Month: August 2007

SYM07- 021: Symantec ActiveX Control Input Validation Error An input validation error in two ActiveX controls used by Norton AntiVirus, Norton Internet Security, and Norton System Works could allow an attacker to execute code on the target system. Affected ProductsNorton Antivirus 2006Norton Internet Security 2006Norton System Works 2006Norton Internet Security, Anti Spyware Edition 2005 Symantec responseSymantec engineers have confirmed that the vulnerability in the products listed in the Affected Products table above. Updates for affected products are available through LiveUpdate. No versions of Symantec AntiVirus Corporate Edition or Symantec Client Security are affected by this vulnerability. To successfully exploit this … Continue reading Symantec Product Advisory: SYM07- 021

 A group of researchers has been given a $7.1 million grant by the European Union and corporate sponsors to correlate malware data and find out more about its sources around the globe. The three-year project, called Worldwide Observatory of Malicious Behavior and Attack Tools (WOMBAT), will begin in January, the project’s leader announced here yesterday. In a Black Hat presentation, Stefano Zanero, a researcher at the Italian university Politecno de Milano and founder/CTO of Secure Network, said the project’s funding was approved “three or four days ago. I wasn’t even sure that I was going to be able to talk … Continue reading Worldwide Malware Study Set for Launch

Just as honeypots have long been used to attract samples of the latest malware code floating around the Web, researchers with filtering specialist Websense plan to unveil a new set of tools dubbed honeyjax that promise to reach out across the Internet to seek out the latest social engineering attacks. Meant to serve as a magnet for malware and scams leveled at so-called Web 2.0 applications and programming techniques, honeyjax instead uses active client software to seek out malware, phishing kits and other threats, said Dan Hubbard, vice president of security research at Websense. Hubbard will detail the tools in … Continue reading Websense to unveil "honeyjax" malware tools at Defcon

Anti virus software for the 64-bit version of Windows Vista is struggling to properly protect the operating system, according to a new test by the Virus Bulletin security certification body. Of the 20 anti-virus product tested, 35 per cent failed to meet the test’s criteria. Six of the failing grades were caused by so called false positives, legitimate files that are incorrectly flagged as malware. Of the major vendors, McAfee Virusscan and Symantec Antivirus both passed the test, as did Microsoft’s Forefront, Redmond’s enterprise grade security suite that was released last May. CA’s eTrust application failed the test. The software … Continue reading Anti-virus struggles on 64-bit Vista

Readers, SRI International and Georgia Tech have been working on a pretty cool new tool that will quickly locate bot traffic inside a network.  A government/military version of this software has been in use successfully for about a month, and a public version was made available this week.  [b]BotHunter[/b] introduces a new kind of passive network perimeter monitoring scheme, designed to recognize the intrusion and coordination dialog that occurs during a successful malware infection.  It employs a novel dialog-based correlation engine (patent pending), which recognizes the  communication patterns of malware-infected computers within your network perimeter.  BotHunter is available for download … Continue reading New Tool – BotHunter

A year ago AOL started offering Active Virus Shield, a free anti-virus package based on Kaspersky antivirus. The company has now stopped distributing this software. The Active Virus Shield web page now only shows the information: “We’re Sorry! AOL Active Virus Shield is no longer available.” However, AOL has not abandoned its antivirus initiative, but merely switched suppliers. Their security page now offers a special edition of McAfee’s VirusScan Plus, free of charge. Users with a valid AOL user name can download the program from AOL; those without can register an account for free. http://www.heise-security.co.uk/news/93738