The Malware Holy Grail


Virus writers are evolving the use of encryption and other techniques to hide malicious code from detection software. They have direct access to the operating system documentation (for Windows, Mac, etc.); the same documentation used by developers. They have traditionally made sure they're malicious code evades detection by signature based antivirus detection. This fact and economics means the number of crackers and malicious attacks will continue to increase.In spite of this, researchers have been baffled as to how the Flame Malware has been devised to avoid detection for two years (not matching the available antivirus signatures) with the ability to infect fully patched Windows 7 machines… Security Researchers have identified 'Windows Update' as the mechanism Flame uses to infiltrate and compromise networks.Network InfectionCrackers exploited a flaw in the Microsoft Terminal Services licensing certificate authority, which allowed them to generate a new certificate that was "signed" by Microsoft. This particular kind of certificate (valid from February 2010 and February 2012) gave crackers a clear avenue into most computers running Windows.This sophistication in malware creation has never been seen before. Many security experts are just amazed, calling it "the Holy Grail of malware writers" and "the nightmare scenario". Antivirus Researchers (such as) Symantec and Kaspersky said that Flame didn't actually compromise anything in 'Windows Update' and it did not compromise the service or servers.Computer to Computer InfectionFlame conducted an imitative deception operation of Windows Update (a military grade attack). Using this process it was able to make all other computers on the network believe, that it's the Windows Update server. It Then collected the NetBIOS information (which identifies each computer) and used that info to send Windows Update requests through Internet Explorer. Flame makes itself a Web Proxy Auto-Discovery Protocol (WPAD), and sends configuration files to all of the requesting PC's.Configuration files sent from computer to computer through the WPAD directs the compromised machine to redirect all traffic through the infected machine. When Flame detects a URL request matching the Windows Update URL, it transmits a new downloader (disguised as an update from Microsoft) to infiltrate the machine disguised as a '.cab' file. Once the update is executed, it downloads a copy of Flame from the infected machine to the clean machine.Microsoft (upon detection) has blocked three certificates that were used by attackers, preventing additional spoofing of Windows Update (as long as there are no more rogue certificates in the wild). They have also implemented prevention procedures to stop others from creating new code signing certificates.Attack Vectors and InstructionsFlamer spreads from computer to computer, however; It doesn't do that automatically, instead it waits for the attacker to send instructions. Here are the additional methods that Flamer uses to spread:- It uses captured credentials from administrators - spreads through network shares.- It uses (CVE-2010-2729), spreading through a Microsoft Windows Print Spooler Service Remote Code Execution Vulnerability, which was previously used by Stuxnet.- It uses removable media - spreading through a specially crafted autorun file.- It uses removable drives - spreading through a special directory that hides the files. It can execute automatically while viewing the USB drive, if combined with the (CVE-2010-2568), the Microsoft Windows Shortcut 'LNK/PIF' Files Automatic File Execution VulnerabilityThe Last vector has not been seen before (using junction points exclusively). A junction point is actually an alias to a directory, which has some special attributes. The interesting thing is that Flamer uses junction points, and makes them hide its files and enable auto-execution.Flamer creates a directory and places three files there -' ', '' and '' the configuration file in the '' file causing this directory to work as a junction point. However, Flamer uses a special trick, to make the junction point lead to a file instead of a directory. So this directory leads to a file named ''. That means that this folder won't be accessible by the user, and the files inside will be hidden.Flamer uses (CVE-2010-2568) Microsoft Windows Shortcut 'LNK/PIF' Files Automatic File Execution Vulnerability to be executed. Then the '' file will be used and automatically parsed, and by using the "shortcut" vulnerability, it will execute the Flamer (). Additionally, Flamer might change it's names to , , , or probably any other name.In ConclusionFlamer uses new techniques to get executed and hide itself. Moreover, it exploits the old techniques too. It is incredibly large, and it will probably show us some more techniques as new versions continue to morph. BitDefender, Kaspersky, Norton and some of the other antivirus companies have released a free tool which removes the scariest cyber espionage tool ever. Please use one of the automatic removal tools listed below to eradicate this weapon.

