SECURITY TO THE CORE

Posts tagged “Malicious Software

Windows 8 spam let to malware ..

While most people are enjoying a long weekend off, others are busy hacking websites, writing malware, sending spam and monitoring the progress of their growing Botnet(s).

Microsoft has hardly announced Windows 8 and the first cyber-criminals are already on top of it. Below a copy of a curious email that is being spammed over the “Ascension holiday/weekend”:

From: Microsoft.com [mailto:news@microsoft.com]
Send on: Wednesday 1 June 2011 21:40
Subject: Windows 8 released.
Microsoft R Corporation is proud to announce the latest and the best
operating system available yet. For more details, click
here

When clicking on the link, a file called “8final.gif.exe” is downloaded from a hacked website.

8final

File length: 1136678 bytes.
MD5 hash: b3babe1040d10ab4cbbc62ee2d986f85.
SHA1 hash: 096d5248144240097bc4eb398301a4d355713a09

Depending on your view settings you might not be able to see the second file extension (.exe)

The website (http://ed???ormer.com) which hosts the malware is an educational interest organization, which has unfortunately been compromised by criminals.

This malware is not installed by itself. You have to click on the download link AND double click the downloaded file to be able to infect yourself. One picture is shown you while in the background the malware is installed and started.

The currently downloaded malware is a Trojan which installs an IRC Backdoor which can be used to flood IRC channels. It talks to hxxp://irc.darkbit.info and sets up a connection to 70.32.83.146 and 94.125.182.255 on port 6667.

By adding itself to the Run section of HKLM\Software\Microsoft\Windows\CurrentVersion the malware will automatically load itself when restarted.

AutoStart

This malware was first reported on June the 1st around 10:50 (UTC) and was still available while writing this. More spam and malware will be using the upcoming Windows 8 to lure you into their net.

Don’t fall for this type of spam. Do not open suspicious emails and/or links. Keep your computer up-to-date and use common sense.

For more technical details see the Threat Expert Report: b3babe1040d10ab4cbbc62ee2d986f85

- Lucky H

Brazilian malware blocks user access to Anti-Virus sites

In addition to preventing the virus definition update, the Trojan redirects the user to fake banking websites.

Computer Virus

A new malware created in Brazil is trying to prevent the Internet browsers from accessing the websites of various Anti-Virus companies and redirects the Internet users to fake banking websites, even when typing the correct address. In addition to that, the code was written to prevent the Antivirus software to download updates.

Fabio Assolini, analyst at Kaspersky Lab explains that the virus uses a technique called Man in the Browser (MitB). This type of infection works by changing/modifying the key “AutoConfigURL” in the Windows registry, making the browser to use the URL as a proxy (intermediate) in its web connection.

If the infected user attempts to access a Web site to download some antivirus software or its updates, then he’ll see the following message: “Service Temporarily Unavailable, try again later …”.

The viral code provides a list of servers used by Anti-Virus companies to distribute their virus definition updates to users. The intention is clear: stop trying to download antivirus updates and remain un-detected,” explains the analyst.

The malware changes the settings of Firefox and registers itself at windows startup. It also updates the malicious proxies in the system incase it is removed by the hosting services. “Thus, the criminal tries to ensure that the victim remain infected as long as possible.”


Dr.Web CureIt 6.00.5.08310 (Update: 24.10.2010)

Easy to use FREE curing utility to clean your computer infected with viruses and various unwanted codes by the Dr.Web Anti-virus updated once or several times an hour. Dr.Web CureIt! is a FREE anti-virus and anti-spyware utility based on Dr.Web Anti-virus scanner, which will help you quickly scan and cure, if necessary, a computer operated by MS Windows 95OSR2/ 98/ Me/ NT 4.0/ 2000/ XP/ 2003/ Vista/ 2008/ Windows 7 without installation of the Dr.Web Anti-virus.

The utility contains the most up-to-date add-ons to the Dr.Web virus databases going up to twice per hour frequency at periods of high malware submissions. Dr.Web CureIt! detects and neutralizes viruses, rootkits, Trojan horses, spyware, and other malicious objects that have gone undetected by your anti-virus software. Dr.Web CureIt! does not require installation and is compatible with all known anti-virus software. You do not need to disable your anti-virus software to check your system with Dr.Web CureIt!

