More than four million PCs have been enrolled in a botnet security experts say is almost ‘indestructible’.

The botnet, known as TDL, targets Windows PCs and tries hard to avoid detection and is even harder to remove.

Security researchers have said that recent botnet shutdowns had made TDL’s controllers harden it against investigation.

Some 4.5 million PCs have become victims of this botnet over the last three months following the appearance of the fourth version of the TDL virus.

The changes introduced in TDL-4 made it the “most sophisticated threat today,” wrote Kaspersky Labs security researchers Sergey Golovanov and Igor Soumenkov in a detailed analysis of the virus. “The owners of TDL are essentially trying to create an ‘indestructible’ botnet that is protected against attacks, competitors, and anti-virus companies,” wrote the researchers.

Recent successes by security companies and law enforcement agencies against botnets have led to spam levels dropping to about 75% of all e-mail sent, according to analysis by Symantec.

A botnet is a network of home computers that have been infected by a virus that allows a hi-tech criminal to use them remotely. Often botnet controllers steal data from victims’ PCs or use the machines to send out spam or carry out other attacks.

The TDL virus spreads via booby-trapped websites and infects a machine by exploiting unpatched vulnerabilities. The virus has been found lurking on sites offering porn and pirated movies as well as those that let people store video and image files.

The virus installs itself in a Windows system file known as the master boot record (MBR). This file holds the list of instructions to get a computer started and is a good place to hide because it is rarely scanned by standard anti-virus programs.

TDL-4 sends out instructions to infected machines using a public peer-to-peer network rather than centralised command systems. This foils analysis because it removes the need for command servers that regularly communicate with infected machines. “For all intents and purposes, [TDL-4] is very tough to remove,” said Joe Stewart, director of malware research at Dell SecureWorks to Computerworld. “It’s definitely one of the most sophisticated botnets out there.”

However, the sophistication of TDL-4 might aid in its downfall, said the Kaspersky researchers who found bugs in the complex code. This let them pry on databases logging how many infections TDL-4 had racked up and was aiding their investigation into its creators.

The sophistication of today’s botnets and viruses make it even more important to take regular backups and an image of your PC setup – check our blog post – http://www.qbs-pchelp.co.uk/blog/2010/04/why-you-must-back-up-your-computer-files

Source: BBC Tech News

McAfee said on Tuesday it will be extending its product range to include android smartphones and tablets.

Specifically, McAfee announced McAfee Mobile Security and WaveSecure Tablet Edition.

The general idea is that this software secures mobile devices as they swap between consumer, work and personal usage.

Tablets and smartphones are the next growth market for antivirus protection. And given that Android devices are quickly becoming a popular attack vector, McAfee is initially focusing on that platform.

The suite offers:

• Backup and data restoration
• Remote locking
• Alarms in case a device is stolen
• Remote data removal
• Anti-malware software and phishing detection
• A portal to manage multiple devices

WaveSecure also focuses on Android Operating System and aims to find stolen devices and preserve critical data.

Source: ZDNet

Adobe is pushing users to adopt automatic updates for Adobe Reader on Windows, in the hope of stemming the tide of security attacks related to people using older versions of the PDF-reading software.

The software maker introduced a default setting for automatic updates on Tuesday, releasing the feature alongside its quarterly patch bulletin on Tuesday. Automatic updates apply fixes to Adobe Reader in the background while people are using their PCs.

“With today’s update, we are entering the next phase in the roll-out by turning the automatic update option on by default for all Adobe Reader users on Windows,” Adobe wrote in a blog post on Tuesday.

With the move, the software maker is getting more aggressive about pushing its updates out to users, many of whom stay with older versions of Adobe Reader even though these have security flaws. The widely used software has frequently been the target of hackers, and the company has released three out-of-band security fixes for vulnerabilities in Adobe Reader since its March quarterly advisory.

The next time the Adobe updater detects that fixes are available, it will present Windows users with a dialog box suggesting they turn on automatic background updates. People can also decline to use the feature.

