DOCSLIB.ORG

Mcafee Labs Combating Fake Alert Infections

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Mcafee Labs Combating Fake Alert Infections McAfee Labs Combating Fake Alert infections - Amith Prakash, Global Threat Response 1 What are FakeAlerts?.......................................................................................................... 2 Symptoms ........................................................................................................................... 2 Characteristics- CLASSICAL EXAMPLE OF “SOCIAL ENGINEERING”.................... 3 Warnings displayed for some typical Fake Alerts… .......................................................... 3 FakeAlert Downloader’s.................................................................................................... 4 Common locations to find files installed by FakeAlert Trojans…..................................... 6 Common FakeAlert Registry changes ................................................................................ 7 Connections to remote URL’s ............................................................................................ 7 Combating FakeAlert.......................................................................................................... 8 FakeAlert Variants............................................................Error! Bookmark not defined. What are FakeAlerts? FakeAlert Trojans are rogue security software that are made for monetary gain. It is downloaded in the victims system usually through drive-by downloads or spam. The software displays misleading fake security alerts, misleading spyware scan results and aggressive advertising in order to convince the user into buying the software to get protection. Some of the known FakeAlert variants are listed below: 1. XP antivirus 2009 2. XP antivirus 2008 3. XP Security Centre 4. Malware Protector 2008 5. TotalSecure 2008 6. IE antivirus Symptoms Fake pop-up messages about the system being infected. Unexpected network connections made to some domain(s). (Refer to “Connections to remote URL’s” – pg 8) Presence of suspicious process in taskmanager. List of common process related to FakeAlert are given below. XPAntiviru*.exe xpa.exe xpa200*.exe XP antivirus* XPAntivirus* Uninstall XPAntivirus* Uninstall XP Antivirus* Buritos.exe Braviax.exe __c00*.dat (Generic Downloader.z) *phc* *lph* *rhc* 2 scui.cpl (Generic PUP.x) VAV.CPL (Generic PUP.x) Beep.sys (existing file that gets overwritten with Generic PWS.o) ctfmona.exe ctfmonb.bmp blackster.scr (Bugs! Shareware Screensaver - clean file) Antvrs.exe Many of these Downloaders install other malware including viruses as well as other Trojans. Additionally many of them are used to remotely install Adware packages onto the affected host machine for the purposes of gaining referral revenue from the Adware software vendor. Please note: If Adware is installed via a Downloader it may install it "cleanly" with the relevant uninstaller included for the user to terminate this Adware, although frequently this is not the case. Characteristics- CLASSICAL EXAMPLE OF “SOCIAL ENGINEERING” FakeAlert is a rogue Security application. They are usually installed by Drive by Installs or through exploits. They make use of “social engineering “where in the victim chooses “yes” to a pop up that say they are infected and need to install the software. This is shown in image below. Warnings displayed for some typical Fake Alerts… Some common warnings are given below 3 ”Windows Security Center reports that 'XP antivirus' is inable. Antivirus software helps to protect your computer against viruses and other security threats. Click Recommendations for the suggested actions. Your system might be at a risk now. “ Privacy Violation alert! XP antivirus detected Privacy Violation. Some program is secretly sending your private data to untrusted internet host. Click here to block this activity by removing threats (Recommended). System files modification alert! Some critical system files of your computer were modified by malicious program. It may cause system instability and data loss. Click here to block unathorised modification by removing threats (Recommended). Internal conflict alert! XP antivirus detected internal software conflict. Some application tries to get access to system kernel (such behavior is typical to Spyware/Malware). It may cause crash of your computer. Click here to prevent system crash by removing threats (Recommended). Spyware activity alert! Spyware.IEMonster activity detected. It is spyware that attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs, including logins and passwords from online banking sessions, eBay, PayPal. It may also create