Search This Blog

Showing posts with label Antivirus. Show all posts

New Malware Variant Employs Windows Subsystem for Linux for Attacks


Security experts have found a new malware variant that uses Windows Subsystem for Linux to infect systems covertly. The research highlights that malicious actors explore new attack tactics and focus on WSL to avoid being detected. 

Black Lotus Labs, the Lumen Technologies networking threat research organization, reported on Thursday 16th of September claimed that it has detected many malicious Python files in Debian Linux's binary ELF (Executable and Linkable) format. 

The initial samples were found at the beginning of May for the WSL environment and lasted until August 22 every 2 to 3 weeks. These function as WSL loaders and can be detected extremely poorly in public file scanning services. The next step is the injection of malWindows API calls into an ongoing process, a method that is neither new nor advanced. 

Of the few discovered instances, only one has been given a publicly routable IP address, indicating that attackers concerned are testing WSL for malware installation on Windows. The malevolent files mostly rely on Python 3 to perform their duties and are bundled with PyInstaller as ELF for Debian. 

“As the negligible detection rate on VirusTotal suggests, most endpoint agents designed for Windows systems don’t have signatures built to analyze ELF files, though they frequently detect non-WSL agents with similar functionality” Black Lotus Labs told. 

Just over a month ago, only one VirusTotal antivirus engine recognized a dangerous Linux file. Updating the scan for another sample demonstrated that the motors on the scanning service were not fully detected. 

One of the alternatives, written in Python 3 entirely, doesn't even use Windows APIs and is the first WSL loader effort. It is functional with both Windows and Linux with normal python libraries. 

In April 2016, Microsoft released the Windows Subsystem for Linux. When WSL was newly released from beta in September, investigators from Check Point revealed a catastrophe termed Bashware, where WSL could be misused to hide malicious code from security products. 

The scientists theorize that the code is still being created, even in the final level, depending on the incoherences detected in the analysis of multiple samples. The limited public IP exposure suggests activities in Ecuador and France at the end of June and the beginning of July, which are restricted to targets. 

Further, Black Lotus Labs recommends that everyone who has WSL enabled, make sure that logging is activated to detect these intrusions.

LockFile Ransomware Circumvents Protection Using Intermittent File Encryption


A new ransomware threat known as LockFile has been affecting organizations all around the world since July. It surfaced with its own set of tactics for getting beyond ransomware security by using a sophisticated approach known as "intermittent encryption." 

The operators of ransomware, called LockFile, have been found exploiting recently disclosed vulnerabilities like ProxyShell and PetitPotam to attack Windows servers and install file-encrypting malware that scrambles just every alternate 16 bytes of a file, allowing it to circumvent ransomware defenses. 

Mark Loman, Sophos director of engineering, said in a statement, "Partial encryption is generally used by ransomware operators to speed up the encryption process, and we've seen it implemented by BlackMatter, DarkSide, and LockBit 2.0 ransomware.” 

"What sets LockFile apart is that, unlike the others, it doesn't encrypt the first few blocks. Instead, LockFile encrypts every other 16 bytes of a document." 

"This means that a file such as a text document remains partially readable and looks statistically like the original. This trick can be successful against ransomware protection software that relies on inspecting content using statistical analysis to detect encryption," Loman added. 

Sophos' LockFile analysis is based on evidence published to VirusTotal on August 22, 2021. Once installed, the virus uses the Windows Management Interface (WMI) to terminate important services linked with virtualization software and databases before encrypting critical files and objects and displaying a ransomware message that looks similar to LockBit 2.0's. 

The ransom message further asks the victim to contact "," which Sophos believes they are referencing a rival ransomware organization named Conti. 
Furthermore, after successfully encrypting all of the documents on the laptop, the ransomware erases itself from the system, indicating "there is no ransomware binary for incident responders or antivirus software to identify or clear up." 

Loman warned that the takeaway for defenders is that the cyberthreat landscape never sits still, and adversaries will rapidly grasp any chance or weapon available to conduct a successful attack. 

