bullet proof" hosting provider, that would allow customers to remain online even after they had been linked to malicious activity. It had been linked to the Zeus botnet-making software.

This isn't the first time this type of hosting provider has been knocked offline. In the past year, at least three U.S. ISPs: Atrivo, McColo and 3FN have been unplugged after security researchers built cases against them. Atrivo and McColo were also taken offline by their upstream providers. 3FN was shut down by the U.S. Federal Trade Commission.
Continue reading "After Links to Cybercrime, Latvian ISP Is Cut off "

Hackers expose weakness in visiting trusted sites

nancy@compsecglobal.com (Nancy Pursley) — Tue, 04 Aug 2009 09:34:49 -0500

By JORDAN ROBERTSON, AP Technology Writer

LAS VEGAS -

A powerful new type of Internet attack works like a telephone tap, except operates between computers and Web sites they trust.

Hackers at the Black Hat and DefCon security conferences have revealed a serious flaw in the way Web browsers weed out untrustworthy sites and block anybody from seeing them. If a criminal infiltrates a network, he can set up a secret eavesdropping post and capture credit card numbers, passwords and other sensitive data flowing between computers on that network and sites their browsers have deemed safe.

In an even more nefarious plot, an attacker could hijack the auto-update feature on a victim's computer, and trick it into automatically installing malware pulled in from a hacker's Web site. The computer would think it's an update coming from the software manufacturer.

The attack was demonstrated by three hackers. Independent security researcher Moxie Marlinspike presented alone, while Dan Kaminsky, with Seattle-based security consultancy IOActive Inc., and security and privacy researcher Len Sassaman presented together.

They reached essentially the same conclusion: There are major problems in the way browsers interact with Secure Sockets Layer (SSL) certificates, which is a common technology used on banking, e-commerce and other sites handling sensitive data.

Browser makers and the companies that sell SSL certificates are working on a fix.

Microsoft Corp., whose Internet Explorer browser is the world's most popular, said it was investigating the issue. Mozilla Corp., which makes the No. 2 Firefox browser, said most of the problems being addressed were fixed in the latest version of its browser, and that the rest will be fixed in an update coming this week.

VeriSign Inc., one of the biggest SSL certificate companies, maintains that its certificates aren't vulnerable.

Tim Callan, a product marketing executive in VeriSign's SSL business unit, added that the "tap" won't work against so-called Extended Validation SSL certificates, which cost more and involve a deeper inspection of a company's application for a certificate.

The attack falls into a class of hacks known as "man-in-the-middle," in which a criminal plants himself between a victim's computer and a legitimate Web site and steals data as it moves back and forth.

Jeff Moss, founder of the Black Hat and Defcon conferences who this summer was appointed to the Homeland Security Department's advisory council, said the fact a hacker has to actually break into a victim's network for the attack to work can limit its usefulness.

"That's the nice mitigating thing," he said.

But he warned that "for targeted attacks it's absolutely deadly. This is the way you can get everything. If you can get in the middle, you can get everything. It's a big, giant wake-up call for the industry."

SSL certificates are a critical technology in assigning trust on the Web.
Continue reading "Hackers expose weakness in visiting trusted sites "

Security Analyst: Las Vegas ATMs May Have Malware

nancy@compsecglobal.com (Nancy Pursley) — Mon, 03 Aug 2009 11:47:06 -0500

Jeremy Kirk, IDG News Service

The U.S. Secret Service said on Monday it is investigating a group of ATM machines in Las Vegas that are debiting people's accounts but not dispensing cash.

The case came to light after Defcon hacker conference presenter Chris Paget tried to withdraw $200 on Sunday from his account at the Rio All-Suite Hotel and Casino. He wanted buy a metallic copy of the Bill of Rights, a joke gift designed to set off airport metal detectors from the magicians Penn and Teller.

The ATM "whirred and chugged," Paget said, "but no money came out." His account, however, was debited.

He wasn't the only one. Paget spoke with an Israeli man who had tried to withdraw $1,000, as well as a woman who tried to take out $400. At least a half dozen people experienced the same problem at various machines in the hotel, Paget said.

Paget, who has expertise in credit-card security and runs a hardware security consulting company, notified the hotel staff, who didn't take action to shut down the machines.