special tracking files to log your activity and compromise your Internet privacy. It's strongly recommended to remove this threat as soon as possible. Click here to remove Spyware.IEMonster. FakeAlert Downloader’s We are seeing more and more hybrid downloader trojans that are installing not only a FakeAlert Trojan but other additional malware also. I recently investigated a machine that had been compromised and had two FakeAlert Trojans installed a password stealer Trojan and an adclicker Trojan. With the latest generation of FakeAlert Trojans we are seeing rootkit technology being used. NTRootKit-H http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=129931 We are also seeing more PWS components being added to these types of malware packages Generic PWS.o http://vil.nai.com/vil/content/v_132847.htm Some FakeAlerts are known to change the background, install screensavers and/or joke bluescreens to mislead the user to believe the machine has a BSOD. Bluescreen cycles between different Blue Screens and simulated boots every 15 seconds or so. Virtually all the information shown on Bluescreen's BSOD and system start screen is obtained from your system configuration - its accuracy will fool even advanced NT developers. For example, the NT build number, processor revision, loaded drivers and addresses, disk drive characteristics, and memory size are all taken from the system Bluescreen is running on. For further information on joke blue screen visit http://vil.nai.com/vil/content/v_137362.htm FakeAlert programs are known to scan the machines and show misleading scan results. Some of them detect valid files as Malware, while others drop malicious files on to the machine and detect them to gain user acceptance. The rogue security application throws fake or misleading scan results. 4 After convincing users the next step is to get MONEY…. It pops up the following registration pane to let users to type in e-mail address for purchase. 5 Common locations to find files installed by FakeAlert Trojans… The FakeAlert Trojan commonly installs to various locations on the local computer. They are listed below. TEMP folder: %USER_PROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk %USER_PROFILE%\Local Settings\Temp\.tt1D.tmp %USER_PROFILE%\Local Settings\Temp\.tt1D.tmp.vbs Start Menu: C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk Program Files directory: C:\Program Files\rhcv8nj0eefc\database.dat C:\Program Files\rhcv8nj0eefc\license.txt C:\Program Files\rhcv8nj0eefc\MFC71.dll C:\Program Files\rhcv8nj0eefc\MFC71ENU.DLL C:\Program Files\rhcv8nj0eefc\msvcp71.dll C:\Program Files\rhcv8nj0eefc\msvcr71.dll C:\Program Files\rhcv8nj0eefc\rhcv8nj0eefc.exe C:\Program Files\rhcv8nj0eefc\rhcv8nj0eefc.exe.local C:\Program Files\rhcv8nj0eefc\Uninstall.exe System Folder (ie. C:\windows\system32\) %WinDir%\system32\Restore\MachineGuid.txt %WinDir%\system32\blphcr8nj0eefc.scr %WinDir%\system32\pphcr8nj0eefc.exe (Where %WinDir% is the default Windows directory, for example C:\WINNT, C:\WINDOWS etc.) (Where %USER_PROFILE% is the default user profile folder, for example C:\Documents and Settings\Administrator if the current user is Administrator.) 6 Common FakeAlert Registry changes It creates or modifies the following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhcv8nj0eefc: 00 82 AC 48 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\AntivirXP08: "AntivirXP08" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcr8nj0eefc: "%WinDir%\System32\lphcr8nj0eefc.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SMrhcv8nj0eefc: "C:\Program Files\rhcv8nj0eefc\rhcv8nj0eefc.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcv8nj0eefc\ DisplayName: "AntivirXP08" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcv8nj0eefc\ UninstallString: ""C:\Program Files\rhcv8nj0eefc\uninstall.exe"" HKEY_LOCAL_MACHINE\SOFTWARE\rhcv8nj0eefc\domain: "5B13A361646217A08DAF45C0FAB6AA64BF0E" HKEY_LOCAL_MACHINE\SOFTWARE\rhcv8nj0eefc\ADVid: "687a874463df9e3b7abb1f2150607f7a" HKEY_LOCAL_MACHINE\SOFTWARE\rhcv8nj0eefc\: "C:\Program Files\rhcv8nj0eefc" HKEY_LOCAL_MACHINE\SOFTWARE\rhcv8nj0eefc\InstallDir:
Load more

Recommended publications
  • Symantec Report on Rogue Security Software July 08 – June 09
