News Archive

Windows 8 to have built-in anti-virus - there's good and bad news September 14, 2011 By Graham Cluley

That's the big news that is no doubt being discussed furtively at the watercoolers of computer security companies around the world today.

What will it mean to them? A quick glance at Twitter reveals that some people already have pretty good ideas about how the news might have been received..

But seriously, is this good news for the existing anti-virus companies and - more importantly - consumers?

Microsoft Security Essentials: Microsoft has been making a free anti-virus software available for a couple of years, in the form of Microsoft Security Essentials. But you had to download it from the internet - it wasn't bundled with Windows itself.

Click here for full story

McAfee Endpoint Encryption for Files and Folder (EEFF) 4.0 is now available for download August 27, 2011

o Centralized management — Provides support for deploying and managing version 4.0.0 of the product with McAfee ePolicy Orchestrator 4.5 and 4.6 software (v4.5 Patch 4 or higher)
o Authentication based on Windows logon for key and policy retrieval
o Windows authentication based policy enforcement — Assigns encryption policies and keys to Windows user accounts.
o User Personal Keys - each user can have an individual user key created centrally in ePO for usage as file encryption key or USB device recovery
key for EERM
o File extension exclusion — Allows you to exclude the listed file types from encryption; for example, MP3 and WAV files.
o Integration with the McAfee tray icon — Consolidates the system tray icons to a single McAfee icon.
o Support for Windows 7 64 bit

For a full list of features / enhancements please view the McAfee EEFF 4.0 release notes here.

You can download McAfee Endpoint Encryption for Files and Folders 4.0 here

DNS hack hits popular websites: Daily Telegraph, The Register, UPS, etc September 5, 2011 by Graham Cluley

It's important to note that the websites themselves have *not* been hacked, although to web visitors there is little difference in what they experience - a webpage under the control of hackers.

Instead of breaching the website itself, the hackers have managed to change the DNS records for the various sites affected.

Click here for full story

Apache 2.2.20 released to fix DoS vulnerability August 31, 2011 by Chester Wisniewski

The fixes in version 2.2.20 of the Apache httpd server reduce the amount of memory that is used by range requests. If the total bytes of a file requested exceed the total file size, httpd will return the entire file.

This follows closely on the heels of a tool released to the Full Disclosure mailing list this week that exploits the flaw.

Click here for full story

Sophos announces new features for Astaro Security Gateway August 10, 2011 by SC Magazine

Following the acquisition of the unified threat management company earlier this year, Sophos said that the new features and enhancements of Astaro Security Gateway version 8.2 improve network performance, while providing increased visibility and control over the network.

Click here for full story

Survey says 70% don't password-protect mobiles: download free Mobile Toolkit August 9, 2011 by Carole Theriault

And I am not alone. According to a recent Sophos survey, 22% of people admitted to losing theirs. Thank God my devices were all encrypted and can be remotely wiped of data.

Maybe because I lose stuff all the time, I was rather shocked that a whopping 70% of mobile phone users apparently don't password protect their phones.

And mobiles and tablets aren't just used by consumers; businesses are also adopting these devices to get more out of their employees.

Gone are the days of people doing all their work while in the office. Who doesn't work from home and on the road - on planes, trains and automobiles? Click here for full story

Quadsys are finalists for the Oxfordshire Business Awards 2011

Organised and supported by 12 of the county's leading organisations, the Awards are firmly established as a benchmark for excellence in today's competitive business environment. Read about the Oxfordshire Business Awards here

McAfee Endpoint Encryption 6.1 is now available for download April 11, 2011

o Enterprise-class scalability
o Greater scalability - manage significantly more EEPC clients per McAfee ePolicy Orchestrator (McAfee ePO) server
o Better server utilization - means fewer servers are needed
o Enhanced management
o Wide ranging enhancements - in performance, installation, deployment, status, diagnosis, policy management, and operations. Migration path - for EEPC 5.x and 6.0 customers
o Latest management infrastructure. For full functionality, EEPC 6.1 requires McAfee ePO (versions 4.6 or 4.5 Patch 4 Hotfix 1)
For a full list of features / enhancements please view the McAFee EEPC 6.1 release notes here.

You can download McAfee Endpoint Encryption 6.1 here.

Sophos Endpoint Security 9.7 is now available April, 2011

Intelligent location roaming No configuration required — mobile workers get updates from the nearest and best location, which saves you bandwidth and keeps them protected.

Low impact scanning We automatically slow down scans when computer usage is high, and speed up scans when usage is low. So you can be confident that running scans won’t impact your end users. And we’ve improved scanning speeds by 15%.

