SECURITY TO THE CORE

Posts tagged “Trojan

Windows 8 spam let to malware ..

While most people are enjoying a long weekend off, others are busy hacking websites, writing malware, sending spam and monitoring the progress of their growing Botnet(s).

Microsoft has hardly announced Windows 8 and the first cyber-criminals are already on top of it. Below a copy of a curious email that is being spammed over the “Ascension holiday/weekend”:

From: Microsoft.com [mailto:news@microsoft.com]
Send on: Wednesday 1 June 2011 21:40
Subject: Windows 8 released.
Microsoft R Corporation is proud to announce the latest and the best
operating system available yet. For more details, click
here

When clicking on the link, a file called “8final.gif.exe” is downloaded from a hacked website.

8final

File length: 1136678 bytes.
MD5 hash: b3babe1040d10ab4cbbc62ee2d986f85.
SHA1 hash: 096d5248144240097bc4eb398301a4d355713a09

Depending on your view settings you might not be able to see the second file extension (.exe)

The website (http://ed???ormer.com) which hosts the malware is an educational interest organization, which has unfortunately been compromised by criminals.

This malware is not installed by itself. You have to click on the download link AND double click the downloaded file to be able to infect yourself. One picture is shown you while in the background the malware is installed and started.

The currently downloaded malware is a Trojan which installs an IRC Backdoor which can be used to flood IRC channels. It talks to hxxp://irc.darkbit.info and sets up a connection to 70.32.83.146 and 94.125.182.255 on port 6667.

By adding itself to the Run section of HKLM\Software\Microsoft\Windows\CurrentVersion the malware will automatically load itself when restarted.

AutoStart

This malware was first reported on June the 1st around 10:50 (UTC) and was still available while writing this. More spam and malware will be using the upcoming Windows 8 to lure you into their net.

Don’t fall for this type of spam. Do not open suspicious emails and/or links. Keep your computer up-to-date and use common sense.

For more technical details see the Threat Expert Report: b3babe1040d10ab4cbbc62ee2d986f85

- Lucky H

Brazilian malware blocks user access to Anti-Virus sites

In addition to preventing the virus definition update, the Trojan redirects the user to fake banking websites.

Computer Virus

A new malware created in Brazil is trying to prevent the Internet browsers from accessing the websites of various Anti-Virus companies and redirects the Internet users to fake banking websites, even when typing the correct address. In addition to that, the code was written to prevent the Antivirus software to download updates.

Fabio Assolini, analyst at Kaspersky Lab explains that the virus uses a technique called Man in the Browser (MitB). This type of infection works by changing/modifying the key “AutoConfigURL” in the Windows registry, making the browser to use the URL as a proxy (intermediate) in its web connection.

If the infected user attempts to access a Web site to download some antivirus software or its updates, then he’ll see the following message: “Service Temporarily Unavailable, try again later …”.

The viral code provides a list of servers used by Anti-Virus companies to distribute their virus definition updates to users. The intention is clear: stop trying to download antivirus updates and remain un-detected,” explains the analyst.

The malware changes the settings of Firefox and registers itself at windows startup. It also updates the malicious proxies in the system incase it is removed by the hosting services. “Thus, the criminal tries to ensure that the victim remain infected as long as possible.”


First Glimpse: Quick Heal Total Security 2011

"A complete security solution for managing and protecting your computer."

The battle will continue as long as malware and other threats won’t cease to exist. Unfortunately I can’t think of a reason that would lead to a decrease of spyware, viruses or any other type of nasties in the near future. I am not the one to say this, but the dramatic increase of viruses created and the ever increasing speed of infections all across the world.

If we talk about an infection, because computer viruses can be considered one, we have to talk about a cure or at least try to find a healing solution. So today we are going to check out an antivirus program that can keep you safe and take away most of your worries. Its name is Quick Heal Total Security 2011, a latest release from Quick Heal Technologies..

So let’s stop wasting the precious time and get straight to the product overview and its features..

Overview and Features

Quick Heal Total Security is the most complete security suite from Quick Heal Technologies, an Indian based outfit. Although, Quick Heal Anti-Virus is not a strong name on the antivirus market, it cannot go unnoticed either.