    REPORT: SYMANTEC ENTERPRISE SECURITY SYMANTEC REPORT: Symantec Report on Rogue Security Software July 08 – June 09 Published October 2009 Confidence in a connected world. White Paper: Symantec Enterprise Security Symantec Report on Rogue Security Software July 08 – June 09 Contents Introduction . 1 Overview of Rogue Security Software. 2 Risks . 4 Advertising methods . 7 Installation techniques . 9 Legal actions and noteworthy scam convictions . 14 Prevalence of Rogue Security Software . 17 Top reported rogue security software. 17 Additional noteworthy rogue security software samples . 25 Top rogue security software by region . 28 Top rogue security software installation methods . 29 Top rogue security software advertising methods . 30 Analysis of Rogue Security Software Distribution . 32 Analysis of Rogue Security Software Servers . 36 Appendix A: Protection and Mitigation. 45 Appendix B: Methodologies. 48 Credits . 50 Symantec Report on Rogue Security Software July 08 – June 09 Introduction The Symantec Report on Rogue Security Software is an in-depth analysis of rogue security software programs. This includes an overview of how these programs work and how they affect users, including their risk implications, various distribution methods, and innovative attack vectors. It includes a brief discussion of some of the more noteworthy scams, as well as an analysis of the prevalence of rogue security software globally. It also includes a discussion on a number of servers that Symantec observed hosting these misleading applications. Except where otherwise noted, the period of observation for this report was from July 1, 2008, to June 30, 2009. Symantec has established some of the most comprehensive sources of Internet threat data in the world through the Symantec™ Global Intelligence Network.
    [Show full text]
  • Solutions for Increased Productivity Simple “Do-It-Yourself” Tips For
    _ Solutions for Increased Productivity Simple “Do-it-Yourself” tips for speeding up your Computer So your computer is running slow. There are numerous things that can cause a slow PC. They are: • Spyware Programs running in the background without your knowledge. (Programs that spy on your surfing habits, etc, and report this info to someone else.) • Viruses, Trojans and other forms of Malware ( Mal icious Soft ware ). • Fragmented File Systems. • Lack of Hard Drive Space. • System Tray Overload After we look at these 5 “Anti-Productivity” Scenarios, we will look at ways of dealing with them, and bringing your system back up to speed. Spyware Let’s start off with Spyware. Spyware is software installed without your knowledge. How does this software get installed without you knowing about it, you ask? Remember the old saying, “The best things in life are free.” Well, as it turns out, Software isn’t one of them. You see, just because it is free for you (financially speaking), the company is still making money on it. Yes, I know.. you have the free version, and there is a full version, which you can buy. But, even the free version is making the software company money. How you ask? Spyware. This is how it works. A Big Software Company, lets call them “ Company A ”, has a product that they want to put on the market, but they don’t want the user to have to pay for it. They still however, want to make money off it though. How, you ask? This is where the Little Software Company (“ Company B ”) comes into the picture.
    [Show full text]
  • Fraudware How It Works and How to Prevent It from Attacking Your System a Fast Rhino Presentation to the Vistoso Computer Society November 11, 2012
    Fraudware How it works and how to prevent it from attacking your system A Fast Rhino Presentation to the Vistoso Computer Society November 11, 2012 Before we jump in to Fraudware, we should most likely begin by defining "Malware ", which is short for "Malicious software". We've all heard a lot in the past about viruses, adware, & spyware. Today, the industry basically refers to just about any software-based threat as "Malware". More specifically, Malware is a term used to define software that is intended to disrupt the operation of a computer, collect sensitive data, or gain access to private computer systems. Its definition is always expanding since new exploits continue to evolve. Malware consists of a broad spectrum of techniques used to infect systems, including viruses, worms, Trojan horses, rootkits, backdoors and drive-by downloads. Each of these operate differently, however, attacks can very often include a combination of these methods. And, although many of you in this room may already be aware of these, some of you may not, so please bear with me as we go through a basic understanding of these. A virus is a program that infects executable software. When it runs, it allows the virus to spread to other executables. In the spring of 1999, a man named David L. Smith created a computer virus based on a Microsoft Word macro. He built the virus so that it could spread through e-mail messages. Smith named the virus "Melissa," saying that he named it after an exotic dancer from Florida. "Melissa" was one of the first major computer viruses to get the public's attention.
