-
Mac OS X in hackers' crosshairs, report says
Mac OS X in hackers' crosshairs, report says
Security vendor Symantec has warned that Apple's OS X operating system is increasingly becoming a target for hackers and authors of malicious software.
In its seventh biannual Internet Security Threat Report, Symantec said over the past year, security researchers had discovered at least 37 serious vulnerabilities in the Mac OS X system. The company said that as Apple increases its market share with new low-cost products such as the Mac Mini, its user base is likely to come under increasing attack.
"Contrary to popular belief, the Macintosh operating system has not always been a safe haven from malicious code," the Symantec report stated. "Out of the public eye for some time, it is now clear that the Mac OS is increasingly becoming a target for the malicious activity that is more commonly associated with Microsoft and various Unix-based operating systems."
In the report, Symantec also said that Apple Computer had become a target for new attacks and pointed to the appearance of "a rootkit109 called Opener" in October 2004 as an illustration of the growth in vulnerability research on the OS X platform.
"The various OS X vulnerabilities allow attackers to carry out information disclosure, authentication bypass, code execution, privilege escalation and (denial-of-service) attacks," the report said. "Symantec believes that as the popularity of Apple’s new platform continues to grow, so too will the number of attacks directed at it."
On Monday, Apple released patches for flaws in its operating system. The company could not be immediately reached for comment.
Symantec sells a range of security products designed to protect Macs, and the report, by stressing the threat to Apple systems, could encourage Mac owners to bolster their defenses.
But Symantec's concerns were echoed by James Turner, a security analyst at Frost & Sullivan Australia, who said many of the people who bought Apple products were not concerned about security, which left them wide open to attack.
"The iPod, PowerBooks and mini Macs are cool products," Turner said. "The byproduct is that people are buying these products for form over function. They say it looks pretty, and then buy it, but don't secure it. As Apple increases its market share, it will be a legitimate target."
Adam Biviano, a senior systems engineer at security software company Trend Micro, said all complex operating systems had security flaws and the more popular the platform, the more likely it would be attacked.
"All sophisticated platforms--Mac, Linux, Solaris or anything else--will have vulnerabilities," Biviano said. "The only reason Windows has had mass exploits written for it is the sheer number of connected devices that are present on most networks. As soon as you start seeing mass deployment of any technology, you are going to see exploits."
While there have not been any mass outbreaks of viruses targeting the Mac, the potential does exist, Biviano said
"You don't see Macintosh viruses in mass outbreaks, but you do see them in the labs as proof of concepts," he said "There aren't any outbreaks because there are simply are not enough (Macs) out there. For a virus to be successful, it needs a combination of an exploit and a large target audience."
Biviano noted that among cell phones, writers target the most popular operating system, not Microsoft's platform.
"Look at where mobile viruses are going, and they are not targeting Microsoft--they are targeting the market leader, which is Symbian," he said.
source:news.com
-
Panda Software reports the emergence of pharming as a serio
Panda Software reports the emergence of pharming as a serious threat to users
march, 23th, 2005 - Panda Software is now warning of the emergence of a new online fraud technique, sophisticated and dangerous: pharming.
Pharming involves altering DNS (Domain Name System) addresses so that the web pages that a user visits are not the original ones, but others created specifically by cyber-crooks to collect confidential data, especially information related to online banking.
Pharming attacks can be carried out directly against the DNS server, in such a way that the change of address will affect all users accessing this server while they browse the Internet, or they can be carried out locally i.e. in individual PCs. This second scenario is much more dangerous, not just because it is more effective, but because it is easier for attackers.
They only need to take two actions: modify a small file, called hosts, which can be found in any computer running Windows and using Internet Explorer to access the Internet; and create a false web page. The host file stores a small table with the server and IP addresses most commonly accessed by the user, so that it is not necessary to access the DNS server to convert Internet addresses (URLs) into IP addresses. If this file is overwritten, for example, with false addresses for online banking pages, whenever a user types the name of this bank in the browser he will access the page created by the hacker which has exactly the same appearance as the genuine page. The unsuspecting victim could then enter confidential data unaware that it is really falling into the hands of the cyber-crook.