The latest version of the Quick Heal Total Security has been developed with the average user in mind, so working with it is easy, regardless of your computer skills. It is designed for home use, so a clean and simple interface is a big advantage.

It brings a total of 13 different components, designed to deliver protection against all sorts of malicious threats at the same time supplying the tools to increase the security of your personal data and turn the infection risk down to a minimum. Below are the available features in the program:

Key Features:

  • Real time protection against known and unknown threats.
  • Extensive Malware Recognition of viruses, Trojans, backdoor programs, worms, etc.
  • E-Mail Protection and Anti-Spam – Provides email protection for MS Outlook, Outlook Express, Eudora Mail Client.
  • USB Protection Prevents execution of auto-run from infected pen drives, while they are plugged in on your machine, and also vaccinate the USB drive against auto run malware infections.
  • Parental Control Restricting kids or other user accounts when using the computer.
  • Data Theft Protection – Prevents unauthorized copying of data using USB storage devices.
  • Browsing Protection – Provide an additional protection for your system from any website that contains threats.
  • Anti-Phishing Technology Picks out fraudulent activities and provides protection from other Phishing scams while you perform transactions online.
  • PC2Mobile Scan – Allows you scan your mobile phones for viruses and other malicious threat.
  • PC Tuner – Keeps your PC running at peak performance with its diagnostic & tuneup software.
  • Automatic incremental updates of anti-virus signatures, engine and entire software.
  • User friendly interface.

    New Features:

  • NEW! Silent Firewall – It’s a completely new feature from Quick Heal that silently works in the background and prevent unknown threats from entering your PC.
  • NEW! IDS/IPS  Intrusion Detection System (IDS) blocks exploits and prevents any attacks in your computer or network & Intrusion Prevention System (IPS) prevents exploits and code injection (DLL injection) by another process or application to another program.

    Installation and System Requirements

    Quick Heal Total Security 2011 is available in different languages and supports Windows 2000 (SP3)/XP (SP2)/Vista and Windows 7 operating systems (32 bit/64 bit).

    Unwrapping the 156 MB installer goes fairly smoothly, with a few stops to completing the process. But let me tell you one thing that Quick Heal Total Security 2011 is one of the slowest installing programs that I’ve  ever tested – requiring 5 minutes and 5 seconds to install – which is really very slow.

    Installation

    Scanning Memory

    While installing, Quick Heal Total Security performs a quick memory scan. This quickly checks your system memory for any active threats before installation. While not extremely thorough, I am always glad to see things that stop malware and other nasty threats sooner rather than later.Installation Window

    Right after the installation, a system reboot is not required to start protecting the computer from any types of malware activity.

    Definition updates are not downloaded automatically, however. But they will eventually download within about 20-25 minutes of use. Or, you can always manually download current antivirus definitions right away.

    Features & Ease of Use

    The user interface of Quick Heal is effectively organized, intuitive to use, and straight forward. The main screen is divided into four modules, each dealing with a specific task: : File & Folders, Emails, Internet & Network, and External Drives & Devices along with a general status indicator displaying a tick on green background for correct system state, an exclamation mark on orange surroundings to call for your attention and a cross on red background if your system is in danger. 

    Pointing at any one of the icons brings up a menu of common tasks like running an antivirus scan, Email Scan, Firewall & Browsing protection or viewing detailed settings.

    Main UI

    The greatly simplified, user-friendly interface makes Quick Heal Total Security 2011 easy to use for novices. It is easy to set up and doesn’t require much user intervention.

    File & Folder feature will give the user the much needed protection from viruses, spyware, worms, bots, rootkits, Trojans, and a variety of other malicious threats. Quick Heal Total Security is equipped with DNAScan (Quick Heal’s Indigenous Technology) to proactively protect your computer from the latest as well as unknown threats.

    Files & Folders

    As any respectable security suite, Quick Heal’s Total Security offers protection against the nagging spam messages reaching our inbox. The Email Protection feature checks every email you receive and verifies its content before you access them. It also allows user to customize the setting that concern the protection of emails entering the mailbox.

