Bugbusters
Computer Service

News

January 25th 2010

Microsoft Office users in the U.S. will now be Nagged unless authenticated License is detected.
Computer World artical: Here

AntiVirus 2009, AKA AntiVirus Live, AKA SYSGUARD - Avoid these Fake Antivirus Trojan attacks

Gift Malware writers use every trick in the book when it comes to social engineering schemes. AntiVirus LIVE, and other Malwares employ some convincing graphical displays to trick users into thinking they are infected and to install this product for cleaning. It appears to be spreading through email, IM, and social networking websites. New variants are also constantly emerging in these spam runs to avoid AV detection. 

If any infection is found, users are much better served installing a true mainstream AV solution instead. In addition, to full feature AV products, there are even good free alternatives, that can do a good job in basic prevention or cleaning.

As a golden rule, never install any type of software from an email link. In fact, it's always beneficial in avoiding taking ANY actions on most email messages you receive


AntiVirus 2009 - Avoid these Fake Antivirus Trojan attacks
http://blog.trendmicro.com/fake-antivirus-trojans-ramping-up/
http://sunbeltblog.blogspot.com/2008/08/new-rogue-power-antivirus-2009-uses.html
http://sunbeltblog.blogspot.com/2008/08/more-malware.html


QUOTE: Researchers at TrendLabs have discovered a new set of rogue antivirus software circulating in the wild. Based on initial analysis, these threats arrive mainly via spammed email messages that contain a link to a bogus celebrity video scandal, although we have also received reports that the said link is also circulating in instant messaging applications and private messages in social networking Web sites.

RENOS Trojans are known to have very visual payloads that may further alarm users (for example, they modify the system’s wallpaper and screensaver settings to display BSOD). Thus, users may be more convinced that something’s wrong with their system, not knowing that their new software is the one causing it.


Virus spreads quickly, but may be a dud

Infection does not appear to be working as its designers intended


By Andrew Vanacore
updated 12:23 p.m. PT, Sat., Jan. 17, 2009

NEW YORK - A computer virus that may leave Microsoft Windows users vulnerable to digital hijacking is spreading through companies in the United States, Europe and Asia, already infecting close to 9 million machines, according to a private online security firm.

Fortunately, however, it may be a dud.

Though computer bugs have become a common affliction, Finland-based F-Secure says a virus it has been tracking for the past several weeks has surged more rapidly through corporate networks than anything they have seen in years.

But the virus does not appear to be working as its designers intended. F-Secure's chief security adviser, Patrik Runald, said the virus's coding suggests a type of bug that alerts computer users to bogus infections on their machines and offers to help by selling them antivirus software.

Instead, the virus is simply spreading to little effect, though it may still pose a threat to infected computers.

"The gang behind this worm haven't used it yet," F-Secure's chief research officer, Nikko Hypponen said by phone. "But they could do anything they like with any of these machines at any time."

Microsoft issued a security update Tuesday to deal with the so-called "Downadup" or "Conficker" virus, which appears to be a new version of a bug that popped up in October.

"Over the last couple of weeks, a new variant of this worm has been affecting customers," the company acknowledged in a blog post. Microsoft said the virus is spreading by gaining access to one computer and then guessing at passwords of other users in the same network: "If the password is weak, it may succeed."

A company representative couldn't immediately be reached Saturday to comment on F-Secure's estimate of infected machines.

Most computers with Windows will automatically download Microsoft's security update, but Hypponen said the virus disables updates on infected machines.

While the origin of the virus is a mystery, F-Secure's best guess is it came from Ukraine. Hypponen said it is coded to avoid computers there, which may indicate whoever wrote the virus was trying to avoid drawing attention from local authorities.


Conficker worm wriggles far and wide

A prolific new worm has spread to infect more than 3.5m Windows PCs, according to net security firm F-secure. The success of the Conficker (AKA Downadup) worm is explained by its use of multiple attack vectors and new social engineering ruses, designed to hoodwink the unwary into getting infected.

The worm uses a complex algorithm to develop a changing daily list of domains which infected machines attempt to establish contact with. Hackers need only register one of these possible names to establish contact with the botnet established by Conficker. The tactic is designed to frustrate attempts by security watchers to dismantle the command and control network associated with compromised machines.

But the approach also made it possible for F-secure to register a domain infected machines were due to contact and monitor what happened. Analysis by the firm, based on data from this experiment, suggests that 3.5m machines or more are under the control of unidentified hackers.

By comparison, the Storm worm was made up of somewhere between 500,000 and 1m zombie drones at its September 2007 peak, according to one recent estimate.

Conficker began circulating in late November. As well as exploiting the MS08-067 vulnerability patched by Microsoft last October, brute forces administrator passwords in an attempt to spread across machines on the same local area network. The malware also infects removable devices and network shares using a special autorun.inf file.

Analysis of the code by security watchers at the Internet Storm Centre has revealed its use of clever social engineering ruses that means users plugging an infected drive into a Windows machine might be fooled into thinking they are only opening a folder when they are actually clicking to run the worm's viral payload.

Security experts suggest that users may want to disable Autorun, or even prohibit the use of USB devices, as a precaution. ®

Website Builder