The disclosures come as the U.S FBI published a Flash report outlining the tactics of a new Ransomware-as-a-Service (RaaS) group known as Hive, which consists of many actors who use multiple mechanisms to attack business networks, steal data, encrypt data on the networks, and attempt to collect a ransom in exchange for access to the decryption keys.

New AdLoad Malware Circumvents Apple’s XProtect to Infect macOS Devices


As part of multiple campaigns detected by cybersecurity firm SentinelOne, a new AdLoad malware strain is infecting Macs bypassing Apple's YARA signature-based XProtect built-in antivirus. 

AdLoad is a widespread trojan that has been aiming at the macOS platform since late 2017 and is used to distribute a variety of malicious payloads, including adware and Potentially Unwanted Applications (PUAs). This malware can also harvest system information and send it to remote servers managed by its operators. 

According to SentinelOne threat researcher Phil Stokes, these large-scale and continuing attacks began in early November 2020, with a spike in activity commencing in July and early August. 

AdLoad will install a Man-in-the-Middle (MiTM) web proxy after infecting a Mac to compromise search engine results and incorporate commercials into online sites for financial benefit. 

It will also acquire longevity on infected Macs by installing LaunchAgents and LaunchDaemons, as well as user cronjobs that run every two and a half hours in some circumstances. 

According to SentinelLabs, “When the user logs in, the AdLoad persistence agent will execute a binary hidden in the same user’s ~/Library/Application Support/ folder. That binary follows another deterministic pattern, whereby the child folder in Application Support is prepended with a period and a random string of digits. Within that directory is another directory called /Services/, which in turn contains a minimal application bundle having the same name as the LaunchAgent label. That barebones bundle contains an executable with the same name but without the com. prefix.” 

During the period of this campaign, the researcher witnessed over 220 samples, 150 of which were unique and went unnoticed by Apple's built-in antivirus, despite the fact that XProtect presently comprises of dozen AdLoad signatures. 

Many of the SentinelOne-detected samples are also signed with legitimate Apple-issued Developer ID certificates, while others are attested to operate under default Gatekeeper settings. 

Further, Stokes added, "At the time of writing, XProtect was last updated around June 15th. None of the samples we found are known to XProtect since they do not match any of the scanner’s current set of Adload rules." 

"The fact that hundreds of unique samples of a well-known adware variant have been circulating for at least 10 months and yet remain undetected by Apple’s built-in malware scanner demonstrates the necessity of adding further endpoint security controls to Mac devices." 

To effectively comprehend the significance of this threat, Shlayer's case can be considered which is another common macOS malware strain capable of bypassing XProtect and infecting Macs with other malicious payloads. 

Shlayer recently exploited a macOS zero-day to bypass Apple's File Quarantine, Gatekeeper, and Notarization security checks and download second-stage malicious payloads on compromised Macs. 

Even though these malware strains are just delivering adware and bundleware as secondary payloads, for the time being, their developers can, however, switch to distributing more serious malware at any point. 

Apple’s head of software, under oath, while testifying in the Epic Games vs. Apple trial in May said, "Today, we have a level of malware on the Mac that we don’t find acceptable and that is much worse than iOS."

Kaspersky announced the creation of the new smartphones with protection from hackers

A smartphone with a secure Kaspersky will have minimal functionality, said the head of Kaspersky Lab, Eugene Kaspersky. According to him, it will have its own basic applications and browser, but the smartphone has other tasks, it's security.

"There will be minimal functionality, but don't wait for beauty, both Android and iOS, this smartphone will perform other special tasks," said Mr. Kaspersky. "The device can call and send SMS, of course, there will be an office suite, its own browser with minimal functionality and a standard set of applications, such as an alarm clock, calculator, and so on,” added he.

So far, Kaspersky Lab does not plan to have an App store on its OS, but this is possible in the future. "Most likely, first we will make our own, and then we will be ready to attract other app stores," said Eugene Kaspersky.

At the same time, he said that smartphones on the Kaspersky operating system may appear next year. The company agreed with a Chinese smartphone manufacturer to install a new OS. 

