VadaVaka

http://www.earthtimes.org/articles/show/1565.html

Quote:Microsoft's AntiSpyware hit by a Spyware

A Trojan has hit Microsoft's AntiSpyware (Beta), which disables it, and steals banking details login Ids and passwords.

Trojans or "Trojan horse" is a type of program that allows other people to access your machine (generally for malicious purposes) over the Internet.


Trojans cannot propagate themselves like a virus. You have to download an application or the server exe file, which is usually sent in an e-mail message.

The email message will promise you something good and would prompt you to download and installs the exe attachment. This is why it is called a Trojan horse -- you have to consciously or unconsciously run the EXE to install the server side on your computer. Once this is done then criminals who had designed the Trojan can remotely manipulate your computer.

The password stealing Troj/BankAsh-A Trojan, discovered yesterday, is a spyware. It keeps a track of user activities on the computer. It spies on you.

If you happen to visit any of the online bank accounts of Barclays, Cahoot, Halifax, HSBC, Lloyds TSB, Nationwide, NatWest, and Smile, then it starts recording your keystrokes. This way it steals your login ids and passwords. The Trojan then sends the details on a remote FTP. Trojan makers can then use those details to steal your money from your bank accounts.

The Trojan also disables Microsoft AntiSpyware, currently available only as a beta download. It deletes all files within the folder named C:Program FilesMicrosoft AntiSpyware. The Trojan also removes important entries of the antispyware in the registry and thus literal kills the antispyware.

Microsoft Antispyware is still in its Beta version (experimental version). Over a period of time software developers will know the flaws in the antispyware and would hopefully rectify them.

http://www.zdnet.com.au/news/security/0,20...39180674,00.htm

Quote:Symantec flaw leaves opening for viruses

Symantec has issued a patch for a flaw in its scanning software that could cause a virus to run, rather than catch it.

The vulnerability affects an antivirus library used by the majority of Symantec's antivirus and antispam products, including Norton SystemWorks 2004 and Symantec Mail Security for Exchange, the security provider said on Tuesday.

The software is aimed at a range of systems, from consumer desktops to large corporate mail servers, meaning the flaw could be used to take control of key corporate systems or to install programs to grab people's identity data.

"The impact of this vulnerability is exaggerated by the fact that many e-mail and other traffic routing gateways make use of file-scanning utilities that make use of the vulnerable library," Symantec said in an advisory. "This could allow an attacker to potentially exploit high-profile systems used to filter malicious data, and potentially allow further compromise of targeted internal networks."

Computers are at risk if they run an unpatched version of a Symantec product that scans files to detect malicious code and if they use the Microsoft Windows, Mac OS X, Linux, Solaris and AIX operating systems, Symantec said.

Security information company Secunia, which rates the seriousness of software vulnerabilities, gave the Symantec flaw its second-highest threat grade, "highly critical."

The problem exists in how the scanning code handles a compression format known as the Ultimate Packer for Executables (UPX). An attacker could create a virus designed to exploit the UPX flaw and send it to victims through e-mail or host it on a Web site. An unpatched Symantec scanner checking incoming e-mail or the Web pages that users browse would run the program instead of catching the virus.

"The vulnerability can be triggered by an unauthorised remote attacker, without user interaction, by sending an e-mail containing a crafted UPX file to the target," Internet Security Systems, the company that found the flaw, stated in an advisory on Tuesday. The company said it notified Symantec of the issue when it found it.

The flaw highlights the danger of weaknesses in the security software that acts as a gateway between the unfiltered Internet and internal corporate networks. Internet Security Systems experienced such problems firsthand a year ago, when a flaw in its own firewall software was targeted by a worm two days after the public release of an advisory.

Symantec is distributing patches to its customers through its LiveUpdate automatic update service and other mechanisms. It warned companies that do not use those services to download the patches from its Web site and apply them as soon as possible.

Symantec declined to comment on the vulnerability, and Internet Security Systems could not immediately provide a spokesperson to address the issue.

The announcement of the flaw happened the same day that Microsoft released a dozen patches to fix holes in its Windows operating system and other applications. Microsoft also announced it intended to buy security company Sybari, which would put the software giant in direct competition with Symantec.

Other products that use the Symantec antivirus scanning library include Symantec's Brightmail antispam software and Symantec Web Security.

Also don't use the program called Exeem. Recently they removed the well known spyware cydoor from the program, but many people are reporting that there is still spyware in it.

Exeem is a bit torrent client/tracker in one. It makes you the tracker. I wouldn't trust this now that the RIAA and MPAA are going after trackers also. This could open you up for alot of legal problems.

If you have it installed uninstall it, if you don't have it installed, GOOD. Avoid this program

Oh and readers digest version of the first 2 items.

Don't use the spyware program from Microsoft, it will let things in that are not suppose to get in.


For Symantec, they had a flaw in their software that would actually run the stuff that they didn't want run. From what I get from the article its now fixed. Just make sure that your antivirus is updated.

thanks GB especially for the reader's digest versions