Last Security News

[shakhe.bizhat.com]

-No more spyware!, new website to protect your computer against spyware-
August 30, 2005 - Even though 9 in 10 computers have spyware
installed (*), many users still don't seem to realize that spyware is a
direct attack on their privacy, which should not be tolerated. With this
problem in mind, Panda Software has launched a new website at
http://www.demandonspyware.com, which has been created, under the slogan
No more spyware!, to help users fight against this serious threat.

"Users' lack of knowledge of spyware is what makes their computers
vulnerable", confirms Luis Corrons, director of PandaLabs. "Spyware
creators are aware of this situation and use it for their own
benefit.They realize that many users don't even know that spyware
exists, and that others simply don't give it much thought and therefore
are not adequately protected. For this reason, when computers are
scanned in-depth for spyware, not just one but dozens are often
encountered.

No more spyware!, the new Panda software website, offers all necessary
information to protect against this threat. The contents of
http://www.demandonspyware.com have been divided into the following
sections:

- What is spyware? Knowing the enemy is vital in order to tackle it
successfully. In this section, users have in-depth information on the
characteristics of spyware, its effects, means of propagation, etc.

- Technical study. Here users can see a complete study about this
threat, including classification of spyware and descriptions of the best
technology for combating it. For example, TruPreventTM proactive
protection technologies, which detect and block unknown spyware without
the need for signature files.

- Free anti-spyware test. Identifying the symptoms that could reveal the
presence of spyware on a system is a basic factor in avoiding the
consequences of its actions. This section details the most common
symptoms of spyware attacks, and offers users Panda ActiveScan, the free
anti-malware solution which can detect the presence of both known and
unknown spyware. It does this using an exclusive genetic scanning
detection, which has detected thousands of examples of unknown spyware
since January 2005.

Practical tips don't let them spy on you. A lively multimedia animation
presents users with 10 basic tips to drastically reduce the chances of
their system becoming infected by spyware.

Spyware needs to be fought on two fronts. The first involves training
users to change those habits when using the Internet and their computers
that could allow spyware to enter. The second is to use the right
technologies to combat spyware in order to effectively prevent this type
of malware from entering systems.

[shakhe.bizhat.com]

- New vulnerability in Internet Explorer -
August 31 2005 - According to several reports, including those from ZDNET and SecurityTracker, a new security problem affecting Internet Explorer (IE) has been detected which could allow execution of code and is currently being investigated by Microsoft.

Due to this vulnerability, a remote user could create specially crafted HTML which, when loaded by the target user, would cause the user's browser to crash or even execute arbitrary code.

A spokesperson for Microsoft has declared that the company has received information about this security problem, although it has not confirmed or denied its existence as it is still in the process of investigating it.

[shakhe.bizhat.com]

September 1, 2005 - Creative has reported that a Windows worm
has been accidentally distributed in its Zen Neeon line of MP3 players.

Initially, the company did not expect this incident to cause a
significant number of infections, as the worm appeared over a year ago
and is therefore detected by the majority of antivirus products. What's
more, even though the MP3 player stores the worm, the user must connect
the device to a PC and try to run the file for it to activate.

Users of Zen Neeon MP3 players can check if their device is affected by
checking the serial number at:
http://jp.creative.com/images/support/tsn/pn_pic_jp.jp

___________________
Making Money


OceanicFinancial---> 1.7٪Daily

[shakhe.bizhat.com]

September 7 2005
EdGibson -chief security adviser at Microsoft UK- has been affected by a
dialer.

According to an article in ZDNet, Ed Gibson explained that the presence
of a dialer in his computer left him with a phone bill of more than 650
euros. Gibson, who said he was perturbed by the event, declared "If we
don't make a concerted effort to make the Internet more secure, it will
be a very different place in the future".

Dialers are programs that are used to maliciously re-route Internet
connections. They are designed to cut off the phone connection (the
dial-up connection used for accessing the Internet) and connect to a
premium-rate number without users' consent, leaving the victim with a
costly telephone bill.

The best way to avoid falling victim to dialers, or to any other type of
malware, is to have permanent protection on the computer to detect and
prevent malicious action.