Learn more about Sophos performance

McAfee ePolicy Orchestrator (ePO) 4.6 is now available from the McAfee Download site March 29, 2011

Streamlined installation and guided configuration wizard: deliver highly efficient enterprise-class security management to new small and medium-sized customers
Software Manager for direct access and check-in of product updates; eliminates download site visits
Client Tasks can now be managed just like policies: import, export and manage tasks or policies from a central catalog
Tag-Based Policy Assignment precisely targets assignment of pre-defined security profiles to systems based on their business role or at-risk status
Modified System Information view answers customers’ requests for a single screen showing properties and history of an endpoint
Streamlined dashboard management includes drag-and-drop editing, dynamic monitor resizing, and custom URLs, plus enhanced export features
Leveraging the McAfee user community admins can share best of breed dashboards, scripts, queries, and policies with their peers.
Download ePO 4.6

McAfee has released ePO 4.5 Patch 4. March 17, 2011

Hack on Hong Kong Stock Exchange disrupts trading August 10, 2011 by Dan Goodin

The attack crashed a website that locally listed companies used to announce price sensitive news, the FT reported. HKEx responded by suspending trading of seven companies that were scheduled to make announcements during the lunch break. Among them was HSBC, which on Wednesday confirmed the sale of its US credit card business and retail services unit to Capital One Financial. Trading was also suspended for stocks of China Power International, Cathay Pacific, and HKEx itself.

Click here for full story

Osama Bin Laden death video scam spreads virally on Facebook May 02, 2011 By Graham Clueley

A link which claims to point to a video of the death of Osama Bin Laden has been spread virally across Facebook today, just hours after the death of the Al Qaeda leader.

The messages, posed as updates on Facebook users' walls, claim to point to banned video footage of Osama Bin Laden's death:

Osama bin Laden
SHOCKING NEW video of OSAMA BIN LADENS DEATH!!
Exclusive BANNED VDEIO footage of Osama Bin Laden being killed!!!

Clicking on the link takes you to a Facebook page which urges you to like and share the link with your Facebook friends, before you can watch the "shocking" footage! Click here for full story.

Mac users hit with Fake AV when using Google image search May 02, 2011 By Chester Wisniewski

A massive SEO poisoning attack has hit Google, targeting Windows and Mac users alike. From rather innocuous terms related to global warming, to hot topics like Osama Bin Laden's death, users are being hit with fake anti-virus programs, this time delivering payloads to users of Apple's Mac OS X.

JavaScript Fake AV scannerStrangely when surfing to the compromised URLs you are first prompted with a JavaScript-based fake scanner that appears to show an infected Windows XP computer, even when surfing from a Mac.

When you click or close the fake scanner page you are prompted to download a .zip file onto your Mac with a filename like "BestMacAntivirus2011.mpkg.zip". Click here to read the full story.

Facebook password changed? Malware attack poses as message from Facebook support April 13, 2011 By Graham Clueley

Repeat after me: It's "Facebook", not "FaceBook". Learn that lesson and it can be one of the tricks you can use to protect yourself against a spammed-out malware campaign, which tries to trick you into believing that Facebook support has changed your password. Computer users are receiving emails claiming that the popular social network has automatically changed their password to secure their account. Here's a typical message:

Dear user of FaceBook.

Your password is not safe!
To secure your account the password has been changed automatically.
Attached document contains a new password to your account and detailed information about new security measures.

Thank you for attention,
Administration of Facebook.

Your alarm bells should be ringing instantly when you receive this message for a number of reason, not least that it can't decide if it's "Facebook" or "FaceBook", but also because why would Facebook ever email you an attachment? And why are they being so impersonal and not using your name? Click here for full story.

Updates galore in Microsoft's biggest ever Patch Tuesday April 12, 2011 By Dan Goodin

Microsoft has patched a record 64 vulnerabilities in Windows, Office and five other software packages, many of which allowed attackers to remotely install malware on end user machines.

The most important fixes addressed a vulnerability in the Internet Explorer browser that was exploited in last month's Pwn2Own contest. Although details were kept confidential, hackers have begun exploiting the critical flaw in real-world attacks, Microsoft warned. The use-after-free vulnerability affects versions 8 and earlier of the Microsoft browser.

The other top priority should be updates that patch critical vulnerabilities in the way Windows handles networking requests using the SMB, or Server Message Block, protocol. By sending malformed packets, attackers can remotely install malware on vulnerable machines with no user interaction required. Click here for full story.