He noted that the company does not plan to enter the platforms Google and Apple and try to replace them. "Our task is to create a secure phone that is almost impossible to hack, for processing secret and confidential information of both government officials and enterprises, and infrastructure management," said the head of Kaspersky Lab.

It’s interesting to note that Kaspersky Lab has been creating an operating system designed for maximum protection of equipment and operating on the principle of "everything is forbidden that is not allowed" for several years.

Miscreants Scamming Users into Buying Antivirus Software

Some independent security software affiliates are scamming people by sending emails with the false message that their antivirus is expiring and renew their license, whereby if the user does so, they can earn a commission. A software affiliate program is a marketing technique in which the affiliate recommends the software to customers or visitors and earns a commission on each purchase. Now, these programs have strict rules and guidelines to protect their software and customers from false advertising and being tricked into buying.

BleepingComputer discovered this scam last week when two of their seniors reported it. The mails tell the users that their Norton and McAfee antivirus software is expiring, the very day and to renew their license. The scam starts with emails containing a subject similar to "WARNING: Anti-Virus Can Expire " Sun, 26 Apr 2020", which includes a link stating, "Your Protection Can Expire TODAY!", writes BleepingComputer in their blog. If the link in the mail is clicked, it takes the user DigitalRiver affiliate network, and after dropping a tracking cookie, redirects the user to the purchase page of Norton or McAfee antivirus. If it goes smoothly and the user purchased the software, the affiliate party would get a $10 commission or 20% of the total sale. For this particular scam, they earned around $10 per transaction.

How to protect yourself from these scams 

Most antivirus usually notifies their customers of the expiry date via a notification from the software. If that's the case, you can rest assure that it is legitimate and go ahead with the renewal. But unfortunately, some companies email their users to remind the customer about the expiring article. A simple way to check their authenticity is to look for the name of your antivirus.

Since these rogue fake mails are sent in bulk they probably don't know which software you're using. The next step is to open your antivirus software and check when the software is expiring. Even if it is expiring, it's better to renew it from their website then to rely on these links from the mail.

Avast Antivirus Harvested Users' Data and Sold it Google, Microsoft, IBM and Others

Avast, a popular maker of free anti-virus software being employed by almost 435 million mobiles, Windows and Mac harvested its users' sensitive data via browser plugins and sold it to third parties such as Microsoft, Google, Pepsi, IBM, Home Depot, and many others, according to the findings of an investigation jointly carried out by PCMag and Motherboard.

As per the sources, the investigation basically relied on leaked data; documents used to further the investigation belonged to Jumpshot which is a subsidiary of Avast. The data was extracted by the Avast anti-virus software itself and then repackaged by Jumpshot into various products which were sold to big companies as the report specified, "Potential clients include Google, Yelp, Microsoft, McKinsey, Pepsi, Sephora, Home Depot, Conde Nast, Intuit, and many others."

"The sale of this data is both highly sensitive and is, in many cases, supposed to remain confidential between the company selling the data and the clients purchasing it," other company documents found.

Allegedly, Avast has been keeping a track of personal details such as exact time and date when a user starts surfing a website, the digital content being viewed by him and his browsing and search history. As per the findings, the information sold by Jumpshot includes Google Maps searches, Google search engine searches, YouTube videos viewed by users, activity that took place on companies' LinkedIn handles and porn websites visited by people. The data contained no traces of personal information of people like their names or email addresses, however, the investigators at Vice pointed out how the access to such precise browsing data can potentially lead back to the identification of the user anyway.

When the investigation reports were made public, Jumpshot stopped receiving any browsing-related data harvested by extensions as Avast terminated the operations, however, currently, the popular anti-virus maker is being investigated for collecting user data asides from browser plug-ins.

While Google denied commenting on the matter, IBM told Vice that they have no record of dealing with Avast's subsidiary, Jumpshot. Meanwhile, Microsoft made it clear that at present they are not having any relationship with Jumpshot.

Russian hackers claim to have breached 3 US antivirus makers

A group of elite Russian hackers claims to have infiltrated their networks and stolen the source code for their software.

