GudangAntiVirus.com

Computer viruses got their name because they spread just like biological viruses. There are other parallels as well; for instance, best practices. In the medical world they are called preventative measures, but really they are best practices. For instance, you should wash your hands in soap and water often. In the computer world, the equivalent is keeping your security software up to date and keeping your patches current. For computer users, if you follow this one best practice, your computer will stay healthy.

We wrote earlier about how the spammers are taking advantage of public concern about the swine flu. Now the malware writers have entered the game, too. Potential victims are going to get an email with a PDF attachment that promises to answer all questions about the much talked about swine flu. The attachment is named “Swine influenza frequently asked questions.pdf.” It is a real PDF file, and when opened it will show something like this:

Swine PDF

Unfortunately, if you get this far, you’ve been infected. Unlike the swine flu though, I have good news for you—if you followed the best practices guidelines, you’re safe. Symantec detects the malicious PDF file as Bloodhound.Exploit.6 and the dropped malicious file contained in the PDF as InfoStealer. Even better news: there is an Adobe patch for this known vulnerability, Adobe Acrobat and Reader PDF File Handling JBIG2 Image Remote Code Execution Vulnerability (BID 33751). If you haven’t already, it’s time to start following best practices and download the Adobe patch for your version of Acrobat and Adobe Reader.

Protect your health. Protect yourselves and your computer from the human swine that prey on our desire for information to keep us healthy. Keep your security software up to date, keep your systems patched, and be suspicious of unsolicited email that talks about topical subjects. Be very careful when such email includes attachments, links to websites, or videos that it says you should view.

Original source: http://www.symantec.com/connect/blogs/malicious-code-authors-jump-swine-flu-bandwagon

Internet Exlporer

A new exploit targeting Internet Explorer was published to the BugTraq mailing list. Symantec has conducted further tests and confirmed that it affects Internet Explorer versions 6 and 7 as well. The exploit currently exhibits signs of poor reliability, but we expect that a fully-functional reliable exploit will be available in the near future.  When this happens, attackers will have the ability to insert the exploit into Web sites, infecting potential visitors.  For an attacker to launch a successful attack, they must lure victims to their malicious Web page or a Web site they have compromised. In both cases, the attack requires JavaScript to exploit Internet Explorer.

The exploit targets a vulnerability in the way Internet Explorer uses cascading style sheet (CSS) information. CSS is used in many Web pages to define the presentation of the sites’ content. Symantec currently detects the exploit with the Bloodhound.Exploit.129 antivirus signature and is working on new signatures now. Symantec IPS protection also currently detects this exploit with signatures HTTP Microsoft IE Generic Heap Spray BO and HTTP Malicious Javascript Heap Spray BO. A new IPS signature, HTTP IE Style Heap Spray BO, has also been created for this specific exploit. To minimize the chances of being affected by this issue, Internet Explorer users should ensure their antivirus definitions are up to date, disable JavaScript and only visit Web sites they trust until fixes are available from Microsoft.

Original source: http://www.symantec.com/connect/blogs/zero-day-internet-explorer-exploit-published

Retailers aren’t the only ones gearing up for the holiday season. Criminals are also out in force.

Scam

To highlight the increased crime during the holidays, security company McAfee has come up with the “12 Scams of Christmas” ranging from bogus electronic greeting cards that deliver malware instead of cheer to fake charities that steal your money and your identity.

It’s especially important to be extra careful this time of year, says McAfee’s David Marcus. “The bad guys know people are spending more time online, they’re paying more bills online so [the criminals] stand a chance of being a bit more successful this time of year.

Read the rest of this entry »

w32sality-virus

In addition, Sality opens a backdoor that allows the remote attacker to get the full control over the infected computer and this places any financial or banking information stored on your computer in severe jeopardy and represents a serious security risk.

Also known as: W32/Sality (McAfee), Virus.Win32.Sality.aa (Kaspersky), W32.Sality.AE (Symantec), Virus:Win32/Sality.AM (MS OneCare), PE_SALITY.EM (Trend)

W32/Sality is a parasitic virus that infects Win32 PE executable files. It is a polymorphic virus that attempts to spread by file infection. It looks for Win32 PE executable files with .EXE or .SCR file extensions, and infects any such files found on the system by appending the virus body to the host file.

The virus also attempts to propagate by copying itself with a random filename to network drives, including all removable disk drives. Sality.AA also creates an “autorun.inf” file in these drives so that the virus executes when it is accessed.

Read the rest of this entry »