Softpanorama

Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
May the source be with you, but remember the KISS principle ;-)

Softpanorama Malware Protection Bulletin, 2008

Malware 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010
2009 2008 2007 2006 2005 2004 2003 2002 2001 2000 1999

Top Visited
Switchboard
Latest
Past week
Past month

NEWS CONTENTS

Old News ;-)

[Nov 19, 2008] Microsoft To Offer Free Security Software By Paul McDougall

"[Free] Morro will replace the subscription Windows Live OneCare service starting next year. "

November 19, 2008 | InformationWeek

Microsoft (NSDQ: MSFT) on Tuesday said it plans to kill off its Windows Live OneCare subscription security service in favor of a free offering that will feature a core of essential anti-malware tools while excluding peripheral services, such as PC tune up programs, found in OneCare.

The move could help the software maker extend its footprint in the low-cost PC market, but it might also catch the eye of trustbusters.

As a streamlined offering, Microsoft said the new service-presently code-named Morro-will be suitable for use on low-cost, low-powered Netbooks that are growing in popularity in emerging markets and in some segments of the North American computer market.

"This new, no-cost offering will give us the ability to protect an even greater number of consumers, especially in markets where the growth of new PC purchases is outpaced only by the growth of malware," said Amy Barzdukas, Microsoft's senior product manager for Online Services and Windows, in a statement.

The definition of malware covers a range of computer threats, including viruses, spyware, rootkits and trojans. Hackers, many of them connected to organized crime, often use such tools to extract sensitive data such as bank account numbers and passwords from users' PCs.

Microsoft said it will launch Morro in June of 2009, at which time it will discontinue the $49.95 per year OneCare service. Morro will be compatible with Windows XP, Windows Vista and the forthcoming Windows 7 operating systems, the company said.

[Jun 6, 2008] Spear-phishing attacks have hooked 15,000, says VeriSign - Network World

Two groups of criminals have stolen data from an estimated 15,000 victims over the past 15 months, using targeted "spear-phishing" e-mail attacks (Compare Messaging Security products), according to researchers at VeriSign.

VeriSign has tracked 66 of these attacks since February 2007 and believes that two shadowy crime groups are behind 95% of the incidents.

Don't Miss!Read the latest WhitePaper - Steps for a Successful Exchange Migration

Unlike traditional phishing attacks, which are sent to millions in hopes of luring some victims to fake Web sites, spear-phishing e-mails contain personal information, such as the name of the victim or his employer's name to make them appear legitimate. In the attacks tracked by VeriSign, victims are tricked into visiting malicious Web sites or opening malicious attachments, which then give attackers a back door onto their PCs so they can steal information.

After tinkering with their attack techniques in the first few months of 2007, the spear-phishers appear to be stepping up their campaigns.

Attacks have spiked over the past two months, said Matthew Richard, director of VeriSign's iDefense Rapid Response Team. "The bad guys have really fine-tuned both the delivery methods... as well as their use of the data," he said. "All the e-mails target businesses in some form or another. "

In April, they launched their most successful spear-phish to date. A targeted e-mailing was sent to corporate executives, informing them that they had been sued. This attack worked well because it was novel, Richard said. "The subpoena one really took people off guard," he said. "Especially at the executive level. That fear of litigation certainly scared people."

In May, over 2,000 victims were compromised with spear-phish e-mails claiming to come from the U.S. Internal Revenue Service, the United States Tax Court, and the Better Business Bureau, according to VeriSign.

VeriSign does not expect the spear-phishers to give up anytime soon."Now that they have developed this well-tuned system, they will just keep doing it over and over again" Richard said (Compare Patch and Vulnerability Management products).

[Jun 6, 2008] New crypto virus a looming threat

Network World

The emergence of a variant on a virus that encrypts the victim's data with a strong 1,024-bit algorithm so the victim can't unscramble it without paying a ransom has begun to spread, potentially posing a major threat, according to the antimalware firm which discovered it.

Windows SteadyState Disk and System Protection

Useful for daily sessions: complete protection from malware for a day.

Undo your worries with Windows Disk Protection

Windows Disk Protection keeps everything on the Windows disk partition from being permanently changed by users. This means every change made during a user session can easily be undone and the computer returned to its original state.

Create a consistent experience

On a shared computer, the goal is to create a consistent, uniform environment for all users. They should not be able to modify or corrupt the system. However, activities performed during a user session cause many changes to the operating system partition. Program files are created, modified, and deleted. The operating system also updates system information as part of its normal operation.

