Trojan.Tracur.B
Risk Level: Very Low. Type: Trojan.
Definition file update for Ad-Aware
Definition file update for Ad-Aware - combating Viruses, Spyware, Malware, Rogue software, Worms and Adware.
Updated definitions:
====================
Win32.Adware.EzuLa
Win32.Backdoor.Agent
Win32.TrojanPWS.Agent
Win32.Trojan.Agent
Win32.Trojan.Pakes
Win32.TrojanDownloader.Agent
Win32.TrojanDownloader.Small
Win32.TrojanPWS.Magania
Win32.TrojanPWS.OnlineGames
Win32.TrojanSpy.Banker
Win32.Worm.Viking
Win32.Worm.Bagz
Win32.TrojanSpy.Zbot
Win32.Trojan.Searches
Win32.Backdoor.Small
Win32.Trojan.Inject
Win32.TrojanDownloader.Injecter
Win32.Backdoor.Poison
Win32.TrojanPWS.QQRob
Win32.Worm.Kolab
Win32.Trojan.Buzus
Win32.TrojanDownloader.Fraudload
Win32.Worm.AutoIt
Win32.TrojanDownloader.Autoit
Win32.Trojan.Monder
Win32.Backdoor.Gbot
Win32.Backdoor.Inject
Win32.TrojanDownloader.CodecPack
Win32.Trojan.Tdss
Win32.Trojan.FakeAV
Win32.Trojan.Patched
Win32.Trojan.Zapchast
Win32.Trojan.Agent2
Win32.Trojan.Genome
Win32.P2PWorm.Palevo
Win32.TrojanDropper.Fraudrop
Win32.TrojanRansom.Blocker
Win32.Trojan.Vkhost
Win32.Trojan.Hrup
Win32.Trojan.Vbkrypt
Win32.Backdoor.Spammy
Win32.Trojan.Sasfis
Win32.Trojan.Vilsel
Win32.Trojan.Scar
Win32.TrojanDropper.TDSS
Win32.Adware.ScreenSaver
Win32.TrojanSpy.SpyEyes
Win32.TrojanSpy.carberp
Win32.Trojan.Jorik
Win32.IMWorm.Sohanad
Win32.Trojan.Diple
Win32.Trojan.Menti
Win32.Trojan.Virtumonde
Win32.TrojanRansom.Pornoasset
Win32.Hoax.Flashapp
Win32.TrojanDropper.Dapato
Win32.TrojanDownloader.Dapato
Win32.Trojan.Yakes
Win32.Backdoor.Darkhole
Win32.TrojanDropper.Injector
Win32.TrojanRansom.Foreign
Win32.Worm.Ngrbot
Win32.Backdoor.Proxyier
MD5 checksum: aaw2009-excluded-build-150.731.aawdef: ee5b324dc2f24332e52d768c288d1c1d
EXP/2011-3544.BL.2
Danger Level: Low Threat
VDF version: 7.11.23.162
Published date: Wed, 22 Feb 2012 02:51:06 +0100
Complete description for this threat can be found here.
VDF version: 7.11.23.162
Published date: Wed, 22 Feb 2012 02:51:06 +0100
Complete description for this threat can be found here.
Hackers nip at LA police canine group
Group claims to have found objectionable photos of children in officer's e-mails after breaking into police Web site and stealing passwords and other data.
Originally posted at InSecurity Complex
EXP/Pidief.aom
Danger Level: Low to Medium Threat
VDF version: 7.11.23.180
Published date: Tue, 21 Feb 2012 14:20:48 +0100
Complete description for this threat can be found here.
VDF version: 7.11.23.180
Published date: Tue, 21 Feb 2012 14:20:48 +0100
Complete description for this threat can be found here.
Nightline Takes "A Trip to The iFactory"
Nightline, a U.S. news program, will air what's being billed as a special episode this evening on the ABC network. In it, Nightline Co-Anchor Bill Weir will tour Foxconn's factory floor. If you haven't heard of Foxconn, they're the company that manufactures devices such as iPad, iPhone, Kindle, PlayStation 3, Wii, and the Xbox 360.
Weir's invitation to visit "Apple's factory" in China is in part due to growing consumer pressure. Several weeks ago, This American Life, a production of Public Radio International, aired a segment of The Agony and the Ecstasy of Steve Jobs by monologist Mike Daisey. In the story, Daisey, a self-described super fan of Apple, traveled to China to see where his iPhone was made.