W32 Trats


W32 Trats is a type of virus. People who want to do harm to a computer or steal information from your computer usually construct most viruses. However, some viruses are made by accident. Nevertheless, all viruses are dangerous if not annoying. The W32 Trats virus is a low-level threat and there are two cures for it. Seek the help of an IT professional any time you think you may be infected because some virus cures require manual removal, which can be harmful to your operating system.Symantec, a well-known manufacturer of anti-virus software, discovered the W32 Trats virus December 6 2007. Sophos and McAfee, other manufacturers of anti-virus programs, detected the virus on December 6 and 10 respectively. They all released their first defense against the virus the same day they discovered them.The newest revisions of the virus definitions took place in January 2009, meaning they no longer update for this virus. The last version update is sufficient at preventing or disinfecting W32 Trats if they find the infection again, but it has essentially been declared as mostly eradicated or so low risk that it would not harm any computer with the most up to date antivirus or antimalware software on it.The W32 Trats infection infects .exe files, which is any program that runs and must be installed, such as Microsoft Word, or other software program that must be double clicked in order to install and run it. Because it only infects executable files, most text files and word documents are safe, until you attempt to open them on an infected computer.This infection also attempts to contact a remote host computer meaning that the virus tries sending information to the computer from which it originated - its host IP address is 85.17.173.196, as revealed by Symantec, and if you notice any network traffic going to this destination, then you are confirmed infected with Trats.This article is for informational purposes and is the opinion of the author which may not be the opinion of the site that this article links to.If you are in need of grants management systems and grant management systems, you can go online to get information and learn more about how these work.

Benefits Of Making Phishing Awareness A Necessity


The main objective of phishing attacks and phishing emails are to deceive or trick an individual user by making him/her think that the source of the mail is authentic. Phishing attacks are meant to steal people of their private and confidential data. There have been numerous instances, where individuals and employees of leading enterprises have reported that phishing mails appear sanguine at first glance. Furthermore, most of them have a compelling content, that urges the reader to part with their personal data or click on the links provided that leads to fictitious websites. These mails generally ask the readers to reply immediately via mail, reply to a phone request or visit an unknown URL.However, if analysed carefully every phishing mail offers clear clues that can let a user know that the link and message is not authentic. Any URL links to web portals that are sent via phishing mails generally opens a web page that though appears like an original brand name, but has certain aesthetic or syntax errors that clearly prove its fraudulence. Ebay, leading banks, Alibaba and other online e-cash and e-commerce sites are common targets and have suffered largely owing to phishing attacks. All these negative impacts needs to be dealt effectively and needs efficient phishing awareness programs.Features of a Phishing MailToday innovative phishing awareness solutions help in educating a layman and employees know more about the features of a Phishing mail. Such emails most often make use of emotional triggers and force users to respond on impulse. Research has revealed that the possible indicators of phishing e-mails comprise of the following:* Improper grammar* Spelling errors* The email address not matching with the enterprise name* Using the name of a real company but providing an incorrect email - address* Forced attempts to prove its authenticity, by making use of words such as "Official"* Has unsolicited request for personal informationIn the recent past, though there has been several standard solutions for phishing protection, most of them have been only addressing the "people risk" aspect of a phishing attack. Furthermore, one of the recent trends that gained prominence is the "incident based reactive approach" that analysis the risk and impacts of phishing based on a particular incident. Esteemed solution providers today provide high-end anti phishing software that helps in updating individuals and employees about the negative impacts of social engineering attacks. Features of this software include the following:* Enables an enterprise in analysing the potential phishing attacks* Provides flexible reporting and includes them back into an organization's chief performance-indicator framework* Provides a detailed "road map" solution focusing on the security awareness and training within an enterprise* Assists in identifying weakness within people, method and technology links* Helps in prioritizing remediation attempts through useful benchmarking and maturity analysis* Helps in increasing employee awareness and expertise to safeguard crucial informationData and network security are two crucial elements that every organization needs to focus on for smooth day-to-day functioning. Advanced phishing protection solution helps an enterprise to attain the same seamlessly and helps in the efficient transfer of data.

