Archive for the ‘Anti-Virus’ Category

Pirated Adobe software speads new Mac Trojan

Wednesday, February 18th, 2009

All the Mac users are probably in trouble as Apple has again been the target to the Mac specific Trojan that is launched on Mac OS X through pirated editions of Adobe Photoshop CS4. Intego, the Mac security company had issued a security advisory, which warned Mac users of this Trojan variant as it is estimated to have already infected nearly 5,000 Mac users.This Trojan is a simple variant of iService Trojan malware which reached several Mac users through pirated editions of productivity suite iWorks of Apple. However similar to the previous edition of the malware this new Mac Trojan is also found to spread through file sharing websites like BitTorrent trackers and other website that include link to different pirated software.

Recently discovered Mac Trojan variant called OSX.Trojan.iServices.B was actually fond in the crack application package with different copies of Adobe Photoshop CS4 for the Mac users. Although the real Adobe Photoshop installer is a bug free software the Trojan, according to Intego, actually embeds itself into the crack application which includes the serial codes of the program. After the user has downloaded the pirated Photoshop, the crack application of the program removes an executable from the program’s data and then installs a backdoor in the file directory which does not get deleted even after rebooting the computer. If the crack application is run again then the Trojan can create another executable file but with a different name which makes the Malware more difficult to be traced and removed safely.

The crack application requests for an administrative password which it uses to launch the backdoor with its root privileges. The crack application would then open a disk image that is hidden in its resources folder called as .data and it then proceeds in cracking the Photoshop program letting it to be used as the means to spread the malware.

This malware then connects to some remote server through the web which alerts several attackers after the virus has been installed. After being downloaded this information stealing virus enables all the hackers to remotely have control over your machine where they can steal sensitive or even financial information or can have entire access over your computer. According to David Perry the directory of Global Education of Trend Micro the Security Company if this Trojan has been in your computer for a long time and is gathering your information fro long then it can even be a part of huge business plan. He further said that the Mac Trojan is not is not just a virus per se, which means it is not passed on from one user to another but is rather installed through illegal copies of the Photoshop application. As the Mac software is often more expensive compared to PC software it would be the reason for potential rise of this factor in the Mac applications. The Mac Security company Intego has warned that it is recommended that users should not download available cracking software from websites which distribute pirated software as it can cause malware problems.

New anti-virus technology from Sunbelt

Wednesday, February 18th, 2009

A new antivirus technology has been recently released in UK after the U.S by the Vipre Enterprise of Sunbelt Company. This anti malware client software is just another program that is showed off for attention through the admin friendly claims which can protect the computers from malware without any slaughtering process. The company has also made known the fact that the anti malware engine was written at the center of Vipre from scratch and have not purchase it from any larger AV vendor as most of the independent security rivals of Sunbelt do.

Alex Eckelberry the CEO has revealed that from mid February Vipre will be automatically updated to use the new heuristic program to spot malware as they simply run a suspect program in the virtual machine on the host computer. MX-Virtualization or MX-V, as it is called in company jargon, Vipre successfully creates an emulated Windows OS computer system in a surprising area of the memory where in it copies API functions like the Windows registry and the communication interfaces and file system to find out what the file is currently doing. This lines with the different conservative pattern based techniques that try to find out malware through their unique procedures.

Even though this technology is not new most of the people have got it to use without creating a different in performance. Emulating Window and running virtual machines has also been seen as the process for sluggish computers. The company Sunbelt however considers it has upped the slightly mixed that is possible with emulations by several times over what was before possible, which for the first time makes it practical possibility.

According to EcKelberry in his recent blog that, Dynamic Translation is the technology used by Vipre which basically recompiles large parts of the program, on the go, in order to boast performance to nearly 400 MIPS. He further added that it was the use of Dynamic Translations which makes the MX-V layer which is adjunct to it and the built in emulation of Vipre capable of quickly analyzing the system for the presence of any malware. The blog further mentions that the rapidly developing complexity of malware makes standard detection methods increasingly outdated and so there are new strains or malware use some highly complicated obfuscation methods designed hide from also the most complicated analysis system.

Eckelberry, in a separate interview said as much as he is aware of, the only other anti-malware system which has tried the file emulation process was BitDefender and Microsoft. However Vipre Enterprise boasts of their anti-rootkit protection which is a program that runs special module that is called as “advanced kernel monitoring and firstscan in advanced Windows loading.” Apart form this the company is also planning to further set improvements to Vipre Enterprise for later during this year which include endpoint protection, intrusion protection and an integrated firewall where most of them are specifically designed in order to appeal the enterprise users.

New worm infecting computers at an alarming rate

Sunday, February 8th, 2009

The recent studies have found out that a new computer virus has infected nearly 20 million computers throughout the world and is also spreading really fast. This virus or worm is known by several names where down ad up, Downandup and conficker are some of the commonly known names and this worm is very deceiving. It has been found that a window would given a pop up warning that states that your computer has in infection and show up an anti virus software. However when you try to purchase the anti virus software in order to delete the virus it would actually steal all you credit card and other important information while even infect your computer.

Some of the experts find that is can be one of the worst infection to infect computers in the last six years and it is also easy to fall for it. Robert Nash the computer technician said that the virus looks legit and unless computer users are informed about this or know about the virus would easily make its way into the computers. However according to Joe Kadar the computer technician the virus attach has gone from around 2.4 million machines to nearly 8.9 million machines infected within one day which also makes it one of the fastest spreading virus in the world.

This virus mainly spreads by infiltrating in tot eh flash drives. So, when the virus has made its way into the flash driver and has infected the computer machine you are using, it can even infect all the computers in the network. The radio personality for instance would basically rely on their computer for song requests and to update their websites. Here if the computer develops the virus it would make the workday much more difficult, while your computer might also transmit the virus into other computers connected to the machine.

Therefore following the same patter of predictions that has let to the devastating worm attach, has actually let security analysts to start focusing on the new crop of Microsoft. The windows vulnerabilities along with the attack tools to that are created to take advantage of them can all together create a potential new family of computer virus. Just after a short period Microsoft had warned their users about the new vulnerabilities in remote procedure call protocol of windows, the same software which opened nearly a million machines to the virus attach is actually the code that is being circulated through the web. This means that it is important you stay safe as this virus can actually cause a lot of problems.

Most of the security intelligence companies and even computer security companies recommend that you update your anti virus program so that you eventually kill out the worm from your computer. Although purchasing new anti virus can prove to be beneficial it would rather be hard to trust its reliability to be free from malware. Therefore you can just keep updating your anti virus frequently from the official dealer in order to eventually remove the entire worm and stay way from it.