The hosts file can be edited directly by the hacker (by accessing remotely to the system) or using malicious code, normally Trojans such as some variants of the Bancos, Banker and Banbra families. Pharming attacks can also be perpetrated by exploiting any software vulnerability that gives access to the system files.
Panda Software is offering the following advice to users to help prevent them falling victim to pharming attacks:
- Use anti-malware software combining proactive and reactive detection systems: the simplest way of manipulating a computer so that it becomes the victim of a pharming attack is by using malicious code, generally Trojans. It is highly advisable to use proactive protection systems that can pre-empt threats and block them simply by analyzing their behavior.
- Install a personal firewall: this precaution will prevent a hacker from entering the computer through an unprotected communication port and modifying the system.
- Frequently update the software installed on the computer or have automatic update systems enabled to ensure there are no vulnerabilities that can be exploited in order to launch these kinds of attacks.
:!: shakhe.bizhat.com :!:
-
The 5 viruses most frequently detected by Panda ActiveScan
march, 23th, 2005
The 5 viruses most frequently detected by Panda ActiveScan, Panda Software's free online scanner:
1)Netsky.P; 2)StartPage.FH; 3)Mhtredir.gen; 4)Downloader.GK; 5)Shinwow.E.
-
Vulnerability in Java Web Start
Madrid, March 24, 2005
Sun has reported a vulnerability in Java Web Start that could allow privilege elevation of a non-trusted application and indiscriminate permission to read, write and execute on the local system.
Java Web Start is a platform that allows developers to deploy complete applications to final users accessible from any browser.
By default Java applications run in a virtual environment, called "sandbox", to prevent security problems that indiscriminate access to system resources could imply. Read, write and command execution restrictions are imposed on a Java application to protect the system from possible attack.
The vulnerability detected allows the files to be designed to prevent "sandbox" restrictions and take control of the system. The problem affects Java Web Start distributed with J2SE from versions 1.4.2 to 1.4.2_06, for Windows, Solaris and Linux platforms.
To resolve the problem, users should update to J2SE version 1.4.07 or later, available from http://java.sun.com/j2se/1.4.2/download.html . As an additional preventive measure, until a vulnerable version is updated, we recommend disabling the execution of Java Web Start applications, removing support for JNLP files in browsers.
-
Drag and drop vulnerability in Thunderbird and Firefox
Drag and drop vulnerability in Thunderbird and Firefox
March 25, 2005
A vulnerability has been reported which affects both the Firefox browser and the Thunderbird mail client and which can be exploited by remote attackers to insert malware on a user's system.
The problem is that images dragged and dropped from a web page to the desktop retain their name and extension. If the file has an executable extension, it could be run instead of being opened by the corresponding multimedia application.
To exploit this vulnerability, an attacker would need to construct a valid image file which at the same time was executable. In Windows, this can be done using a hybrid of a GIF image and a batch file. The attacker then needs to trick the user into the dragging the image onto the desktop and double-clicking on it.
-
Weekly report on viruses
Weekly report on viruses
March 25h, 2005 - This week's report on viruses and intruders looks at two worms (Mydoom.BH and Crowt.B) and a Trojan, Downloader.BHV.
Mydoom.BH is an email worm which can also spread through the KaZaA P2P file sharing program. Once it has entered a computer and is run, it downloads a page from a website with code, which is saved to the Windows system directory as an executable file called TEMP1.EXE. It also displays a screen referring to an antivirus in order to distract users' attention.
To spread via email it sends itself to all contacts in the Outlook address book, using its own SMTP engine. The name that appears as the sender of the email is false and the message includes an attachment with malicious code.
In addition to using email, Mydoom.BH also creates a copy of itself in the shared KaZaA directory, which it obtains from the Windows registry. This copy has random file and extension names, selected from a list of names designed to attract KaZaA users.
Other users of this program could remotely access this shared directory, and voluntarily download to their computer files created by Mydoom.BH, thinking that they were actually interesting programs, etc. They would in fact, be downloading copies of the worm to their computers. When they run the downloaded file, these other computers would become infected by Mydoom.BH.
