Excellent blog by ESET about viruses, security issues, etc

http://www.eset.com/threat-center/blog/
ESET Threat Blog

Excerpts:

Beware of Fake Invoices
August 22nd, 2008

Over the last two weeks, we have seen an increase of fake e-mails pretending to contain invoices for various companies including UPS, Fedex and airlines from around the globe. Subject of such e-mails include “Fedex tracking number 1234567890” or “E-ticket #1234567890”. The body of the e-mail states that the recipient’s credit card has been charged for hundreds of dollars and that an invoice for their purchase is attached to the message. The attached file has an Excel of Word icon but, in reality, it is an executable file. We remind our readers not to make judgement on the nature of a file by its icon but by its extension. It is trivial for a programmer to change the icon of their program, thus tricking users into thinking that a program is harmless. We have also seen variants of this attack that had zip compressed e-mail attachments.

Negative Values: Racing Past Zero
August 10th, 2008

Well, there’s not much doubt about the SecurityFocus view of the Race to Zero event. A report by Robert Lemos is festooned with advertising that states "If you want to stop a hacker…you have to act like one." Perhaps Symantec, who own SecurityFocus, can afford to be relaxed about the event, since their scanners weren’t represented in the test panel. All that apart, what are we actually learning as we pass zero?

Well, according to organizer Simon Howard we’ve learned that pattern-based detection isn’t working. Well, no, Simon: signatures actually work very well against known viruses. Do you really think it’s unnecessary to detect old viruses (maybe you should read our earlier blogs on Angelina and Helkern, or Kurt Wismer’s comment piece in the August issue of Virus Bulletin), or are you insisting that we should detect them heuristically? Given ESET’s expertise in heuristics, we’re not going to deny its importance, but in some contexts, signature detection can actually save a lot of processing time, depending on how it’s implemented. And who on earth told you that server-hosted anti-malware doesn’t use behavior analysis?

We’ve also learned that antivirus researchers started using "behavioral detection" in 2006. Except that some of us have been using proactive techniques for many more years than that.

Adware, Spyware and Possibly Unwanted Applications

August 10th, 2008

An interesting comment turned up today to my "Malware du Jour" blog entry at Securiteam (http://blogs.securiteam.com/index.php/archives/1121). The poster asked a couple of questions, based on content from the ESET mid-year Global Threat Report, one of which was ‘How do you define "possibly unwanted applications [PUAs]?"’

My first thought was to refer him to the definition on our own web pages, but I couldn’t actually find one, so that’s something I’ll be addressing forthwith. My second thought was to refer him to the vendor-neutral definition on the Virus Bulletin site, which I did. Good though that is, however, for me it lacks a dimension. There’s an essential distinction to be made between PUAs and other forms of adware and spyware, largely based on the existence and validity of a corresponding EULA (End User License Agreement).

In general, a PUA has some functionality that might

Global Threat Report - Half Year

August 8th, 2008

Our mid-yearly Global Threat Report looks at malware threat trends over the past six months, based on data from our ThreatSense®.net threat tracking system. This report focuses on broad trends rather than individual malware variants: this reflects better the proactive detection which is the strength of our products, but is also more useful to most readers. Here’s a fairly brief summary of a rather bulky document.

Malicious software that tries to use the Windows Autorun facility to self-install from removable media (such as flash drives and CDs) continues to flourish. While we have an efficient heuristic detection for this, we strongly advise disabling the facility in Windows.

We’ve been seeing high volumes of malware intended to steal passwords for online gaming and virtual worlds like Second Life since 2007 and earlier, but are now seeing a dramatic upsurge. This isn’t just about teenage mischief any more: the theft of “virtual” treasure often translates into real profit for organized criminal gangs. While we’re pleased to see other security vendors taking more notice of the issue recently, users in general need to be aware of just how much malicious activity occurs in virtual worlds (phishing, “grey goo” viral malware, griefing attacks).
Potentially Unwanted Applications and other adware and spyware continue to constitute a large proportion of the programs we detect. While such programs are sometimes defended as being harmless and legitimate advertising material, they’re often presented in a deceptive manner, skating over the damaging effects on the usefulness of an affected system:

Extensive modifications are made to the host system, and may entail breaches of privacy, inability to access legitimate sites, and exposure to malicious sites and software.

Once installed, it’s made intentionally difficult to remove the application, especially when it’s still in memory.

The performance hit caused by the program’s payload can amount to a denial of service. Adware like the Virtumonde Trojan can serve so much advertising material that the system becomes effectively unusable for the legitimate purposes for which the owner acquired it.

