Taking spot in BitDefender’s monthly hall of shame is the malware Trojan.AutorunInf.Gen.

BitDefender, a company which produces anti-malware security solutions, produces a monthly e-threat report in which it lists the latest malware baddies.

And top throughout February was the Trojan.AutorunInf.Gen which is what’s known as a generic mechanism which uses removable devices – including external hard-disks, memory cards and flash drives – to spread malware between devices.

Removable devices are the theme of BitDefender’s February e-report and they warn against the ease by which these handy aids can be compromised. Indeed, say BitDefender, they are responsible for around 9% of global infections.

Catalin Cosoi, BitDefender’s senior researcher, said:
“External devices should be scanned on a regular basis. This safe practice should be used especially when these devices have been plugged into library computers, copy shops, and other public locations that are known to be likely sources of infection.”

Conficker, or Kido, or to give its correct title, Win32.Worm.Downadup.Gen, is proving very resilient, appearing regularly in the nasties line-up.

Catalin Cosoi, BitDefender’s senior researcher, added:
“The continuous presence of Win32.Worm.Downadup.Gen — also known as Conficker or Kido — in our monthly e-threat lists proves most users are reluctant to update their operating system and locally-installed antimalware solution, in addition to installing the security fixes issued by Microsoft more than a year ago. Newer variants of the worm also install rogue antivirus applications, amongst others.”

Coming third and fourth in the list is to gain access to a computer via manipulated PDF files and various vulnerabilities found in the Adobe PDF Reader JavaScript engine. Once they have compromised a computer, malicious code is then executed from the ‘dirty’ machine.

The complete list is made up of:

1. Trojan.AutorunINF.Gen 9.09
2. Win32.Worm.Downadup.Gen 6.24
3. Exploit.PDF-JS.Gen 5.13
4. Exploit.PDF-Payload.Gen 4.21
5. Trojan.Wimad.Gen.1 3.37
6. Win32.Sality.OG 2.77
7. Trojan.Autorun.AET 1.92
8. Worm.Autorun.VHG 1.85
9. Exploit.Comele.A 1.48
10. Trojan.SWF.HeapSpray.B 1.40

BitDefender was particularly keen to highlight the invidious threat called Trojan.Wimad.Gen.1, sitting at number five. This is one Trojan that likes to hide in favourite downloadable television series and movies.

Guest Article by Neil Camp

As people rely on ever more complicated smartphones, it’s clear the information on a lost, or stolen phone, could be used for nefarious means and to combat this, F-Secure has launched F-Secure Anti-Theft for Mobile. Now days it is not just your computer that needs the best pc protection software.

It’s a stand-alone smartphone solution which has at its core three security solutions: remote locking, remote wipe and theft control.

F-Secure Anti-Theft for Mobile serves both the Symbian and Windows phone platforms.

The remote lock function works by a single SMS message which quickly locks the smartphone once it’s loss is discovered. The remote wipe function works in the same way, via one quick SMS message, but it instantly erases all the data on the phone. The theft control function comes into play if someone tries to change the SIM card. It locks the device and informs the registered owner of the new number.

Arnoud de Vaal, Director at F-Secure’s Mobile Business Unit, said:
“You carry your smartphone with you where ever you go, which means it can be particularly prone to being lost or stolen. Nowadays our mobiles contain a great deal of personal and confidential data that need protection. F-Secure’s standalone anti-theft software provides an easy and affordable way to make sure this information is not misused by anyone.”

F-Secure Anti-Theft for Mobile is an upgrade to the existing F-Secure Mobile Security and can be activated using the inbuilt automatic upgrade system and purchased for a fee.

Guest Article by Neil Camp

McAfee has just announced its latest Email and Web security Appliance, version 5.5, which is designed to protect small and midsized businesses against the latest email and web-borne threats, manage Web and email traffic and usage, and reduce system administration requirements. And all this in a single, integrated appliance.

The McAfee Email and Web security Appliance 5.5 has a number of new features and functionality.