The second worm in this report, Crowt.B, has backdoor functionalities and sends itself by email using its own SMTP engine. It gets the addresses to which it sends itself from a list of contacts stored on the user's computer.
It allows remote commands to be executed on the compromised computer and information to be extracted from it. It also carries an additional danger, as it acts as a keylogger, recording keystrokes and stealing passwords entered. In order to conceal itself, Crowt.B, injects its code into other programs.
Finally, we will look at the Downloader.BHV Trojan. This malicious code downloads and installs adware programs on the infected computer.
Downloader.BHV needs the intervention of an attacker in order to propagate and cannot spread by itself automatically. Various propagation channels are used, including floppy disks, CDs, e-mail messages with attachments, Internet downloads, FTP file transfers, IRC channels, P2P file-sharing networks, etc.
When it is run, it downloads from a range of websites 5 executable files disguised as GIF files, which it runs on the infected system. To prevent detection, it uses some very basic techniques (some text strings are composed while the code is running).
source:panda
-
When a computer is infected, the worm sets up a backdoor into the system by opening TCP ports 3127 through 3198, which can potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network resources... i hope i will never become face to face with it :D
-
Mar 28 2005
In This Week's SecurityTracker Vulnerability Summary
SecurityTracker Alerts: 40
================================================== =====
Vendors: Apple Computer - betaparticle.com -
birdblog.sourceforge.net - ciamos.com - Code Ocean - Czaries
Network - digitalhive.com - exoops.info -
filezilla.sourceforge.net - funlabs.com - GNU [multiple
authors] - ImageMagick.org - Interspire - Kayako Web
Solutions - KDE.org - Kimbrel, Josh - Lazurus - M.Dev
Software - mathopd.org - mercuryboard.com - Microsoft -
Mozilla.org - Nortel - OpenGroupware.org - Phorum.org -
phpmyfamily.net - phpsysinfo.sourceforge.net - Ptirhiik -
runcms.org - STADTAUS.com - ...
================================================== ====
Products: Apple File Protocol (AFP) - ArticleLive -
betaparticle blog - BirdBlog - Bluetooth Setup Assistant -
Ciamos - CoreFoundation - CzarNews - DigitalHive - Download
Center Lite - eSupport - exoops - FileZilla - FUN labs Games
- ImageMagick - KDE - Mac OS X - Mailman - Mathopd -
MercuryBoard - Mozilla Browser - Mozilla Firefox - Mozilla
Thunderbird - Nortel Contivity - Ocean FTP Server - Phorum -
phpmyfamily - phpSysInfo - RUNCMS - SOGo - Topic Calendar
(for phpBB) - TRG News Script - Vortex Portal - ...
================================================== ===
================================================== ===
Your SecurityTracker Vulnerability Alerts
1. Topic Calendar (for phpBB)
Vendor: Ptirhiik
Several vulnerabilities were reported in Topic Calendar for
phpBB. A remote user can conduct cross-site scripting attacks. A
remote user can determine the installation path.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Mar/1013554.html
2. SOGo
Vendor: OpenGroupware.org
A vulnerability was reported in SOGo. A remote authenticated
user may be able to access the information of another user.
Impact: Disclosure of user information
Alert: http://securitytracker.com/alerts/2005/Mar/1013553.html
3. Windows Remote Desktop Application
Vendor: Microsoft
A vulnerability was reported in Microsoft Windows Remote
Desktop. A remote authenticated user can shutdown the target system.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2005/Mar/1013552.html
4. ImageMagick
Vendor: ImageMagick.org
A format string vulnerability was reported in ImageMagick. A
remote user may be able to cause arbitrary code to be executed on
the target system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Mar/1013551.html
5. ImageMagick
Vendor: ImageMagick.org
Several vulnerabilities were reported in ImageMagick. A remote
user can create an image file that will cause ImageMagick to crash
or execute arbitrary code.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2005/Mar/1013550.html
6. MercuryBoard
Vendor: mercuryboard.com
An input validation vulnerability was reported in MercuryBoard
in the processing of private messages. A remote user can conduct
cross-site scripting attacks.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Mar/1013549.html
7. BirdBlog
Vendor: birdblog.sourceforge.net
An input validation vulnerability was reported in BirdBlog. A
remote user can inject SQL commands.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2005/Mar/1013548.html
8. Mathopd
Vendor: mathopd.org
A vulnerability was reported in Mathopd in the processing of
temporary files. A local user can modify files on the target system.