Detects and removes: * Rootkits * Mass-mailing worms * E-mail viruses * Peer-to-peer viruses * Internet worms * File viruses * Trojans * Stealth viruses* Polymorphic viruses * Bodiless viruses * Macro viruses * MS Office viruses * Script viruses * Spyware * Spybots * Password stealers * Keyloggers* Paid Dialers * Adware * Riskware* Hacktools * Backdoors * Joke programs * Malicious scripts

Dr.Web CureIt! automatically detects the language of the OS it is installed to and sets the scanner interface accordingly (if the local language is not supported, English is enabled). The utility supports the following 34 languages: Russian, Arabic, Armenian, Belarusian, Bulgarian, Chinese (Simpl.), Chinese (Trad.), Czech, Dutch, English, Esperanto, Estonian, Finnish, French, Georgian, German, Greek, Hungarian, Italian, Japanese, Korean, Latvian, Lithuanian, Norwegian, Persian (Farsi), Polish, Portuguese, Slovak, Slovenian, Spanish, Thai, Turkish, Ukrainian, Vietnamese.

This utility can quickly clean an infected system, but it is not a permanent tool to cure your computer in case of infection. Its distribution on our web-site is always armed with the hottest add-ons to the Dr.Web virus database, but it does not include the Dr.Web Automatic Updating utility. Dr.Web CureIt! stays actual until the next release of the add-on. To scan your computer with the most up-to-date Dr.Web virus databases next time you should download new Dr.Web CureIt! package.

Homepage:- http://www.freedrweb.com

Download:-  (Direct Download  From Dr. Web Server)

 


Coranti Antivírus 2010

Stay safe with an Anti-Virus that protects your system using four different technologies of defense against IT insects.

Since thousand of new viruses keep popping out each day, I think it’s the right time for a new review of an Anti-Virus product. So my today’s choice is Coranti Antivírus 2010, a program with multi-scanning engines that offers you the most comprehensive protection against malwares. So, I got it right here, right now.

So let’s stop wasting the precious time and get straight to the product overview and  its features..

Overview and Features

You have probably heard that using more than one antivirus on the same computer can cause several problems, especially conflicts between the two security software. To counter this problem and provide more security to their users, Corantí Inc, company based in Yokohama, Japan comes out with their Multi-Engine Anti-Virus & Anti-Spyware that integrates four scanning engines, so you can rest ãssured about the infestation of viruses and spyware.

Coranti Antivírus is designed to protect your computers in real-time against Viruses, Trojans, Spyware, Rootkit, Worms, Adware and other types of malware using the industry’s top rated anti-virus & anti-spyware scan engines such as BitDefender, Norman, F-Prot and Lavasoft. The program provides more than just a malware protection:

  • Real time protection against known and unknown threats.
  • Extensive Malware Recognition of viruses, Trojans, backdoor programs, worms, etc.
  • Provides email protection for MS Outlook, Outlook Express, Mozilla Thunderbird, or The Bat.
  • Automatic incremental updates of anti-virus signatures, engine and entire software.
  • Highly customizable and easy to use.
  • User friendly interface.

Installation and System Requirements

Coranti 2010 Multi-Engine Anti-Virus & Anti-Spyware was made available in several different languages which supports to Windows XP/Vista or Windows 7 operating systems (32 bit/64 bit). It requires 1.3GHz Intel Pentium IV processor or compatible and up to 800 MB hard disk space with atleast 1 GB of RAM. But i would suggest you to have about 2 or 3 GB of RAM for optimal performance.

The installation kit of the Coranti Anti-Virus has a little over 45MB and the setup process is pretty straight-forward, user friendly and ends quickly. Right after installing the program, it starts automatically to update its signature database, which is good enough for me because it spares me from some additional mouse clicks…

Installation Window

Custom Installation Window

But soon it started its update process, i have noted that the update is about 308 MB which is HUGE in my opinion. But let’s not forget that it uses four different scanning engines to provide you the BEST.

Update Process..

One thing which impresses me after the installation process that it does not require a system restart to start protecting your computer system.

Features & Ease of use

The interface is as clean cut as can be, containing a menu bar at left side of the main interface and a toolbar menu at the top with 9 buttons each leading to a page that handles a specific task, the icons are of good-quality and the design looks up to date.

Easy access to all of them is the defining trait of Coranti.

Main Interface

The page that comes up when you open the main interface is the first one, called Current Security Status. Here, you can check the state of the Anti-Virus; you can also find how old the current database is, update it if needed, product version and even about your license information.

