Amazon is used to send order confirmation Emails to its customers who purchase goods from Amazon.com. A couple of people reported that they get fake Amazon.com order confirmation Emails with url of malicious website. This is a new version of Email attack that i have ever seen. The text in Email looks like

Dear Customer, Your order has been sucessfully confirmed. For your reference, here’s a summary of your order: You just confirmed order #2341-23483720-38123 Status: CONFIRMED.

At the end of the e-mail follows a link to a malware site, labeled "ORDER INFORMATION".

A number of different domains have been seen used so far.

Source : http://isc.sans.org/diary.html?storyid=8344&rss

Symantec has acquired Web security firm Mi5 Networks and also announced Symantec Protection Suite Small Business Edition and Symantec Protection Suite Enterprise Edition are comprehensive solutions designed to secure firms against security risks and business interruptions, ensuring systems and critical information are readily available. The Symantec Protection Suites are scheduled to be available in summer 2009.

Read more…

Windows7 is built on top of Windows Vista code base and hence it offer the same level of security that Windows Vista offer and in addition to that Windows7 added some more new features to operating system security and streamline the annoying user account control. The default user account created during the installation in Windows 7 is a protected administrator that would be prompted only when programs try to make changes to the system’s configuration; when the user modifies the operating system settings, UAC does not raise any flag.

Read more…

Security software vendors are finding their life extremely tough against computer attacker because they are able to find new ways to inject harmful code into computers, stealing data, running scripts from remote computers. installing Trojan and doing a number of malicious activities. Because of the fact that Malicious software writer developing a good number of virus programs making very hard for antivirus programs to detect them and remove from the computers.

Read more…

Mozilla Firefox and Google Chrome use Google safe browsing feature to warn users about phishing sites and other malwares. But now cyber criminals found a new way redirect users to phishing or other malware site. There is a number of url redirection and url shortening services are available over the internet and cyber criminals using these services to redirect users to phishing or other malware websites.

Read more…

F-Secure Internet Security 2009 is a complete suite of antivirus, antispyware, antispam, antiphishing, and personal firewall tools for personal desktops. F-Secure Internet Security 2009 adds supports for 64-bit Windows Vista operating system.

The installation process of F-Secure Internet Security 2009 is really fast as compare to previous version of F-Secure Internet Security 2009, as installation process completed a reboot is required. Although F-Secure Internet Security 2009 does not provide it’s own uninstaller. Users must have to use Microsoft Windows Add/Remove programs to uninstall F-Secure Internet Security 2009. We don’t find any Registry files, but we did find several program and log files in an F-Secure directory tree on the root drive.

Read more…

Microsoft has finally decided to mark Malicious websites in “Live Search” search results. According to Microsoft Live Search blog: Our primary goal is to protect you from a potentially harmful page. You can still decide to risk it and visit the page, but we strongly urge against it and recommend always following our security guide.

Read more…

Microsoft’s Malware protection website has published a list of 11 rouge antivirus programs that may harm your computer. All of these antivirus programs have different file names and directory structure but the purpose of all these program is same. some of Fake scan screen skins look similar to the Windows Security Center.

List of 11 Rouge Antivirus

1. Micro Antivirus 2009
2. MS Antivirus
3. Spyware Preventer
4. Vista Antivirus 2008
5. Advanced Antivirus
6. System Antivirus 2008
7. Ultimate Antivirus 2008
8. Windows Antivirus
9. XPert Antivirus
10. Power Antivirus
11. Ultra Antivirus 2009

Read more…

YTFakeCreator is a latest tool to create fake Youtube Website to spread malware. Panda Security has  YTFakeCreator, that enables anyone to easily create a fake YouTube page that surreptitiously installs a Trojan, virus, or adware on a visitor’s computer. YTFakeCreator does not not spread malware links by it’s own, an attacker must distribute it via e-mail, FTP, IRC channels, peer-to-peer file-sharing networks or CD.

YTFakeCreator configuration menu

Then, two files are created; one of them belongs to the fake YouTube Website (Index.html) and the other to the error Website that is displayed once the malware has been downloaded (Error.html):

Fake YouTube websites created with this tool look like

warning message can be easily modified with the YTFakeCreator configuration menu

Users get a page asking for download a fake Youtube Plugin and if user select to download the Plugin the selected malware is downloaded to users computer and user get an Youtube error page

McAfee Artemis Technology is a cloud based Malware Protection technology from McAfee. McAfee Artemis Technology offers real-time security using a combination of signature and behavior analysis with community threat intelligence.

The “Protection Gap” in Current Solutions

Current solutions that rely on signatures for protection against threats suffer from an inherent protection gap. There is a lag from when malware first appears (at time = 0) until most users are protected (at time = 4 in our graphic). During this period, a threat must be discovered and analyzed, and a signature must be developed and finally applied at the endpoint. This lag can vary between 24 and 72 hours, leaving the customer exposed to the threat during this time. Security vendors also offer behavioral techniques (such as host intrusion protection systems) at endpoints. However, these technologies work in “silos,” without any communication between each other. Because many of these threats are stealthy and blended attacks (using multiple channels such as email and web for infection and propagation), it is critical to correlate the intelligence that these protection methods gather with the threat data from the user community.

McAfee Artemis Technology

McAfee Artemis Technology is the first real-time threat protection that significantly reduces the exposure to known and emerging threats. Using community threat intelligence, McAfee Artemis Technology compresses the research life cycle to close the protection gap. This protection is available on McAfee endpoint security products at no additional cost, and it works anytime, anywhere—whenever a system is connected to the Internet—with no change to the user experience.

McAfee Artemis Technology provides a new, “always-on” delivery model for relevant, up-to-date research and response to close the protection gap. Using a combination of signature/behavior analysis and the application of community threat intelligence, its real-time “pull” model delivers protection to the system whenever it’s required. This is a supplemental mechanism to the already-present, signature-based detection. When the user receives a file that the scan agent deems suspicious (for example, an encrypted or packed file), and for which there is no signature in the local .DAT database, the agent, using Artemis Technology, sends a fingerprint of the file for instant lookup to the comprehensive database at McAfee Avert® Labs. If the fingerprint is identified as known malware, an appropriate response is sent back to the end user’s computer in milliseconds to block or quarantine the file.

Protection Gap Elimination
With McAfee Artemis Technology, the entire Avert Labs database of threat intelligence is available to the endpoint so that it is protected from the malware whenever it appears. Using Artemis Technology is like having an Avert Labs researcher at each desktop, looking at any suspicious file for which there is no local signature. Because the intelligence is derived from multiple sources, including the entire McAfee user community, the discovery and availability of protection from the malware is available sooner than before. This compression of the protection gap significantly reduces the exposure to threats.

Enterprises have the ability to manage their risk tolerance by selecting in McAfee ePolicy Orchestrator® (ePO™) the appropriate sensitivity level for suspicious file detection.

Zero-Touch, Zero-Cost, Seamless Enablement
McAfee Artemis Technology comes built into McAfee endpoint products at no additional cost. For enterprises, Artemis Technology can be enabled seamlessly through McAfee ePO without having to install any additional software on the endpoint—nor is there a need for any additional management component. A simple selection in a check box enables all the clients for this on-demand, real-time protection. There is no additional overhead or increase in operational costs for enterprises to benefit from this increased level of security.

Via McAfee