The use of email as a direct channel for the transport of new malware is in dramatic decline, though email remains a major vector for the transmission of malicious URLs, so that social engineering is used to persuade the recipient to access a malicious web site.

Malicious attachments are far less likely to be completely new threats: indeed, many of the top detections are elderly mass mailers like Netsky.Q, suggesting that the main sources of email-borne malware nowadays are unprotected machines, probably mostly home machines rather than corporate systems.

As a result of the way the threat scene changes at an ever-accelerating ...

Dell Announces exciting new line of BUSINESS Laptops

Dell Takes Business Laptops to New Latitudes
from dell.com
--------------------------------------------------------------------------------

August 12, 2008

Sets Business-Class Benchmarks for Weight, Design and Durability
Breakthrough Battery Life: Up to 19 Hours on a Single Charge
Previews Dell Latitude ON technology: Access to E-mail in Seconds
Halogen-Reduced System

SAN FRANCISCO and LONDON - Inspired by close collaboration with nearly 4,000 IT professionals and end users, Dell today announced a completely new line of Latitude and Dell Precision laptops, ranging from the lightest ultra-portable in the company’s history to the most powerful mobile workstation. More details are available at www.dell.com/latitudepresskit.

The new Latitude systems provide breakthrough battery life, brilliant new design and style - including a choice of five colors.

“Since 1995, we’ve shipped more business laptops worldwide than anyone,” said Michael Dell, chairman and CEO of Dell. “This, and our 5 million plus conversations a day with customers, gives us real insight into the needs of the digital nomad. Today we’re translating that insight into breakthrough productivity, portability and design. The new Latitudes are breathtaking.”

Dell’s re-engineered Latitude lineup answers a wide range of user profiles:

Ultra-Portable - Dell Latitude E4200 is a 12.1-inch laptop that starts at 2.2 pounds, making it the lightest commercial notebook in the company’s history

The 13.3-inch Latitude E4300 has a starting weight of 3.3 pounds. Designed for road warriors and executives who demand maximum performance and light weight, the systems will be available in the coming weeks.

Mainstream – The Dell Latitude E6400 and E6500, available today, are 14.1- and 15.4-inch laptops that start at $1,139 and $1,169, respectively. The systems are ideal desktop replacements for high-performance users.

Essential – The Latitude E5400, a 14.1-inch notebook, starts at $839, and the E5500, a 15.4-inch notebook starts at $869. Available today, the systems include everyday features at a cost-effective price.

Semi-Rugged – The Latitude E6400 ATG is a 14.1-inch semi-rugged laptop that starts at $2,399 and will be available next week. It is built and tested to meet Military 810F standards for dust, vibration and humidity.

Desk-Based - From new port replicators to full docking solutions that fit any usage scenario with smaller footprints and streamlined cabling, users can “hot undock.”

Read on...

Netflix Email Glitch, bad week for big players

OK, so this isn't exactly work related BUT seems like a bunch of the big players are experiencing technical difficulties these days.

First, Google's Gmail was down for 2 hours earlier this week (something to do with contacts impacting the abilitiy to login to email) and now Netflix has a shipping problems that they say is related to their email.

Here's the Netflix issue:
------------------------------------------
Netflix Email Glitch Affects Shipments
08.14.08


Hoping to see your next DVD in the mailbox this afternoon? You might be waiting another day due to a technology issue that affected the company's system for sending DVD e-mail alerts.

"We received and were able to process incoming DVDs [Tuesday] morning but, due to a technology issue, we weren't able to send e-mails confirming DVD receipt and we won't ship any DVDs" on Tuesday, Andy Rendich, head of operations for Netflix, wrote in a Tuesday night blog post.

Rendich said that customers who were supposed to have a DVD shipped on Tuesday will receive a credit to their accounts, and Netflix will alert those affected via e-mail.

As of Wednesday morning, "some (but not all) of our distribution centers are back up and shipping DVDs," Rendich wrote in an updated blog post. "Our goal is to resume normal shipping from all of our facilities as soon as possible, but we are still experiencing technical issues with our shipping systems."

How much will that credit be worth?

"We haven't determined this level of detail yet," a Netflix spokesman said via e-mail. "Everyone who should have received a disc but didn't because of our issues will receive a credit, which we communicate to them via e-mail."

E-mail notifications have already started rolling in:

"IMPORTANT: Your DVD shipments might be delayed," the email begins.
"We're sorry to report that we've been experiencing issues with our shipping system, so some of you are not receiving DVDs in a timely manner and some of you have not received emails letting you know we got a DVD back from you.