New Adobe Flash zero day in the wild - infects through MS Word documents. April 12, 2011 By Chester Wisniewski.

Adobe has issued a security advisory concerning a new zero day flaw (CVE-2011-0611) in Adobe Flash Player 10. As usual this also means that other applications that support Flash content like Adobe Reader and Microsoft Office are also affected.

Brian Krebs wrote a blog post earlier today describing some targeted attacks using a Microsoft Word attachment that had an embedded Flash object used to exploit this flaw.

Mr. Krebs notes that the samples in the wild were largely being used in spear phishing attacks targeting the US Government and related contractors and agencies.

Adobe's advisory notes that Adobe Reader X utilizes a sandbox which prevents this exploit from working in Adobe Reader X on Windows. Windows machines with Flash installed are still vulnerable through their browsers and other applications.

The vulnerability impacts Adobe Flash Player 10 (all Operating Systems) and Adobe Reader 9 and X for Windows and Macintosh. It does not affect Adobe Reader for Android, Unix or Adobe Reader/Acrobat 8.

Security firm RSA warns that its servers have been hacked March 18, 2011 By Graham Cluley

Hackers have broken into the servers of RSA, the security division of EMC, and stolen information related to the company's SecurID two-factor authentication products.

That's the astonishing announcement made by Art Coviello, RSA's executive chairman, in an open letter published for the firm's thousands of corporate and government customers around the world. Click here for full story.

FedEx notification malware attack spammed out March 16, 2011 By Graham Cluley

Take care when opening your email inbox, as malicious hackers have spammed out another malware attack posing as a parcel delivery notification.

The emails, which pretend to be related to a FedEx package delivery, have been sent out via spam email to addresses around the world. But if you open the attached file - called document.zip - you risk infecting your Windows computer.

Malicious FedEx notification email

Dear customer.

The parcel was sent your home address.
And it will arrive within 7 business day.

More information and the tracking number are attached in document below.

Thank you. © FedEx 1995-2011

All of the emails we have seen in this latest campaign use the subject line "FedEx notification #XXXXX" (where "XXXXX" is a random number), although obviously this could be changed by the attackers at any time.

Sophos products intercept the malware attack as Troj/Bredo-FN. Click here for full story.

Fake Android Market Security tool delivers more then just a cure for Droid Dream malware March 10, 2011 By Vanja Svajcer

Only a couple of days after Google published its Android Market Security Tool - that removes all malicious applications infected with Droid Dream malware and prevents their installation - a malicious version of the tool appeared on alternative Chinese application markets.

The Trojanized version of the tool is packaged with open source Java code taken from a project hosted on Google's own online source code repository. The project includes functionality to send MMS messages in the background, for example, when the device boots up. Click here for full story.

Free Sophos Anti-Virus for Mac: Frankly there's no reason not to try it March 8, 2011 By Graham Cluley

Do you have a Mac at home? Do you run anti-virus on it?

Although there is much less malware in existence for Mac OS X than there is for Windows, that's no reason to put your head in the sand and think that there are no Mac threats out there. Especially when you remember that there are free anti-virus products available for Mac home users to download. Click here for full story

Google vanishes 'DroidDream' malware from citizen phones March 7, 2011 05:28 GMT By Cade Metz

Google has acknowledged that it removed "a number" of malicious malware applications from the Android Market on March 1, and it has now reached out over the airwaves to remove the apps from end users devices as well. Last week, reports indicated that more than 50 Android apps had been loaded with info-pilfering software known as DroidDream. Google immediately responded by pulling the apps from the Market, but the company remained silent on the matter until tossing up a blog post on Saturday evening.

According to Google, the malware exploited known vulnerabilities that had been patched in Android versions 2.2.2 and higher. Google "believes" the attacker or attackers was only able to gather device-specific information, including unique used to identify mobile devices and the version of Android running on the device. But the company added that attackers could have accessed other data. Click here for full story

Tainted ads punt scareware to surfers on LSE and Myvue sites February 28, 2011 15:54 GMT By John Leyden

Autotrader.co.uk, and possibly eBay.co.uk, also hit by malvertising attack Several highly trafficked UK sites – including the website of the London Stock Exchange – served malware-tainted ads as the result of a breach of security by a third-party firm they shared in common.

