Monday, April 23, 2007
Ymeak Worm : the Masquerade
The Ymeak.A worm has been spreading like wildfire, in part due to a
simple yet effective social engineering technique: it masquerades as
an installer executable of some popular program.
When it is first run, the worm displays a message ('The setup file is
corrupted') to lull the user into a false sense of security. It then
proceeds to download and install the RBot trojan. This done, the
trojan begins to spread itself from the victim's computer using any
of five file-sharing networks (Limewire, Shareaza, Bearshare,
Morpheus or Morpheus Ultra) as a vector and a new name.
"The bit of evil genius here is that the name for each new copy of the
worm is chosen at random from certain torrent and direct download
sites. This way, the worm will always have an attractive name, so
people will attempt to download and run it." declared Head of
Antivirus Lab Viorel Canja for BitDefender.
BitDefender users are not at risk and should let BitDefender antivirus
disinfect the infected files (if any are found).
Friday, March 30, 2007
Vista zero-day exploit code blocked.
read more | digg story
Tuesday, March 27, 2007
BitDefender has launched the support forums
read more | digg story
Friday, March 02, 2007
BitDefender Mail Server Products Twin for Beta
read more | digg story
Monday, February 26, 2007
BitDefender Achieves Checkmark Premium Certification
read more | digg story
Thursday, February 15, 2007
Poison Valentine
read more | digg story
AMD's 'Frantic Price Cuts' May Pressure Intel
read more | digg story
Tuesday, November 21, 2006
IBM Adds Anti-Virus to ISS Endpoint Security Tools
IBM unveiled an updated version of Internet Security Systems' desktop security package on Nov. 20, adding new anti-virus and anti-spyware capabilities to the offering via an alliance with software maker BitDefender.
Expected to arrive before the end of 2006, ISS Proventia Desktop Endpoint Security aims to help companies manage the protection of PCs from external attacks.
With the integration of anti-virus tools provided by BitDefender, based in Ft. Lauterdale, Fla., the ISS system now offers personal firewall, intrusion prevention, buffer overflow protection, application and communications defense, and virus prevention technologies.
The release marks the first update of ISS' flagship endpoint security software since IBM, of Armonk, N.Y., purchased the company for $1.3 billion in August 2006, and follows the firm's roll out of a new ISS-branded security management appliance on Nov. 13, the first product released after the companies' merger.
Just as anti-virus market leader Symantec has rolled its desktop and Internet security tools into multi-function packages, IBM officials said they are expanding the ISS software to offer more tightly integrated security applications.
In addition to giving IT administrators a single interface to manage multiple desktop security functions, IBM executives said that pulling the various technologies together to operate using a single software agent on the PC lets the individual tools better share information to help ward off outside attacks.
While previous iterations of Proventia Desktop Endpoint Security have featured advanced behavior-based anti-malware technologies, the addition of BitDefender's software adds more traditional signature-based virus protection to the package.
Anti-virus vendors use the signature-based systems to help users battle threats that have already been identified by security researchers, whereas behavior-based tools excel at discovering new attacks, such as the recent crop of so-called zero day vulnerability exploits.
Company officials estimate that ISS' behavior-based anti-virus and anti-spyware technology can identify over 90 percent of all malware threats, but said the addition of signature-oriented tools helps provide for anything the system might miss.
"For a lot of the customized malware that we're seeing out there, using signature-based anti-virus would be like giving vaccine to a corpse, but conversely there are thousands of malware attacks out there that can be effectively mitigated using this type of approach, and customers want defense in depth," said Joshua Corman, host protection architect for IBM ISS.
Corman said that customers are also pushing security software makers to fold traditional anti-virus tools into more advanced technologies, as they know the more sophisticated approach catches more attacks, but they have become comfortable with having signature-based scanning and remediation in-house.
As a next step, ISS is experimenting with adding other tools to the Proventia Desktop Endpoint Security package to help protect against internal threats, including DLP (data leakage prevention) technology and tools used to manage user privileges for saving data to portable storage devices.
Pushed by the arrival of security products from Microsoft and continued demand from customers for more integrated products, Corman said that IBM and its rivals will likely find themselves joining more alliances such as the company's deal with BitDefender to help make their products as inclusive as possible, and to help the smaller companies find new avenues to market.
"Clearly there continues to be obvious drivers for consolidating security technologies from the management side, and then there are all the benefits that can be appreciated from having these tools work together, as in this product with a single agent," Corman said.
"Companies who are relying primarily on signature-based anti-virus won't be able to stop serious attacks like root kits and ransomware, but customers still enjoy the familiarity of those products, so combining the two is really the best approach."
IBM is still planning to deliver its new Proventia Management SiteProtector appliances before the end of November. Those products, which are also aimed at helping companies simplify oversight of different types of security tools, take the integrated strategy one step further by combining the products in a hardware form factor powered by a dedicated microprocessor.
While the appliance approach is gaining popularity in the security market, Corman said that enterprise customers still mostly prefer to consume their applications in the more traditional software format.
While greater numbers of large customers are buying the security devices, he said, many prefer to have the ability to pull the various applications apart to customize them to meet their specific demands.
Source - eWEEK