New Rogue Sighted: Smart Engine

by Andy on October 12th, 2010 in Security Alert.

Check out the details on the Rogue's Gallery at http://www.lavasoft.com/mylavasoft/rogues/latest



October is Cybersecurity Awareness Month so we thought we'd contribute by providing some practical, easy to digest and useful information on how to strengthen your PC's defences against attacks.

I'll be discussing what to secure and exactly how to do it, focusing on the ‘how’ more than the ‘why’. Just follow along - it’s easy. Here's what will be covered in some upcoming blogs:


Adobe have published a security update addressing critical vulnerabilities in Adobe Reader 9.3.4 and Acrobat 9.3.4 (and earlier versions)

The vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system.

Windows users of Adobe Reader 9.3.4 and Adobe Acrobat 9.3.4 (and earlier versions) are advised to upgrade to Adobe Reader 9.4

To upgrade to the latest version of Adobe Reader, visit http://get.adobe.com/reader/


Adobe will publish security updates addressing a critical vulnerability in Reader & Acrobat (CVE-2010-2883) on 5th October 2010.


The BBC have reported that nineteen people have been arrested in London under the Computer Misuse Act.

Read the full report here: http://www.bbc.co.uk/news/uk-11431989

Those arrested are suspected of stealing millions of pounds in the past few months. Its encouraging to see high profile arrests for serious cybercriminal activity.

We saw something similar in Manchester last year. The UK's e-Crime Unit are clearly on the ball:

http://www.lavasoft.com/mylavasoft/company/blog/malware-arrests-send-mes...



Avoiding Malicious Sites

by Andy on June 2nd, 2010 in Security Tips.

Malware distributors often hijack current events to serve malware and with the FIFA World Cup almost upon us (come on Northern Ireland!! Oh.. wait..) a deluge of booby trapped sites appearing in search engine results is inevitable.


I found a couple of slides from a company internal training session and thought I would share them. It's just to give an example of the kind of work the Lavasoft research team at Malware Labs does.

It describes the binary analysis of a Win32.TrojanDropper.KGen sample, the malware multi-component structure and the payload it implements.


The trend of exploiting current news events to deliver malware continues to push the boundaries of decency. Its not very often we are taken aback by malware distribution methods, but the recent vulture-like exploitation of the Air France disaster and deaths of Michael Jackson and Farrah Fawcett really is plumbing the depths of social engineering techniques.


You may have seen the headlines last week about a series of worm attacks on Twitter. As we know that many of you use the site (and maybe even follow the team here at Lavasoft on it) we’d like to take a moment to clarify what it was and how you can stay safe.

 


If you follow online security news, there’s little chance that you haven’t heard about Conficker – a new worm that has received extensive media coverage in the past weeks, due in part to Microsoft’s offer of a $250,000 bounty in return for information leading to the arrest of the malware’s perpetrators.


With the new version of Ad-Aware, comes a new classification: Potentially Unwanted Program, or "PUP". Why classify something as a "potentially unwanted application"?


In case you missed this bit of security news last week, according to Heise Security -

"A team of researchers from Bonn University and RWTH Aachen University have analysed the notorious Storm Worm botnet, and concluded it certainly isn't as invulnerable as it once seemed."

Analysts attempting to traverse the Storm botnet without being detected has proven it to be complex - discovery usually leads to a DDOS attack on the researcher. Having carried out such research covertly and claiming that the botnet can be rapidly taken down is highly significant in terms of the resultant reduction in spam levels and ability to carry out DDOS attacks.

Microsoft's attempts to disrupt the botnet with the Malicious Software Removal Tool, while not definitive, are proving successful. Malware analysts and observers far and wide welcome the news that these researchers have gone one step further by announcing it is theoretically possible to fatally damage the Storm botnet with a single strike.

But, the researchers have noted that there are legal concerns involved in the solution. It's ironic that a single strike that has the potential to take the Storm botnet down from the inside is punishable under German law (and the same may be true in other parts of the world, as well). The Storm botnet is so significant that most people would agree that, when it comes to permanently disrupting it, the end justifies the means. This particular situation gives rise to an ethical dilemma but, ultimately, using illegal methods is not acceptable, however frustrating it may be. Still, even if the researchers are not able to deploy this solution, the data gathered from this research will take us a significant step towards combating and defeating Storm.