Tag Archive | "Trojan"

Sources for Computer Virus News Alerts


If your concerned about security and need to know the latest information about possible virus and malware threats, then take a quick look at the following list.  The data from these sites is updated regularly and can help you keep ahead of an outbreak or attack.

McAfee Virus Information

See the latest virus information on McAfee’s virus alert page. Use the dropdown to select among malware, hoaxes, jokes, or view all.  You can also sign up for email alerts too.

image

Symantec/Norton’s Threat Explorer

Get a breakdown of vulnerabilities, threats, and risks at Symantec’s Threat Explorer.  Plus see what popular “applications” are currently vulnerable to attacks so you can get them patched.

image

Trend Micro’s Threat Encyclopedia

See the latest that Trend Micro has identified as a threat at the Threat Encyclopedia.

image

SophosLabs Blog

Read what the industry experts at Sophos have to say about what’s going on with recent threats at the SophosLabs Blog.  Subscribe to their RSS feed and signup for email notifications too.

image

Microsoft Security Bulletins

Only for those running Windows – get the latest on Microsoft vulnerabilities at their Security Bulletin Search page.  Don’t forget to signup for automatic security notifications.

image

Security Focus

The Security Focus Vulnerabilities page allows you to search for vulnerabilities by vendor. Get even more granular by drilling down into titles and software versions. Get your Security Focus newsletters too.

image

Computer Associates – Vulnerability Information Center

Find newly discovered vulnerabilities and alerts from the Vulnerability Information Center at CA. From there branch off to virus and spyware news.

image

I’m sure there are a few more reputable sources for this kind of information. Please post your favorites in the comments.

Posted in Anti-virus, InternetComments (1)

USB Thumb Drives Can Pose a Threat To Your Machine


Have you ever found a USB stick in the lobby of a hotel?  Perhaps there are two or three in a pile or on a display that asks you to “take one”.  Maybe you work at a company and someone has dropped of a pamphlet or flier for a product and left a USB thumb drive behind with “literature” about the product.

Bad guys do this kind of thing all the time.  Security experts will tell you that it is an easy way to get infected with a virus, or have a trojan program spread to your or your company’s network.

This exploit works by utilizing the AutoRun feature that is triggered by inserting a thumb drive in an available USB port (Windows only).  Those drives that have programs on them are told to run via a configuration file that has been placed at the top level of the drive’s file system.OLYMPUS DIGITAL CAMERA

Let’s look at how this might work:

  • The executable program that the bad guys want to have run is placed on the thumb drive (say the file is called “install_bad_software.exe”).
  • A file is created called “Autorun.inf” with a few lines of text indicating which file to run.
  • The USB thumb drives are distributed in various ways – i.e. left at company or hotel lobbies.
  • Once you place the USB thumb drive into your PC, the file is executed and you are well on your way to installing malicious software.

Here is an example of an Autorun.inf file.  They can be quite simple.

[AutoRun]
shellexecute=install_bad_software.exe

Another trick that is used is to direct you to a website that will install a virus or trojan.

[AutoRun]
shellexecute=http://bad-software-install.com

Prevention

You can prevent AutoRun from kicking off any programs by simply holding down the <SHIFT> key while inserting the drive in your computer.

Just beware of those “free”, flashy looking USB drives that you may find lying around. They could be dangerous. Just remember to use the <SHIFT> key when inserting.

Photo by inya.

Posted in Hardware, Quick TipsComments (3)

AVG Anti-virus Kills Critical Windows XP User32.dll File


AVG anti-virus recently released an update to their virus definitions file which incorrectly detected a critical Windows file as being a Trojan horse program.

Both AVG 7.5 and 8.0 (free versions and pay versions) incorrectly identified “user32.dll” as being a malicious Trojan program called PSW.Banker4.APSA (according to their forum post).

avg_forum

AVG Forum Post

Depending on the configuration settings chosen for AVG, the detection could result in the removal of user32.dll and the inability to reboot the PC.  User32.dll is a critical file which allows for API calls to the Windows Graphical User Interface.  If the file is missing during  boot, the computer will Blue Screen.

We get the following from Computer World’s report:avg

AVG released a follow-up signature update to correct the problem, but that solution only worked if the user had not turned off his PC, or rebooted it, after installing the buggy update and then deleting user32.dll.

AVG’s support website has some details on how to recover user32.dll in their support section.

Posted in Anti-virus, Software ToolsComments (0)


Related Sites