    [Show full text]
  • (IN)SECURE Magazine Contacts
    It’s February and the perfect time for another issue of (IN)SECURE. This time around we bring you the opinions of some of the most important people in the anti-malware industry, a fresh outlook on social engineering, fraud mitigation, security visualization, insider threat and much more. We’ll be attending InfosecWorld in Orlando, Black Hat in Amsterdam and the RSA Conference in San Francisco. In case you want to show us your products or just grab a drink do get in touch. Expect coverage from these events in the April issue. I’m happy to report that since issue 14 was released we’ve had many new subscribers and that clearly means that we’re headed in the right direction. We’re always on the lookout for new material so if you’d like to present yourself to a large audience drop me an e-mail. Mirko Zorz Chief Editor Visit the magazine website at www.insecuremag.com (IN)SECURE Magazine contacts Feedback and contributions: Mirko Zorz, Chief Editor - [email protected] Marketing: Berislav Kucan, Director of Marketing - [email protected] Distribution (IN)SECURE Magazine can be freely distributed in the form of the original, non modified PDF document. Distribution of modified versions of (IN)SECURE Magazine content is prohibited without the explicit permission from the editor. Copyright HNS Consulting Ltd. 2008. www.insecuremag.com Qualys releases QualysGuard PCI 2.0 Qualys announced the availability of QualysGuard PCI 2.0, the second generation of its On Demand PCI Platform. It dramatically streamlines the PCI compliance process and adds new capabilities for large corporations to facilitate PCI compliance on a global scale.
    [Show full text]
  • Symantec Report on Rogue Security Software July 08 – June 09
    EXECUTIVE SUMMARY: SYMANTEC ENTERPRISE SECURITY SYMANTEC SUMMARY: EXECUTIVE Symantec Report on Rogue Security Software July 08 – June 09 Published October 2009 Confidence in a connected world. White Paper: Symantec Enterprise Security Symantec Report on Rogue Security Software Executive Summary Contents Introduction . 1 Overview of Rogue Security Software. 1 Conclusion. 9 Highlights . 10 Credits . 11 Symantec Report on Rogue Security Software Executive Summary Introduction The Symantec Report on Rogue Security Software is an in-depth analysis of rogue security software programs. A rogue security software program is a type of misleading application that pretends to be legitimate security software, such as an antivirus scanner or registry cleaner, but which actually provides a user with little or no protection and, in some cases, can actually facilitate the installation of malicious code that it purports to protect against. The perpetrators of these rogue security software scams are well-equipped to prey on Internet users. Many of these scams are very lucrative and appear to be run by highly organized groups or individuals who maintain an effective distribution network bolstered by multi-level marketing efforts. These scams employ a full range of advertising and distribution techniques to ensnare potential victims, while offering substantial profit for scam distributors, given that advertised costs for these products range from $30 to $100.1 In total, Symantec has detected over 250 distinct rogue security software programs. During the period of this report, from July 1, 2008, to June 30, 2009,2 Symantec received reports of 43 million rogue security software installation attempts from the over 250 distinct samples.