"The best they would do was put a sign on the ATM saying 'Out of order,'" Paget said. "We were standing by the ATMs warning people."

Paget considered unplugging the machines, but the hotel's security told him he would potentially be prosecuted for vandalism.

Paget's experience points to the increasing frequency with which criminals are targeting ATMs. One scam is to attach a device to the ATM known as a skimmer that can record details stored on a card's magnetic stripe. A person's PIN (Personal Identification Number) can be captured with an overlay on the keypad or a video camera. Then, the card can be cloned.

Security experts have also seen samples of malicious software designed for ATMs that can record card details. Earlier this year, analysts at Trustwave's SpiderLabs research group said the malware came from a financial institution that had been affected in Eastern Europe.

In Paget's case, a Rio hotel representative said on Monday that she was unaware of the problem and advised calling the hotel's accounting office later. A Secret Service officer in the Las Vegas area confirmed the agency was looking into the issue along with the Las Vegas Metropolitan Police Department. Paget said he left a voicemail with the Federal Bureau of Investigation.

Continue reading "Security Analyst: Las Vegas ATMs May Have Malware"

Meter Hackers Find Free Parking in San Francisco

nancy@compsecglobal.com (Nancy Pursley) — Fri, 31 Jul 2009 10:29:08 -0500

Robert McMillan, IDG News Service

San Francisco's ambitious plans to roll out computerized smart parking meters have hit a snag: They can be hacked for free parking.

Security researchers say that it is easy for a technically savvy hacker to make a fake payment card that gives them unlimited free parking. To prove their point, they will talk about how they built just such a card in about three days at a computer security conference Thursday.

According to Joe Grand, owner of Grand Idea Studio, San Francisco's parking meters have no way of telling the difference between a genuine payment card and a fake. These cards can be used to pay 23,000 meters citywide.

Grand, who hadn't worked much with smart cards, said that the work wasn't particularly hard to do. His card simply replays the same signals used by genuine cards to the meter. Although he never actually used the card to get free parking, Grand said he was able to build a card with a balance of US$999.99 -- the maximum possible -- that would never run out of funds.

"If I found this problem, chances are somebody else knows about the problem and possibly is exploiting it," he said. "That's costing all of us taxpayers money."

To figure out how the payment system worked, Grand hooked up an oscilloscope to a parking meter and monitored what happened when he used a genuine payment card. He then analyzed that data by hand, and wrote a software program that would emulate the smart card. After some trial and error, he finally figured out what his program needed to say to the meter in order to work. Then he built a card that would replay the same data, using a programmable smart card called a Silver Card.

San Francisco uses McKay Guardian XLE meters, Grand said, but because these meters are implemented differently in different cities, his technique may not work outside of San Francisco.

Cities across the U.S. are rolling out computerized parking meter systems designed to be easier to pay and manage. San Francisco's smart meters were rolled out as part of a broader program, known as SFpark, which will eventually deploy parking sensors that can detect when a space is empty and transmit that information wirelessly to drivers looking for spots.

But there have been some problems. In May, about 125 smart meters in Chicago stopped working properly, prompting speculation that the machines may have been hacked.

Continue reading "Meter Hackers Find Free Parking in San Francisco"

Microsoft releases security patch for Web browser

nancy@compsecglobal.com (Nancy Pursley) — Wed, 29 Jul 2009 11:19:26 -0500

WASHINGTON (AFP) â Microsoft released a security patch on Tuesday aimed at preventing hackers from exploiting a vulnerability in its Web browser, Internet Explorer.

The US software giant said that the security update would be automatically installed for Internet Explorer users who have automatic updating enabled on their computers but would need to be installed manually by other users.

It said the update resolves three privately reported vulnerabilities in Internet Explorer.

"These vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer," Microsoft said.

It said the security patch "addresses these vulnerabilities by modifying the way that Internet Explorer handles objects in memory and table operations."

Microsoft said an attacker could exploit the vulnerability by constructing a specially crafted Web page.

"When a user views the Web page, the vulnerability could allow remote code execution," it said. "An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user."

"If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system," it said.

Microsoft said the security update was considered "critical" for users of certain versions of Internet Explorer running on Windows 2000 and Windows XP operating systems.

Our Comment: Make sure you update on a regular basis and get these patches quickly.

Original Article: