TechBlog

Following the addition of Win32/Hamweq to the MSRT last month, MMPC will continue cleaning PCs in 2010 by adding another prevalent worm, Win32/Rimecud, to this month’s removal tool. This is due not only to Win32/Rimecud’s high detection numbers, which immediately follow those of Win32/Hamweq, but also to the similarities the two families share with each other. In fact, as part of its payload, Win32/Hamweq may download Win32/Rimecud, contributing to Rimecud’s suitability as the next target for MSRT. ...

This Black Tuesday was different as anticipated – Microsoft releases only one security bulletin, but other companies “jumped in” and deliver updates now as well. For the windows operating systems, only one Security Bulletin was released. MS10-001 deals with a vulnerability in the decompression routines of the Embeded OpenType Font Engine. This means that especially in Windows 2000, programs like Internet Explorer, Word or PowerPoint for example which render EOT fonts can put the system at risk when viewing manipulated contents. In newer operating systems the flawed code is used differently so that Microsoft assumes that it isn’t exploitable there. ...

McColo (Nov. 08), Torpig (May 09), MegaD (Nov. 09), Lethic (Jan 10) The Darkreading.com site is reporting that researchers with communications security firm Neustar, of Sterling, Va., working with ISPs has taken over the command-and-control servers and shut down the Lethic botnet. The owners of the Lethic network specialized in diploma, pharmaceutical and replica spam. It is believed that Lethic was responsible for 10 percent of spam. Other recent botnet takedowns include: — McColo (Nov. 08), — Torpig (May 09), — MegaD (Nov. 09) ...

SysDefenders is the latest addition to the clones of the WiniGuard rogue anti-spyware family. if your computer is infected above malware, you should remove it soon, Click Here to learn how to remove it soon.

Looking at a random new incoming malware sample in F-Secure sample automation systems. Notice the Mutex names it uses: Hey STFU yourself, why don’t you? P.S. It’s detected as Email-Worm:MSIL/Agent.MXK

The spammers and malware authors profited of the holiday time when a lot of people are at home and sent a large amount of emails just before the official free days. As can be seen in the graphic below, we registered a higher activity in the two days before the holidays and immediately after them. The red bars are either weekend days or holidays (25.12 and 1.1). What kind of spam was sent? ...

I received an interesting IM from a friend via BlackBerry Messenger [BBM] this weekend. She was worried that it could do damage to her shiny new BlackBerry and, as she knew I work for [a security company], she forwarded it to me for my opinion. As soon as I read it, I knew it was a hoax and told her just to delete it. It didn’t really surprise me that these Hoaxes are now being spread via BBM as the devices are becoming increasingly popular. I’m sure all of you have received the usual one via E-mail about a Virus which burns the whole hard disc C of your computer , well now I believe you will be seeing them on your BlackBerry. ...

Malware authors love to innovate when it comes to persistence and hiding their nefarious creations from detection, and although most of the schemes are not unknown to analysts, they still show that malware authors are constantly on the prowl and evolving their techniques. The example I have is of yet another registry-centric malware which by the nature of its construction has several advantages to defeating naive security software. The sample, detected as Troj/RegExec-A, is essentially a multi-component threat of sorts comprising of at least 3 components (Dropper/installer, Payload and Loader.) ...

Guard Pro is a rogue antispyware software, or a phony. Guard Pro uses fake system scans and warnings to frighten people into buying the software. Guard Pro will show system scan results that report numerous infections, which are all fake, and will not remove the supposed infections until the user buys the product. Do not fall for this, it is a complete scam, Guard Pro is the infection itself. Guard Pro will also show system warnings and alerts stating the PC is infected or under attack and prompts the user to buy the software. ...

Angelina Jolie and Barack Obama are the #1 celeb subjects of choice for spammers, according to McAfee January Spam Report. The report also reveals: • The top 25 men and women that were spammed • Chinese pharma spam isn’t going away – in fact, on Dec 14, spam levels skyrocketed with subject lines advertising discounts on Pfizer drugs • “Free-hosting” websites to provide spam URLs has become a major target for spammers ...