 |
|
|
| News archive about antivirus software, virus threats, trojans |
|
October 2003
Kaspersky Labs Releases KasperskyŽ Anti-Hacker version 1.5 -- Posted by Igor_Donchenko on Sunday, October 26 2003
Kaspersky Labs, a data security software developer releases a new version of KasperskyŽ Anti-Hacker, a firewall for personal computers.
KasperskyŽ Anti-Hacker is a personal firewall, which provides full-scale protection for Windows computers against hacker attacks and unauthorized access. The solution monitors all network and application activities, as well as filtering all incoming and outgoing data packets, thus ensuring the confidentiality of all data on the PC.
KasperskyŽ Anti-Hacker 1.5 has a significantly improved interface, including XP style for computers running under Windows XP. The solution is generally more user-friendly: by default initial installation now allows network activity for the most common applications according to their types, allowing easier installation, but not compromising security. Users can now define a range of ports within the packet filtration rules, as well as data filtration in applications, which allows them to set one rule for a whole group of potentially dangerous IP addresses. Moreover, the solution now detects new network attacks, such as SmbDie and Helkern/Slammer and supports ADSL modems.
The new version of KasperskyŽ Anti-Hacker also includes an improved Stealth Mode feature. Computers operating in this mode block all Internet connections from the outside, thus becoming invisible to possible intruders, whilst continuing to roam the Internet at will.
The high quality of the original version of the KasperskyŽ Anti-Hacker personal firewall attracted a large circle of loyal followers, as well as garnering positive reviews from leading IT publications and testing centres worldwide. The solution does not require any special technical skills. "The newest version of Kaspersky Anti-Hacker has all of the advantages of the original version, whilst becoming easier to use due to a user-friendly interface, which allows users to easily control the main functions of the program. Version 1.5 provides users with additional features that reliably prevent all types of unsanctioned access to PCs", commented Denis Zenkin, Head of Corporate Communications at Kaspersky Labs.
Source: http://www.avp.ru
|
Kaspersky Labs Strengthens Its Anti-Spam Weapon -- Posted by Igor_Donchenko on Thursday, October 16 2003
Kaspersky Labs announces the commercial release of the new version of its popular software designed to defend against undesired email correspondence - KasperskyŽ Anti-Spam 1.5.
KasperskyŽ Anti-Spam is a powerful spam countermeasure employing a multi-level email filtration system. The unmatched technology used to linguistically analyse email messages makes it possible to analyse message text, to determine its sense, and to eliminate undesired messages.
KasperskyŽ Anti-Spam users are assured daily updates to the lexical signature database that is developed by a full-time team of professional linguists. Continuous database updates keep mailboxes off limits to even the latest spam. Additionally, an integrated administration module provides a Web interface from which system administrators can conveniently change system parameters from any point within a network.
The newest version of KasperskyŽ Anti-Spam includes a wide range of technical improvements that considerably enhance its effectiveness. Version 1.5 has innovative technology making it possible to identify spammer tricks such as the insertion of random sequences of symbols in message titles and body texts, and the inclusion of graphic elements.
The upgraded version of KasperskyŽ Anti-Spam works significantly better with messages presented in various types of code. Additionally, the product's filtration module and general fault-tolerance is now appreciably more stable. The integration of new Kaspersky Labs performance technology enables the mail traffic filtration speed to be over four times faster than that of its predecessor. Increased compatibility now adds Postfix 2.x to the list of supported mail servers.
Source: http://www.avp.ru
|
Top Ten viruses most frequently detected by Panda ActiveScan in September -- Posted by Igor_Donchenko on Wednesday, October 15 2003
In September, Bugbear.B has once again caused the highest number of infections to users' computers, according to the data gathered by the free online antivirus, Panda ActiveScan.
This worm was found in over five percent of computers in which this Panda Software antivirus detected a malicious code. The dominance of Bugbear.B could be explained by its capacity to mass-mail itself and to exploit a vulnerability in Internet Explorer to run automatically.