You can listen to the story here.
After Mr. Daisey and the Apple Factory aired, social activist groups such as change.org and sumofus.org then organized petitions for Apple to make an "ethical" iPhone. The groups recently delivered over 250,000 signatures to Apple's flagship store in New York.
And so now Foxconn has reached its "Nike moment" (a reference to Nike's PR troubles in the 1990's) and has invited Nightline to tour its facilities to provide more transparency. You can read a preview of the report here: A Trip to The iFactory.
Also of note, Foxconn promised a 25% raise to employees yesterday.
So, what's the lesson of the story?
Our thoughts… looks to us like social activism is superior to hacktivism.
Weir's invitation to visit "Apple's factory" in China is in part due to growing consumer pressure. Several weeks ago, This American Life, a production of Public Radio International, aired a segment of The Agony and the Ecstasy of Steve Jobs by monologist Mike Daisey. In the story, Daisey, a self-described super fan of Apple, traveled to China to see where his iPhone was made.
You can listen to the story here.
After Mr. Daisey and the Apple Factory aired, social activist groups such as change.org and sumofus.org then organized petitions for Apple to make an "ethical" iPhone. The groups recently delivered over 250,000 signatures to Apple's flagship store in New York.
And so now Foxconn has reached its "Nike moment" (a reference to Nike's PR troubles in the 1990's) and has invited Nightline to tour its facilities to provide more transparency. You can read a preview of the report here: A Trip to The iFactory.
Also of note, Foxconn promised a 25% raise to employees yesterday.
So, what's the lesson of the story?
Our thoughts… looks to us like social activism is superior to hacktivism.
On 21/02/12 At 01:55 PM
Definition file update for Ad-Aware
Definition file update for Ad-Aware - combating Viruses, Spyware, Malware, Rogue software, Worms and Adware.
Updated definitions:
====================
Win32.Adware.AdRotator
Win32.Backdoor.Hupigon
Win32.Trojan.Agent
Win32.Trojan.Delf
Win32.Trojan.DNSchanger
Win32.Trojan.Pakes
Win32.TrojanDownloader.Agent
Win32.TrojanDropper.Pincher
Win32.TrojanDropper.Agent
Win32.TrojanDropper.Vidro
Win32.Worm.Autorun
Win32.Trojan.BHO
Win32.TrojanSpy.Zbot
Win32.Backdoor.Small
Win32.Trojan.Inject
Win32.TrojanDropper.Small
Win32.TrojanDropper.VB
Win32.TrojanDownloader.Injecter
Win32.TrojanDropper.MuDrop
Win32.Trojan.Obfuscated
Win32.TrojanClicker.VB
Win32.TrojanDropper.Microjoin
Win32.Backdoor.DsBot
Win32.Worm.Kolab
Win32.TrojanDropper.Smorph
Win32.TrojanDownloader.Fraudload
Win32.Backdoor.Sinowal
Win32.TrojanSpy.BHO
Win32.Trojan.Monder
Win32.Backdoor.Gbot
Win32.Backdoor.Inject
Win32.Trojan.Lebag
Win32.TrojanDownloader.CodecPack
Win32.Trojan.Tdss
Win32.Trojan.FakeAV
Win32.TrojanDropper.Binder
Win32.Trojan.Agent2
Win32.Trojan.Genome
Win32.P2PWorm.Palevo
Win32.TrojanSpy.Agent
Win32.TrojanRansom.Blocker
Win32.Trojan.Hrup
Win32.TrojanDropper.Startpage
Win32.TrojanDropper.Clons
Win32.Backdoor.Bredolab
Win32.TrojanDownloader.Lipler
Win32.Worm.Vbna
Win32.Trojan.Vbkrypt
Win32.Backdoor.Spammy
Win32.TrojanDownloader.Myxa
Win32.Trojan.Swisyn
Win32.Trojan.Scar
Win32.TrojanDownloader.Genome
Win32.TrojanDropper.Decay
Win32.Trojan.Rozena
Win32.TrojanDropper.TDSS
Win32.Backdoor.Papras
Win32.TrojanDropper.Drooptroop
Win32.Adware.ScreenSaver
Win32.TrojanSpy.SpyEyes
MSIL.TrojanDropper.Agent
Win32.Exploit.Aluigi
Win32.TrojanDownloader.Nekill
Win32.TrojanDropper.Cadro
Win32.TrojanSpy.carberp
Win32.Trojan.Jorik
Win32.TrojanDropper.Aspxor
Win32.Trojan.Diple
Win32.Trojan.Menti
Win32.Trojan.Virtumonde
Win32.Hoax.Flashapp
Win32.TrojanDropper.Dapato
Win32.Trojan.Yakes
Win32.TrojanDropper.Injector
Win32.TrojanRansom.Foreign
Win32.TrojanDropper.Cidox
Win32.Worm.Ngrbot
Win32.TrojanDropper.Zaccess
Win32.TrojanDropper.Daws
MD5 checksum: aaw2009-excluded-build-150.730.aawdef: 69a348bfae0097a19dd5c178cc23814b
Bloodhound.Exploit.451
Risk Level: Very Low. Type: Trojan, Virus, Worm.