Scanner Interface

Moving on, i find the Anti-Virus Scanner module. The most common scan tasks are already defined, such as My Computer Scan, Fixed Disks Scan, Removable Disks Scan, Network Disks Scan and My Documents Scan. You can also manually adjust the levels of scanning, heuristic settings and depth of scanning as per your needs. In every area that has settings to change, you’ll find that most things you can think of are covered, which is good to know, so let’s continue our trip now.

Anti-Virus Scanner Setting

Leaving the Anti-Virus scanning module behind, i move on to the next work area, that handles the Real time file system monitoring that takes care of your computer all the time and keep viruses away from your system. In this page you can adjust your Real-Time Anti-Virus monitor setting according to your needs.

Real-Time Monitor Setting

Anti-Virus Monitor Settings

It also have an Anti-Spyware scanning as well as Anti-Spyware monitoring module which is powered by Lavasoft anti-spyware. It have almost the same set of features/modules, so I’ll only cover other features that deserve mentioning.

The E-Mail scanner is the one that takes care of viruses that can arrive attached to emails straight into your Inbox.

The Quarantine box contains all the baddies that was detected during the on-demand or on-access scan and you did not want to delete in the first place. Here all the items will be displayed beginning with their source/path, date-time, and type of infection. The options above the quarantined items’ window permit the user to restore or delete them.

There’s one thing that I don’t like about Coranti Anti-Virus that it does not provides you to add suspicious file into Quarantine box. What If I have a folder with 100 files that I suspect of being infected with a polymorphic virus that can’t be detected yet, what can I do to add them to the Quarantine box?

Scheduling is an excellent addition to any anti-virus, and Coranti Anti-Virus has this topic covered. New jobs can be easily created, using the wizard that’s at your disposal for this task.

Performance

A good Anti-Virus program should not only protect your computer from nasties but also not slow down the Performance of your computer system too much by using up your computer’s resources and this is where Coranti Anti-Virus needs some improvement.

During my testing i have found that Idle Memory Usage of Coranti was about 145.03 MB and the Peak Memory Usage was about 430 MB which is HUGE in my opinion. Coranti also added an additional 1.406 seconds on average to launch a web browser.

Coranti also took 627 MB of hard-drive space for installation.

So all in all, this is the area where Coranti Anti-Virus needs to make improvements.

Effectiveness: (Virus/Malware Detection)

One of the most important function of an Anti-Virus program is to keep your system free from Viruses and other Malware. So in order to test Coranti Anti-Virus 2010, i decided to perform an On-Demand scanning test on my malware database of 3180 samples which i have collected from various sources during the period 10.09.2010 to 15.10.2010.

It did well in my testing, scoring a 95.6% rate of success in detecting and eliminating threats and the real-time guard did prevent malware from being downloaded or activated on my test machine.

 

On-Demand Scanning..

During On-Demand Scanning test, CPU usage peaked at 98% but the average was at around 65%. RAM was also heavily employed and it went up-to 176 MB. These values were recorded on a Single Core Processor at 2.4 GHz with 2 GB of RAM running Windows XP Professional SP3.

Support:

The Coranti Anti-Virus 2010 license includes software and pattern updates and Coranti support for one year, as before. Users have access to all the relevant services after they activate their software or register their Security product. These services includes automatic program updates, the facility to submit suspicious files and support for technical e-mail queries.

Value for Money

The latest Coranti Anti-Virus 2010 is offered as a box as well as download version with a recommended sale price of Euro 39.99 (1 PC/Yr) which is a good value for money.

 

What’s Good

The application has a head start in that it is easy to use, given the fact that handling any of the modules available is done with absolutely no difficulty. Highly customizable, well designed and effective. Last but not least do not forget about its Multi-Scanning engines which provides you the the most comprehensive protection against malwares.

What’s Bad

The first thing that comes into my mind is.. Resource usage. This is the only one big thing where Coranti needs to improve. Whenever I run a scan on my computer I would like to know an estimation of the time the anti-virus takes to verify my files. I also forget to mention that i have also faced few false positives during my small on-access scanning test, but that’s normal, because these days every anti-virus produce false positives.

The Truth

The application is extremely robust, offering the user the flexibility in setting up the desired level of protection. To make it a big leaguer, the price needs to be dropped.

All in all, the software did a very great job and provides the protection every home user needs.

Homepage:- http://www.coranti.com


Highly recommended!