Trend Micro Researchers were alerted to the discovery of a malware that came preinstalled on a Vodafone mobile phone handset. Its memory card was also believed to carry malware in it. A leading mobile telecommunication company, Vodafone, has been taking the heat for packing malware straight out of the box on their HTC Magic Android smartphones. The recipient of one of the malware-laden phones was, fortunately, an employee of the Spanish antivirus firm, Panda Security. Plugging the phone in via USB into any PC quickly led to an infection by WORM_SILLY.QT. Vodafone has already released an official statement saying that the infected phone problem was an isolated one.

Trend Micro threat researchers believe that it is likely that a computer in Vodafone’s production line has been infected by WORM_SILLY.QT.  And, because of the worm’s capability to propagate through removable drives, somehow SD cards in a certain batch of smartphones were infected and there is a possibility that other Smartphones coming out of the same factory might be carrying the same Malware.

Back to Top

eScan announced that it has achieved ICSA Labs Anti-Virus Certification for Malware Cleaning on Microsoft Windows 7 operating system. ICSA Labs Anti-Virus Certification Testing Laboratory offers vendor-neutral testing and certification of security products. Enterprises worldwide rely on ICSA Labs to set and apply objective testing and certification criteria for measuring product compliance and performance. With a focus on providing its customers a secure work environment, eScan is a one of the leading innovator in the development of new and enhanced technology to keep threats at bay. The certification adds a new dimension to its products’ efficiency and global acclaim. ICSA Labs certification is a high-quality benchmark that verifies the trustworthiness of security products.

Back to Top

Kaspersky Lab, announces the launch of an English version of its informative IT security website, Securelist.com. The new website from Kaspersky Lab will contain all the latest information about what Internet threats are out there and how to avoid them. The site includes sections dedicated to analytical articles, blogs, an IT security encyclopedia and malware descriptions, as well as an extensive glossary of terms. Alexander Gostev, Head of Kaspersky Lab’s Global Research & Analysis Team, has been named Editor in Chief of the site.

Back to Top

Highly intensive spam waves hit two popular social networks with a frequency of over 500 messages in 10 minutes. It’s spam time, again! With the minor difference that the numbers are higher, both in point of arrows shot and in that of targets potentially hit. It’s a spamming spree that’s got big enough to cause concern, the more so as it comes packed with malware.

These are twin campaigns born under the same theme: an alleged password change. Whether on Facebook or on MySpace, users are informed of the fact that the passwords to their respective accounts have been changed. Consequently, they are invited to open the zip files attached to the messages so as to find out their newly assigned passwords.
Instead of the promised password, the zip file that reaches Facebook users’ inboxes hides Trojan.Oficla.J. This piece of malware contains malicious or potentially unwanted software which it drops and installs on the system. It installs a backdoor which allows remote, clandestine access to the infected system. This backdoor may then be used by cybercriminals to upload and install additional malicious or potentially unwanted software on the system.

MySpace users will receive another piece of malware: a rogue avtivirus. The behavior of Trojan.Fakealert.BZZis comparable to that of other rogue antivirus:, the browser window automatically minimizes and a warning message is simultaneously displayed. This message notifies the user about several alleged computer infections and it points out the necessity of installing a security solution

Back to Top

A malware-spreading mechanism targeting the “iPhone unlocking” fans goes to prove that cybercrime is never short of imagination.

This is how the story goes: you receive an e-mail in which you find out that you might get your hands on a new version of an iPhone unlocking application which basically allows you to overcome vendor set network restrictions. All you have to do is….yes, click a link that will take you to the web page on which the technical wonder awaits you. As you get further on into the maze of this scheme and actually click the link, you land on a web page which provides instructions to be followed in order to download the unlocking application.

First off, you are to connect the iPhone to the PC, then download “the new modified” application and run it on the iPhone. And that’s when the magic begins: once downloaded and run, the executable opens up the way for a nice Trojan to fester on your PC.

Identified by BitDefender as Trojan.BAT.AACL, this piece of malware comes as a Windows batch file packed alongside the iPhone jailbreaking application. The Trojan attempts to change the preferred DNS server address for several possible Internet connections on the users’ computers to 188.210.[REMOVED]. This allows the malware creators to intercept the victims’ calls to reach Internet sites and to redirect them to their own malware-laden versions of those sites.

Back to Top

Norton from Symantec unveiled the 2011 beta versions of the award-winning Norton AntiVirus and Norton Internet Security, which are now available for free download from the Norton beta website.  Additionally, the company launched its first beta security application for Facebook and two standalone security tools to address the increasingly common menace posed by fake antivirus programs and other infections.

