 |
       |
 |
|
16 Jun, 2006 Excel Zero Day Exploit.... have a bagle with it too It’s been a busy day in anti-virus land. There is a reported zero-day vulnerability in Microsoft Excel. Currently the exploit of the vulnerability comes in email as an attached Excel spreadsheet. When a user opens the spreadsheet the vulnerability is exploited and malicious software is downloaded. So far the malicious downloads have been proactively detected by the signatures and/or advanced heuristic capabilities of NOD32, so if you use NOD32 you are protected. Just for added security, and not to tempt fate, we recommend that you never open unsolicited attachments from anyone. If your best friend, your mom, or anyone you know sends you an attachment in email it is always good to verify that they meant to send it to you -BEFORE- you open it. We have also been seeing a lot of Bagle activity. Take a look at www.virusradar.com. You will see that at the time of this writing the number one threat is Bagle.gk, and number two is “a variant of Win32/Bagle worm”. Why does one have a name and the other is just a variant? That’s heuristics at work for you. We have had a sample of the GK variant long enough to develop signatures for it and give it a name. The one titled “a variant of Win32/Bagle worm” is brand new. We didn’t have a signature for the specific worm, but the heuristics were smart enough to know that it was bad and that it was very similar to the other bagle worms. You may not have a signature for the exact bagle, but NOD32 is protecting you anyway. That is the point of heuristics. It is far better to black malicious software now and name it later than to wait until you have a name and clean it up later. Currently in the number 5 position is “probably unknown NewHeur_PE virus”. This one isn’t like any bagle we’ve seen before, but we know it is nothing you want running on your PC. We’ll take a look at it later and give it a name, but for now we’ll just make sure it does not cause you any harm. Have a happy, safe computing, weekend! Randy Abrams
03 Feb, 2006
01 Feb, 2006 This mass-mailing worm is currently getting a lot of media attention due to its payload set to go off on February 3 (and then on every 3rd of subsequent months). As NOD32 user, you have been protected from this new malware from the very first moment - it was picked up by Advanced Heuristics. On January 16 this worm was named "Win32/VB.NEI" and identified by this name since then. On January 17 Paolo Monti made a free stand-alone cleaner for "VB.NEI" available to offer an easy removal solution for users not running up-to-date antivirus software to protect them from this malware. More information: Free "VB.NEI"-Cleaner: Description/Analysis:
28 Jan, 2006 Paolo Monti released a free stand-alone cleaner for this trojan (Win32/TrojanClicker.Bomka.C) today. You can download this latest stand-alone cleaner at: http://www.nod32.ch/en/download/tools.php
11 Jan, 2006 A new method has been developed by Eset to offer proactive detection for rootkit threats. According to Eset´s chief software architect Richard Marko, the technology is very effective with a detection rate, in internal tests, of up to 90%. A rootkit is a special type of malware able to hide its presence in infected systems, and thus escape detection. Current rootkit protection methods work reactively - on the basis of signatures. Therefore it is necessary to keep anti-virus systems up-to-date. However, when releasing the detection signatures, usually a portion of users will have already been exposed to a new infiltration. In the case of rootkits an additional system scan with updated signatures may not reveal a hidden threat - rootkits are able to render themselves "invisible". Users of rootkit infected systems may thus have a false sense of security because their updated anti-virus system did not detect the presence of a rootkit. Under such circumstances it is obviously important to prevent a rootkit infiltration in the first place. Which is where proactive detection plays a vital role, allowing the detection of unknown rootkits with high probability. "Rootkit detection is based on the new generation of intelligent signatures, which is a part of the ThreatSense technology. This detection method is implemented in our technology in a revolutionary way," said Richard Marko. Proactive Rootkit detection is added automatically through a component update - so all NOD32 customers will benefit from this new technology immediately.
10 Jan, 2006 http://wiki.castlecops.com/SpyAxe_Removal
1 Jan, 2006
24 Dec 05 http://wiki.castlecops.com/SpyAxe_Removal
Currently a massive seeding of a repacked Bagle variant (downloader component) is on its way. NOD32 detects it by Heusristics (generic signatures).
|
Current Exchange Rate for USD to AUD = 0.73
Product Support - Tutorials - About Us - Cart - Pick N Mix - Discount Packages
