Microsoft Security Essentials: Microsoft’s Free Anti-virus Hits v4.0

Microsoft has released a new version of Microsoft Security Essentials, the free anti-virus/anti-malware program for Windows PCs. The MSE 4.0 release is available via the Microsoft Download Center and the MSE Web site and also made available to existing customers automatically through the Microsoft Update service.

image

Interestingly, this version has been in beta since late 2011, and the last released version was 2.1. There is no indication of the need to skip v3 and the jump to v4; the latest build being 4.0.1526.0. The participants in the beta program who are subscribed to automatic updates will be upgraded to the final release of the latest version of Microsoft Security Essentials after they agree to a new license agreement. You can also do a manual upgrade from v2.1 or the beta release without uninstalling the previously installed version.

Microsoft Security Essentials provides real-time protection for your home or small business PCs (up to 10)  that guards against viruses, spyware, and other malicious software. MSE is designed to be simple to install and easy to use. It runs quietly in the background without annoying notifications or interruptions. It is available as a free download from Microsoft for genuine Windows users, in both x86 and x64 editions.

G-DATA, Avira, and Kaspersky Top Performers in New Antivirus Shootout

Respected antimalware product testing lab Av-Comparatives has just published the results of their latest file detection shootout. The on-demand file detection tests used as many as 291388 malware samples on twenty different antivirus applications. The only big name missing from the tests is Symantec who didn’t want to be included in the on-demand comparatives.

Antivirus-Shootout

The top performers in the tests were G-Data and Avira. To anyone who follows antivirus shootouts from the likes of Av-Test or Av-Comparatives, this shouldn’t come as a surprise. Both G-Data and Avira have been dominating the on-demand tests for the past several years. G-Data isn’t very popular in the US, but its dual engine antivirus product (BitDefender and Avast) has consistently been a top performer as far as detection is concerned. G-Data and Avira managed to identify 99.7% and 99.4% of the virus samples respectively.

Although G-Data and Avira have always been among the very best when it comes to detection rates, they are known to falter when it comes to removing malware. This makes them great choices for a brand new system, but not something you can rely on to heal infected systems. In such cases, you might want to look at the Kaspersky, which came in third with a 99.3% detection rate. It’s pleasing to see Kaspersky in the top 3, as the Russian firm had been slipping over the past few years.

The worst performer in the tests was Microsoft Security Essentials, which managed to detect only 93.1% of the threats. Sophos, F-Secure, Panda, BitDefender, BullGuard, McAfee, Fortinet, eScan, Webroot, and Avast managed to detect more than 98% of the threats. However, Webroot also had an astoundingly high number of false positives.
Head over to av-comparatives.org for the full report.

Total detection rates (clustered in groups):
1. G DATA 99.7%
2. AVIRA 99.4%
3. Kaspersky 99.3%
4. Sophos 98.9%
5. F-Secure, Panda, Bitdefender,
BullGuard, McAfee 98.6%
6. Fortinet, eScan 98.5%
7. Webroot 98.2%
8. Avast 98.0%
9. ESET 97.6%

10. PC Tools 97.2%
11. GFI 97.0%
12. AVG 96.4%
13. Trend Micro 95.6%

14. AhnLab 94.0%
15. Microsoft 93.1%

Flashback Trojan Infection Affects 600,000 Macs

Mac OS X has been devoid of any large scale viruses and Trojans for a long time now. However, of late as the popularity of Mac has grown, virus creators have started targeting the OS with new viruses. This is evident with the number of viruses and Trojans which are being written for Mac. Take for example the Fake Mac Defender Anti-Virus (removal instructions).

A recent investigation by a security group has found out that a new virus called Flashback has been infecting nearly 600,000 Macs globally. The latest variation of this virus has been targeting an unpatched Java vulnerability in Mac based PCs. The OSX Flashback Trojan connects to a remote server and downloads instructions and payload. Once the payload has been downloaded the malware will modify webpages in the web browser and try to collect personal and other information and send it back to their servers.

If you are a Mac user, the first thing you should do is apply the new patch supplied by Apple that patches this vulnerability. However, there is a chance that you might have been already infected by the Trojan.

F-secure has put up some detailed instructions on their website to find out whether you are infected by the Flashback Trojan for Mac along with instructions to remove the OSX Flashback Trojan. You can visit this page to find instructions for removing Flashback Trojan and remove it from your system.

The detection and removal instructions are targeted towards advanced users so you might want to have someone familiar with Terminal taking a look at it for you.

Also, don’t forget to apply the latest update patch supplied by Apple. To do that, open the main system menu on your Mac by clicking on the “Apple icon” and click on the item “Software update”. Once the software update has checked for updates, apply any new patch/Java update that is available for your system.

We’ll try and post more simpler detection and removal instructions for this shortly.

Court Extends the Date to Cut off Computers affected by DNSChanger from Internet

A federal Judge has extended the date to cut off computers affected with the DNSChanger malware from the internet.

DNSChanger is a malware that replaces the default DNS servers of the infected computers with rogue DNS servers which send the victim to websites that steals your information. It is believed that around four million computers were infected by this malware including half of all Fortune 500 companies and Government agencies.