to patch or not to patch: an edge case
i find myself in a rather odd predicament today. i've been using an older computer (we'll call it one of my secondary computers since it get very little use compared to the one i'm writing this with right now) and i got a pop-up notification that i was running out of space on drive C:.
now i want to put this in context; this computer sees very little use, mostly it gets turn on, has some files transferred to it or from it, and then switched off. i can't remember the last time i actually installed anything on it (for that matter, since i've switched over to using portable software, i can't recall the last time i installed anything on my primary system either) so let's say it's been a really, really long time since i touched the C: drive at all. mostly it's the larger secondary physical disk that gets used.
so you can imagine my surprise when the notification about running low on space popped up. was there something malicious going on? had the system been compromised? no, it was in the process of applying system updates. patches had actually eaten up the majority of my free space - the WINDOWS directory was taking up over 7 gigs of my 10 gig drive. i'm actually in the position where i have to uninstall software so that the patching will succeed.
now, this is an XP system so one might reasonably suggest that i upgrade to the latest version of windows so that i can avoid having all those patches on my system. unfortunately, this system is so old, i doubt it will meet the system requirements of anything newer than XP.
one might also, entirely reasonably, suggest upgrading the harddisk to something larger. memory is cheap, after all. it's a little difficult to justify upgrading the drive just to accommodate microsoft's attempts to fix their earlier mistakes, though. it's certainly not like i'm going to get any additional benefit from greater space on a drive i never make use of.
one could even go so far as to suggest upgrading all the things so that not only would i be able to move to the latest version of windows, i could have more space and a snappier system that is more amenable to being used day to day. but i already have a computer that's more amenable to being used, so really everything that was wrong with the idea of upgrading the drive is also wrong with this plan, in spades.
it's times like this that make one question things we normally take for granted, like why does it patching take so much space? is the fixed binary that much larger than the one with the error in it? no, that doesn't appear to be what's going on. it appears that windows keeps a bunch of stuff around so that you can uninstall the patch if you want to. does anyone ever actually do that? there may be a way to reclaim the space those uninstall files take up, but it's not obvious just by looking at the system, and right now simply letting the updates happen the way an ordinary user would is actually reducing the utility of the system.
thankfully the utility that's been lost wasn't really needed anymore. but what about next time? support for XP is ending, but it's not over yet, there are still more patches coming. i'm going to be facing the prospect of no longer getting patches anyway, so i might as well get used to it early - and since the system is little more than a network attached storage device that spends most of it's time powered off, i can't really see the harm.
in security, we normally think of applying patches as a no-brainer. it may present some logistical hurdles in the enterprise, but it still needs to get done. sometimes, though, there are cases where it just doesn't pay off. no practice is so universally beneficial that it should be mindlessly applied 100% of the time.
now i want to put this in context; this computer sees very little use, mostly it gets turn on, has some files transferred to it or from it, and then switched off. i can't remember the last time i actually installed anything on it (for that matter, since i've switched over to using portable software, i can't recall the last time i installed anything on my primary system either) so let's say it's been a really, really long time since i touched the C: drive at all. mostly it's the larger secondary physical disk that gets used.