Source: ZDNet

Microsoft has quietly issued a second version of its free Security Essentials suite.

The software has been launched without any press release or announcement on the Microsoft Security blog, despite containing a series of new features and improvements.

Although users would be hard pressed to notice any visible changes, there has been notable work taking place beneath the surface.

The antivirus engine has benefited from the same upgrade applied to Microsoft’s paid-for Forefront Client Security suite for businesses. The new engine offers “efficient threat detection against the latest malware and rootkits” and “protection against ‘unknown’ or ‘zero day’ threats through behaviour monitoring and emulation”, according to Microsoft.

One reason why Microsoft might not have decided to draw attention to the upgrade is the new integration with the Windows Firewall. Users are now asked whether they want to turn on the Windows Firewall during installation, dragging Security Essentials closer to becoming a full fledged security suite, rather than the standalone antivirus app it was originally.

Download a copy of Microsoft Security Essentials now?

Internet users are being warned about cold callers who offer to fix viruses but then install software to steal personal information.

Campaign group Get Safe Online said a quarter of people it had questioned had received such calls, many suspected to have been from organised crime gangs.

Some gangs, employing up to 400 people, are known to set up their own call centres to target people en masse.

Internet users are also urged to be wary of pop-ups offering virus checks.

Earlier this year, search engine giant Google warned it had discovered massive amounts of malicious fake anti-virus software.

The UK warning on such software comes from Get Safe Online, which is backed by the government, police forces and major businesses with a stake in internet security.

It says it has charted a growth in two related scams designed to trick people into installing fake anti-virus software as a means of harvesting personal information such as credit card details.

Some of the scams involve pop-up windows claiming that the computer has been infected.

These “scareware” approaches encourage users to click through to a site hosting malicious or useless software that acts as a front for gathering personal information. Most of the time, the software appears almost identical to professional anti-virus products.

In other cases, gangs have set up call centres in eastern Europe or Asia and cold-call UK phone numbers attempting to find people to con.

In both cases, information gathered from the identity thefts can be used by gangs or sold on to other criminals through online market places.

Get Safe Online’s annual report says its research suggests a third of UK internet users are still victims of viruses, despite steady improvements in security. More than a fifth said they had suffered identify fraud.

Source: BBC Tech

Fake anti-virus software that infect PC’s with malicious code are a growing threat, according to a study by Google.

Its analysis of 240m web pages over 13 months showed that fake anti-virus programs accounted for 15% of all malicious software.

Scammers trick people into downloading programs by convincing them that their PC is infected with a virus. Once installed, the software may steal data or force people to make a payment to register the fake product.

“Surprisingly, many users fall victim to these attacks and pay to register the fake anti-virus software,” the study said. “To add insult to injury, Fake anti-viruses often are bundled with other malware, which remains on a victim’s computer regardless of whether a payment is made.”

More than half of the fake software was delivered via adverts, said Google.

Source: BBC Tech News

Some of the latest security updates for Windows XP will not be installed on machines infected with a rootkit virus.

A rootkit is sneaky malware that buries itself deep inside the Windows operating system to avoid detection.

Microsoft said it had taken the action because similar updates issued in February made machines infected with the Alureon rootkit crash endlessly.

The latest updates can spot if a system is compromised by the Alureon rootkit and halt installation.

The latest batch of updates for Windows was released on 16 April and some of them fix vulnerabilities in the core, or kernel, of Windows. This is the same place that rootkits try to take up residence.

When Alureon is present it monitors net traffic and plucks out user names, passwords and credit card numbers. It also gives attackers a back door into infected machines.

The virus first appeared in 2008 and has been spread via discussion forums, hacked websites and bogus pay-per-click affiliate schemes. By not applying the patch, Microsoft hopes to avoid a repeat of events in February which left many people struggling to get their computer working again. Microsoft also wants to avoid a situation in which people become wary of updates because they provoke a crash.