Spyware Removal. Pop-ups And Browser Redirects


Nowadays almost all of us use a PC on a daily basis and unfortunately most of us have experienced issues caused by viruses or spyware. If you are have experienced these issues in the past, you will have some idea of how tricky spyware removal and virus removal can be.For those of you who have not, it is possible that these stealthy programs have both compromised your privacy and affected your PC's performance without your knowledge.How can I tell if I have a spyware problem?Whether using a PC for work purposes, online shopping or simply to keep up-to-date with our friends through social media sites such as Facebook or twitter, it's safe to say that many of us now know how to perform basic everyday tasks and know exactly what to expect when using programs such as web browsers. But what happens when things happen that we don't expect?For instance, imagine for a second that you are shopping online for a new pair of shoes and suddenly without warning your Internet browser is redirected to a totally unrelated page which offers you deals on car stereos. You may be inclined to think that somewhere along the line you have clicked a wrong button. But low and behold when you try again, the same thing happens.What is happening?… Is my PC broken?No. Your PC is not broken but this is a clear indication that spyware may be present on your system and that spyware removal may be necessary. Spyware programs have the ability to cause minor annoyances such as allowing pop-ups to appear or the redirecting of your Internet browser, but there are far more worrying aspects to spyware.Spyware programs also have the ability to create a record of everything that you type on your keyboard. This allows spyware to collect all of your personal information, including names, addresses, e-mail addresses, passwords and bank/credit card details. These programs can give the author complete access to your virtual identity, allowing them to use your information in a variety of ways, ranging from low-risk problems such as the advertising of third-party products to you via pop-ups, right up to the more serious high-risk problems including identity theft.If you fear that your system may be infected, you should contact a spyware removal expert for help as soon as possible.

What Are The Different Kinds of Malware?


Most of the users going online today are very casual about the internet security and they know minimum about online threats. Whenever, they face issues with their PC they consider it any minor and temporary PC problem and simply ignore them. It happens because users don't really understand that the problem is actually caused by a malware that may be a virus, Trojan or others. Those who can understand the symptoms and types of malware don't really wait till the system crashes down rather they seek the right kind of support and repairs so the threats could be prevented within time. The users who know about malware and other online threats can take recourse to updated antivirus programs in a bid to prevent such threats. What is malware? Malware is in fact a malicious software that is programmed to hack your PC and steal or destroy important data and information. The malware is a broader term that refers to every type of malicious software which is designed and created with the intention of damaging PCs and stealing important data and information. It targets the PCs connected to the internet and sometimes make the users suffer financially as well. Some of the categories of malware include viruses, Trojan horses, worms, spyware and rootkits. This article lets you know about various types malware that can infect your PC. In this article you will know about the mode of infection and features of these online threats. Viruses Viruses are the most frequent type of malware that we know. Some viruses that have made huge impact in the past include ILOVEYOU bug, the Melissa, and the Chernobyl virus. Due to these viruses, companies have suffered huge losses amounting in millions of dollars. While active during their peak, these viruses impacted thousands of PCs and crippled the entire email server of many companies. At one point of time, the companies like Intel and Microsoft had to shut down their emailing servers because of the fast increasing impact of these viruses. The viruses that have appeared in the past had a feature of stealing the contacts from the address book of the infected PC and sending them to many PCs either via the MS Outlook or other email accounts. The virus sends the email with an attachment containing an alluring note to befool users. It is very difficult to remove malware from the system as it gets glued to almost every removable hardware component that is attached to the infected PC or device. The features and mode of infiltration of these computer viruses are very similar to computer worms as both infect the files on the system and gradually make the system slow to an extent that it becomes unusable. To fix the PC you first need to remove these files as they get infected with the virus. Worms Computer worms can be termed as the self-replicating malware. It is widespread and available everywhere on the web. If you are thinking that they are not a major threat to the PC and you can easily get rid of computer worms then you are totally mistaken as worms are stubborn and it is not easy to remove them. One remarkable thing about the worms is their ability to go undetected even after staying for months in your PC. Gradually they begin deleting your files, slowing down your programs and creating ways for other malware to get into the system. Certain worms can also create backdoors for hackers. Worms often attach themselves with files and attachments and infect PCs through mass mailing. So be cautious about these highly dangerous computer worms and always keep your PC protected with an updated antivirus program. Trojan Horses This is one of the most dangerous types of malware. Trojan plays trick to befool the users. They exist in the PC in the guise of some genuine program or file that makes it very difficult for the users to detect the infection. Trojan mostly exists as a document, genuine photo or application to avoid detection. The moment you click on either of it, the malware gets executed and starts harming your PC and programs. Although, it doesn't replicate itself but is capable of inserting many worms and viruses that make irreparable damage to the PC. Some other types of malware include spyware and rootkits. Spyware infects the target PC via ads, message pop ups and browser redirection. They divert you to a malicious web page or website and thus insert the infection into your PC. The best way of preventing these threats is to install an updated antivirus program on your PC. Moreover, be always alert and cautious while you are clicking on an email or attachment coming from a strange source.