Impact: Modification of system information
Alert: http://securitytracker.com/alerts/2005/Mar/1013546.html
9. Vortex Portal
Vendor: Kimbrel, Josh
An include file vulnerability was reported in Vortex Portal. A
remote user can execute arbitrary commands on the target system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Mar/1013545.html
10. ArticleLive
Vendor: Interspire
An input validation vulnerability was reported in ArticleLive
2005. A remote user can conduct cross-site scripting attacks.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Mar/1013543.html
11. ZipGenius
Vendor: M.Dev Software
A directory traversal vulnerability was reported in ZipGenius.
A remote user can create a zip file that, when uncompressed by the
target user, will create files in arbitrary directories on the
target user's system.
Impact: Modification of system information
Alert: http://securitytracker.com/alerts/2005/Mar/1013542.html
12. Download Center Lite
Vendor: STADTAUS.com
A vulnerability was reported in Download Center Lite. A remote
user can execute arbitrary commands on the target system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Mar/1013541.html
13. phpSysInfo
Vendor: phpsysinfo.sourceforge.net
Maksymilian Arciemowicz from from SECURITYREASON.COM reported
several vulnerabilities in phpSysInfo. A remote user can conduct
cross-site scripting attacks. A remote user can also determine the
installation path.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Mar/1013532.html
14. KDE
Vendor: KDE.org
A vulnerability was reported in KDE in the dcopidlng script. A
local user may be able to obtain elevated privileges.
Impact: Modification of system information
Alert: http://securitytracker.com/alerts/2005/Mar/1013525.html
15. Mozilla Browser
Vendor: Mozilla.org
A vulnerability was reported in the Mozilla Suite in the
processing of drag and drop operations. A remote user can open
privileged XUL code with some user interaction.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Mar/1013522.html
16. Mozilla Firefox
Vendor: Mozilla.org
A vulnerability was reported in Mozilla Firefox in the
processing of drag and drop operations. A remote user can open
privileged XUL code with some user interaction.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Mar/1013521.html
17. Mozilla Firefox
Vendor: Mozilla.org
A vulnerability was reported in Mozilla Firefox in the sidebar
panel feature. A remote user can execute arbitrary applications on
the target user's system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Mar/1013520.html
18. Mozilla Browser
Vendor: Mozilla.org
A vulnerability was reported in the Mozilla Suite in the
processing of GIF images. A remote user can execute arbitrary code
on the target system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Mar/1013519.html
19. Mozilla Thunderbird
Vendor: Mozilla.org
A vulnerability was reported in Mozilla Thunderbird in the
processing of GIF images. A remote user can execute arbitrary code
on the target system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Mar/1013518.html
20. Mozilla Firefox
Vendor: Mozilla.org
A vulnerability was reported in Mozilla Firefox in the
processing of GIF images. A remote user can execute arbitrary code
on the target system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Mar/1013517.html
21. DigitalHive
Vendor: digitalhive.com
Benji Lemien reported two vulnerabilities in DigitalHive. A
remote user can re-install the application. A remote user can also
conduct cross-site scripting attacks.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Mar/1013516.html
22. XMB Forum
Vendor: Xmbforum.com
Benji Lemien reported an input validation vulnerability in XMB
Forum in the 'Mood' parameter. A remote user can conduct
cross-site scripting attacks.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Mar/1013515.html
23. Phorum
Vendor: Phorum.org
A vulnerability was reported in Phorum in 'search.php'. A
remote user can conduct HTTP response splitting attacks.