As we had previously reported, the crackdown on DNSChanger malware was part of an FBI Operation called Operation Ghost Click which resulted in the arrest of six Estonian men who were thought to be behind the creation of malware.

FBI has been trying to help the affected users by replacing the rogue servers with temporary servers to keep them connected to the internet. And, so far, they have replaced around 100 Command and Control Centers in the US, since then, according to Computer World.

[…] the FBI seized more than 100 command-and-control (C&C) servers hosted at U.S. data centers. To replace those servers, a federal judge approved a plan where substitute DNS servers were deployed by the Internet Systems Consortium (ISC), the non-profit group that maintains the popular BIND DNS open-source software.

Without the server substitutions, DNS Changer-infected systems would have been immediately severed from the Internet.

Previously, the Southern District of New York Court had order the US Government to take down the temporary servers, that had replaced the rogue servers by March 8. Now, that deadline has been extended to July 9 to give the law enforcement officials some more time to the respective ISPs to help clean their customer’s PCs.

The work done by the law enforcement agencies and the ISPs have indeed reduced the number of affected users, according to a report by a security firm, IID. But still there are thousands of users who are still affected by the malware and will be cut off from the internet in four months, if proper action is not taken.

To check whether you system is infected by DNSChanger, you can use this free tool provided by Quick Heal.

Slowloris DDoS Tools Used by Anonymous Infected with Zeus Trojan

The arrest of Megaupload’s Kim Dotcom has upset Anonymous greatly, and they have been busy ever since the Megaupload takedown incident. In protest, the Anonymous took down the US Department of Justice website, a number of other record label websites and the Federal Bureau of Investigation website. This was their single largest attack ever.
anonymous-logo
However, a lesser-known fact has surfaced recently. Symantec studied the DDoS tools used by Anonymous, and found that the version of Slowloris they were using was in fact, infected with a Trojan itself!

Robert Hansen who goes by the alias RSnake wrote Slowloris. It is extremely effective for DDOS attacks on low bandwidth.

After Megaupload was shutdown, Anonymous circulated a list of tools to use for hacktivist operations. However, they (seemingly unintentionally) link to a remastered version of the Slowloris tool. On discovery of the exploit, Symantec said,

Not only will supporters be breaking the law by participating in DoS attacks on Anonymous hacktivism targets, but may also be at risk of having their online banking and email credentials stolen.

Elaborate efforts have gone into shutting down Zeus but it keeps coming back always. Riding on the rage of the people against the Megaupload shutdown, the Zeus command and control center gobbled up bank account information, email accounts, cookies and a lot more.

After the matter became public, the link to Slowloris has been removed and it has definitely alerted the victims of this situation. Over the last few days, we will see many fresh OS installs and bank and email account credential changes. Will the Anonymous take revenge? Will we get to see a Zeus vs. Anonymous now?

UK All Set for Large Scale Surveillance of its Citizens

According to a report on Telegraph, British authorities are planning on setting up a large scale surveillance programme of its citizens. The report, which did not cite any sources, says that landline, mobile and broadband companies will be asked to store customer data so that they could provide it in real-time to the authorities if needed.

Surveillance

This stored database will not have actual content of the call, but the details of the sender and recipient. Social networking sites such as Facebook and Twitter will also be included in this monitoring program.

For the first time, the security services will have widespread access to information about who has been communicating with each other on social networking sites such as Facebook.

Direct messages between subscribers to websites such as Twitter would also be stored, as well as communications between players in online video games.

The Home Office is understood to have begun negotiations with internet companies in the last two months over the plan, which could be officially announced as early as May.

All this data will be stored by the respective companies rather than the government itself. This move can be highly controversial since this database can be of high significance to the companies themselves as well as some third parties.

Telecom companies can track a customer’s behavior from his/her communication in order to provide targeted advertisement. Also, this kind of database will be of extremely high value to the hackers around the world and what kind of security measures, the telecom companies will implement to protect this database is a very valid question.

The report states that legislative time for this programme (called Communications Capabilities Development Programme or CCDP) will be allocated in the Queen’s Speech in May.

Privacy advocates have already raised their concerns.

“This will be ripe for hacking. Every hacker, every malicious threat, every foreign government is going to want access to this. And if communications providers have a government mandate to start collecting this information they will be incredibly tempted to start monitoring this data themselves so they can compete with Google and Facebook. The internet companies will be told to store who you are friends with and interact with. While this may appear innocuous it requires the active interception of every single communication you make, and this has never been done in a democratic society”, Guy Hosein of Privacy International said in a statement.

UK is already in the line of fire, after the News of the World phone tapping scandal. Now, how its citizens are going to react to legislation that will legalize monitoring their communication activities is to be seen.

Kelihos Botnet Resurfaces With New Security Measures

Last September, Microsoft and the Kaspersky Labs claimed a big win on the Kelihos botnet, when they took control of the infected computers. Kelihos was sending 4 billion spam messages a day, and it covers all kinds of spam including pharmaceuticals and stocks. Researchers devised an interesting mechanism to direct all the infected computers to communicate with a “sinkhole” or a computer they controlled. In spite of these stringent measures, Kelihos has started showing its face again, and very soon, its owners might regain control.