so you can imagine my surprise when the notification about running low on space popped up. was there something malicious going on? had the system been compromised? no, it was in the process of applying system updates. patches had actually eaten up the majority of my free space - the WINDOWS directory was taking up over 7 gigs of my 10 gig drive. i'm actually in the position where i have to uninstall software so that the patching will succeed.
now, this is an XP system so one might reasonably suggest that i upgrade to the latest version of windows so that i can avoid having all those patches on my system. unfortunately, this system is so old, i doubt it will meet the system requirements of anything newer than XP.
one might also, entirely reasonably, suggest upgrading the harddisk to something larger. memory is cheap, after all. it's a little difficult to justify upgrading the drive just to accommodate microsoft's attempts to fix their earlier mistakes, though. it's certainly not like i'm going to get any additional benefit from greater space on a drive i never make use of.
one could even go so far as to suggest upgrading all the things so that not only would i be able to move to the latest version of windows, i could have more space and a snappier system that is more amenable to being used day to day. but i already have a computer that's more amenable to being used, so really everything that was wrong with the idea of upgrading the drive is also wrong with this plan, in spades.
it's times like this that make one question things we normally take for granted, like why does it patching take so much space? is the fixed binary that much larger than the one with the error in it? no, that doesn't appear to be what's going on. it appears that windows keeps a bunch of stuff around so that you can uninstall the patch if you want to. does anyone ever actually do that? there may be a way to reclaim the space those uninstall files take up, but it's not obvious just by looking at the system, and right now simply letting the updates happen the way an ordinary user would is actually reducing the utility of the system.
thankfully the utility that's been lost wasn't really needed anymore. but what about next time? support for XP is ending, but it's not over yet, there are still more patches coming. i'm going to be facing the prospect of no longer getting patches anyway, so i might as well get used to it early - and since the system is little more than a network attached storage device that spends most of it's time powered off, i can't really see the harm.
in security, we normally think of applying patches as a no-brainer. it may present some logistical hurdles in the enterprise, but it still needs to get done. sometimes, though, there are cases where it just doesn't pay off. no practice is so universally beneficial that it should be mindlessly applied 100% of the time.
Security awareness, security breaches, and the abuse of “stupid”
Computer security is not created, nor is it improved, by calling people stupid. That's the conclusion I have arrived at after more than two decades in computer security and auditing. To put it another way, we should stop dropping the "S" bomb, especially when it comes to people who don't know any better.
Consider the phenomenon of people posting photos of credit cards on Facebook, a sort of self-inflicted security breach. Your first reaction might be "Is that stupid or what?"
In my opinion the "or what?" is a fair question, one that I thought about this President's Day, a day when a lot of credit cards in America get a good workout (with the notable exception of the one in this picture).
Note that what you're seeing is a doctored version of what actually appeared on Facebook, where the details on the front of credit card were clearly visible. These have been masked in this screenshot, along with other identifying information (I have tried to find out who produced the above image in order to give them credit, as it were, but so far I've not succeeded).
Also note that the person who posted the pic does not seem to be the card owner, so it's not a case of "stupid kid posts photo of his first credit card" which is how some bloggers described it (although I am sure there are cases of that kind as well). No, this is just a case of a person, possibly a parent, being proud of that "first credit card" moment, and wanting to share it with friends and family. This person was probably in the same state of mind as many other Facebook users who:
A. Think of Facebook as a place to share things with a few select friends, but have not adjusted their "share" settings accordingly, and;
B. Under-estimate the number of people who are willing to take advantage of their fellow human beings.
In other words "they don't know any better" and possibly lack the kind of life experiences that make other people think twice about putting a photo like that online. Now, I don't know what percentage of Facebook's 800+ million users are currently A+B positive, so to speak, but they represent a rich vein of potentially exploitable persons. Fraudsters and scam artists are keen to mine that vein, as evidenced by the constant appearance of new deceptions documented by websites like Facecrooks.
What should really be of concern to companies, and society at large, is that these A+B folks are not just a target on Facebook. Criminals are targeting users who lack security awareness across a wide range of information systems. They are crafting attacks that rely on exploiting digital device users who have little or no security training.
So the next time you hear infosec professionals bemoaning the stupidity of users you need to ask: "Are they stupid because they are ignoring the security training they received, or are they doing stupid things because we have failed, as an organization, and as a society, to teach them to know better?"
And while we're at it, what say we cut Shannon and Dustin a break!