MVP Jubo Security Blog : Malware

Microsoft Security Intelligence Report Vol. 6

jubo — Fri, 10 Apr 2009 23:23:34 GMT

The Microsoft Security Intelligence Report (SIR), vol. 6, provides an in-depth perspective on the changing threat landscape including software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software.

More at: Microsoft Malware Protection Center

Get your copy at the Microsoft Download Center.

An Online ticket?!?

jubo — Mon, 22 Sep 2008 14:28:00 GMT

What a surprise... This morning I was happily working at the office, hhmm... okay, from home..., when Outlook notified me that I had received an email. When I checked it was from an unknown company USA3000 Airlines. When I read the email they even had a ticket for me and had charged the credit card for $646.27. I thought, that should be at least a ticket to fly across the pond. Well, could have been a surprise from my wife since she's visiting family in the USA. But no, I unzipped the file and there was a file called: "eTicket.doc.exe" and... not detected by McAfee's antivirus program... yet... Submitted the file to VirusTotal and you can find the result here.

Then I also submitted the file to McAfee's WebImmune and they found a "new detection" and named it "spy-agent.bw". Not really a new one but a new variant. Not long after that I received an "Extra.dat" file from AvertLabs for some extra protection. See also McAfee's Avert Labs Blog: Invoice Spam Takes Flight

No e-ticket for me this morning... but the computer is still safe. Now I only wonder how it came through the company's security. They run Symantec stuff...

Olympic attachment?

jubo — Fri, 08 Aug 2008 06:36:33 GMT

Not only the Olympic games have started, but also the malware games related to the Olympics. One of the latest is that if you receive an attachment named as: "ioc_guidelines_for_persons_accredited_at_the_xxix_olympiad.pdf" then delete this immediately. If you open it then it could execute a malicious JavaScript that exploits a patched Adobe Reader vulnerability. And it follows to install a backdoor detected as BackDoor-DMG.

McAfee has named this one: "Exploit-PDF.b"; for more detailed information about it check this article: Exploit-PDF.b.

Aliases:

EXPL_PIDIEF.O (TrendMicro)
Trojan.Pidief.C (Symantec)

If you do not have Adobe Reader version 9 installed, then you can download it from the Adobe Download. Unfortunately it comes with Adobe AIR, which you can uninstall through Windows "Add/Remove Programs". Also, during the installation process you might want to uncheck the option to install the Google toolbar.

Let The (malware) Games Begin...

jubo — Tue, 15 Apr 2008 11:20:34 GMT

Few days ago the McAfee Avert Labs received an email with a executable flash movie. The attachment was called: "RaceForTibet.exe", which eventually seems to be a keylogger program. Even a log file is being send to a provider in China.

Just want to warn you: never open or run a file that you get from (un)known people. Keep your Windows updated and/or check your version at Microsoft Update, keep your antivirus and/or antispyware updated.

For more (technical) details about the above keylogger program see this topic: Is Malware Writing the Next Olympic Event?

WinCE/InfoJack - Trojan disables Windows Mobile Application Installation Security

jubo — Wed, 27 Feb 2008 08:46:48 GMT

From: McAfee Avert Labs Blog

"A Window Mobile PocketPC trojan that disables Windows Mobile application installation security has been discovered in China.
WinCE/InfoJack sends the infected device’s serial number, operating system and other information to the author of the trojan. It also leaves the infected mobile device vulnerable by allowing silent installation of malware. The trojan modifies the infected device’s security setting to allow unsigned applications to be installed without a warning."

Microsoft Launches Malware Protection Center

jubo — Wed, 11 Jul 2007 19:28:00 GMT

Get the latest information about malware and potentially unwanted software on the Microsoft Malware Protection Center Portal. Browse the MMPC's malware encyclopedia, download the latest virus/spyware definitions, submit malware samples, and find links to additional content.

See: Microsoft Malware Protection Center

Malware Removal Starter Kit

jubo — Wed, 11 Jul 2007 11:59:00 GMT

Many small- and medium-sized organizations use antivirus software, and yet new viruses, worms, and other forms of malicious software (malware) continue to infect large numbers of computers in these organizations. Malware proliferates at alarming speed and in many different ways, which makes it particularly widespread today.

This guide is intended for IT Generalists who want information and recommendations that they can use to effectively address and limit malware that infects computers in small- and medium-sized organizations. This guidance provides a set of tasks that licensed Windows® users can perform at no cost to create the Malware Removal Starter Kit. Recommendations for free malware-scanning tools are included. You can use these tools in combination with the kit to conduct scans, detect problems, and remove malware from your computer.

More information at: TechNet

Download at: Download Center

Malware Removal Guides at Bleepingcomputer

jubo — Sat, 07 Jul 2007 17:24:00 GMT

More spyware and malware removal guides are posted at Bleepingcomputer:

For more malware removal instructions, see the Spyware and Malware Removal Guides and Reading Room at Bleepingcomputer.