Foursys - specialists in network threat protection
Company News

News

'Catastrophic' Avira antivirus update bricks Windows PCs

Thursday, 17 May 2012 08:16 The Register
E-mail Print PDF

Security software biz Avira has apologised after its antivirus suites went haywire and disabled customers' Windows machines.

A service pack issued in Monday caused its ProActiv monitoring software to think vital operating system processes were riddled with malware and blocked them from running.

Users of the affected products - Avira Professional Security, Avira Internet Security 2012 and Avira Antivirus Premium 2012 - were left with malfunctioning or inoperable systems after they applied the dodgy update. A fix has since been issued.

Components reportedly blocked included iexplore.exe, notepad.exe and regedit.exe, plus applications including Microsoft Office and Google Updater were also sin-binned.

Unsurprisingly Avira's support forums quickly filled up with posts by frustrated punters. "This update has been pretty catastrophic," one small business user complained. "The whole company ground to a standstill."

Avira responded by withdrawing the malfunctioning update, Service Pack 0 (SP0) for Avira Version 2012, and issuing a replacement upgrade. In an advisory, Avira said it "deeply regrets" the inconvenience customers have experienced as the result of the snafu. It goes on to explain how users can disable its ProActiv behavioural monitoring technology in case it goes nuts again.

From time to time antivirus signatures, used to identify malware inside files, cause headaches for vendors when they report false positive matches. Things get really messy in cases where core Windows components, rather than just third-party apps, are wrongly labelled as potentially malign. Screwing up a signature pack is one thing, but Avira's mixup involves a major software update, raising questions over why the blunder was not caught during pre-release testing.

Avira is best known as a supplier of freebie Windows antivirus scanners to consumers in competition with the likes of AVG and Avast. The German firm uses its presence in this market to help it sell paid-for products to consumers and small businesses.
 

ICO website pushed offline by suspected DDoS

Tuesday, 15 May 2012 12:18 SC Magazine
E-mail Print PDF

The websites of the Information Commissioner's Office (ICO) and Home Secretary Theresa May have been taken down as part of a distributed-denial-of-service (DDoS) campaign.

According to Techweek Europe, the attacks were carried out by an Anonymous splinter group named‘ATeam' who were protesting against the proposed extradition of Gary McKinnon and Richard O'Dwyer to the US.

May's website went down from around 9pm on Sunday for around 13 hours; the website of the Supreme Court was also pushed offline, with the ICO site still down at the time of writing.

A spokesman for May told Techweek Europe that she "treats threats of disruption to her website very seriously".

The ICO has confirmed that it is looking into the matter with the provider of its web hosting. In a statement, it said: “Access to the ICO website has been disrupted over the past few days. We believe this is due to a distributed-denial-of-service attack.

“The website itself has not been damaged, but people have been unable to access it. We provide a public-facing website which contains no sensitive information.

“We regret this disruption to our service and we are working to try to bring the website back online as soon as possible.”

André Stewart, president international at Corero Network Security, said: “The takedown of the ICO website by an apparent DDoS attack is, once again, evidence that government organisations need to be better prepared for the growing threat from cyber crime carried out by politically or ideologically motivated hacktivists.

“Virtually every week we are seeing DDoS attacks being launched. Organisations of all types need to start planning accordingly in terms of putting the right technology and protocols in place to protect themselves and their constituents and customers against these forms of attack, before a more serious data breach occurs.”

 

Jericho botnet targets financial websites for login credentials

Tuesday, 08 May 2012 13:50 SC Magazine
E-mail Print PDF

A new botnet has been detected that steals passwords and login credentials, with more than 100 financial and banking domains targeted.

Named the ‘Jericho' botnet, it was detected by Palo Alto Networks, which claimed to have discovered 42 samples of it and said it is a variant of banking Trojans such as the stealthy Jorik.

Palo Alto said its WildFire detection network found the unique but related banking botnet samples. It also said that all infections were delivered from Israeli IP space, but the engineering of the file appears to be of Romanian origin; as the vast majority of the URLs used to deliver the malware ended in ierihon.com (Ierihon means “Jericho” in Romanian), it was named the Jericho botnet.

“But what's really interesting about Jericho is that like many other contemporary pieces of modern malware, Jericho demonstrates a number of behaviours that are designed for stealth, persistence and avoidance of traditional signature-based approaches to malware detection,” it said.

“The malware is able to inject itself into the Windows logon to maintain persistence on the infected host after a reboot. What was a bit more interesting was just how efficient the malware was at injecting itself into valid applications such as Firefox, Chrome, Java, Outlook and Skype, and then repurpose their capabilities. This not only enables the malware to hide within approved applications during run time, but it also means that standard methods for observing Windows API calls are subverted.”