First and foremost is Artemis and TrustedSource™ Technology Integration. This is the first time that this application will utilise links to global threat intelligence from its Artemis and TrustedSource technologies. This believes McAfee is the most precise and comprehensive threat intelligence system in the world.

Second up is Appliance Clustering with Load Balancing. This means that multiple appliances can be clustered to share scanning responsibilities for improved resiliency, scalability, and consolidated management and reporting.

Third on the list is Simplified Installation. Very important in reducing installation time and for improving overall user experience, auto-detect network settings provides an easy to use configuration wizard.

Fourth are new Content Policy Wizards. This facility simplifies the creation and set up of content policies through the new configuration wizards and advanced dictionaries simplify policy creation, which enables greater enforcement flexibility and reduces false positives and configuration errors.

Fifth is Integrated URL Filtering. The 5.5 release is available at no extra cost and includes more than 90 Web site categories providing granular web usage monitoring and policy enforcement. It also includes the McAfee Web Reporter package which allows simplified viewing of web utilization and trends.

Dave Macey, general manager of the Network Security business unit at McAfee said:
“In addition to their market leading security effectiveness, these appliances also provide customers with email and Web usage policy enforcement capabilities, compliance tools, informative dashboards and comprehensive reporting. McAfee’s combined intelligence capabilities add an essential layer of protection to guard against today’s most advanced threats and work by accumulating data from millions of sensors, creating a real-time profile of all suspicious activity and content, and then watching for deviations based upon expected behavior.”

Furthermore, the McAfee Email and Web security Appliance 5.5 provides, says McAfee, the highest level of protection with better than 99% spam detection accuracy.

It will be available globally late in 2009.

Guest Article by Neil Camp 

F-Secure, the Finnish computer security company, has released a free online tool to check the health of your computer.

Called F-Secure Health Check, it is a free online tool that helps to pinpoint security problems and gives clear advice on how to fix them. It examines a person’s computer to see if it is secure and up-to-date for internet use.

Mika Ståhlberg, Vice President of F-Secure Labs, said:
“F-Secure Health Check checks the status of security solutions running on the computer. More than one million people have already used the free tool and our data shows that a third of its users either haven’t installed an antivirus, firewall or antispyware, they are outdated or turned off. Out-of-date or nonexistent security software leave users wide open to malicious software and exploits.”

Additionally, the F-Secure Health Check free tool ensures that a person’s computer’s firewall, antivirus and anti-spyware are working properly, and are up-to-date. It also checks whether the Windows operating system, third party software and Mozilla Firefox and Internet Explorer web browsers are the latest available versions.

F-Secure point out that with more people visiting diverse web sites and using their computers to watch films, or listen to music, the most vulnerable places open to attack are the heavily used web browsers, media players and plug-ins that are often the most open to attack.

The free tool also verifies whether all your irreplaceable files like photos, music and other documents are being safely backed up by an automatic backup solution.

F-Secure say that their Health Check is quick and easy to run, and does not require to be installed.

It includes the following features:

• Windows 7 compatible;
• Firefox and Internet Explorer 8 compatible;
• Automatic backup solution detection;
• Simplified user experience with three steps and a solutions page;
• Optimized for mini-laptops;
• New Java based launch point technology (no more ActiveX).

The free health check tool is one of a number of security diagnostic checks available from the computer security companies. And although they are of course a marketing device which introduces a potential customer to the company, they do have their role to play. But it’s unlikely that after such a free health check, a product purchase is not recommended.

Guest Article by Neil Camp 

It may still seem to be the plot from a major blockbuster, but the threat of cyber warfare is now reality warns McAfee in its fifth annual Virtual Criminology Report.

The report has revealed that five countries – the United States, Russia, France, Israel and China – are now armed with cyber weapons. The report also highlights the fact that politically motivated cyber attacks have increased.

Dave DeWalt, McAfee president and CEO, said:
“McAfee began to warn of the global cyber arms race more than two years ago, but now we’re seeing increasing evidence that it’s become real. Now several nations around the world are actively engaged in cyber war-like preparations and attacks. Today, the weapons are not nuclear, but virtual, and everyone must adapt to these threats.”

