BNMC

12 Scams of the Holidays

http://www.imakenews.com/eletra/gow.cfm?z=mxlogic%2C618861%2CbhjKj1rL%2C6183501%2CblLkyPg

WHITE PAPER: The 5 New Laws of Anti-Malware

It seems that barely a week goes by without a news report about a new malware causing frustration, anger and downtime. In years past, virus boogeymen mainly terrorized PCs, but today, all devices, including Apple and Android, are fair game. Because of this, it’s critical you stay vigilant about fending off these destructive and often silent intruders. 

Because malware “innovation” has progressed so rapidly, it’s increasingly difficult to stay ahead of the viruses that often go completely undetected by traditional anti-malware software. Sourcefire recently released a white paper packed with tips and tricks to manage a malware attack, should you have one. As they say, it’s not a matter of “if,” it’s a matter of “when.”

Check it out!

Symantec releasing new Endpoint Protection version 12.1

 

We are excited for the upcoming release of Symantec Endpoint Protection 12.1.  Preliminary discussions with Symantec and test results show that this new version of Endpoint Protection will greatly assist with Intrusion Prevention and add a new rules based engine (Insight) to help find malicious codes that might slip through the existing Endpoint Protection 11.0 and Endpoint Protection for Small Business 12.0.  We plan on upgrading our clients as soon as the final version comes out and we have tested it in our lab.

Here is a quick overview of the new features. 

Symantec™ Endpoint Protection 12.1: Unrivaled security. Blazing performance.

Powered by Insight, Symantec™ Endpoint Protection will be the fastest, most powerful solution ever offered by Symantec. It offers advanced defense against all types of attacks for both physical and virtual systems. Seamlessly integrating the essential security tools you need into a single, high performance agent with a single management console. Symantec Endpoint Protection provides state-of-the-art protection without slowing you down.

What is Insight?

Insight detects new and unknown threats that are missed by other approaches.

• Insight correlates tens of billions of linkages between users, files, and websites to identify rapidly mutating threats that may only exist on a few systems
• Reduces scan overhead by as much as 70% by scanning only files at risk
• Can't be evaded or coded around by self-mutating and encrypting malware

Other new features: Real Time SONAR 3: SONAR examines programs as they run, identifying and stopping malicious behavior of new and previously unknown threats.

Browser Intrusion Prevention: Scans for attacks directed at browser vulnerabilities. Faster central console: Optimized database to increase responsiveness.

Smart Scheduler: Stays out of your way by performing non-critical security tasks when your computer is idle.

Built for Virtual Environments: Symantec Endpoint Protection can white list baseline images, maintain a local virtual Insight cache, randomize scans and updates, and automatically identify and manage virtual clients.

Battling the Total Security Virus

 

The Total Security virus is a class of "Fake or Rogue  Anti-Virus programs" which have been popping up at our clients recently.  Total Security is a successor of Total VirusProtection tool. Since TotalSecurity is a clone of the rogue program, you shouldn’t expect it to function properly. Make no mistake, this is a virus, not a legitimate program.

The newer version of this malware named Total Security 2009 is even more pesky. Total Security is typical fraudulent software. It displays large numbers of counterfeit security alerts and it urges people to pay for using the tool. TotalSecurity costs either $49.95 or $79.95 but it’s not worth a dime. The program is nonfunctional unless you’re looking for some tool to halt a pc and to generate annoying pop-ups.

 

Total Security is able to imitate computer scan. Keep in mind that both the scan and scan report are falsified. TotalSecurity reports are usually full of computer threats; none of the reported infections are real.

Pop-ups loaded by Total Security are identical to security alerts displayed by ESET NOD32 anti-virus. Be careful and don’t mistake TotalSecurity for a real security program. 

For more information, see:

http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-082908-4116-99

http://www.spywarevoid.com/remove-total-security-totalsecurity-removal-tutorial.html

http://www.bleepingcomputer.com/virus-removal/remove-total-security

Here is what we learned about “Windows Total Security” Virus (and it’s variants):

Added random 3-letter executable

$USER%\Local Settings\Application Data\xxx.exe   [xxx = random 3 letters, or ‘tsc’]

 

Note: Several registry entries will point to this file, launching it  when users attempt to open .exe files, or open Internet Explorer

Registry:

Altered Keys:

-->>  Should be corrected to IEXPLORER.exe (or Firefox.exe)

HKEY_LOCAL_MACHINE\\Software\Clients\StartMenuInternet

HKEY_CURRENT_USER\Software\Clients\StartMenuInternet

 

-->>  Should be corrected to "C:\Program Files\Internet Explorer\iexplore.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(Default)

 

Added Keys:      -->>Should be deleted

HK_CURRENT_USER\Software\Software\Classes\.exe

HK_CURRENT_USER\Software\Software\Classes\exefile

HK_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe

Best removal method is to log into computer with an alternate admin account, or connect the network registry from a remote computer to remove registry entries.  Symantec's PowerEraser or Malware Bytes can be used to remove the virus if your Anti-Virus program does not do it, though there are several other removal tools at the above listed sites.

If the user is isolated, you can often open .exe files by right-clicking and selecting “run-as” (then run as current user)

 - Philip Chonacky

BNMC Engineering