    [Show full text]
  • CONTENTS in THIS ISSUE Fighting Malware and Spam
    JANUARY 2008 Fighting malware and spam CONTENTS IN THIS ISSUE 2 COMMENT MONITORING THE NET A richer, but more dangerous web Despite the best efforts of the IT security industry it looks like the 3 NEWS malicious bot is here to Guidelines issued for UK hacker tool ban stay. Andrei Gherman looks at how botnet monitoring can provide information about bots as 3 VIRUS PREVALENCE TABLE well as helping to keep the threat under control. page 4 FEATURES HIJACKED IN A FLASH 4 Botnet monitoring As malicious web ads become increasingly 9 Rule-driven malware identification and classification common, Dennis Elser and Micha Pekrul take a close look at a Flash advertising banner belonging 12 Inside rogue Flash ads to the SWF.AdHijack family. page 12 16 CALL FOR PAPERS OUTPOST IN THE SPOTLIGHT VB2008 John Hawes discovers how firewall expert Agnitum has fared after having added malware detection to 17 PRODUCT REVIEW its Outpost Security Suite. Agnitum Outpost Security Suite Pro 2008 page 17 22 END NOTES & NEWS This month: anti-spam news and events, and Martin Overton looks at how malware authors have started to borrow techniques from phishers. ISSN 1749-7027 COMMENT “The accessing of The accessing of media-rich, collaborative sites by employees is already cause for concern in terms of both media-rich, employee productivity and security. Businesses and collaborative sites individuals are creating and uploading content to the web with little or no control over what is hosted, and this by employees is trend is set to increase. As businesses capitalize on RIAs already cause for by expanding their online services, more and more data will be stored online – and as the explosion in social concern.” networking has already shown us, the more opportunities Mark Murtagh, Websense the Internet gives us, the more points of access it gives criminals.
    [Show full text]
  • Fiscal Year 2011 Congressional Budget Justification Summary
    FEDERAL TRADE COMMISSION FIS C AL YEAR 2011 CONGRESSIONAL BUDGE T JUS T I F I C A T ION SUMMAR Y Table of Contents Overview Statement 1 Budget Request Summary ������������������������������������������������������������������������������������������������������������������������������44 Summary of Changes 45 Budgeted Resources by Objective ������������������������������������������������������������������������������������������������������������������46 Annual Performance Measures: Fiscal Years 2010 to 2011 48 Proposed Appropriations Language 53 Table of Contents Fiscal Year 2011 Budget Justification Summary Federal Trade Commission Fiscal Year 2011 Overview Statement The Federal Trade Commission (FTC) is the only federal agency with jurisdiction to enhance consumer welfare and protect competition in broad sectors of the economy. It enforces the laws that prohibit business practices that are anticompetitive, deceptive, or unfair to consumers, and seeks to do so without impeding legitimate business activ- ity. The FTC also educates consumers and businesses to encourage informed consumer choices, compliance with the law, and public understanding of the competitive process. Through enforcement, advocacy, education, and policy work, the FTC protects consumers and promotes competi- tive markets in both the United States and around the world. Highlights of FY 2009 Accomplishments In fiscal year
    [Show full text]
  • Trojans, Click Fraud, and Money Appeals Are Just a Few of the Vectors That Help Malware Writers Take Advantage of Internet Users Mcafee Security Journal Fall 2008
    Security Vision from McAfee® Avert® Labs Fall 2008 SOCIAL ENGINEERING The World’s Leading Security Threat TROJANS, click fraud, and money appeals are just a few of the vectors that help malware writers take advantage of Internet users McAfee Security Journal Fall 2008 Editor Contents Dan Sommer Contributors Anthony Bettini Hiep Dang Benjamin Edelman Elodie Grandjean 4 The Origins of Social Engineering From Odysseus’ Trojan horse to Jeff Green phishing on the Internet: Deception just won’t go away. By Hiep Dang Aditya Kapoor Rahul Kashyap Markus Jacobsson 9 Ask and You Will Receive The psychology of social engineering: Karthik Raman Why does it work? By Karthik Raman Craig Schmugar 13 Social Engineering 2.0: What’s Next Click fraud appears one of the Statistics most likely threats that we’ll face in the near future. By Markus Jakobsson Toralv Dirro Shane Keats 16 The Beijing Olympics: Prime Target for Social Engineering Malware David Marcus The five rings, and other major events, are an irresistible attraction for François Paget malware authors. By Elodie Grandjean Craig Schmugar 22 Vulnerabilities in the Equities Markets Can hackers make money Illustrator from Patch Tuesday and other company news? By Anthony Bettini Doug Ross 28 The Future of Social Networking Sites Lots of money and users make Design social sites another magnet for malware. By Craig Schmugar PAIR Design, LLC 31 The Changing Face of Vulnerabilities Social engineering tricks can Acknowledgements lead users into holes in software. By Rahul Kashyap Many people helped create this issue of the McAfee Security Journal. We would like to cite a number of the key 34 Typosquatting: Unintended Adventures in Browsing Incautious web contributors: the senior executives at browsing can lead to the unexpected.