    Emails

    Moving on to Internet & Network module, here you will find some of the most common feature of any security product such as Firewall Protection, Browsing Protection, Malware Protection, Phishing Protection, and Parental Control. All of these features except Parental Control are pre-defined with quick controls that turn features on and off, hence doesn’t require any user interaction.

    Internet & Network

    One thing which catches my eye is the latest Firewall protection from Quick Heal Technologies. The latest version of Quick Heal Total Security includes a “Silent two-way firewall” which will perform all the blocking and filtering functions required to keep your computer secure without all the annoying “you want let this do that” type prompts.

    As all-in-one premium security suites, Quick Heal Total Security 2011 offers a host of capabilities beyond those of a typical virus protection program. Prominent among them is the latest Parental Control feature. It gives parents the opportunity to block web pages and schedule web usage in which their children are allowed to access the Internet.

    Parental Control

    Website blocking is done by category: Adult, Social Networking & Chat, Offensive, Drugs, etc. Or you can block by a specific URL (domain). Website blocking works with all major browsers but I couldn’t find a list of all supported browsers so there may be ways for clever users to find ways around this.

    Web Category

    One thing I miss in Quick Heal’s parental control feature is the option to monitor IM or email and no key-logger software: all areas that all parental controls should address.

    Overall, Quick Heal’s parental controls are average and adequate for basic use but it shouldn’t be relied upon for maximum child Internet safety.

    Under External Drives & Devices screen, the application will display a four different expandable panes. The first on the list is Auto-Run Protection which is one of the most important features of the suite. Other menus available are Scan External Drives, Data Theft Protection and Scan Windows Mobile.

    External Drives & Devices

    Nowadays, the majority of USB devices come with auto-run instructions and these could very easily be exploited by malicious code in order to infect computers. The latest version of Quick Heal Total Security ensures that autorun.inf instructions are no longer executed.

    Scan External DrivesThreats can enter your system from removable media such as USB thumb drives. For self-running media, Quick Heal TS 2011 scans autorun.inf and associated files when the medium is inserted, in addition to scanning any file on any removable device when it is accessed, or during a full-scan of the media.

    Data Theft Protection tool is also a feature-rich solution from Quick Heal. It is designed to stop unauthorized illegal transfer of data between the system and USB drives.

    Quick Heal Total Security suites have an extra feature that I find particularly valuable, providing users an option to Scan their mobile phones when connected to PC either via USB Cable or Bluetooth.

    General Setting allows users turning on Password Protection (secure the settings area with a countersign), Quick Heal Self Protection (secures them against unauthorized changes).

    Settings

    Automatic Update section lets you enable the automatic update process, get notification when updates are available. This way, your computer will be protected with Quick Heal having the latest definitions installed.

    Registry Restore is another very handy feature that I like in Quick Heal Total Security. It helps users to repair and restore critical system registry areas by flushing out the changes made by malwares or other malicious threats.

    Additional Features:

    Quick Heal Total Security is thick with additional features that I haven’t discussed yet. You can use Hijack Restore to restore default settings for your Internet Explorer browser and remove any changes that had been made.

    When malicious software hijacks your system it may put some policies in place to keep you from undoing the changes it has made and prevent you from removing the malware itself. Hijack Restore has the ability to scan for and remove policy settings that may have been imposed by malware.

    Tools

    Quick Heal Total Security also includes an Anti-Rootkit tool. It is tailored to protect you. It does only one thing, and one thing alone: finds and kills rootkits. Run it and let it scan your PC, sniffing them out of their hidden places. When it finds any, it will remove them.

    Anti-Rootkit

    Quick Heal TS  2011 also comes with a spread of extra features which includes Emergency CD, Quarantine, System Explorer and Windows SPY.

    The Emergency CD option is useful for removing viruses in case the system is infected before installation. If your computer system is infected with a "deadly" virus or inoperable because of an extensive or deep-rooted virus infection, then you can use Emergency Disk and Command line scanner to get it cleaned.

    The Quarantine box contains all the suspicious and malicious files that was detected during the on-demand or on-access scan and you did not want to delete in the first place.