The McAfee Criminology Report includes insights from over 24 of the world’s leading experts in international relations. This includes Dr Jamie Saunders, counsellor at the British Embassy in Washington D.C. and security experts with experience at the U.S. National Security Agency and the Australian Attorney-General’s Department. Paul Kurtz, former White House advisor, wrote the report on McAfee’s behalf.

For the first time, the McAfee report provides a model to define cyber war. Furthermore, it identifies the countries involved in developing cyber offenses and cyber defences and dissects examples of politically-motivated cyber attacks.

The McAfee report also reveals how the private sector will get caught in the crossfire and worries that due to strict Government disclosure rules,
cyber initiatives and information are often classified, hindering cybercrime defence in the public and private sector.

In a nutshell, the McAfee report identifies a number of key issues and challenges.

William Crowell, a former Deputy Director of the U.S. National Security Agency, says in the Virtual Criminology Report.
“Over the next 20 to 30 years, cyber attacks will increasingly become a component of war. What I can’t foresee is whether networks will be so pervasive and unprotected that cyber war operations will stand alone.”

This year’s report identifies the following issues and challenges.

First and foremost is the fact that cyber warfare is now a reality. McAfee reckons that over the last 12 months, the increase in politically motivated cyber attacks has raised alarm. Targets have included the White House, Department of Homeland Security, U.S. Secret Service and Department of Defence in the U.S. What’s more, a number of countries are actively developing cyber warfare capabilities and are actively involved in the cyber arms race, targeting government networks and critical infrastructures.

Perhaps most worrying, is that cyber weapons are targeting critical infrastructure. In other words, attackers are not only building their cyber defences, but cyber offenses, which means targeting infrastructure such as power grids, transportation, telecommunication, finance and water supplies. The attraction here is that damage can be caused quickly and with little effort.

McAfee makes the point that cyber warfare is undefined. It entangles so many different actors in so many different ways, that the rules of engagement are not clearly defined. Furthermore, there is much debate on how much responsibility should be placed on organizations to protect and educate the public on preventing cyber attacks. It comes down to the fact that without a proper definition in place, it is nearly impossible to determine when a political response, or threat of military action, is warranted.

And the private sector is the most vulnerable sector. McAfee points out that in many developed countries, critical infrastructure is privately owned, making it a huge target for cyber warfare. The argument is that the private sector relies heavily on the government for protection. Should a cyber war start, governments, corporations and private citizens may get caught in the crossfire. And without insight into a government’s cyber defence strategy, the private sector is not able to be proactive and take the proper precautions.

In all, being targeted by a determined cyber attack on a large scale can reek huge damage.

Guest Article by Neil Camp 

BitDefender, the creator’s of one of the industry’s fastest and most effective lines of internationally certified security software, has released some top tips for festive shoppers to take whilst online shopping.

Says BitDefender’s senior Antispam researcher Catalin Cosoi
“Taking advantage of the many benefits of online shopping like competitive pricing, great selection, or even freebies like zero shipping fees and free gift wrapping, doesn’t have to cost consumers more than they’ve bargained for.

“By being aware of a few key issues, consumers can shop safely with the knowledge they need to protect their personal information and their PC.”

First top tip is know where you’re shopping from and read the small print. BitDefender are keen to remind people that not every website is legimate, with some cybercriminals either creating virtual copies of well known branded sites, or creating their own very convincing merchant sites. In short, only buy from those who are genuine high-street, or online retails.

Second top tip is beware of those online merchants who want more than your name and email address in order to cash in a coupon. Remember that a legitimate site will not ask for more than is necessary to redeem the coupon. But many illegal and bogus sites target online shoppers with online promotions and to entice a consumer to enter personal information in order to receive coupons or other merchandise. This is then used elsewhere, mainly to build clone identities.

Third, and anyone who ignores this point do so at their peril, never use a PC to shop unless it has an up-to-date and properly working security suite on board. Surf, or email, without such a security suite and it’s only a matter of time before you become infected.