Researchers with Advanced Intelligence (AdvIntel) have been tracking the activity of the group on underground forums for some time. The hackers, who operate under the handle Fxmsp, have an established reputation for infiltrating well-protected networks. Their targets typically include highly-sensitive corporate and government information.

Two months ago AdvIntel saw Fxmsp reappear on hacking forums after a half-year hiatus. It's probably no coincidence that the group reported that its campaign against security software firms had kicked off six months earlier.

Fxmsp laid low until it had achieved its goal. When its stealth operation concluded, the hackers allegedly made off with more than 30 terabytes of data from their latest victims. They posted screenshots showing folders, files, and source code.

The asking price for this trove of data: a cool $300,000. They also claimed to still have access to the networks and would throw that in at no extra charge to the lucky buyer.

If what they're offering is the real deal, then this is pretty much a worst-case scenario for the three firms that were compromised. Access to the source code allows hackers the opportunity to locate showstopping vulnerabilities and exploit them, rendering the software useless... or worse. They could even turn what was once legitimate protection from malware into an incredibly effective spying tool.

Most of the Antivirus Android Apps Ineffective and Unreliable

In a report published by AV-Comparatives, an Austrian antivirus testing company, it has been found out that the majority of anti-malware and antivirus applications for Android are untrustworthy and ineffective.

While surveying 250 antivirus applications for Android, the company discovered that only 80 of them detected more than 30% of the 2,000 harmful apps they were tested with. Moreover, a lof of them showed considerably high false alarm rates.

The detailed version of the report showcased that the officials at AV-Comparatives selected 138 companies which are providing anti-malware applications on Google Play. The list included some of the most well-known names like Google Play Protect, Falcon Security Lab, McAfee, Avast, AVG, Symantec, BitDefender, VSAR, DU Master, ESET and various others.

ZDNet noted that the security researchers at AV-Comparatives resorted to manual testing of all the 250 apps chosen for the study instead of employing an emulator. The process of downloading and installing these infectious apps on an Android device was repeated 2,000 times which assisted the researchers in concluding the end result i.e., the majority of those applications are not reliable and effective to detect malware or virus.

However, the study conducted by AV-Comparatives also highlighted that some of the offered antivirus applications can potentially block malicious apps.

As some of the vendors did not bother to add their own package names into the white list, the associated antivirus apps detected themselves as infectious. Meanwhile, some of the antivirus applications were found with wildcards in order to allow packages starting with an extension like "com.adobe" which can easily be exploited by the hackers to breach security.

On a safer side, Google guards by its Play Protect which provides security from viruses on Android by default. Despite that, some users opt for anti-malware apps from third-party app stores or other unknown sources which affect safety on their devices.

The presence of malicious apps on Google Play was also noticed in the past and with the aforementioned study, Android is becoming an unsafe mobile platform.

Beware of fake versions of Malwarebytes Anti-Malware 2.0 claiming to be free

It is always suggested not to download cracked versions of software, if you are really concerned about your Desktop security.  But, Downloading a cracked version of Antivirus or from unknown sources is height of stupidity.

MalwareBytes recently released new version 2.0 of the MalwareBytes Anti-Malware(MBAM). Cyber criminals have now started to trick users into installing the fake versions of this security application.

Researchers at Malwarebytes have come across a number of websites offering free version their software, but are actually potentially unwanted programs.

These bogus applications are capable of making itself run every time, whenever the system is restarted.  They are also capable of accessing your browser cookies, list of restricted sites and browser history.

These apps also blocks users from accessing certain websites by adding them to Internet Explorer's restricted zone, which includes wikia, gamespot, Runescape online.

The security firm also have spotted premium version of MBAM with key generators on torrent websites.  But, in this particular case, users are asked to fill survey in order to download the app.  Filling these kind of surveys will help the cybercriminals to earn money. 

McAfee Antivirus will be rebranded as Intel Security

Intel has decided to say Good bye to the McAfee brand name for its security software, the McAfee Security will be renamed "Intel Security".

The rebranding will begin immediately, but the company estimates it will take a year to complete.  The red McAfee shield logo will remain.

