GudangAntiVirus.com

Computer viruses got their name because they spread just like biological viruses. There are other parallels as well; for instance, best practices. In the medical world they are called preventative measures, but really they are best practices. For instance, you should wash your hands in soap and water often. In the computer world, the equivalent is keeping your security software up to date and keeping your patches current. For computer users, if you follow this one best practice, your computer will stay healthy.

We wrote earlier about how the spammers are taking advantage of public concern about the swine flu. Now the malware writers have entered the game, too. Potential victims are going to get an email with a PDF attachment that promises to answer all questions about the much talked about swine flu. The attachment is named “Swine influenza frequently asked questions.pdf.” It is a real PDF file, and when opened it will show something like this:

Swine PDF

Unfortunately, if you get this far, you’ve been infected. Unlike the swine flu though, I have good news for you—if you followed the best practices guidelines, you’re safe. Symantec detects the malicious PDF file as Bloodhound.Exploit.6 and the dropped malicious file contained in the PDF as InfoStealer. Even better news: there is an Adobe patch for this known vulnerability, Adobe Acrobat and Reader PDF File Handling JBIG2 Image Remote Code Execution Vulnerability (BID 33751). If you haven’t already, it’s time to start following best practices and download the Adobe patch for your version of Acrobat and Adobe Reader.

Protect your health. Protect yourselves and your computer from the human swine that prey on our desire for information to keep us healthy. Keep your security software up to date, keep your systems patched, and be suspicious of unsolicited email that talks about topical subjects. Be very careful when such email includes attachments, links to websites, or videos that it says you should view.

Original source: http://www.symantec.com/connect/blogs/malicious-code-authors-jump-swine-flu-bandwagon

Internet Exlporer

A new exploit targeting Internet Explorer was published to the BugTraq mailing list. Symantec has conducted further tests and confirmed that it affects Internet Explorer versions 6 and 7 as well. The exploit currently exhibits signs of poor reliability, but we expect that a fully-functional reliable exploit will be available in the near future.  When this happens, attackers will have the ability to insert the exploit into Web sites, infecting potential visitors.  For an attacker to launch a successful attack, they must lure victims to their malicious Web page or a Web site they have compromised. In both cases, the attack requires JavaScript to exploit Internet Explorer.

The exploit targets a vulnerability in the way Internet Explorer uses cascading style sheet (CSS) information. CSS is used in many Web pages to define the presentation of the sites’ content. Symantec currently detects the exploit with the Bloodhound.Exploit.129 antivirus signature and is working on new signatures now. Symantec IPS protection also currently detects this exploit with signatures HTTP Microsoft IE Generic Heap Spray BO and HTTP Malicious Javascript Heap Spray BO. A new IPS signature, HTTP IE Style Heap Spray BO, has also been created for this specific exploit. To minimize the chances of being affected by this issue, Internet Explorer users should ensure their antivirus definitions are up to date, disable JavaScript and only visit Web sites they trust until fixes are available from Microsoft.

Original source: http://www.symantec.com/connect/blogs/zero-day-internet-explorer-exploit-published