A number of BitDefender users, whose 64-bit Windows systems stopped working or were unable to be rebooted after updating their security programs, vented their frustration by flooding the antivirus (AV) vendor’s forum pages over the weekend.

According to an IDG report, users on forum boards started signaling the problem on Saturday evening. The complainants said several Windows files, and the security vendor’s own program files, were identified as “Trojan.FakeAlert.5″ malware after they performed an update for their BitDefender AV programs.

In an e-mail update Monday to ZDNet Asia, Vitor Souza, BitDefender’s global communications director, explained that “multiple” BitDefender and Windows files which comprise .exe, .dll and other binary files, were incorrectly detected as malware and “moved to quarantine”.

The faulty updates were applied to the company’s home user product line as well as BitDefender Business Client and BitDefender Security for File Servers.

Those using BitDefender’s products from 2008 to 2010, on Windows XP, Windows Vista and Windows 7 platforms, were affected.

Intersetingly, back in In 2005, changes to BitDefender technology were blamed for the accidental deletion of thousands of GFI customers’ e-mail messages. Last year, CA also incurred the wrath of customers after its AV technology wrongly identified a Windows XP systems file as a virus, and quarantined the associated files.

ZDNet

More than 74,000 PC’s at nearly 2,500 organizations around the globe were compromised over the past year and a half in a botnet infestation designed to steal login credentials to bank sites, social networks, and e-mail systems, a security firm said Wednesday.

The systems were infected with the Zeus Trojan and the botnet was dubbed “Kneber” after a username that linked the infected PC’s on corporate and government systems, according to NetWitness.

NetWitness said it discovered more than 75 gigabytes worth of stolen data during routine analytic tasks as part of an evaluation of a client network on January 26. The cache of stolen data included 68,000 corporate login credentials, access to e-mail systems, online banking sites, Facebook, Yahoo, Hotmail, 2,000 SSL (Secure Sockets Layer) certificate files and data on individuals, NetWitness said in a statement and in a whitepaper available for download from its Web site.

In addition to stealing specific data, Zeus can be used to search for and steal any file on the computer, download and execute programs and allow someone to remotely control the computer.

More than half of the compromised machines were also infected with peer-to-peer bot malware called Waledac, the company said. Nearly 200 countries were affected, with most of the infections found in Egypt, Mexico, Saudi Arabia, Turkey and the United States.

With these sort of attacks on the rise make sure your PC is secure with a good anit-virus program and a strong firewall (preferabably a hardware firewall rather than a software firewall).

Twitter has identified a scheme that uses compromised file-sharing sites to steal the log on information of users.

The service said it had discovered a number of compromised “torrent” sites that had been set up specifically to skim usernames and passwords. Torrent sites act as indexes of links to TV, film and music files.

Scammers were then able to use the data to gain access to Twitter and other sites because many people use the same logon for multiple services.

The firm has reset the accounts of affected users, it said.

“The takeaway from this is that people are continuing to use the same email address and password (or a variant) on multiple sites,” the firm said in a blog post. “We strongly suggest that you use different passwords for each service you sign up for.”

The conclusion is echoed by security researchers who say it is a particular problem for banking websites.

The information comes as security firm Sophos launched its annual report.

One of its findings that spam and attacks on social networks – such as Twitter and Facebook – had risen 70% in the last year.

Facebook was branded the “riskiest” network, although the firm also pointed out that it was also the largest and would therefore attract the most attention form cyber-criminals.

Source: BBC Tech News

The number of viruses, worms and trojans in circulation has topped the one million mark.

The new high for malicious programs was revealed by security firm Symantec in the latest edition of its bi-annual Internet Security Threat Report.

The vast majority of these programs have been created in the last twelve months, said Symantec. The report notes: “almost two thirds of all malicious code threats currently detected were created during 2007.”

The vast majority of these viruses are aimed at PCs running Microsoft Windows and are variants of already existing malicious programs that have proved useful to hi-tech criminals in the past.

Source: BBC Tech News