Windows Disk Protection clears all changes to the operating system partition whenever you restart the computer-or at whatever interval you specify.

How Windows Disk Protection works

When disk protection is turned on, it creates a cache file to retain all the modifications to the operating system or program directories. Histories, saved files, and logs are all stored in this cache file which has been created on a special partition of the system drive. At intervals you designate, Windows SteadyState deletes the contents of the cache and restores the system to the state in which disk protection was first turned on.

Set it and forget it

Choose the disk protection level that fits how your computer is used and whether or not your users need to save data for a specific length of time.

Use Windows Disk Protection, Try&Decide or ShadowMode to secure your PC by Donna Buenaventura

Jul 4, 2008

Malware infection and unwanted system changes are the biggest concerns by organizations and individuals. It's easy to be infected nowadays if the anti-virus' real-time protection failed to detect malicious behavior while a user is surfing or installing unknown programs. It's also easy to have unusable system if an update or software installation contains bugs or incompatibility with existing applications.

The above problems will be solved by using ShadowMode, Try&Decide or Windows Disk Protection. For screenshots, please refer to below images.

1. ShadowMode feature in ShadowSurfer, ShadowUser and ShadowServer

StorageCraft's ShadowServer, ShadowSurfer and ShadowUser include a feature called ShadowMode. ShadowMode will create a virtual volume so you can run your PC or server in a virtual state. Unwanted changes or malware infection will not affect the system if ShadowMode is enabled. If you will install software, updates or make a major change on the system but later realize that it is not what you like or the update has unknown or known issues, you can simply end the ShadowMode session and go back to the previous system state.

ShadowSurfer and ShadowUser are compatible on Windows 2000 and XP systems. Vista system is not supported yet at the time of this writing. ShadowServer will run on 2000 and 2003 editions of Windows Server. You can commit the changes on files, folder or entire system; continue a ShadowMode session across reboots; schedule automatic reset of the computer to previous state and schedule to enable or disable a ShadowMode session if you will use ShadowUser and ShadowServer.

The Old New Thing Windows 95 almost had floppy insertion detection but the training cost was prohibitive

Boot viruses died around this time, anyway

One feature which Windows 95 almost had was floppy disk insertion detection. In other words, Windows 95 almost had the ability to detect when a floppy disk was present in the drive without spinning up the drive.

The person responsible for Windows 95's 32-bit floppy driver studied the floppy drive hardware specification and spotted an opportunity. Working through the details of the specification revealed that, yes, if you issued just the right extremely clever sequence of commands, you could determine whether a disk was in the floppy drive without spinning up the drive. But there was a catch.

The floppy drive hardware specification left one aspect of the drive behavior unspecified, and studying the schematics for various floppy drive units revealed that about half of the floppy drive vendors chose to implement it one way, and half the other way. Here's the matrix:

Floppy Style Disk present Disk absent
"A" 1 0
"B" 0 1

The results were completely reliable within each "style" of floppy drive, but the two styles produce exactly opposite results. If you knew which style of drive you had, then the results were meaningful, but the hard part was deciding which style of drive the user had.

One idea was to have an additional "training" step built into Setup:

Once the disk was in, we could run the algorithm and see whether it returned 0 or 1; that would tell us which style of floppy drive we had.

Unfortunately, this plan fell short for many reasons. First of all, a user who bought a computer with Windows 95 preinstalled would have bypassed the training session. You can't trust the OEM to have gone through the training, because OEMs change suppliers constantly depending on who gave them the best deal that week, and it's entirely likely that on the floor of the warehouse are a mix of both styles of floppy drive. And you certainly don't want to make the user go through this training session when they unpack their computer on Christmas morning. "Thank you for using Window 95. Before we begin, please insert a floppy disk in drive A:." You can't just try to figure out what type of drive the user has by comparing the clever technique against the boring "turn on the floppy drive light and make grinding noises" technique, at least not without displaying a warning to the user that you're about to do this-users tend to freak out when the floppy drive light turns on for no apparent reason. "Thank you for using Windows 95. Before we begin, I'm going to turn on your floppy drive light and make grinding noises. Press OK."

Floppy disk insertion detection is not a sufficiently compelling feature that users will say, "I appreciate the benefit of going through this exercise."

Sadly, floppy insertion detection had to be abandoned. It was one of those almost-features.

Published Thursday, April 02, 2009 7:00 AM by oldnewthing