Friday, September 02, 2005

Skulls.A

Skulls is a malicious SIS file trojan that will replace the system applications with non-functional versions, so that all but the phone functionality will be disabled.

The Skulls SIS file is named "Extended theme.SIS", it claims to be theme manager for Nokia 7610 smart phone, written by "Tee-222".

If Skulls is installed it will cause all application icons to be replaced with picture of skull and cross bones, and the icons don't refer to the actual applications any more so none of the Phone System applications will be able to start.

This basically means that if Skulls is installed only the calling from the phone and answering calls works. All functions which need some system application, such as SMS and MMS messaging, web browsing and camera no longer function.

If you have installed Skulls, the most important thing is not to reboot the phone and follow the disinfection instruction in this description.

The Skulls.A and other Skulls trojans are targeted against Symbian Series 60 devices, but can affect also other Symbian devices, for example Nokia 9500, which is a Series 80 device. However when trying to install Skulls trojan on Nokia 9500, user will get a warning that the SIS file is not intended for the device, so risk of accidental infection is low.

for article

Posted by at No comments:

New line of network security by Symantec


Posted by: Nikola Strahija on September 2, 2005

Symantec has published its third-generation integrated security line, the Gateway Security
5600 Series, building in anti-virus and firewall capabilities as well as VPN, spam
protection and other features.
Such security applications are designed to cut costs and simplify management by integrating various functions into a single unit, but can be limited by their throughput. Symantec says the 5600-series devices can scale to campus-sized networks with a throughput of more than 3.0Gbit/s, although industry observers say speed depends on the number of features enabled.
ΕΎ
The new line is specifically designed to fight against complex threats that combine a number of different attack vectors. To that end it tightly integrates anti-spam, anti-virus, VPN, full-inspection firewall, intrusion detection and prevention, and content filtering, Symantec said.

The VPN technology uses both SSL and IPSec-based approaches, allowing users to put a mixture in place under one licence. The VPNs are clientless, eliminating the need for remote users to installsoftware, and administrators can require users to go through a security check before they connect, ensuring they've got up-to-date antivirus software installed.

Filtering, designed to keep employees from viewing the wrong sort of material, is based on both URL lists and a technology called Dynamic Document Review (DDR), which lets administrators define blacklists of words and word relationships.

Users of existing 5400-series and 4400-series models can get the new features with an upgrade to Gateway Security v3.0 software, and users with active maintenance contracts get the upgrade for free. For More
Posted by at No comments:

IT security awareness

UK - IT security awareness (CommsWatch)
The British Government has launched a new web site on IT security awareness, ITsafe, to protect home computer users and micro businesses from viruses and other threats online. The website offers free advice as well as virus and threat alerts allowing computer users to surf the net and send and receive emails more safely. The service, a Home Office funded initiative, uses information provided by the National Infrastructure Security Co-ordination Centre (NISCC) - the Government?s centre for electronic defence.
Posted by at No comments:

Framework Decision on attacks against information systems

EU - Attacks against information systems (Consilium)
Justice and Home Affairs 24 February 2005. The Council adopted a Framework Decision on attacks against information systems. The Framework Decision approximates rules on criminal law in the Member States in the area of attacks against information systems. Member States are required to take the necessary measures to ensure that illegal access to an information system and interference with the integrity of an information system or of its data are punishable as criminal offences.
Posted by at No comments:

Microsoft sues 117 phishers

US - Microsoft sues 117 phishers (out-law.com)
Microsoft has sued 117 phishers. The lawsuits, which will enable the software giant to identify the fraudsters behind phishing schemes, are part of the company's commitment to tackling cyber-crime. A typical phishing attack occurs when a fraudster sends an e-mail that contains a link to a fraudulent web site where users are asked to provide personal account information. The e-mail and web site are usually disguised to appear to recipients as though they are from a bank or other trusted service provider.
Posted by at No comments:

IM back online

Reuters IM back online after worm attack (CNET News.com)
International media company Reuters reinstated its instant messaging network, after shutting it down completely the previous day, when a variant of the Kelvir worm attempted an attack on systems using the IM application.
Posted by at No comments:

Hidden Users on Windows

This article documents the failure of the User Account Manager in the Windows Control Panel to report interactive logons made with the netapi. This security issue has been verified on Windows 2000 Professional, Windows XP Home, and Windows XP Professional. Microsoft was notified of this issue on July 28, 2005. The problem is not with the netapi or the ability to create users but with the User Account Manager in Windows. It simply fails to list all of the users that are on the system.

This issue was noticed while exploring the netapi on windows - users created with the netuseradd function failed to show up in the User Account Manager (an example follows). The failure to list users made with the netapi presents a problem for obvious reasons; home users and even administrators expect to see all of the users on their system when they manage them from the Control Panel.

The solution in all versions of windows is simple. Do not depend on the User Account Manager when managing user accounts on your system. Instead, users should use the Local Users and Groups management snapin. This is accessible via Control Panel >> Administrative Tools >> Computer Management >> Local Users and Groups. You can also access this snapin by running lusrmgr.msc from the run box.

If you are one of the unfortunate ones stuck with XP Home Edition you don’t have access to the Local Users and Groups management snapin. As an alternative it is possible to list all of the users on your system from the command-line:


FOR DETAILS
Posted by at 1 comment:

Virus Payloads - History and Payload Mentality

Through time, virii have been designed for a purpose. This purpose has been often fullfilled by their payloads, ranging from an annoying system notice to destructive, high damage-provoking data losses. One thing is certain: payloads many times are a symbol of the coder's attitude versus virii and regarding coding technique itself. There is no good purpose to format 1000 innocent hard drives, neither is it a good purpose to submit your hard study and work to AV, to give them more money.

for article
Posted by at No comments:

"Hurricane Katrina" spam message downloads trojans

We've received some reports from people who have received a spam message with subject fields like "Katrina killed as many as 80 people".

The message seems to contain a news article on the devastation caused by hurricane Katrina:

katrina spam

However, if you follow the "Read more" link, you end to a website called "nextermest.com":

nextermest.com

This site is just a placeholder, which will refresh to a page that tries to download the Trojan-Downloader.JS.Small.bq malware to the computer.

Avoid the site. Abuse messages have been filed for it.

for article
Posted by at No comments:

Worm found on new MP3 players

Creative has reported it has accidentally shipped almost 4000 MP3 players with a Windows virus. This happened in Japan with the 5GB Zen Neeons players that have been shipping for two months now.
Creative Zen Neeon
The filesystem on the players contains one file that is infected with the Wullik.B (also known as Rays.A) email worm. The worm won't infect PCs unless user browses the player files and clicks on the infected file.

The worm in case is over two years old and spreads by emailing copies of itself and dropping itself to shared folders.

Creative is reporting (in Japanese) that the virus affects players with serial numbers between 1230528000001 and 1230533001680.

for article
Posted by at No comments:
Subscribe to: Posts (Atom)