    There’s one thing I don’t like about Quick Heal Total Security. When adding files, you can only add them one by one, multiple file or folder selection is not possible at all. If I have a folder with 1000 files that I suspect of being infected with a new polymorphic virus that can’t be detected yet,  I can’t easily add them in the Quarantine box. This is exactly the same thing which I have mentioned in Coranti Anti-Virus review.                        

    For keep good tabs on what runs on your computer Quick Heal brings up a System Explorer tool to monitor the processes currently running in the system, active network connections (all of them), start up elements, browser extensions or LSP’s.

    System Explorer

    PC Tuneup option available in Quick Heal Total Security 2011 are quite modest in alternatives. By using this tool users can clean up the junk files located in Recycle Bin, delete fragments of lost files, known log files, Windows temporaries, IE history, cookies and other unnecessary files and can perform a defragmentation of the files to improve performance of their system.

    All the modifications the PCTuner does are recorded and can be rolled back in case something goes wrong. The “Restore” section of PCTuner menu presents all the changes that occurred on the system chronologically, permitting you selective revert, according to the areas you are interested in.

    Other than this there is absolutely nothing else to contribute to an improved PC performance.

    PCTuner 2.1

    At last, the Reports section lets you check all passed actions performed by the program. Everything is intuitive and I am sure you won’t have any problems handling this program.

    Performance

    A full-system manual scan only used 85% of CPU during my testing. But most of the time, CPU usage was under 30% when scanning text files and other files. Memory usage started around 80 MB and slowly increased to 137.2 MB after 03 minutes of scanning. Not bad.

    No noticeable computer lag-time was detected during full system scanning. My browsers responded normally without much delay. Real-Time protection resource usage is kept within acceptable parameters, about 52.61 MB. 

  • Quick Heal TS 2011 also took 354 MB of hard-drive space for installation.

    So overall resource usage was average and needs some improvements.

    Effectiveness: (Virus/Malware Detection)

    Regarding the detection level of Quick Heal Total Security 2011, at this moment it is close to average. During my testing Quick Heal TS 2011 left many threats behind, detecting 5,118 out of the 7,006 (73.05% detection rate). 

    While on-access testing, it managed to block 38 malwares out of 52. I have also used some malicious links to test its browsing protection and to my surprise it was able to block 16 links out 22. I am impressed.

    Looking on the other bright side, Quick Heal TS 2011 managed to complete scans in record time, getting through over 3 GB of malware samples in less than 10 minutes.

    Support

    Quick Heal Total Security 2011 license includes software and pattern updates and Quick Heal support for one year, as before. Users have access to all the relevant services after they activate their software or register their Security product. These services includes automatic program updates, the facility to submit suspicious files and support for technical e-mail queries.

    The email support and knowledgebase are free, but Quick Heal offers no Chat support. While email support is easy to access, having no chat tech support is a major blow to Quick Heal’s score. I’ve found that solid, free chat support is crucial for customer satisfaction and antivirus security.

    Quick Heal has Toll-free Phone Support in India only. International users have to use non-toll free number, but they’ll still get 100% free support for Anti-Virus 2011, Internet Security 2011 and Total Security 2011 as well.  

    Value for Money

    The latest Quick Heal Total Security 2011 is offered as a box as well as download version with a recommended retail price of US $52 (1 PC/Yr.) which is a good value for money.

    The Good

    The latest Quick Heal Total Security 2011 provides incredible easy to use interface which does not hold any complicated functions or options. It is unobtrusive and pretty miserly on resources and does not intrude on your work. Everything that can be set up in this program is only two or three mouse clicks away.

    The bunch of tools offered in the security suite, although not advance and complex, but all of them makes important elements of protection. Handling any of the tools available is done with absolutely no difficulty.

    The Bad

    I really wished if this review section remain blank, but I know that it won’t be possible. The malware used during my testing does not contain 0Day samples, yet QHTS 2011 managed to detect 5,118 out of 7,006. Although its an average detection rate but I was expecting more than that.

    Secondly, the scan mode does not provide an estimation for scan completion. All you have is the duration of the scan as it is running..

    The  Truth

    The software is is easy to handle and it should not pose any problems, no matter if you are an experienced user or a novice user. The help file thoroughly explains every option in the program.