[sawanbanna]

man..you are a big fan of Panda Soft. keep your good postings

[shakhe.bizhat.com]

Microsoft will not release security updates in September

September 13, 2005
The second Tuesday of each month Microsoft publishes its bulletins
reporting the updates it has released to fix vulnerabilities detected
in its programs. However, it will not release any in September, according
to the notification published by the company at:
http://www.microsoft.com/technet/sec...n/advance.mspx.

In this notification Microsoft also announces that today it will release the updates below:

- Updated versions of Microsoft Windows Malicious Software Removal
Tool.

- Updates for Microsoft Update (MU), Windows Update (WU), Windows
Server
Update Services (WSUS) and Software Update Services (SUS).

[shakhe.bizhat.com]

September 16 2005 - This week's report looks at a wide range of threats including three worms -P2load.A, Mytob.JN and Bagle.EI-, one example of spyware -Spytrooper-, three Trojans- Fantibag.A, Banker.APM
and Mitglieder.EV-, and a hacking tool-Keyspy.B-.

P2load.A is a worm that spreads through the P2P file-sharing programs,Shareaza and Imesh. It takes several actions on infected computers,
including modifying the HOSTS file so that when users request the Google page they are taken to another page, exactly the same as Google, but with nothing to do with the company, and hosted on a server in Germany.
The spoof page appears to be exactly the same as the legitimate one and even includes the 17 languages supported by Google.

When users try to run a search on the spoof Google page, the results are
displayed correctly or with slight variations with respect to the genuine Google results. What do change however, are the links sponsored
by companies which normally appear at the top of the list of results.
However in this case, with certain searches, users whose computers are
affected by P2load will see other links specified by the malware creator
in order to increase traffic to these sites.

The second worm that we are looking at today is Mytob.JN, which spreads via email in a message with variable characteristics. Mytob.JN opens a
TCP port to connect to a server and receive remote control commands to execute on the infected PC. This worm also terminates processes belonging to different security tools, such as antivirus programs and
firewalls, and processes belonging to other examples of malware. It also
prevents access to certain web pages, in particular those of antivirus
companies.

The third and final worm in today's report is Bagle.EI, which sends a copy of a variant of Mitglieder to all email addresses that it gathers from certain websites and which don't contain certain text strings.
This example of malware also prevents some variants of Netsky from running when Windows starts up.

The next malware specimen that we are looking at is called Spytrooper.
This is a type of adware which is automatically downloaded from adult websites or pirate software pages which use exploits to affect computers. It can also be downloaded after a pop-up window appears warning about spyware on the computer, or if users voluntarily download it from a certain web page.

Spytrooper warns users that their computer is infected by threats -which
actually don't exist-, at the same time as informing them that the threats can only be eliminated after they buy a full version of the program. When users buy and register Spytrooper, the supposed threats are no longer detected and the computer is 'seemingly' clean.

The first Trojan we are looking at today is Fantibag.A, which prevents access to a series of websites, mostly belonging to antivirus
companies.
It does this using a method based on RRAS (Routing and Remote Access
Service) API functions, which provide packet filtering capacity.

Banker.APM is a Trojan that aims to steal confidential information such
as passwords, which it then sends to its creator. It tries to redirect websites of various banks to a server hosting spoofed pages so that
users enter their personal details when they visit these pages.

The third Trojan we're looking at here is Mitglieder.EV, which attacks certain security tools such as antivirus programs and firewalls.
Specifically, it deletes essential files and removes Windows Registry
entries that allow applications to run automatically, it blocks
services
and terminates processes associated to the programs that provide the antivirus updates.

panda end today's report with a hacking tool called Keyspy.B, which logs
keystrokes and then sends them out by email. It can also execute or block the execution of any program and monitor web pages visited.

source:panda software

[shakhe.bizhat.com]

September 20 2005 - PandaLabs has, over the last, the last 24 hours, recorded numerous incidents caused by a new instant messaging
worm Mepe.A, in the area of Latin America, which spreads using instant
messaging programs. To follow the progress of this worm go to Panda
Software's Encyclopedia, at
http://enterprises.pandasoftware.com...?idvirus=90325

This Hispanic worm is designed to appear as a compiled Shockwave Flash
file - which it isn't- and when it is run, it displays a message claiming that execution has failed. However, it continues to create a series
of copies of itself in the system directory, as well as generating a
series of registry keys to ensure it is executed on every system startup.
What's more, it creates a file in the root directory that contains the
phrase in Spanish "Dios sólo nos dio un 1 y un 0, y con eso, hemos
construido un universo" (God just gave us a one and a zero and with this we have created the universe).