The 2011 Norton betas will include System Insight 2.0 which goes beyond security and alerts users when applications are significantly impacting their system resources. At the heart of this Norton release is the industry leading reputation-based security technology. New to 2011, Download Insight 2.0  increases the breadth of the product’s reputation protection by applying it to virtually every download  regardless of the client (browser, email, IM).  This helps ensure that users are protected from harmful downloads no matter how the file is delivered to their machine. Additionally, Norton 2011 uses the reputation information to report on the “trustworthiness” of files on a system and help users understand if their download behavior is more or less risky versus the 53 million Norton Community Watch members today. 

In addition to the Norton 2011 beta offerings, Symantec is announcing several new tools in the fight against cybercrime. These tools will remain free and address some of today’s trickiest and most prevalent issues related to malware infection and removal. The Norton Internet Security 2011 beta includes critical features such as Norton Identity Safe which has a new look for 2011, and Norton Safe Web,  a Web site rating service that annotates Google, Yahoo! and Bing.com search results with safety and ecommerce ratings

Back to Top

A record number of sixty antivirus products were submitted for the April tests of Virus Bulletin, including a lot of newcomers, using, with varying success, scanning technologies licensed from other manufacturers. Traditionally, the testing included on-demand antivirus scanning, on-access antivirus protection, as well as reactive and proactive detection. TrustPort Antivirus demonstrated top detection abilities in all the tests carried out; in the reactive and proactive detection, it confirmed its stable position of the world leader.

During on-demand testing, TrustPort Antivirus detected 100% of wild-list viruses, 99.94% of worms, 100% of polymorphic viruses, and 99.81% of trojans. It had similarly impressive results, getting near to perfection, in testing of file system protection. TrustPort Antivirus on-access protection was able to catch 100% of wild-list viruses, 99.88% of worms, 100% of polymorphic viruses, and 99.71% of trojans. Detection levels that high are a result of sophisticated antivirus technology, based on multiple scanning engines.

Back to Top

Sophos is warning that hackers are exploiting a problem with McAfee's anti-virus product that has caused hundreds of thousands of computers around the world to repeatedly reboot themselves, effectively becoming inoperable. McAfee accidentally issued a detection update yesterday which mistakenly detected a harmless Windows file, svchost.exe, as "W32/Wecorl.a", and caused critical problems on affected PCs.

Hackers, however, are compounding the problem by using blackhat SEO (search engine optimisation) techniques to create webpages stuffed with content which appears to be related to McAfee's false alarm problem - but are really designed to infect visiting computers.

Sophos has identified malicious webpages which appear on the first page of Google results if users search for phrases associated with McAfee's false positive. In the past, hackers have used the same techniques to infect users hunting for information about Sandra Bullock's marriage problems, Tiger Woods' car crash, and the death of celebrities such as Michael Jackson and Natasha Richardson. Sophos recommends that businesses protect their users by running a web security solution which scans every webpage and link clicked upon for malware and criminal activity.

Back to Top

Success stories are cybercriminals’ go to sources of  victims and the iPad craze couldn’t have been left out of this picture.  According to some reports, Apple sold 150.000 iPads in the first 60 hours of presale availability, with almost 100.000 of these coveted devices being pre-ordered in the first 10 hours. The figures make it clear as daylight why malware creators were so keen on crashing this promising party.

The invitation to the “contagious fiesta” comes via the e-mail: an unsolicited message instructs iPad users to download on their PCs the latest version of the iTunes software as a preliminary step to an update of their iPad software. To carry conviction, the e-mail emphasizes that  users should keep their iPad software updated “for best performance, newer features and security”.
It goes on to clarify the multi-step procedure by pointing out that in order for the update to be performed the latest version of iTunes should first be downloaded from the Internet. A direct link to the download location is conveniently provided. As a proof of cybercrime finesse, the webpage the users are directed to is a perfect imitation of the one they would use for legitimate iTunes software downloads.

Identified by BitDefender as Backdoor.Bifrose.AADY, the piece of malicious code inadvertently downloaded injects itself in to the explorer.exe process and opens up a backdoor that allows unauthorized access to and control over the affected system.

Back to Top

Marking one of the most significant milestones in the company's 19-year history, SonicWALL recently unveiled Project SuperMassive, the industry's first next-generation security platform and technology capable of detecting and controlling applications, preventing intrusions, and blocking malware at up to 40 Gbps without introducing latency to the network. Project SuperMassive comprises key elements, including: SonicWALL's Massively Scalable Next-Generation Network Security Platform architecture, SonicWALL's Next-Generation Firewall technology, and SonicWALL's patented Reassembly-Free Deep Packet Inspection (RF-DPI) engine.  At more than 10 times the speed of today's fastest technologies, Project SuperMassive revolutionizes application visualization and control, and is capable of protecting the world's highest performance networks from malware of all kinds. Today, companies are being forced to choose between performance and security, since existing security architectures have not been able to keep up with the volume of network traffic, especially with the explosion of rich media and the rise in malware-ridden social media applications.

Back to Top