Spyware Remover Help Spyware removal ebook Free download

One of the tasks of security companies is to "forecast" what will happen in the future based in the data and trends we observe. This is a really important task, as this way we can provide users with guidelines and base our researchs in the possible protection mechanisms we will have to develop in the future.

Some days ago, a Trojan entered the fray which attempts to deceive users passing itself off as a security program for Skype. It is called Skype Defender and its main aim is to steal the user's data of Skype. It is then when we shall look back and bring to mind what we told about VoIP attacks almost 2 years ago. In January 2006, we published a document about security in VoIP systems, written by Fernando de la Cuadra and Enrique González Ochoa. We presented it in the 5th Iberoamerican Conference on Systems, Cybernetics and Computer Science CISCI 2006, in Orlando, Florida.

Here you have an extract of the document:

"Identity Theft. A malicious application could steal a VoIP system user ID, deactivate the user's connection to avoid duplicity and use the stolen ID in its own VoIP network. In this way, the theft victim would be paying for the account when in fact the thief would be the one using it. This use of communication lines is an update of "phreaking" techniques, which use telephone lines to make connections or have conversations unbeknownst to their legitimate owners."

It seems that some of the predictions we made have come true. I have published this document here again in case you want to know which threats are awaiting us.

Tags: malware, panda, trojan

Posted under Malware Alerts

Yes. It's true. Believe it or not, this is another step in the malware world. We are seeing spam sent with MP3 attachments, the audio quality is pretty bad, and the file names are different but try to trick users using names as oursong.mp3, bartsimpson.mp3, ciara.mp3, cassidy.mp3, etc.

Actually, it is a pump and dump spam that talks about a Canadian company that could have incredible results in USA. It seems that it is being sent out from the Storm Worm network. Be careful and of course, don't pay attention to these kind of messages.

How long should we wait to see an MP4 spam?

Tags: malware, panda

Posted under Malware Alerts

We have received a new 0-Day exploit for Adobe
Acrobat via full-disclosure mailing list. This vulnerability was
announced on September 20th, 2007 in the site gnucitizien.org. In the advisory, the following can be read:

"The issue is quite critical given the fact that PDF
documents are in the core of today’s modern business. This and the fact
that it may take a while for Adobe to fix their closed source product,
are the reasons why I am not going to publish any POCs. You have to
take my word for it. The POCs will be released when an update is
available."

But somebody, who had read the original
advisory, has discovered where the vulnerability is and has developed a
working PoC. This PoC has been sent to full-disclosure, a public
mailing list.

The PoC isn't harmful, however, when the PoC file is opened with a vulnerable version of Adobe Acrobat, calc.exe will be executed

Looking inside the PoC:

 

we can see the string that exploit the vulnerability.

TruPrevent is able to block this vulnerability (from the very first day). However, if you try the PoC with TruPrevent, the PoC will work because calc.exe is a trustworthy application for TruPrevent. Whereas if the vulnerability is modified to drop a malware, TruPrevent will block the vulnerability, avoiding the malware infection.

 

Tags: malware, panda

Posted under Malware Alerts