New Age Anti Phishing Software for a Networked Enterprise


Technological innovation over the years has provided organizations with the best tools to drive their business operations. Topping to the list of technology innovation that is most used in today's techno savvy business environment is the Internet which has given a business houses a worldwide access to enter newer markets. Further, the concept of the world wide web has slowly but steadily moved into the enterprises to form a widely networked global organization.However, the internet has become indispensable today. Though it plays a major role in providing a fast and easy method of electronic communication in both day-to-day business and the social circles, it also challenges the internet user with security threats, frauds and phishing attacks. Thus organizations need to do away with ineffective security measures and cater advanced tools to protect the people and process to ensure safety of the business operations. Sophisticated technology alone cannot withstand the pressures from malicious attacks, but require proactive initiatives and timely implementation to control the phishing attacks.The phishing attacks are ways and means to extract critical information from the unsuspecting internet or network end users. With the information extracted in the form of passwords, user name or other basic critical information either personal or professional, these fraudsters then extend their operations to dig out deeper information vital for the organization, leading to security breaches. The standard phishing protection solutions used by most of the organizations address the technology and the process used and some solutions also addresses the people risk factor. However, today's technology based highly networked business organizations need effective anti-phishing software that will cover all aspects of phishing protection.Enterprises today use anti-phishing tools to provide organizations with estimates of security awareness among the employees, identifies data leakage and evaluates data loss and prevention. Further, eminent service providers deploy simulated phishing attacks to prepare the employees with the necessary knowledge to handle real-time attacks. The anti-phishing software also benefits organizations to -??? Assess their employees awareness level on social engineering and its side effects.??? Estimate the probable hazards associated with phishing??? Provides a "road map" solution for ensuring security awareness within the enterprise??? Recognizes the weak links from among the people, method and technology??? Prioritizes remedial action by benchmarking and maturity analysisSuch effective diagnostic anti-Phishing software will help to increase employee awareness against Phishing attacks and safeguard business critical information from the hands of the malicious organizations need to do away with ineffective security measures and cater advanced tools to protect the people and process to ensure safety of the business operations.

How Can You Prepare For The Next Conficker Worm?


So just like many IT professionals you fell fowl of the conficker worm? I am sure every IT professional has a plan for disaster should it ever occur but the conficker worm bit us all in the backside - why? Well, the truth is that not only was this a clever infection that outwitted most antivirus programs but it also took advantage of our lack of preparation when it comes to being fully prepared against malicious attack.Here is a checklist that hopefully will enlighten you and also help you prepare against future problems:1. Do not use simple passwords.This is a simple mistake to make for IT professionals and users alike. Choosing 'password' as your password is inviting trouble. Many hackers and malicious coders will take advantage here. You should have a minimum complexity for your passwords.2. Do not simplify your network share permissions.If you are an IT professional you should know what this means. It means basically do not use the 'everyone' group in your network shares. You should tighten it up and use specific domain groups and only use the minimum required permissions or hackers will again take advantage of this lapse in security.3. Use a good antivirus program.More importantly keep it up to date! If you use a client/server program then this is fairly easy to do but make sure all visitors to your network have adequate protection also.4. Keep your network patched with updates.Antivirus programs are designed to keep attacks out, not necessarily to deal with it once on board. Remember this and keep all of your software including your operating system bang up to date with the latest patches. This could be server updates or client security updates. Microsoft have since developed patches to cover up the weakness in their system that the conficker worm took advantage of, who knows what else is lurking? Guys, keep it patched.5. Prepare for the worst.You may never be able to keep all infections out so be prepared with good up to date images of your machines. Also make sure that all data is backed up properly and you are prepared for disaster with a quick recover should the worst occur.In conclusion do not become lazy when it comes to a good disaster recovery plan. Make sure you use antivirus and it is up to date, make sure your servers and your client computers are all up to date. Ensure you use strong passwords and minimal network shares. If you have images and copies of your software and data backups you are on your way to being prepared for when the next generation of conficker worm or it's equivalent comes looking for trouble.