    [Show full text]
  • CONTENTS in THIS ISSUE Fighting Malware and Spam
    APRIL 2009 Fighting malware and spam CONTENTS IN THIS ISSUE 2 COMMENT ROGUE TRADERS Flooding the cloud Rogue anti-malware applications have been around for several years, 3 NEWS conning and causing Ghostly goings on confusion among users as well as posing problems for anti-malware Internet fraud complaints rise vendors. Gabor Szappanos takes a look at a piece of anti-virus scamware. page 9 3 VIRUS PREVALENCE TABLE APPLE CATCHER Mario Ballano Barcena and Alfredo Pesoli take 4 TECHNICAL FEATURE a detailed look at what appears to be the fi rst real attempt to create a Mac botnet. Anti-unpacker tricks – part fi ve page 12 VB100 ON WINDOWS XP MALWARE ANALYSES VB’s anti-malware testing team put 9 Your PC is infected a bumper crop of products through their paces on Windows XP. Find out 12 The new iBotnet which products excelled and which have some more work to do. page 15 15 COMPARATIVE REVIEW Windows XP SP3 36 END NOTES & NEWS This month: anti-spam news and events; and John Levine looks at message authentication using Domain Keys Identifi ed Mail (DKIM). ISSN 1749-7027 COMMENT ‘An even better mutated variations of malware in large volume. While this strategy won’t work against all technologies solution is to be (for example it is ineffective against HIPS, advanced proactive in the heuristics, generic detection etc.), it is well worth the cloud.’ effort for its ability to evade signature detection. I was interested to fi nd out whether these explanations Luis Corrons could be verifi ed by our detection data – for example Panda Security to see for how long each threat was active.
    [Show full text]
  • Listado De Falsos Antivirus / Falsos Antispywares / "Rogue Software"
    Listado de Falsos Antivirus / Falsos Antispywares / "Rogue Software" http://www.forospyware.com/t5.html El siguiente listado fue generado y es mantenido por el equipo de "ForoSpyware.com" con colaboración de SpywareWarrior (lugar donde se origino el primer listado oficial y el cual se encuentra descontinuado desde Abril del 2007), por lo que desde esa fecha en más, los programas listados son enteramente de nuestra responsabilidad e investigación. Si tiene cualquiera de estos programas desinstálelo inmediatamente si no quiere correr el riesgo de infectarse con la misma basura que irónicamente muchos de ellos dicen quitar (virus/spyware) Que es un Falso Antivirus / Antispyware? Se le denomina Rogue Software (o también Rogue, Rogueware, FakeAVs, Badware, Scareware) a los “Falsos” programas de seguridad” que no son realmente lo que dicen ser, sino que todo lo contrario. Bajo la promesa de solucionar falsas infecciones, cuando el usuario instala estos programas, su sistema es infectado. Estos falsos Antivirus y Antispyware están diseñados para mostrar un resultado predeterminado (siempre de infección) y no hacen ningún tipo de escaneo real en el sistema al igual que no eliminaran ninguna infección que podamos tener. • Ver artículo completo de: Qué es el Rogue Software o FakeAV ? • Ver nuestra recopilación de imágenes de Falsos Antivirus en Flickr Falsos Antispywares / Antivirus / Rogue Software, FakeAVs: Ultimas inclusiones: 47 nuevos Rogue Antispywares. Ultima Actualización: - 01 de Septiembre del 2009 - 898 aplicaciones: 1. #1 Spyware Killer 2. 1 Click Spy Clean 3. 100 Percent Anti-Spyware 4. 1-2-3 Spyware Free 5. 1stAntiVirus 6. 2004 Adware/Spyware Remover & Blocker 7. 2-AntiSpyware A 8.