Complete article from PCMag.com

'Cyberwar' Emerges Amid Russia-Georgia Conflict

'Cyberwar' Emerges Amid Russia-Georgia Conflict

FromPBS Online NewsHour - 08-13-08

Georgia's recent conflict with Russia over the fate of two separatist provinces brought with it a first in international cyber-warfare, as Georgia faced a slew of Internet attacks. An Internet security specialist offers insight.

JEFFREY BROWN: Along with tanks and bullets came so-called cyber-attacks that began several weeks back and appear to be continuing.

Georgian government Web sites -- including the president's office, the parliament, and the foreign ministry -- were defaced with anti-Georgian or pro-Russian images. And Georgia's Internet system was crippled, as hackers manipulated computers to flood government, news, and information Web sites in a way that renders them useless.

Jose Nazario was one of the first security experts to pick up signs of the cyber-trouble. He's a senior researcher for Arbor Networks, a private company that provides Internet security to businesses, governments, and other organizations.

Well, why don't we start with a definition? What do we mean by a cyber-attack?

JOSE NAZARIO, Arbor Networks: Cyber-attacks are generally directed online, using online resource, against online resource of an adversary. So in this case, it is computers which have been compromised and built into a botnet, a network of computers that are under the control of attackers...

JEFFREY BROWN: Explain what -- I'm sorry, explain what a botnet is? Because I've seen that word, and it's a key one. What is it? What does it mean?

JOSE NAZARIO: These are computers that have been infected with malicious software that then changes the control of the computer to an attacker in a remote location. They continually listen for commands from this attacker and act upon them, basically turning them into slaves or zombies at the attacker's command.

JEFFREY BROWN: So what more can you tell us about the specific targets in Georgia? And what kind of impact did it have?

JOSE NAZARIO: In mid-July, as there were some increased tensions between Russia and Georgia over these regions under dispute, we began seeing an attack commanded to a large botnet that was directed to flood the Georgian president's Web site with requests to load the page repeatedly as fast as possible.

This caused it to be inaccessible, based upon our own monitoring, for some time. And these attacks lasted for a couple of days. Now, this pre-dates the skirmishes that we're seeing now and have seen in the past week between Russian forces and Georgian forces.

Entire interview.

Gmail outage, notice from Google

2 hour Gmail outage Monday

Did you notice or were you impacted by this?

SmallBizResource Blog -- Internet

Did You Survive the Gmail Outage?

Posted by Gayle Kesten Tuesday, Aug 12, 2008, 09:50 AM ET

Memo from Google: We are experiencing technical difficulties. Please stand by.

As posted on sister site bMighty.com: "Gmail users were without their e-mail service for two hours on Monday thanks to a systemwide outage beginning around 2 p.m. PT."

The glitch, according to the Gmail Blog, "was caused by a temporary outage in our contacts system that was preventing Gmail from loading properly...We've identified the source of this issue and fixed it."

Good to hear. The blogosphere seems to be going easy on Google as well. "In a perfect world of software as a service, downtime exists as a curious idea, something people hear about but never actually see. The world is not perfect, and neither is SaaS," wrote WebProNews' David A. Utter.

Over at Search Engine Journal, Loren Baker said that coverage of the outage (say that 10 times fast) goes to show just how popular the free service has become among users. "If GMail had gone down a year ago, would anyone have really cared? Possibly a handful of search bloggers and other Googlephiles, but the service goes down from here on out, and it's world news. Another sign that Google has excelled yet another appliance beyond search and the business world has reacted favorably by becoming dependent upon it."

More to his point: "This morning the problem was the most searched-for term on Google, with five of the top ten searches referencing the issue," reported the HeraldSun, whose local Australian readers pretty much slept through the whole event.

OK, it's Tuesday now and we all live to tell. Were you and/or your business negatively affected? Can you forgive Google this service transgression?

Original post here.

Verizon Strikes Deal to Bring Fios Service to DC

At last, finally...

Verizon Strikes Deal to Bring Fios Service to the District

By Mike Musgrove
Washington Post Staff

The District and Verizon Communications have reached an agreement that would bring the company's Fios service to the city.

Eric E. Richardson, director of the D.C. Office of Cable Television, said the agreement requires approval by the mayor's office and the D.C. Council, a process that could be completed "by the end of this year." Still, it may be some time before consumers get the service.

Verizon's Fios network delivers high-speed Internet access, telephone and television service through fiber optic cable. Verizon could not have delivered television service through such a network without reaching a cable franchise agreement with the city.

Complete article.