Remove The XP Antispyware Virus – You Can Fix This Problem Yourself Quickly


If your computer is infected with the XP antispyware virus and you have already tried to remove it you probably know by now how hard it is to get rid of it. Each time you think you have been able to remove the XP antispyware virus and you restart your computer it comes back again within a few minutes. One problem with this malicious software is that it is constantly updated and each time a solution is provided to remove it the criminal who write this update it again.If you are infected with this malware and have been banging your head on the wall in frustration you can still get rid of it without having to wipe everything off your hard drive and reinstall windows.What can you do to remove the XP antispyware virus from your PC?#1 Disable system restore on your computer. Some variants of this malware will hide in the area used by your system restore software and keep regenerating each time you remove it. To do this go to start on the start menu then all programs then accessories and system tools and in that folder click on system restore. Once it opens disable it.#2 Restart your computer in safe mode so you can remove the XP antispyware virus. This malware actively prevents any software or antivirus that can stop it or remove it from working. If you have already tried to run your antivirus software you will have a warning saying it is infected with a virus and it will not run. The only way to get round this is to start your PC in safe mode by restarting it and pressing the F8 key on your keyboard until you see a menu screen appear. Once you see this menu select safe mode with networking.#3 Download a system and registry scanner from the internet and install it. If you have an antivirus software on your PC run a full system scan while in safe mode. Do not restart your computer at all. When the scan has finished and any malicious entries removed run a full scan with the system and registry scanner. This will find hidden malware in windows and in the registry. This step will help you to get rid of the XP antispyware virus from your PC.#4 Once you have done this restart your computer. When it restarts it should be rid of the malware. When you are certain it is re enable the windows system restore utility using the same steps as you took to disable it. Once you have done this you will have been able to remove the XP antispyware virus from your computer for good.

Do Antivirus Programs Provide Absolute Security to Your Website or Computer?


Most of us believe that by installing antivirus program on the computer we are safe from the threats of viruses, malware, Trojans and other cyber threats. It is of no doubt that we get substantial protection from antivirus software but the question is whether it is enough to protect us from all types of threats especially when security gets compromised. This has to be examined and ascertained in the light of certain facts and reports. This article lets you know whether the antivirus program on your system effectively protects you from all kind of threats or not. Recent malware attacks on PCs have highlighted the Microsoft vulnerabilities and weaknesses of security programs in protecting systems from exploit-based attacks. According to the findings of a leading security and testing firm, many antivirus programs failed to protect systems from attacks that exploited vulnerabilities available in the XML Core services in the Microsoft and Internet Explorer 8.0. In this study, 13 antivirus suites were tested for their ability to provide effective security. However, both the Microsoft programs XML Core and IE 8 were patched and expected to be protected from antivirus programs, only four of the thirteen suits were found to be effective. Only these four programs offered complete security against vulnerabilities. The remaining programs were however effective but the degree of protection was not as accurate as it was in the other four programs. Protection was dependent upon how the threat has been executed with respect to the vulnerability. A chunk of the antivirus suites proved less efficient because the attacks were executed via HTTP. Some others failed to provide the optimal security because of the HTTPS that was used to execute the attack. Even the Microsoft's Security Essential antivirus program failed to provide effective security in the above mentioned cases. After the careful observation of the cases, the researcher came out with certain conclusions as follows: The users of antivirus software should stop assuming that antivirus programs offer absolute security and that their 'unpatched' systems enjoy stronger security. The system remains open for virus attack in case of vulnerability. If your system is unpatched then it might become prone to virus attacks irrespective of the antivirus software it is installed with. The authors of viruses and malware design the attack taking cues from the strengths and weaknesses of the antivirus program. They study the weakness in detail and develop the malicious program in a way that it uses that weakness to get easy access to the system. There is no denying the fact that antivirus programs are effective in spotting the threats that are developed by using techniques such as Javascript and Unicode. Yet some other techniques can definitely find loop holes in the security program. These threats can disable the security veil and get easy access to the system or website. The above mentioned discussion reveals that although most of the antivirus programs can provide us the first layer of security to prevent threats but they are still not strong enough to make the system impregnable to the various threats and exploits.