Mimicking legitimate brands is a common technique cyber criminals use to trick users into downloading malware programs. While rogue antivirus programs are nothing new, this week saw the arrival of a fake AV spoofing free Microsoft Security Essentials, courtesy of drive-by-download attacks as either hotfix.exe or mstsc.exe.
According to the article, “Trojan found disguised as Microsoft antivirus product,” the fake alert claims the user’s computer is infected with an “Unknown Win32/Trojan.” In a sharp, professional-looking display that features 32 antivirus products (most of them top AV brands) that defend against viruses, spyware and other malicious code, the tool offers a handful of fake AV solutions to clean the infection. Microsoft is warning users not to download any security programs that come from suspicious or untrustworthy sources. ( Read More… )
For some time now, I’ve been wrestling with how to respond to the way so many people in the security industry misuse the term advanced persistent threat, or APT, for their own marketing purposes. Freely using the term to describe a product that claims to stop APTs is simply wrong. Endpoint security solutions don’t actually stop APTs themselves. To varying degrees, they provide protection against the various types of attacks used by APTs to penetrate a network.
In the article, “How advanced persistent threats bypass your network security,” writer Roger Grimes does an excellent job outlining how APTs are different than more traditional attacks, and their methods of circumventing network defenses. The high-profiled Stuxnet worm, of course, is a classic example of an APT’s weapon because of how advanced and targeted it is. ( Read More… )
While speculations about the Intel/McAfee deal continued to reverberate throughout the industry, new findings about the intentions of the infamous Stuxnet worm dominated the security headlines in September. Security professionals also ran into an old nemesis when the “Here you have” worm, a throwback email virus, resurfaced and surprisingly infected some the world’s biggest multi-national companies. Why weren’t their networks protected from such an attack? That’s a good question. Here are some of the top endpoint security stories for September 2010. ( Read More… )
With all the talk about the motivation behind Intel’s purchase of McAfee, it seems readily apparent that differentiation in the market for mobile devices, from smartphones to laptops, is a primary element of the acquisition. Four things are converging in this market that help explain Intel’s interest in the mobile device market and McAfee — with the last one likely being the most important:
- It is a huge and rapidly growing market, and adoption of the devices continues to skyrocket.
- The devices are basically small computers, with many of the same types of online access, personal information, etc. that other computers have.
- Malware attacks are starting to hit the mobile community, and people need to protect their devices and themselves.
- Intel currently has very little presence in this market, and it needs a foothold — and thus, a why to differentiate themselves from the already entrenched players such as ARM and Qualcomm. ( Read More… )
The old adage of everything old is new again resurfaced last week as a new email worm reminiscent of the love letters and Anna Kournikova email worms from a decade ago infected systems around the globe. Using a Windows screensaver file containing malicious code, the “Here you have” virus pretends to offer links to PDF documents or videos before actually installing a worm on the user’s computer. Once on a system, the malware spreads by disabling antivirus programs and exploiting PC users’ address books. So far, organizations such as Google, NASA, ABC-Disney, Coca-Cola and Comcast have been hit.
Following the worldwide outbreak, Symantec, along with other antivirus companies, issued recommendations to help companies mitigate the threat and stop it from spreading ( Read More… )