Video Screencast Help
Security Community Blog
Showing posts tagged with 9.x and Earlier
Showing posts in English
Satyam Pujari | 21 Aug 2009 | 5 comments

Symantec’s Web site ratings service Norton Safe Web presents the Dirtiest Web Sites of Summer 2009 – the top 100 infected sites based on number of threats. Norton Safe Web is a new reputation service from Symantec. 

What makes these sites so dirty?
Symantec explained it by pointing out the fact that the average number of threats per malicious site rated by Norton Safe Web is 23. With that said, the average number of threats on the Dirtiest Web Sites list is a staggering 18,000 per site. Forty of the top 100 have more than 20,000 threats per site. Moreover, 75-percent of sites on the list have distributed Malware for more than six months.

“This list underscores what our research shows. There has been exponential growth in the number of online threats that are constantly evolving as cybercriminals look for new ways to target your money, identity, or assets. In 2008, most new infections occurred while people were...

Vikram Kumar-SAV to SEP | 06 Aug 2009 | 5 comments
Sometimes when a file is not detected as threat and you think it is a Malware and still it is not getting detected.
In order to scan it from a different antivirus you actually un-install the current antivirus to install a 3rd party antivirus you update the definitions and then scan a file.
Just to know that even that is not detecting it.
There is a easier way of scanning a file with 39 well known antivirus software with their updated definitions.
Simply submit your file to
VirusTotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, Trojans, and all kinds of Malware detected by antivirus engines.
IanZ | 20 Jul 2009 | 1 comment

Last year, we started looking at SEP11. As we're still running on SAV8 for majority of the servers and clients, with a few SAV9 and SAV10, I believe it's about time to start upgrading to the latest version. I checked the features, documentations, forums, blogs, articles and everything about SEP and I'm getting a negative feedback, a lot of people are complaining. Some even call it a nightmare! Very discouraging. I kept on thinking, as the Server Technology Analyst and only 1 year with the company, I don't want to risk my new job as well as mess around with the servers. Is SEP11 ready for primetime, or is it a disaster? SEP11 is September 11, hmmm, a 9/11 disaster! So we didn't rushed to deploy this. Instead, I started working on test servers and clients. At the same time, as I'm the only one who's going to deploy and implement this, I need to have a plan, a very safe one.

I created a project plan, first looking at the existing SSC setup and...

Rafeeq | 16 Jul 2009 | 8 comments

Hi There,

I'm Rafeeq, I work as a security consulant for a client, we handle their entire security infrastructure,including IPS signatures and network monitoring.
My client has around 2000+ computers in their environment. They had a mixed enviroment consisting of SAV 8.x and SAV10 running on two different domains with mixed mode. Their license was about to end for SAV 10 this september , hence they decided to go for an upgrade , client did not have any second thoughts of chosing different antivirus vendors no matter even if it comes for free, the reason they had (i'm sure we all agree to these points :) )

1) The detection rate of symantec is higher than any other antivirus companies i agree to this coz symantec has global sensors all over for this detection

              4 symatnec SOC
              74 symantec Monitored Countries...

mon_raralio | 25 Jun 2009 | 4 comments

Misleading applications are applications that pretend to do one thing while doing another. A good example are rogue security softwares that decieves or misleads the user into thinking that there are security issues with the computer he or she is currently using and requires the installation of software to remove the “threat”.

They usually use the web browser pop-up and make the user think that this is their Explorer and then shows that it is being scanned. Previous versions just show a small pop-up (similar to when you do something with files, except this one pretends to scan)

I've come upon this at home while surfing the internet. The current websites open are Facebook, Youtube, and Google (3 of the most visited sites in the world). Everybody I know visit this page every now and then and I'm pretty sure there are no malwares in their sites. So there I was, looking into my profile and noticed that one of my friends became a fan of someone. So I moved over...

Bored Silly | 28 May 2009 | 7 comments

A Zero-Day virus is defined as, "a previously-unknown computer virus or other malware for which specific antivirus software signatures are not yet available."    Everybody has their different tricks and techniques when it comes to dealing with Zero-Day remediation.  This is what I do when someone calls me suspecting they are infected on my network.

1. You’ll need a copy of the PSLIST tool from the Sysinternals or PSTools Suite. From a command prompt launch: PSLIST -s \\computer-name or PSLIST \\computer-name

  • Note: Drop the -s to see a static view of the processes but keep in mind that some malware only stays visible for seconds or will constantly change it's port numbers.
  • Note #2: You hit ESC to exit the -s mode

2. Examine the list of running processes to see...

skjordansk | 30 Apr 2009 | 8 comments

I would believe that the first step to resolving a LiveUpdate issue is to upgrade it to the latest version using this link:

http://service1.symantec.com/Support/sharedtech.ns...

I would like to know people's thoughts on this. The idea is to not spend 15 minutes troubleshooting the issue, since the update may resolve it to being with. Besides, having the latest version of LiveUpdate will prevent any future errors from occuring.

riva11 | 30 Apr 2009 | 9 comments

I'd like to share an interesting application that allows to uninstall dozens of different antivirus programs from a computer system.
It can help for example in case you have to remove an antivirus applications in case of errors during removal or when you need to replace a security application with another .

The AppRemover program is a portable software , free for your personal, non-commercial, use.

Supported Operating Systems :
Windows 2000, 2003, XP (32 / 64 bit), Vista (32 / 64 bit), 2008, Windows 7 beta

Antivirus & Antispyware Applications removed : Support Charts 

Link : AppRemover

SAM_SHAIKH | 23 Apr 2009 | 3 comments

W32.Sality

Overview
W32.Sality is a parasitic virus which infects shared drives and Windows executable files by putting its code to host files. It contains downloader functionality to further install Trojan or key logger components. Sality opens a backdoor that allow the remote attacker to get the full control over the infected computer and in turn the confidential information, representing a serious security risk.

Aliases
Microsoft - Virus: Win32/sality.am
Kaspersky - Virus.Win32.Sality.aa

Symptoms
W32.Sality has the following symptoms:

• Modifies System.ini files (Check for the modified date)
• Services listening on the network port(s).
• Unexpected network trafic to one or more of the domain(s).
• No access to File Monitor.
• Disables Safe mode boot
• Disables regedit and taskmanager
• Disables Antivirus

Characteristics
Upon execution, it starts...

BNH | 21 Apr 2009 | 1 comment

In the past, we see threats modify Windows host file to redirect AV vendor websites to 127.0.0.1 loopback address.
Some security software also injects known bad URLs into the same host file with 127.0.0.1 loopback address.

Well nowadays the bad guys are getting smart and does more advanced stuff than host file modification.

In few recent malwares [ie. Conficker aka Downadup], we see that infected machines are unable to access AV vendor sites although the host file is empty.
And ping to av website yield a 127.0.0.1 address resolution.

Well now there are a few tricks we can do to evade this issue.

Its an old trick by removing DNS cache on our machine and check it everytime required to the DNS server.
Microsoft has a KB for this as written in support.microsoft.com/kb/318803 .
It is as simple as typing : 'net stop dnscache' or 'sc servername stop...