Bugbear.B is closely followed by the Blaster worm, responsible for just under five percent of incidents, which caused a widespread epidemic in August. The fact that this malicious code spreads directly via the Internet and uses the Windows RPC DCOM vulnerability allows it to continue infecting unprotected computers.
In third place, but with a lower rate of infection than the previous two (just over three percent), is the Sobig.F worm which, in spite of being the fastest-spreading worm to date, has not caused a significant number of incidents.
The veteran Klez.I was the culprit in just over three percent of infections, putting it in fourth place. Over a year and a half after it was first detected, this malicious code continues to appear in the ranking of the Top Ten viruses most frequently detected month after month.
Another infamous malicious code that has made the ranking for several months running is the polymorphic virus Parite.B (at just under three percent). Sixth and seventh place are occupied by two new viruses that appeared in September, Gibe.C and Mapson.D, which were both detected in just under three percent of computers.
At the bottom of the Top Ten are the Trojan PSW.Bugbear.B (at almost two and a half percent) and the worms Enerkaz and Blaster.C (at just under two percent).
From the data collected by Panda Software’s free online antivirus in September, the following can be concluded:
- Software vulnerabilities, the most effective way of spreading rapidly. Four of the malicious code in the Top Ten (Bugbear.B, Blaster, Blaster.C and Klez.I) spread by exploiting vulnerabilities in the software installed on computers. What’s more, two of them (Bugbear.B and Blaster) occupy first and second place. This demonstrates the potential of this new means to cause widespread epidemics. It also shows how many users neglect to apply the patches released by manufacturers to fix these vulnerabilities.
- Drop in the number of incidents caused by Sobig.F. Even though this worm spread the fastest in August, it was in September that it caused the most infections. Therefore, in spite of being programmed to stop sending itself out from September 10, it has still infected enough computers to come in third.
| Ranking | Virus Name | Percentage | | 1 | W32/Bugbear.B | 5.10 | | 2 | W32/Blaster | 4.99 | | 3 | W32/Sobig.F | 3.23 | | 4 | W32/Klez.I | 3.02 | | 5 | W32/Parite.B | 2.95 | | 6 | W32/Gibe.C.worm | 2.93 | | 7 | W32/Mapson.D.worm | 2.56 | | 8 | Trj/PSW.Bugbear.B | 2.43 | | 9 | W32/Enerkaz | 1.75 | | 10 | W32/Blaster.C | 1.72 |
Source: http://www.pandasoftware.com
|
Panda Software warns about the Trojan Hatoy -- Posted by Igor_Donchenko on Wednesday, October 15 2003
Panda Software has detected a significant increase in the number of computer affected by the Trojan Hatoy (Trj/Hatoy.A), first detected by PandaLabs a few days ago. This malicious code is designed to change the TCP/IP settings of computers so that they point to a different DNS server than the one they had configured. Basically, DNS servers ensure that when a user enters an address in the Internet browser, the corresponding website is displayed.
For this reason, the main effect of Hatoy is that when users try to connect to any web page, it re-routes them to a different page selected by the virus author.
Hatoy cannot spread by itself and therefore, the only way a user can become infected is by visiting web pages that have been especially constructed to exploit the Object Type vulnerability that affects the browser Microsoft Internet Explorer. This security flaw allows files contained in web pages that exploit this vulnerability to be automatically run. More information about this vulnerability can be found here.
As a result, if users visit a web page that has been especially designed to automatically download and run Hatoy, their computers will be immediately infected. Once it has been installed on a computer, this Trojan modifies the Windows registry and creates several files.
Due to means of transmission used by this malicious code, it is suspected that the address of a website designed to distribute Hatoy has been sent as spam. This would explain why the number of incidents caused by this Trojan has significantly increased several days after it appeared.
Source: http://www.pandasoftware.com
|
September Evil Top Ten from BitDefender -- Posted by Igor_Donchenko on Tuesday, October 14 2003
September Evil Top Ten includes two nasty worms that wrecked hundreds of thousands of computer systems in August - MsBlast.A and Sobig.F, producing damages of billions of dollars. Furthermore, it introduces a brand new menace: Swen.A, another disgusting creature worming its way to glory...