Fourth, stick to the sites you know and trust, or have used successfully before. If unsure about a site, have a look in the chat rooms and forums, and see if there are any rumours, or gossip.

Fifth – remember the old adage that there is no such thing as a free lunch. You must be very wary of special offers, or unbelievable deals. They can often end with your computer being infected.

Sixth tip; use credit cards where possible, as they offer more protection than debit cards, and even better, see if you can pay cash on delivery.

Finally, look out for the https connection to a website. It’s not a guarantee of safety, but most of the sites thus connected are safe.

Guest Article by Neil Camp 

As the festive time approaches, McAfee is warning people to be on the look out for a whole host of scams and online attacks.

Ironically, the season of goodwill can be one of the most dangerous times to be online, as cybercriminals take advantage of the holiday season to steal consumers’ money, identities and personal and financial information.

Jeff Green, senior vice president of McAfee Labs, said:
“Cybercriminals’ use their best schemes during the holidays to steal people’s money, credit card information, social security number and identity. These thieves follow seasonal trends and create holiday-related websites, scams and other convincing e-mails that can trick even the most cautious users.”

So McAfee have listed the top 12 scams of Christmas.

• Number one is the invidious charity phishing scam. At Christmas, many people’s minds turn to giving to charity and this is also the time when the number of phishing emails that seem genuine – but are in reality bogus and designed to steal donations, credit card information and the identities of donors – jump dramatically.
• Number two concerns companies who are extremely busy during the festive season with orders and aren’t always as observant as they should be. Cybercriminals are adept at sending out fake invoices and delivery notifications appearing to be from the large courier companies, but which are designed to obtain credit card details to credit back the account (money for nothing in effect), or require users to open an online invoice or customs form to receive the package. And once that is completed, the person’s information is stolen or malware is automatically installed on their computer.
• Number three is when cybercriminals exploit people on social networking websites. Christmas is a time when people often communicate and catch up on things, and as such, they are open to attack. Hackers send out genuine looking “New Friend Request” e-mails from social networking sites, but many users fail to realise that there are often platforms for all types of viruses.
• Number four is the popularity of holiday e-cards at this time of year. McAfee discovered last Christmas a worm masked as Hallmark e-cards and McDonald’s and Coca-Cola holiday promotions.
• Number five is about offers that appear to be a really good deal. Recently McAfee uncovered a new holiday campaign that leads shoppers to malware-ridden sites offering luxury gifts from Cartier, Gucci, and Tag Heuer with apparent huge discounts. The products never existed of course, but the cybercriminals use such tactics to part people with their personal and financial details, and then their money.
• Number six – online shopping has exploded over the recent years, but those people who use hotspots (found in cafes, airports and hotels) should be careful if they make purchases then and there. Users on open hotspots can be spied by hackers who can then steal personal and financial information. McAfee reminds people that they should never shop online from a public computer or on an open Wi-Fi network.
• Number seven is another scam which dispassionately exploits people at Christmas. Those searching for a holiday ringtone or wallpaper, Christmas carol lyrics, or a festive screensaver, can be directed towards bogus websites which contain files, to be downloaded, that infect a user’s computer with spyware, adware or other malware.
• Number eight is another scam which targets people who are especially vulnerable. Out of work people can become especially desperate in the approach to a holiday season to try and obtain work, in order to afford Christmas. Cybercriminals are quick to promise of high-paid jobs and work-from-home moneymaking opportunities. But, of course, once interested persons submit their information and pay their “set-up” fee, hackers steal their money instead.
• Number nine is scams which involve cybercriminals preying on auction sites which become especially busy during the holiday periods. The solution here is for buyers to be very cautious about what goods they are buying and who from. Basically, if it looks a great deal, then be sceptical.
• Number ten is a perennial problem: the password stealers. To do most things on the internet requires a password; anyone who copies that password can then masquerade as a particular person, download their financial and personal details, and even order goods on their behalf. Passwords are stolen in a number of ways, not least pieces of code, malware, which record keystrokes and key logging activities. These can then be used to calculate a given password.
• Number eleven is another perennial: email banking scams which tend to increase during a holiday period, as the logic goes that people are more anxious to ensure they don’t get locked out of their account during busy purchasing times. It involves tricking customers in revealing their bank details by sending official-looking e-mails from financial institutions. The email, which is usually quite a good copy of the real thing, asks users to confirm their account information, including a user name and password, with a warning that their account will become invalid if they do not comply.
• Number twelve is the increasingly used ransom scam. Using several holiday scams, hackers gain control of people’s computers and then act as virtual kidnappers to hijack computer files and encrypt them, making them unreadable and inaccessible. The scammer’s pitch is then simple: pay me money and I will release your computer’s files. Straightforward and effective, but particularly nasty.