Surfers visiting auto-trading site Autotrader.co.uk and the cinema site Myvue.com were also exposed to the attack, which stemmed from a breach at their common ad provider, Unanimis, rather than at any of the three sites themselves. Unconfirmed reports suggest eBay.co.uk was also affected. Click here for full story

Mac OS X backdoor Trojan, now in beta? February 26, 2011 by Chester Wisniewski

It appears there is a new backdoor Trojan in town and it targets users of Mac OS X. As even the malware itself admits, it is not yet finished, but it could be indicative of more underground programmers taking note of Apple's increasing market share.

SophosLabs analyzed the sample we received and determined that it is a variant of a well-known Remote Access Trojan (RAT) for Windows known as darkComet. The author of the Trojan refers to it as the 'BlackHole RAT', as you can see from the screenshots, but Sophos calls it OSX/MusMinim-A, or 'MusMinim' for short. Click here for full story

Oddjob Trojan keeps banking sessions open after victims log out February 22, 2011 15:12 GMT By John Leyden

Miscreants have created a banking trojan that keeps victims' accounts open to plundering even after their marks log out of their accounts. The memorably named OddJob Trojan hijacks customers’ online banking sessions in real time using their session ID tokens.
By keeping accounts open even after victims think they have quit, the malware creates a window for fraudsters to loot compromised accounts and commit fraud. Click here for full story

Microsoft has released Internet Explorer 9. 14, March 2011

Microsoft said one key feature in IE9 was tools to stop people being tracked as they move from site to site. This information is often gathered by commercial firms to tailor ads to the specific habits of web users. In addition, said Microsoft, separate tools in IE9 keep an eye on downloads so they can spot when viruses and trojans try to sneak onto a computer. IE9 also has hardware acceleration built in so it can call on the power of a PC's graphics card to display sites in more detail. Click here for full story.

Update your Apple devices to iOS 4.3, or risk malicious code attacks. March 10, 2011

Apple has released iOS 4.3, the latest version of its operating system for iPhones, iPads and the iPod touch.

Although some will be excited by the promise of faster performance from Safari, better video streaming and the thought of sharing their iTunes library over WiFi around the home, perhaps the most important reason to install the update onto your Apple gadgets is security.

According to Apple, the new iOS 4.3 update includes a number of critical security patches - some of which are designed to prevent vulnerabilities being exploited that could lead to malicious code being run on your iPhone or iPad. Click here for full story.

Naked pictures from Emily carry fake anti-virus surprise February 22, 2011 by Graham Cluley

It's 8:30am. You stumble into work half asleep and slouch at your desk. You boot up your computer.. tick tick tick. It runs its system diagnostics and you see the Windows logo lurch into view. Umpteen programs (half of which you've forgotten what they do) start up in your system tray, and you automatically click on your email inbox. More whirring, wheezing and hissing.. Slowly your inbox comes into view and you find an email, from a young woman called Emily. Click here for full story

Microsoft downplays threat of new Windows zero-day February 17, 2011 12:11 PM ET By Gregg Keizer

Computerworld - Microsoft yesterday downplayed the threat posed to Windows users by a recently-revealed vulnerability, saying that it was unlikely the bug could be exploited to compromise a computer. The flaw in the Windows Server Message Block (SMB) network and file-sharing protocol was disclosed Monday by someone identified only as " Cupidon-3005" on the Full Disclosure security mailing list. Cupidon-3005 posted proof-of-concept code to the list. French and Danish researchers later said hackers might be able to exploit the bug to hijack Windows PCs. Click here for full story

BBC – 6 Music and BBC 1Xtra websites are seen linking to malicious websites following a hack. By Tom Brewster, 16 Feb 2011 at 11:18

AVG bets on Android, but app competitors loom February 15, 2011 12:08 PM ET By Jeremy Kirk

IDG News Service - AVG says up to 50,000 Android users a day are downloading its free security application, as the smartphone OS gains popularity. AVG is using the same marketing strategy for its Android security application as it uses with its desktop software, offering a free version as well as a premium paid version with more features: Antivirus Free and Antivirus Pro. Click here for full story

New version of Kaspersky Mobile Security 9 Adds Support for Android and BlackBerry February 15, 2011

Global Energy Industry Hit In Night Dragon Attacks February 9, 2011 at 9:18 PM by George Kurtz

In 2010 McAfee Labs processed an average of almost 55,000 pieces of new malware every day. That nearly mind-numbing amount makes it difficult for any particular attack to stand out. Today, however, I want to highlight one large scale attack that is a clear example of how cybercrime has evolved from something of a hobbyist affair to a very professional activity. We call this specific attack - Night Dragon - Click here for full story.

McAfee Release VirusScan Enterprise 8.8i January 20, 2011