It also claimed that of the 42 samples that were analysed, the top anti-virus solutions only achieved a 3.2 per cent detection rate on the day the sample was first detected. This slowly but steadily improved over time, with coverage improving to 39 per cent over seven days.

 

Android users targeted in drive-by download attacks

Thursday, 03 May 2012 08:33 Arstechnica.com
E-mail Print PDF

Almost a dozen sites are actively targeting Android users with malware that could gain access to corporate networks and other protected systems, security researchers said. They note it's the first time compromised sites have been used to infect users of a mobile handset.

The malware, dubbed NotCompatible, is being transmitted by websites when they're accessed on smartphones running Google's Android operating system. This is according to a blog post published Tuesday by researchers from Android antivirus provider Lookout. An iframe tag included in the sites provides a link to malicious software that's automatically downloaded after the site is visited. The sites then provide notifications prompting end users to install the downloaded app. Installation is possible only on phones that have been configured to run apps acquired from sources other than the Google Play market.

"Hacked websites are frequently used to infect PCs with malware," Lookout researchers wrote in Wednesday's post. "However, today we have identified the first time hacked websites are being used to specifically target mobile devices." The company's security app automatically blocks installation of the software.

Google has long admonished users to download apps only from its official Play market. Most, but by no means all, malicious titles targeting Android are distributed through third-party channels. Lookout's discovery of sites that actively foist malicious installation apps only reinforces this advice. The security firm's claim that Android phones automatically download apps with no user prompting couldn't be immediately confirmed. If true, it's troubling behavior, even if users must change default settings to be able to install the programs.

Visiting the websites on non-Android devices returns an error message that prevents any malicious activity from taking place, Lookout said. But when a browser advertises it's running on an Android device, an HTML script automatically pushes the malicious software through a series of domains including gaoanalitics.info and androidonlinefix.info. A command and control server is hosted at notcompatibleapp.eu. About 10 websites compromised to include the malicious iframe have been identified, a Lookout spokeswoman said.

"Based on our current research, NotCompatible is a new Android trojan that appears to serve as a simple TCP relay/proxy while posing as a system update," the advisory stated. "This threat does not currently appear to cause any direct harm to a target device, but could potentially be used to gain illicit access to private networks by turning an infected Android device into a proxy."

Headline updated to make clear these aren't necessarily the first drive-by download attacks to target Android users. Lookout says they are the first time compromised sites have been used to target the OS.

 

Motorola wins Xbox and Windows 7 ban in Germany

Motorola Mobility has been granted an injunction against the distribution of key Microsoft products in Germany.

The sales ban covers the Xbox 360 games console, Windows 7 system software, Internet Explorer and Windows Media Player.

It follows a ruling that Microsoft had infringed two patents necessary to offer H.264 video coding and playback.

A US court has banned Motorola from enforcing the action until it considers the matter next week.

The handset maker is in the process of being taken over by Google.
Appeal

This is just one of several cases involving about 50 intellectual properties that the smartphone maker has claimed that Microsoft should have licensed.

Microsoft has said that if it met all of Motorola's demands it would face an annual bill of $4bn (£2.5bn). Motorola disputes the figure.

A statement from Motorola said: "We are pleased that the Mannheim Court found that Microsoft products infringe Motorola Mobility's intellectual property. As a path forward, we remain open to resolving this matter. Fair compensation is all that we have been seeking for our intellectual property."

Microsoft said it planned to appeal the German ruling.

"This is one step in a long process, and we are confident that Motorola will eventually be held to its promise to make its standard essential patents available on fair and reasonable terms for the benefit of consumers who enjoy video on the web," a spokesman said.

"Motorola is prohibited from acting on today's decision, and our business in Germany will continue as usual while we appeal this decision and pursue the fundamental issue of Motorola's broken promise."
US hearing

Microsoft moved its European software distribution centre from Germany to the Netherlands last month ahead of the verdict to minimise potential disruption.

However, Motorola cannot enforce the ruling until a Seattle-based judge lifts a restraining order.

The restriction was put in place after Microsoft claimed that Motorola was abusing its Frand-commitments - a promise to licence innovations deemed critical to widely-used technologies under "fair, reasonable and non-discriminatory" terms.

A hearing is scheduled for 7 May, although the judge may issue his ruling at a later date.

The German case is also likely to be considered by the European Commission.

It is carrying out two probes into whether Motorola's Frand-type patent activities amount to "an abuse of a dominant market position".
 
More Articles...
  • «
  •  Start 
  •  Prev 
  •  1 
  •  2 
  •  3 
  •  4 
  •  5 
  •  6 
  •  7 
  •  8 
  •  9 
  •  10 
  •  Next 
  •  End 
  • »
Page 1 of 31

Foursys Live Chat

Achievements

websense-top-selling-uk-reseller-partner-2010

clearswift-partner-of-the-year-2010