    Oddly enough,  Still there’s plenty of room for improvement, especially with the protection against all forms of malware and their detection.

    Homepage:- http://www.quickheal.com/


    Top hacker retires; experts brace for his return

    ZeusThe programmer who wrote ZeuS — malicious software used to steal an estimated $100 million so far this year from U.S. towns, companies and individuals — says he is retiring.

    But security experts believe there is a good chance he will soon emerge with even more powerful ways to steal, a pattern of behavior seen after previous retirements in 2007 and 2008.

    ZeuS’ anonymous programmer, who lives in Russia and seems to like nice cars and powerful trucks, first introduced ZeuS in 2007 as spyware that would hide in users’ computers and log keystrokes to steal passwords, said Don Jackson, director of threat intelligence at the security firm SecureWorks.

    The programmer, rather than doing the stealing himself, used a middleman to sell the spyware software to criminal gangs. A basic version would run as low as $1,000 but could be customized for an extra fee. He would also offer 24/7 support.

    Thieves who use ZeuS tend to avoid big companies and banks with top-line security, preferring instead smaller companies, townships and even churches. In a recent case, however, they breached and emptied brokerage accounts at E*Trade Financial Corp and TD Ameritrade Inc, according to a criminal complaint filed in New York last month.

    “We have seen banks in almost every major country targeted by these (ZeuS) tool kits,” said Dmitri Alperovitch, a vice president at security software company McAfee Inc.

    But there has been pressure on the ZeuS gangs. About a month ago authorities in the United States, Britain and the Ukraine arrested dozens of people allegedly involved in a global cybercrime scheme that used a version of the ZeuS Trojan to steal $70 million from U.S. bank accounts, the FBI said.

    Early this month the ZeuS author announced through his main reseller that he’d had enough, said SecureWorks’ Jackson.

    Jackson, a ZeuS expert, said that the Trojan program’s author spread the word that he was handing his source code to the author of Spy Eye, an up-and-coming Trojan and a ZeuS competitor. In fact, when the Spy Eye Trojan infected a computer it would clear out ZeuS.

    Jackson said he believed the retirement announcement was a ruse. “He probably has a private client set up. They had already made the decision to merge, or to pretend to merge with Spy Eye,” he said.

    What little is known about the ZeuS author has been gleaned from online chat rooms where he sometimes uses names based on expensive vehicles.

    Some security experts believe there is a possibility the ZeuS programmer is really headed for retirement.

    “One can only imagine that he’s made enough money to take a vacation for a long period of time,” said Elias Levy, senior technical director at Symantec Security Response.

    He has probably made at least a million and perhaps multiple millions of dollars, said Bill Conner, president and chief executive of computer security firm Entrust.

    Gangs who used ZeuS software stole $100 million in 2010 in the United States, said Jackson.

    In 2007, the ZeuS author, who goes by the handle Monstr, among others, in online forums, started to feel he was gaining too much notoriety and said at that time that he was stepping aside, but instead went underground to work more discreetly, said Jackson.

    In late 2007, security experts started finding a souped-up version of ZeuS doing automated bank frauds. The cycle repeated itself in 2008.

    “Once he attracts a lot of attention, he goes underground. Says ‘I’m going to hand it over to some guy and get them to deal with it.’ Tries to push the high-maintenance, second-tier customers onto someone else,” said Jackson.

    Last year, ZeuS became so deft that it can now read text messages sent by banks to customers’ phones to inform them of fraudulent transfers. ZeuS intervenes, and prompts the customers to enter codes to confirm the fraudulent transfers.

    One of the latest versions of ZeuS allows the Trojan to hide in an executable program, like a word processor. That way, if the ZeuS Trojan is cleared out, it can reinstall itself the next time the word processor is used, said Levy.

    Security experts said they planned to monitor ZeuS and Spy Eye for new developments.

    “Up until now, they were two completely different Trojans,” said Symantec’s Alperovitch, who said it was possible that the ZeuS author was retiring. “If we start seeing capabilities evolving rapidly in Spy Eye that borrow from the ZeuS functionality then we’ll know that yes indeed he (the Spy Eye author) has access to the ZeuS source code.”

    (Source: MSNBC)