Impact: Modification of system information
Alert: http://securitytracker.com/alerts/2005/Mar/1013514.html
24. FileZilla
Vendor: filezilla.sourceforge.net
Two vulnerabilities were reported in FileZilla. A remote user
can cause denial of service conditions.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2005/Mar/1013513.html
25. Nortel Contivity
Vendor: Nortel
A vulnerability was reported in Nortel Contivity in the VPN
client software. A local user can obtain the password.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Mar/1013512.html
26. eSupport
Vendor: Kayako Web Solutions
An input validation vulnerability was reported in Kayako
eSupport. A remote user can conduct cross-site scripting attacks.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Mar/1013511.html
27. betaparticle blog
Vendor: betaparticle.com
Two vulnerabilities were reported in betaparticle blog. A
remote user can access the underlying database. A remote user can
upload and delete arbitrary files.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Mar/1013510.html
28. Ocean FTP Server
Vendor: Code Ocean
A vulnerability was reported in Ocean FTP Server. A remote
user can deny service.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2005/Mar/1013509.html
29. Bluetooth Setup Assistant
Vendor: Apple Computer
A vulnerability was reported in the Bluetooth Setup Assistant
for Apple Mac OS X. A local user may be able to bypass security
restrictions.
Impact: User access via network
Alert: http://securitytracker.com/alerts/2005/Mar/1013506.html
30. Mac OS X
Vendor: Apple Computer
A vulnerability was reported in Apple Mac OS X in the setting
of permissions on several directories. A local user may be able to
obtain elevated privileges.
Impact: Modification of system information
Alert: http://securitytracker.com/alerts/2005/Mar/1013503.html
31. Apple File Protocol (AFP)
Vendor: Apple Computer
Two vulnerabilities were reported in the Apple File Protocol
(AFP) Server. A remote user can cause denial of service conditions
or access Drop Boxes.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2005/Mar/1013502.html
32. CoreFoundation
Vendor: Apple Computer
iDEFENSE reported a vulnerability in Mac OS X Core Foundation.
A local user can obtain root privileges.
Impact: Execution of arbitrary code via local system
Alert: http://securitytracker.com/alerts/2005/Mar/1013497.html
33. Mailman
Vendor: GNU [multiple authors]
An input validation vulnerability was reported in Mailman when
processing error messages. A remote user can conduct cross-site
scripting attacks.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Mar/1013494.html
34. phpmyfamily
Vendor: phpmyfamily.net
An input validation vulnerability was reported in phpmyfamily.
A remote user can inject SQL commands.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Mar/1013493.html
35. FUN labs Games
Vendor: funlabs.com
A vulnerability was reported in several games from FUN labs. A
remote user can cause the game service to crash or to stop
accepting packets.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2005/Mar/1013492.html
36. TRG News Script
Vendor: Lazurus
Frank 'brOmstar' Reissner from [In]Security Research reported a
vulnerability in TRG News Script. A remote user can execute
arbitrary commands on the target system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Mar/1013487.html
37. CzarNews
Vendor: Czaries Network
Frank 'brOmstar' Reissner from [In]Security Research reported a
vulnerability in CzarNews. A remote user can execute arbitrary
commands on the target system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Mar/1013486.html
38. exoops
Vendor: exoops.info
Majid NT from Iran Hackers Sabotage Team reported two
vulnerabilities in exoops. A remote user can determine the
database password and the installation path.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Mar/1013485.html
39. Ciamos
Vendor: ciamos.com
Majid NT from Iran Hackers Sabotage Team reported two
vulnerabilities in Ciamos. A remote user can determine the
database password and the installation path.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Mar/1013484.html
40. RUNCMS
Vendor: runcms.org
Majid NT from Iran Hackers Sabotage Team reported two
vulnerabilities in RUNCMS. A remote user can determine the
database password and the installation path.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Mar/1013483.html
================================================== ======
-
Mafia take advantage of the Internet through
:arrow:
March 28, 2005 - Malware creators have changed their aims and modus operandi. On the one hand, the trend detected over the last few months of creating malware for financial gain has been confirmed and on the other, instead of using just one malicious code capable of spreading rapidly across thousands of computer, they are now using many different variants. A very recent example is the Kelvir worms. Their tactic involves saturating cyber-space with a huge number of variants of the same code, seven in less than seven days. This makes it difficult for both security companies, who have to develop a large number of vaccines, and users, who hardly have time to update their security applications, to combat them. As a result, it is easy for a computer to fall victim to one of the new malicious code.