Along with the rebranding, Intel is offering the mobile version of McAfee's security solutions for free to use on iOS and Android devices.

The controversial founder of McAfee company, John McAfee told BBC that he was elated by the name change. 

"I am now everlastingly grateful to Intel for freeing me from this terrible association with the worst software on the planet. These are not my words, but the words of millions of irate users." he said.

Recent symantec anti-virus update results in bluescreen of death

A bug in the recent update of Symantec's Anti-virus software caused some windows-based PCs to crash, the security software maker disclosed Friday.

An update earlier this week to Symantec Endpoint Protection 12.1 antivirus software for businesses caused some Windows XP-based computers to crash repeatedly with a "blue screen of death," the company revealed on its Web site.

The embarrassment comes at a challenging time for Symantec, whose shares have lost about a quarter of their value since it warned of a pending profit decline three months ago.

According to Reuters, the company knows so far of about 300 corporate customers that have been affected, and about 60 consumer customers.

Customers reported it took Symantec hours to identify and fix the bug and that they needed to fix computers broken by the tainted update on their own.

Symantec blamed the glitch on software compatibility issues that arose after an update was released late on Wednesday. PCs could be fixed if customers manually removed the software from each disabled computer, it said in an advisory.

Avira Antivirus detects itself as Malware | False Virus Definition File

Avira Antivirus labeled itself as Spyware.  Avira detects AESCRIPT.DLL(one of Avira dll file) as "TR/Spy.463227".
Recent Virus Definition File(VDF version ) Update of Avira mistakenly includes AESCRIPT.DLL  Library file as one of Spyware.  This results in avira detects itself as spyware.   

After they come to know about this issue, Avira updated the Virus Definition File and ask users to update the Antivirus. The posted about this issue in their official Forum

Everymonth number of Botnets increased in millions~ Report from Kaspersky

“Hundreds of thousands of machines are joining botnets every month. Most of these botnets are used to propagate spam or distribute malware that can be used in cyber espionage. Some of them are used in DDoS attacks or as proxies to commit other cybercrimes.",Vitaly Kamluk, Chief Malware Expert, Global Research and Analysis Team, Kaspersky Lab

According to Kamluk, the largest botnet is Conficker, with more than 8 million infected hosts, followed by TDSS with more than 5.5 million, Zeus with more than 3.6 million, and Koobface with more than 2.9 million.

"One could think that laws should be able to help us. Indeed, there is a law that prohibits unauthorized access to remote systems, i.e., third parties cannot use the resources of the other’s machine. However, cybercriminals successfully bypass this law. They utilize and exploit systems in any way they want – to commit crime, earn money, etc. At the same time we researchers come up against the same law – but in our case it prevents us from fighting botnets

As an example of what could be done but cannot even be contemplated, there are over 53 000 command and control (C&C) centers on the Internet (source: In many cases we know where the C&C centers of these botnets are, so in theory we could contact the owner’s Internet Service Provider and ask it to take it down or to pass control of the center to us. This would be the right decision if we didn’t want to leave all those thousands of infected machines online - continuing to attack other machines. We could issue a command for a bot to self-destroy itself from within the botnet infrastructure (starting from the command center) and then take it down. But unfortunately this represents unauthorized access, and we are not allowed to issue such a command",Kamluk.

He recommended that law enforcement consider taking the following steps to help investigators in fighting botnets:

  • Carrying out mass remediation via a botnet;
  • Using the expertise and research of private companies and providing them with warrants for immunity against cybercrime laws in particular investigations, so they can collect more evidence, or bring down a malicious system when it cannot be accessed physically;
  • Using the resources of any compromised system during an investigation - so that we can place traps on compromised machines to get the source IP addresses of the attackers, and to bypass the mechanisms they use to hide their identities;
  • Obtaining a warrant for remote system exploitation - only in the cases when no other alternative is available. Of course this could result in cyber espionage. But if it is done properly – if the warrant is given for particular system, in a particular case, for particular timespan – this could bring positive results. Indeed, it could significantly change the cyber-threat landscape.”