This month's evil casting is presented in the table below. Have a look below at the vicious lineup on the red carpet this September:
| Ranking | Virus Name | Percentage | | 1 | Win32.Msblast.A | 19.0% | | 2 | Win32.Swen.A@mm | 16.0% | | 3 | Win32.Sobig.F@mm | 13.3% | | 4 | Win32.BugBear.B@mm | 12.0% | | 5 | Trojan.Exploit.Java.Bytverify | 10.2% | | 6 | Win32.Klez.H@mm | 9.0% | | 7 | Win32.Parite.B | 7.2% | | 8 | Win32.Sobig.A@mm | Win32.HLLP.Hanta.A | | 5.0% | Backdoor.SDBot.gen | 4.7% | | 10 | JS.Trojan.NoClose.K | 3.6% |
A certain amount of novelty is brought by the nasty shape of Swen.A, originally mild, but eventually tough for a lot of . Under the guise of "September 2003, Cumulative Patch", the virus looks to exploit an old flaw in Microsoft's Internet Explorer web browser. Microsoft issued a fix for the problem in March 2001, so lamentations are overdue...
Swen's spreading and damage are linked so far to the fact that social engineering tricks - such as masquerading - still work among common users. In spite of recent experiences with some uglier cyber-creatures, users haven't really learned their lesson that well. Although Swen's harsh attack on the Internet didn't result in the kind of damage Windows users
have somehow gotten used to, virus researchers say that some 200.000 computers were infected by Swen so far. In a fair estimation, that kind of spreading leaves Swen pretty low comparing to the threats we've seen lately, that is - Sobig.F mainly...
Nevertheless, this should not be regarded as a threat for companies that strip executables at their gateway. Moreover, the fake alert e-mail should command some immediate attention, considering that Microsoft doesn't send patches via e-mail. Instead, it refers people to its download page and
that has been seen as a keen issue by users too many times, the more reason for everyone to recall ? Microsoft's demeanor.
Still, Swen's deja vu caused some disturbance and people were advised, once more, to tighten their security and patch their systems. That alone can turn this issue of our Evil Top into another hope that someday users will be more aware of malware dangers in the future... As for the computer damage and productivity losses, nobody would like to look forward to
another similar evil summit this year.
The Virus Top Twenty from Kaspersky Labs - September 2003 -- Posted by Igor_Donchenko on Tuesday, October 14 2003
Kaspersky Labs presents the twenty most widespread viruses for September 2003.
| Position | Change | Virus Name | Percentage by Occurrence |
|---|
| 1 | = | I-Worm.Sobig | 44.75% | | 2 | new | I-Worm.Swen | 36.50% | | 3 | - 1 | I-Worm.Mimail | 6.50% | | 4 | + 1 | I-Worm.Klez | 2.52% | | 5 | + 1 | I-Worm.Lentin | 2.35% | | 6 | - 3 | I-Worm.Tanatos | 0.81% | | 7 | new | I-Worm.Dumaru | 0.68% | | 8 | - 4 | Worm.Win32.Lovesan | 0.35% | | 9 | - 2 | Worm.P2P.SpyBot | 0.14% | | 10 | re-entry | Win95.CIH | 0.11% | | 11 | = | Backdoor.SdBot | 0.09% | | 12 | re-entry | I-Worm.Ganda | 0.09% | | 13 | = | VBS.Redlof | 0.08% | | 14 | - 2 | Win32.Parite | 0.08% | | 15 | + 4 | Worm.Win32.Welchia | 0.08% | | 16 | re-entry | Win32.FunLove | 0.08% | | 17 | - 1 | I-Worm.Roron | 0.07% | | 18 | - 4 | Backdoor.Optix.Pro | 0.07% | | 19 | re-entry | I-Wom.Fizzer | 0.07% | | 20 | - 14 | Macro.Word97.Thus | 0.05% | | Other Malicious Programs* | 4.52% | | * not included in the Top Twenty |
|