    [Show full text]
  • MARCH 2006 45 50 39 Project2 1/20/06 10:55 AM Page 2
    0306red_cover.v2 2/14/06 10:45 AM Page 1 Spyware: Readers Strike Back! 39 MARCH 2006 WWW.REDMONDMAG.COM TheThe 800800-Pound-Pound GorillaGorilla Can Microsoft Be Knocked Off Its Perch? 28 > $5.95 03 • New Column MARCH Mr. Roboto: Automation for the Harried Administrator 50 25274 867 27 71 Your Worst IT Nightmare 45 Project2 1/20/06 10:55 AM Page 2 Get your FREE trial version of GFI MailSecurity today! GFI MailSecurity for Exchange/SMTP is an email content checking, GFI MailSecurity for Exchange/SMTP Features exploit detection, threats analysis and anti-virus solution that removes Multiple virus engines all types of email-borne threats before they can affect your email users. Norman Virus Control and BitDefender virus engines included GFI MailSecuritys key features include multiple virus engines, to guarantee Kaspersky and McAfee virus engines optional higher detection rate and faster response to new viruses; email content Trojan & Executable Scanner and attachment checking, to quarantine dangerous attachments and Email content and attachment checking content; an exploit shield, to protect against present and future viruses Exploit shield based on exploits (e.g., Nimda, Bugbear); an HTML threats engine, to HTML threats engine disables HTML scripts disable HTML scripts; a Trojan & Executable Scanner, to detect malicious Best of breed Exchange and gateway message scanning technology executables; and more. Spyware detection Detection of attachment extension hiding Embedded mail scanning Approve/reject quarantined mail using the
    [Show full text]
  • APCERT Annual Report 2008
    AAPPCCEERRTT 22000088 AAnnnnuuaall RReeppoorrtt APCERT Secretariat E-mail: [email protected] URL: http://www.apcert.org 1 CONTENTS Chair’s Message 2008 3 I. About APCERT 4 1. Objectives and Scope of Activities 4 2. APCERT Members 6 3. Steering Committee (SC) 7 4. Working Groups (WG) 7 II. APCERT Activity Report 2008 8 1. APCERT Activities & International Relationships/Engagements 8 2. APCERT SC Meetings 12 3. Approval of New General / Full Members 12 4. APCERT Website 12 III. Activity Reports from APCERT Members 13 Full Members 13 1. AusCERT Activity Report 2008 13 2. BKIS Activity Report 2008 23 3. CERT-In Activity Report 2008 25 4. CNCERT/CC Activity Report 2008 38 5. HKCERT Activity Report 2008 49 6. JPCERT/CC Activity Report 2008 54 7. KrCERT/CC Activity Report 2008 59 8. MyCERT Activity Report 2008 66 9. SingCERT Activity Report 2008 71 10. ThaiCERT Activity Report 2008 73 11. TWCERT/CC Activity Report 2008 78 12. TWNCERT Activity Report 2008 88 13. VNCERT Activity Report 2008 90 General Members 94 14. BDCERT Activity Report 2008 94 15. SLCERT Activity Report 2008 100 2 Chair’s Message 2008 First of all, I would like to welcome everyone to the APCERT Conference 2009, hosted for the first time in this beautiful city, Kaohsiung. The security and threat landscape in 2008 did not improve much compared to the previous years. Distributed denial of service attack, peer-to-peer based malware, fast-flux hosting, and phishing are all part of the underground economy and not showing any signs of slowing down.
    [Show full text]