Malicious PDF file has a variant and it’s undetected by several AV

The first few malicious PDF file that I received 3 days ago was sent from Germany.  Today, I received 4 of the PDF files and it was sent from US and Panama networks.

Scanning via VirusTotal resulted to –> only 7 out of 32 scanners will detect the variant which is understandable if they don’t have a copy yet. 

I posted the screenshots over at http://www.dozleng.com/updates/index.php?s=&showtopic=16119&view=findpost&p=70086 as my reply to my initial alert.  3 out of 4 has the same file size and checksum.

Hopefully the submissions I did thru VirusTotal free online scanner service will be distibuted soon (to the anti-malware vendors) for further analysis at their own labs and add detections to it.

Again, if you have not update your Adobe Reader or Acrobat Reader (if installed), update soon to v8.1.1, do not open unexpected emails with attachments (especially if the anti-malware scanner is not fast enough to detect variants that is in the wild).. if possible, use MailWasher from Firetrust.  Mailwasher let you preview your emails without downloading it to your hard-drive and this allow you to delete bad emails (from your ISP’s server) before you fire up your mail program to get the “good” emails.

Leopard vs. Vista: feature chart showdown

There’s no doubt, Vista and Leopard are both extremely advanced, feature rich consumer operating systems. But way back in January when Vista launched knew we had little choice but pit the two in a head to head chartngraph Thunderdome competition. We know we’re not even going to be able to stop the epic fanboy arguments about break out over this one, so we just ask that you try to keep it fair. Leopard vs. Vista: it’s on.

NOTE: This chart is only for out of box features, and does not take into account 3rd party software.

http://www.engadget.com/2007/10/27/leopard-vs-vista-feature-chart-showdown/

Apple’s Leopard rejects latest version of Java

Forum overlords delete developer gripes

Apple faces yet more flack from the Mac faithful over the discovery that the operating system won’t run the latest version of Java. It’s one of several beefs relating to the OS X upgrade that is sparking vitriol among the normally docile crowd.

Leopard may have 300 new features, but it is unable to run Java 1.6, even though that same version is available for both Windows and Linux. That has taken some Mac users by surprise, including some on this user forum on Apple’s website. Several users there say 1.6 is so central to the development work they do on a daily basis that they will be forced to use an OS other than Leopard if it remains incompatible.

“This is a show stopper for me, and I will have to revert to 10.4, since my job as a software engineer for Sun requires Java 6–this will likely prevent a lot of people from upgrading, and there’s a well represented Mac userbase at Sun,” a user going by the name buckmelter wrote. 10.4 is a reference to Tiger, the OS X predecessor to Leopard.

http://www.regdeveloper.co.uk/2007/10/29/no_java_for_leopard/

Seagate settles class action: cash back over misleading hard drive capacities

The world’s largest hard disk manufacturer will offer customers 5% cash back on disk drives bought over the last six years in order to settle a legal action over the measurement of hard drive capacity.

But the real story starts way back, when marketers decided 24 bytes didn’t mean much. In modern terms, it’s equivalent to a fraction of a cent, or the weight of a feather atop a two tonne truck.

Story at http://apcmag.com/7449/seagate_offers_cash_to_customers_for_missing_megabytes via CoU.

You can file your claim at http://www.harddrive-settlement.com/

Malware is Multiplying, Study Warns

Malicious code that installs files such as Trojans, password stealers, keyboard loggers and other malware on users’ systems registered a fivefold increase in the first half of 2007, according to research released by Microsoft at the RSA Security conference in London.

And in the same period, 31.6 million phishing scams were detected, an increase of 150 percent over the previous six months.

The survey, sponsored by Microsoft and conducted by the Ponemon Institute, interviewed more than 3,600 security, privacy and marketing executives across a variety of industries, such as financial services, healthcare, technology and government, in the U.S., U.K. and Germany.

More at http://www.pcworld.com/businesscenter/article/138808/malware_is_multiplying_study_warns.html

CAPTCHA Wish Your Girlfriend Was Hot Like Me?

When bots started spreading over the Internet scene a few years ago, security experts fought back with a system dubbed as “Completely Automated Public Turing test to tell Computers and Humans Apart,” or more popularly known as the CAPTCHA. The system was aimed at preventing automated submissions/registrations by prompting the user to validate himself as a human, usually requiring the user to input a sequence of alphanumeric characters contained in an image supposedly “unreadable” by a machine.

However, some people are really hooked up on defeating the CAPTCHA, and they are literally asking for public help, in a rather discreet —and, uhm, provocative— manner.

A nifty little program which Trend Micro detects as TROJ_CAPTCHAR.A disguises itself as a strip-tease game, wherein a scantily-clad “Melissa” agrees to take off a little bit of her clothing. However, for her to strut her stuff, users must identify the letters hidden within a CAPTCHA. Input the letters correctly, press “go” and “Melissa” reveals more of herself.

http://blog.trendmicro.com/captcha-wish-your-girlfriend-was-hot-like-me/

Malicious IFRAMEs hosted on e-zines: a Media Possibility

A handful of online magazines (e-zines) owned by Possiblity Media, some of which are related to IT, are hosting malicious IFRAMEs. Security Researcher Dancho Danchev shared this discovery with the rest of the security community. Some of the e-zines that are hosting malicious IFRAMEs are:

webweekmag.com – Web Week Magazine
itweekmagazine.com – IT Week Magazine
technologyweekmag.com – Technology Week Magazine
theinternetstandardmag.com – The Internet Standard
securitystandardmag.com – Security Standard

Danchev notes that there are a total of 24 e-zines, all of which are owned by Possibility Media, that have malicious IFRAMEs embedded in them. Trend Micro threat analyst Jonell Baltazar checked some of the e-zines’ URLs and was able to obtain different binary files that are detected by Trend Micro products as PAK_GENERIC and POSSIBLE_STRAT-6. Other files are now under analysis.

Even Google (via StopBadware.org) tags Possibility Media’s Web site as harmful (see screenshot at the link below).

http://blog.trendmicro.com/malicious-iframes-hosted-on-e-zines-a-media-possibility/

Storm Worm variant now using Kittycard.exe as filename

Kittycard.exe is now of one the filename use by this Storm Worm.


Email received today:


kitty1028


The new filename is Kittycard.exe:


kitty1028a


Half of malware scanners via VirusTotal.com will detect it while half did not:


kitty1028b kitty1028c


For you… to read:


The Storm Worm: http://www.schneier.com/blog/archives/2007/10/the_storm_worm.html


Just How Bad Is the Storm Worm:


http://blog.washingtonpost.com/securityfix/2007/10/the_storm_worm_maelstrom_or_te.html


My previous blog entries on Kitty (Storm Worm) :


2 more Kitty, Kitty Detection Improving, Norton blocked Kitty, Kitty Kitty