The real aim of the Kelvir worms is to download other malware to the computer, more specifically, 'bots'. 'Bots' are automated Trojans that carry out actions, obeying external commands. A hacker can use these to carry out a wide range of actions on the affected computer, such as: stealing confidential data, launching attacks on other computers, generating spam anonymously, etc.
'Bots' are a rapidly growing threat. Data compiled by Earthlink shows that 20 percent of computers could contain a 'bot'. What's more, an estimated 66 percent of spam circulating around the Internet is being sent through 'bot' networks. In fact, there is an underground 'bot' rental market to satisfy the demands of "professional spammers" who pay between three and four cents per 'bot' a week.
'Bots' can also be used to carry out Distributed Denial of Service attacks (DDoS) against other computers. According to an article published by SecurityFocus, an executive in a US company confessed to having paid a group of hackers to launch DDoS attacks against three rival companies. What's more, the crash of website like Yahoo!, Microsoft and Google in 2004 was also attributed to DDoS attacks carried out through 'bots'.
According to Luis Corrons, head of PandaLabs, "'bots' are a perfect tool for Internet mafias. They are extremely versatile, allowing all types of actions to be carried out which can do more than slow down systems or flood the Internet with infected messages. Their actions not only affect what is known as cyber-space, but can also hit the economy or image of users and companies. For example, a well-known US newspaper reported the hijacking of hundreds of computers in the Defense Department and the Senate, which were used as zombies to send out spam."
When a 'bot' enters a computer, this represents a serious security risk for any user, although attacks from this type of malicious code have implications at many other levels, such as software piracy. There are, for example, 'bots' that detect passwords and content of programs that can then be distributed illegally.
However, it is companies that suffer most due to attacks from this type of malware. The main damage that 'bots' can cause in corporate environments includes:
- Corporate extortion. Some companies have been blackmailed by organized groups of hackers, threatening to block their IT systems if they didn't meet their demands, which are normally financial. This kind of action, mainly affects those companies whose activity is based around e-commerce or Internet services. The e-magazine Rense.com has reported a hacker mafia offering 'protection' to a range of websites in the UK in exchange for $50,000 a year.
- Data theft. Some 'bots' download keyloggers, designed to capture keystrokes and send the information to a hacker. This allows them to access all kinds of corporate information that could be used for online bank fraud or hacker attacks. It could also damage the reputation of a company as stolen email addresses, could be used for sending all kinds of spam.
- Damage to corporate resources. A large number of 'bots' installed on computers across the corporate network consume additional resources -bandwidth, administrator time, etc.- with negative consequences for productivity.
-Infiltration of other malware in the network. Generally speaking, the entrance of a 'bot' in a corporate network is a prelude to the arrival of all kinds of malware: spyware, adware, other viruses, etc.
A 'bot' is a malicious code that is dropped onto a system in a way that users can't see. Similarly, a single specimen installed on a computer is very difficult to detect. Although there are thousands of 'bots' identified and detected and eliminated by most anti-malware applications, new 'bots' are constantly appearing and are surreptitiously spread so that sometime may pass before security companies detect their presence and can generate the corresponding vaccine.
According to Luis Corrons, "TruPrevent(TM), our proactive detection technologies, have blocked more than 2,700 new 'bots' -as well as a huge amount of other type of malware- since they were launched in August 2004. We currently have proactive detection systems that can identify malicious code alone. When we decided to develop our TruPrevent(TM) proactive detection technologies, we considered the growing threat of these and other malware. Reactive solutions continue to be the most effective against known malware, but proactive technologies are the perfect complement. For example, when the TruPrevent(TM) Technologies detect a new strain of malware, they immediately send it to PandaLabs. This allows us to head off the infection and prevent the damage that they can cause. What's more, we can generate a specific vaccine much faster than our competitors."
-
thanks for all the updates :)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
Reply With Quote
Bookmarks