This worm spreads using the instant messaging applications. When the
user connects to this application, the worm looks for active windows with
the title 'Conversación', and sends a message in Spanish inviting the
user to download a postcard from a well known website: "te mandaron un
recado conmigo, ya te has de imaginar quien y si no sabes me dijo que no
te dijera quien, me dijo que te lo escribio en una postal y que de aqui
la abras www.[omitido].com ,bueno yo ya cumpli e?". (I have been asked
to give you a message, now you must guess from who, and they told me
not to tell you if you don't know and that you can open it from here
www.[omitted].com, right I've done what I was told - eh?). The link sent to
users takes them to a website that contains a copy of the worm, so that
it is downloaded to the computer and infects it.

What's more, Mepe.A also monitors the tasks that are running in order
to close windows with the following names in Spanish, "Administrador de
tareas de Windows", "Panel de Control", "Editor del Registro",
"Utilidad de configuración del sistema", and "Restaurar Sistema", so that the user cannot end the process related to the worm.

[shakhe.bizhat.com]

Mozilla Web browsers are potentially more vulnerable to attack than Microsoft's Internet Explorer, according to a Symantec report. :roll:

But the report, released Monday, also found that hackers are still focusing their efforts on IE.

The open-source Mozilla Foundation browsers, such as the popular Firefox, have typically been seen as more secure than IE, which has suffered many security problems in the past. Mitchell Baker, president of the foundation, said earlier this year that its browsers were fundamentally more secure than IE. She also predicted that Mozilla Foundation browsers would not face as many problems as IE, even as their market share grows.

Symantec's Internet Security Threat Report Volume VIII contains data for the first six months of this year that may contradict this perception.

According to the report, 25 vendor-confirmed vulnerabilities were disclosed for the Mozilla browsers during the first half of 2005, "the most of any browser studied," the report's authors stated. Eighteen of these flaws were classified as high severity.

"During the same period, 13 vendor-confirmed vulnerabilities were disclosed for IE, eight of which were high severity," the report noted.

The average severity rating of the vulnerabilities associated with both IE and Mozilla browsers in this period was classified as "high", which Symantec defined as "resulting in a compromise of the entire system if exploited."

The Mozilla Foundation did not immediately respond to requests for comment.

Symantec reported that the gap between vulnerabilities being reported and exploit code being released has dropped to six days on average. However, it's not clear from the report how quickly Microsoft and Mozilla released patches for their respective vulnerabilities, or how many of the vulnerabilities were targeted by hackers, though Microsoft generally releases patches only on a monthly basis.
Symantec admitted that "at the time of writing, no widespread exploitation of any browser except Microsoft Internet Explorer has occurred," but added that it "expects this to change as alternative browsers become increasingly widely deployed."

There is one caveat: Symantec counts only those security flaws that have been confirmed by the vendor. According to security monitoring company Secunia, there are 19 security issues that Microsoft still has to deal with for Internet Explorer, while there are only three for Firefox.

The report also highlighted a trend away from the focus of security being on "servers, firewalls, and other systems with external exposure." Instead, "client-side systems--primarily end-user systems--(are) becoming increasingly prominent targets of malicious activity."

Web browser vulnerabilities are becoming a preferred entry point into systems, the report stated. It also highlighted the trend of hackers operating for financial gain rather than recognition, increased potential exposure of confidential information, and a "dramatic increase in malicious code variants".

what is your opinion? :arrow:

[shakhe.bizhat.com]

September 21, 2005 - The Mozilla Foundation has released a new
version of Firefox -1.0.7-, which all users of this browser are advised
to install, as it incorporates improvements and resolves several
vulnerabilities.

The security flaws resolve in the new version of Firefox include the
following: buffer overflow in the Hosts name process; prevention of
URLs
filtered by external programs (only in Linux); blocking of Proxy
Auto-Config (PAC) script; and restore of the
InstallTrigger.getVersion()
function.

At the time of writing this bulletin, the new version of Firefox was
only available in English. However, the rest of the languages this
browser supports are due to be released shortly.

For more information and to download version 1.0.7 of Firefox, go to:
http://www.mozilla.org/products/firefox/