Guest Article by Neil Camp 

Computer security giant McAfee says that things have got worse in the last quarter with spam, malware and web-based threat creation reaching record levels.

McAfee’s latest Third Quarter Threats Report, which covers July to September 2009, also revealed that the number of new file-sharing sites which host unauthorised, copyrighted content increased dramatically. What’s more, another trend on the increase is the number of cybercriminals who are extorting website owners with threats of denial-of-service attacks.

There was a 300% rise in the creation of file-sharing sites following the brief shutdown of the Swedish based Pirate Bay operation. Pirate Bay was a torrent site, one that can host links to copyrighted material and very controversial in the authorised spread of content. And with this huge rise in the number of similar sites, cybercriminals are presented with the ideal opportunity to exploit the way certain sites share content. Malware writers are skilled at creating sites to trick users looking to download copyrighted material into downloading malicious programs.

And McAfee warns that the number of these malicious sites could dramatically increase during the fall and holiday blockbuster film seasons.

File-sharing site problems to one side, McAfee reported that spam and malware levels have reached a record high, with threats surpassing previous levels in the last quarter. And rather gruesomely, web-based attacks have also increased as cybercriminals take advantage of celebrity deaths and natural disasters. At such times, website activity and email traffic dramatically increases, and malware authors quick to take advantage of such news stories and chat to hide their malicious intentions.

McAfee now reckon that of all email traffic, some 92% is spam. In other words, a tiny 8% is legimate email traffic.

The increase in web-based attacks – which target people who visit a malicious Web page, and are delivered to users through spam, phishing, social networks and even through redirects from hijacked legitimate websites – are fast becoming the most dangerous weapon wielded by a cybercriminal.

And McAfee estimates that 55% of all malicious URLs are hosted in the US. What’s more, cybercriminals are getting increasingly effective at utilising SEO techniques to drive traffic to the bad sites.

Denial of Service attacks are a particularly odious tactic employed by cybercriminals and McAfee has seen many more attacks in the latest quarter, and with some involving significant ransom demands.

Cybercriminals are offering for sale, to the highest bidder, botnets which are made up of thousands of zombie computers to attack sites. The botnets are used to knock out even some of the most-protected sites. And when offering such sophisticated botnets, the cybercriminals will often demonstrate their capability to prospective buyers with ‘live’ demonstrations, bringing down targeted websites for a few minutes.

Just recently, four Australian sports betting companies were targetted by cybercriminals and their sites taken down during key sports events, which resulted in the loss of millions of dollars of revenue.

Guest Article by Neil Camp

A recent report from computer giant Symantec – creator of the Norton brand of anti-virus products – has concluded that cybercriminals are employing increasingly persuasive online scare tactics to convince users to purchase rogue security software.

“Scareware”, a term for rogue security software, pretends to be legimate anti-virus applications and ironically, are often carriers of malicious code themselves.

The findings were part of Symantec’s Report on Rogue Security which is based on data obtained during the 12-month period of July 2008 to June 2009.

It is a simple case of preying on people’s fears that they may be vulnerable to attack say Symantec, who as of June 2009, had detected more than 250 distinct rogue security software programs. The most common method used by cybercriminals to infiltrate their rogue software involves placing ads on the screens of unsuspecting users which typically include false claims such as “…if this ad is flashing, your computer may be at risk or infected…” It urges the user to follow a link to scan their computer, or get software to remove the threat.