Not only has Kelihos started showing back on the radar, it is using new encryption techniques to hide its communications. A researcher at Kaspersky has also noted that two different RSA keys are being used; indicating that there might be two different groups controlling Kelihos.

Although researchers can install updates or clean up the infected computers, it is against the law in many geographical regions. A few days ago, Microsoft named Andrey N. Sabelnikov, a Russian citizen, guilty of running Kelihos. However, Russia does not allow extradition of its citizen, and he cannot be brought to a trial. Kaspersky Securelist investigated into the matter, revealing some interesting facts, like

Our investigation revealed that the new version appeared as early as September 28, right after Microsoft and Kaspersky Lab announced the neutralization of the original Hlux/Kelihos botnet.

Clearly, shutting down the Kelihos botnet will be a big challenge, and it will be interesting to see how far Microsoft and Kaspersky go in this case.

Google Chrome Vulnerable to Secure Address Bar Spoofing

If you thought the site you were browsing was secure simply due to the little s  at the end of HTTP, you may want to re-evaluate.

Security researchers at ACROS  have posted details concerning a vulnerability in versions 14 and 15 of Google’s Chrome browser. The issue comes from an inconsistency that Chrome has when following and rendering redirections to other web pages. This means that an attacker can redirect a visitor to a page that looks identical to a legitimate page, with a real looking HTTPS URL, when infact they are not on the expected page. This can lead to theft of credentials, credit cards and other personal information.

The crux of the issue comes down to Chrome being very quick to update the address bar, even before any of the page content has actually loaded. This allows the researchers to change the destination without it being reflected to the address bar. Most users will “confirm” they are on the correct page simply by reading the address page and matching it with what they are looking at, especially when the majority only visit a handful of specific websites.

While the newest releases of Chrome (16, beta and above) have had this issue resolved, Google’s browser holds a relatively large marketshare of approximately 20% world wide. That’s more than 70 million. If over 75% of those users have updated version, one can speculate that roughly 1.7 million users are susceptible to this attack. With Google’s auto-update mechanism, it’s highly unlikely that there are so many old installations.

At Techie-Buzz alone, more than 1 million of the 3.5+ million visitors use Chrome. Google Chrome has been growing at a very rapid rate, pushing Microsoft’s Internet Explorer and Mozilla’s Firefox lower and lower. Chances are, you’re using Chrome because it’s fast, so if you want to stay as safe as possible, keep Chrome updated and take a look at some of the popular security/privacy extensions.

India becomes the top source of Spam emails in Q3 2011

spamAccording to a recent report from Internet security company Kaspersky Labs, India has become the top source of spam emails for the third quarter of 2011.

During this period, about 79.8% of total emails sent were spam and out of this, 14.8% originated in India. The second and third positions are also held by developing nations Indonesia with 10.6% and Brazil with 9.7%. All of the top ten sources are Asian, South American or Eastern European countries.

spam_countries

With limited or no laws at all to tackle the issue of spam, these countries have become the safe haven for criminals looking to exploit the internet community by spamming.

India’s huge internet user base (which is currently the third largest behind China and US) and lack of awareness among the general public about general security practices could have been the reason for India’s rise as the world’s spam capital.

Some of the other important details from the Kaspersky Spam Report are –

· In Q3 of 2011, the share of spam in mail traffic was down 2.7 percentage points compared to the previous quarter, averaging 79.8%.

· The percentage of fraudulent emails in spam traffic increased twenty times, reaching 2%.

· Asia and Latin America remain the most prominent sources of spam.

· The share of partner program spam went up 5.7 times, accounting for 29% of all spam.

· The percentage of emails with malicious attachments grew by 1.17 percentage points and averaged 5.03%.

· The share of phishing emails averaged 0.03%. Three social networks were among the Top 5 organizations targeted by phishers.

You can read the entire report here.

Qihoo, Kaspersky, and Avira Top New Android Security Product Shootout

Mobile security is still a nascent market, but most security vendors have already begun investing significantly in an attempt to gain an early lead. Android with its unregulated Market and regular malware scares probably represents the most lucrative platform for security vendors. All the big names including Avira, Kaspersky, McAfee, and Norton have their own Android security solutions. PC Securities Lab has tested twenty of them on a sample set of 251 malwares.

The top performer was Qihoo’s 360 Mobile Safe that correctly identified 236 threats and returned no false positives. Kaspersky and Avast followed with 228 and 227 detections respectively. Qihoo, which managed to edge out more well-known global players, is China’s leading mobile security vendor with more than 40% market share. It’s worth noting that PCSL is also based in China, and it is possible that their sample set had a significant number of local threats that could have given 360 Mobile an edge. The detailed report, which is expected to be published later this week, could shed some light on the sample set.

Popular products like Lookout, Norton, ESET, and Webroot chose to be anonymous, which is just as well because most of them found themselves in the bottom half of the list. The results summary is below.

PCSL-Security