BMW virus ~A New BIOS based virus discovered by Chinese Antivirus Firm

A Chinese Antivirus Firm 360 discovered a new Trojan BMW Virus that infects BIOS(motherboard chip program) and MBR(Master Boot drive)  Formatting full hard disk or installing New OS won't help you in anyway because BIOS is firmware that resides inside motherboard chip, it will work without the Hard disk.  This new virus infects BIOS so how can the formatting hard disk will help?

Virus transmission
Tied the game plug-in, tricking users to turn off security software attacks.

Phenomenon of virus move

One, Windows system before the start of the computer screen "Find it OK!" Words;
Second, anti-virus software again prompts "Hard disk boot sector virus" is not completely clear;
Third, the browser home page was altered to

Technical Analysis for the BMW virus :
BMW virus body is divided into BIOS, MBR and Windows of three parts, attack the process as shown below:

Prevention and Virus Removal
If you are one of 360 users , Your system is protected against BMW virus, it can not be infected with the motherboard BIOS chip and hard disk MBR;

If you turn off the computer security software for BMW has been infected. You can download 360 "BMW virus Zhuanshagongju" BIOS can detect the virus and prevent the virus code is written back to MBR, and then with 360 first aid kit to repair the system, can effectively prevent Such recurrent virus.
They explained in the above page clearly how to remove the virus.

SpyEye Trojan stole $3.2 million from U.S. victims ~ Discovered by TrendMicro

A Russian cybergang headed by a mysterious ringleader called 'Soldier' were able to steal $3.2 million from U.S. citizens earlier this year using the SpyEye-Zeus data-stealing Trojan, security company Trend Micro has reported.

Trend Micro researchers recently uncovered a cybercriminal operation involving SpyEye that began as early as January 2011. The said operation was orchestrated by “Soldier” (the cybercriminal’s handle), who is currently based in Russia. Trend Micro researchers had been monitoring Soldier and his activities since March 2011.

Based on investigation, this attack mainly targeted US users and some of those affected were large enterprises and institutions such as the US government and military. In fact, 97% of the affected corporations are based in the US. However, we have also observed affected organizations located in other countries such as the United Kingdom, Mexico, Canada, and India.

The SpyEye variant used in this attack is detected by Trend Micro as TSPY_SPYEYE.EXEI.

How much money was stolen?

According to Trend Micro research, the cybercriminal behind this attack was able to get more than $3.2 million dollars, or $17,000 per day, in the last 6 months with the help of accomplices and money mules. Money mules were recruited to transfer the money to the cybercriminals. To launder the money, the stolen money is passed by the cybercriminal to the accomplices situated in various locations then to the money mules and finally back to the cybercriminal. This is done so the cybercriminal won’t be easily track down by security researchers and law enforcement.

Once a system is infected, what does TSPY_SPYEYE.EXEI do?

Once installed, TSPY_SPYEYE.EXEI downloads a configuration file, which contains the websites that it monitors. Once users visit any of these monitored sites, it performs web injection and logs keystrokes to steal information from users. It also connects to specific URLs to send and receive information from a remote user. Once connected to these sites, it sends specific information such as operating system information, Internet Explorer (IE) version, account type, language ID, time zone etc.

What is SpyEye and how can I encounter this?

SpyEye is a commercially-sold toolkit which first emerged in 2009. Users may encounter SpyEye variants via various infection vectors such as blackhat search engine optimization (SEO), spam, and other malware to infect users’s systems. Its main routine is information, identity, and financial theft.

Trend Micro detects the binary files generated by SpyEye as TSPY_SPYEYE variants. When SpyEye first came out in the wild, it is thought of as the rival of another prevalent crimeware toolkit, ZeuS.

How do SpyEye malware steal information?

SpyEye downloads a configuration file on the infected systems. This configuration file contains the list of monitored websites. When users accessed any of the monitored websites, SpyEye performs Web injection to steal the data inputted by the users. It is also capable of capturing screenshots from the infected systems.

What is a web injection and how does it work?