Worryingly, according to the study, 93% of the software installations for the top 50 rogue security software scams were intentionally downloaded by the user.

Stephen Trilling, Senior Vice President, Symantec Security Technology and Response, said
“The findings of our Report on Rogue Security Software make it clear that cybercriminals are willing, eager, and well-equipped to prey on today’s Internet user. To avoid becoming a victim of such predatory practices, Symantec strongly urges Internet users to make sure they are using the latest security protection and always obtain their security software directly from trusted vendors’ websites.”

Furthermore, said David Wall, PhD. professor, Centre for Criminal Justice Studies, University of Leeds:
“Scareware creators can scam thousands of people for comparatively small amounts of money all at the same time and make huge aggregate profits. This type of fraud works because the fake security software tricks users into believing they have an immediate threat which only their program can resolve. Ultimately, it’s a con. I would advise Internet users to be careful while online and only download from trusted sources.”

The report stated that the money lost by people downloading such rogue software programmes varied from $30 to $100, but the costs of regaining back personal details from an identity attack could be far greater.

It also said that not only did these pieces of malicious code try and attack a user’s computer, they could set-up a person’s computer for future attacks from other cybercriminals.

Symantec, like many other computer security companies, actively advises people to be aware that their personal details can be sold and bought on the internet in what is a thriving trade between cybercriminals.

They also advise computer users to be on their guard against the tricks employed by cybercriminals to get their rogue software in place.

Computers users should employ a number of tactics to keep themselves safe, including:

• avoid using website links in emails. Although it may look like a site you know, it may have been subtly altered into appearing to look the same, but actually link you to bogus site which does contain malicious software;
• when emails arrive with attachments, ensure they are from trusted sources, otherwise never view, open, or execute them;
• be suspicious of emails not directly addressed to your email address;
• beware very aware of pop-up windows and banner advertisements that mimic legitimate displays;
• look out for suspicious error messages displayed inside the web browser which are used by rogue security software scams use to lure users into downloading and installing their fake product.

Guest Article by Neil Camp

Along with Symantec and McAfee, and a whole host of other computer security companies, BitDefender has announced that its new line-up of products which are compatible with Microsoft’s new operating system Windows 7.

BitDefender’s products – including Total Security, Internet Security and Antivirus – have all received certification ensuring that they work with Microsoft Windows 7. And they claim they provide customers with enhanced security, as well as innovative user interface features and reliability improvements.

The 2010 BitDefender line-up includes a number of new features:

• optimised scanning improvements
• active Virus Control
• first-ever usage profiles
• key system enhancements which is aimed at providing industry-leading proactive protection against all internet security threats, without slowing PC performance.

Ross Brown, Vice President of ISV and Solutions Partners for the Worldwide Partner Group at Microsoft, said:
“Our ISV community is alive with innovation, and we’re committed to helping our partners drive the next generation of software experiences. Adding compatibility for the latest Microsoft operating systems helps ISVs to stay ahead of the competition and give their customers access to cutting-edge technologies.”

Vince Hwang, BitDefender Global Director, Product Management, said:
“Working together with Microsoft to achieve this certification allows BitDefender to meet the changing needs of our customers and provide the very best in security solutions to our users. These include intuitive user interfaces with usage profiles that cover anyone from gamers to parents, as well as improved security and reliability features including Active Virus Control, an innovative technology that monitors programs running on a user’s computer and detects malware-like actions as they execute.”

BitDefender claims to be the creator of one of the industry’s fastest and most effective lines of internationally certified security software.

The Company’s Antivirus 2010 product BitDefender Antivirus 2010 has also just received AV-Comparatives’ top certification level for its quality of performance. In all, some 16 antivirus products were tested by AV-Comparatives in August. They sought to find out which software had the highest detection rates and lowest false positives.

Viorel Canja, BitDefender’s head of antimalware lab, said:
“We are particularly pleased with this achievement as it is further proof that BitDefender provides the highest level of protection. The test shows that on this occasion we have outperformed our rivals in terms of false positive ratings with the lowest number of occurrences.”

Guest Article by Neil Camp