Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.
Security Community Blog
Showing posts tagged with Security Risks
Showing posts in English
Vikram Kumar-SAV to SEP | 06 Aug 2009 | 5 comments
Sometimes when a file is not detected as threat and you think it is a Malware and still it is not getting detected.
In order to scan it from a different antivirus you actually un-install the current antivirus to install a 3rd party antivirus you update the definitions and then scan a file.
Just to know that even that is not detecting it.
There is a easier way of scanning a file with 39 well known antivirus software with their updated definitions.
Simply submit your file to
VirusTotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, Trojans, and all kinds of Malware detected by antivirus engines.
vfernandez@juvaca.com.mx | 30 Jul 2009 | 1 comment

Televisa is the larger Television Broadcaster in Mexico and his digital content production workflow is critical to time to broadcast, even more on the News online one’s… where errors should not happen. Cost of downtime is absurd, if you know what I mean…
We were invited to provide a service in order to assure a security level, where the goal was to secure all systems on postproduction workflow; we realize that a service like that should mean not to only manage an antivirus/antimalware platform with ID and keep it updated, but to think of the customer perspective, considering all now common security risks and the best ways to handle all those under current scenarios.
Confiker worm was fast spreading all around, and a service as needed should consider supporting a thread like that and how to avoid it... What we learn from our experience was: Confiker will attack even in environments where an antivirus was correctly managed (I mean, updated, etc.)...

mon_raralio | 25 Jun 2009 | 4 comments

Misleading applications are applications that pretend to do one thing while doing another. A good example are rogue security softwares that decieves or misleads the user into thinking that there are security issues with the computer he or she is currently using and requires the installation of software to remove the “threat”.

They usually use the web browser pop-up and make the user think that this is their Explorer and then shows that it is being scanned. Previous versions just show a small pop-up (similar to when you do something with files, except this one pretends to scan)

I've come upon this at home while surfing the internet. The current websites open are Facebook, Youtube, and Google (3 of the most visited sites in the world). Everybody I know visit this page every now and then and I'm pretty sure there are no malwares in their sites. So there I was, looking into my profile and noticed that one of my friends became a fan of someone. So I moved over...

Gina Sheibley | 18 May 2009 | 1 comment

One of the keys to keeping a small business up and running is protecting critical information safe from potential spyware, malware and spam threats. Small businesses need an easy, reliable, cost-effective way to make sure their important data is secure and available. In today’s environment of exponential data growth and more sophisticated threats, protection requires more than just antivirus.

Security threats are increasing in complexity and number, and many are now designed to target specific information while also evading detection by a single security mechanism such as antivirus. And many of today’s attacks do not discriminate based on the size of the company. In addition to this the volume of information small businesses must protect continues to expand.

A multi-faceted suite that provides protection and backup and recovery capabilities will allow small businesses to protect the information that drives their businesses.

Current malware...

vikram3500 | 23 Apr 2009 | 2 comments

 Very interesting article i read the past hour up

Marshal8e6, a global provider of Secure Web Gateway and email security products, announced today the findings of its extensive botnet research conducted by the company's TRACElabs threat research group. The data, compiled during the first quarter of 2009, represents two years of in-depth research and observation which provides detailed analysis of the inner workings of major botnets that Marshal8e6 has identified as the biggest spammers.

As part of the study's findings, TRACElabs determined that the Rustock and Xarvester malware provided the most efficient spambot code, enabling individual zombie computers to send 600,000 spam messages each over a 24 hour period.

More of the Article at http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=217000203&subSection=Antivirus

Sapta | 23 Apr 2009 | 1 comment

This alert is to provide you with an overview of the new Security Bulletin being released on 14 April 2009.

New Security Bulletins

Microsoft has released eight new security bulletins:

Bulletin ID
Bulletin Title
Maximum Severity Rating
Vulnerability Impact
Restart Requirement
Affected Software

MS09-009
Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557)
Critical
Remote Code Execution
May require restart
Microsoft Office

MS09-010
Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477)
Critical
Remote Code Execution
Requires restart
Microsoft Windows, Microsoft Office

MS09-011
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373)
Critical
Remote Code Execution
May require restart
Microsoft Windows

MS09-012
...

SAM_SHAIKH | 23 Apr 2009 | 3 comments

W32.Sality

Overview
W32.Sality is a parasitic virus which infects shared drives and Windows executable files by putting its code to host files. It contains downloader functionality to further install Trojan or key logger components. Sality opens a backdoor that allow the remote attacker to get the full control over the infected computer and in turn the confidential information, representing a serious security risk.

Aliases
Microsoft - Virus: Win32/sality.am
Kaspersky - Virus.Win32.Sality.aa

Symptoms
W32.Sality has the following symptoms:

• Modifies System.ini files (Check for the modified date)
• Services listening on the network port(s).
• Unexpected network trafic to one or more of the domain(s).
• No access to File Monitor.
• Disables Safe mode boot
• Disables regedit and taskmanager
• Disables Antivirus

Characteristics
Upon execution, it starts...

brav | 22 Apr 2009 | 1 comment

Interesting Read

http://www.finjan.com/MCRCblog.aspx?EntryId=2237

[quote = www.theregister.co.uk/2009/04/22/Superbotnet_server/]

Finjan security researchers discovered the control server of the botnet after tracing back an infection from a corporate client. Evidence on the cybercrime server, which was hosted in the Ukraine, showed it had been in use since February 2009, and controlled by a cybergang of six people.

Trojan downloader malware planted on insecure websites was used to distribute the malware that seeded the botnet, via drive-by download attacks. The core group of cybercrooks were assisted by a vast affiliate network.

[/quote]

What is especially interesting is the fact that it's been operating since February 2009 and only 4 out of 39 AV Vendors are detecting the threat ...

...

riva11 | 07 Apr 2009 | 4 comments

There are many risks on internet, but if you have a good antivirus updated , you have reduced the risk of attack. But sometime is better to test if your antivirus program detecs viruses.

I found an interesting site that you can use to test run your antivirus / Antispyware program and check if you are really protected against these risks.
Antivirus researchers has created some test files that antivirus products "detect" as if it were a virus.  On THE ANTI-VIRUS OR ANTI-MALWARE TEST FILE page , you have only to download one of the different test files and see what will happen.
If you antivirus program works in the right way, the antivirus will show a message about a virus found with EICAR as virus description.

Please note the Eicar disclaimer :
Important note: EICAR cannot be held responsible when these files or your AV scanner in combination with these...

riva11 | 06 Apr 2009 | 2 comments

On H Security Conficker information site  ( thanks to Pbuogu for his post "Easy test for Conficker") , there is a list of useful links to Info pages , removal tools , network scanners and Test pages from different antivirus vendors.

In case you need an easy and quick tool to detect the Conficker virus in your computer check there sites :

Interesting to see how this virus is documented from different...