In Web injection, SpyEye injects HTML code into the webpage to add form fields of other data that the cybercriminals want to steal. In the instance that users visit one of the monitored web sites, they would see an additional field(s) in the said site, asking for specific information other than logon credentials such as ATM or credit card number, email address, etc.

What kind of information do SpyEye variants steal?

Although SpyEye steals banking credentials, it is capable of stealing credentials related to different websites, such as Facebook, Twitter, Yahoo!, Google, eBay, and Amazon. It also gathers system information such as installed operating system, Internet Explorer version, timezone, and others. Furthermore, it is capable of capturing screenshots. This routine enables SpyEye to bypass authentication means and to gather data apart from online banking information. The stolen data are either used for other fraudulent activities or sold in the underground.

Why should I be concerned about SpyEye?

As an information stealer, SpyEye variants steal logon credentials and used this to initiate unauthorized transactions, such as an online fund transfer. Because of the web injection routine, users are also at risk of unwittingly giving out sensitive information, which are sold to the underground market and used for malicious purposes. In addition, SpyEye remains to be one of the prevalent malware to date. It can be sold commercially making it available to anyone who intends to steal information and hard-earned money of users.

SpyEye is known for targeting consumers, as well as small and medium businesses. However, large organizations are affected in this particular attack. It is possible that employees of large enterprises accessed their online bank accounts, and may have engaged in other online activities while using the work/business network, thus compromising its security. Furthermore, the stolen information from these large enterprises may be used to stage targeted attacks.
Are Trend Micro users protected from this attack?

Yes. Trend Micro provides a multi-layered protection via Trend Micro™ Smart Protection Network™. With Web reputation technology blocks all the malicious URLs where SpyEye variants may be downloaded. It also prevents access to all the URLs where the malware may download its configuration files. File reputation service detects and deletes all known SpyEye variants found on the affected system. For SpyEye variants that arrive via spam messages, the Email reputation service promptly blocks such messages even before it arrives on users' inboxes.
Trend Micro’s Threat Discovery Appliance (TDA) also protects users' networks by blocking malicious packets, such as C&C communication and upload of stolen information.
Home users can use Trend Micro’s HouseCall to scan and clean systems infected with malware components related to this attack. Similarly, Trend Micro’s Genericlean detects and cleans the malware components.

Users are advised to be wary of divulging any personal information online. It is also best not to access online bank accounts using a work network. For businesses, we recommend the use of various security layers such as firewall, gateway, messaging, network, server, endpoint, and mobile security for optimal protection against attacks like this.

As of this writing, Trend Micro researchers and analysts are collaborating with law enforcement agencies regarding the blocking of identified command and control servers related to SpyEye.


Android users will be next target !

Free AVG Mobilation Application for Android ~ Anit Malware

Android becomes popular , at the same time  malware for Android mobiles started to increase rapidly.  In order to provide mobile security AVG released AVG Mobilation App for Android.  There are two versions available , Free and Pro.   They offer the full "pro" version with a value of around € 7

"AVG Pro Mobilation" scans Android under individual applications, and media files for viruses. In addition, you can locate your cell phone using GPS on a Google Map. This is especially handy if you have lost your Android device, or it was even stolen. However, you must advance your device via e-mail address registered on the app

The security app also allows you to create backups in order to recover critical applications and data at any time. This service is still in beta phase. Next you delete with "AVG Pro Mobilation" individual tasks that reduce the speed of your mobile phone.

How safe are Mobilation AVG Pro
Exclusive to the Pro version of AVG Mobilation app you will also receive protection from virus-infected message. Also, you can block spam messages with the app.

The anti-virus feature is updated regularly, of course. New features in this version, however you will not be recorded via an update - unless you purchase "AVG Pro Mobilation" later bought.

AVG Anti-virus Free
"AVG Anti-Virus Free" Android scans under a single application, and media files for viruses. In addition, you can locate your cell phone using GPS on a Google Maps map. This is especially handy if you have lost your Android device, or it was even stolen.

The free app that allows to create backups in order to recover critical applications and data at any time. Next you delete with "AVG Anti-Virus Free 'individual tasks that reduce the speed of your mobile phone.

Get Free version from Here.