Kaspersky anti virus personal

. The analyst Diary is A Web log maintained by virus analysts from Kaspersky lab headed by Eugene Kaspersky. about the authors OF this Web logs. How would you prefer tons pay for your anti-virus solution. Via the InterNet using A debit \ credit card Using cash \ credit \ debit in A shop. If you're into the Hanover neighbourhood, or if you’.re RK CeBIT already, don’.t forget ton stop RK our booth in resound to 6, J16 before it's too late. Everyone seems tons rushing tons our booth tons of GET A CoPy OF Eugene’.s latest book called ‘.Malware’. It of gives A complete overview OF all aspects OF times commodity, including all the history, and it's A material PAGE more turner. In my opinion it’.s A ‘.must have’. for your security LIBRARY. Yesterday incoming goods had our now traditional Russian disco evening and stayed UP A bit more later than incoming goods should have done. From left ton right: Alex, Eddy, Magnus, Vitaly Incidentally, the big theme more over here RK CeBIT is ‘.green IT’. Incoming goods must ahead OF the times &ndash. we've had A green product for years. Over the read week there has been on enormous upsurge in report OF in such a way called "MonaRonaDona" times commodity. When MonaRonaDona is in valley LED on the system it shows the user alert on: When active, it terminates applications which have the names listed below into the Windows title bar: The IE title bar wants thus contain A reference ton of MonaRonaDona. How the times commodity actually reaches the system isn't entirely CLEAR RK the moment. When roofridge run, the only thing the program does is register itself ton start RK Windows boat. As of symptom OF infection aren't immediately visible, this makes it more harder for victims tons of pin POINT what they were doing when they actually got infected. Thesis characteristics make it look as though this times commodity which created by A cyber hooligan, someone simply interested into causing damage tons victim machines. However, A bit more digging revealed A completely different story. Even though it May emergency immediately CLEARS that the machine has been infected, in contrast ton the majority OF today's times commodity MonaRonaDona is very visible. It's approach clearly designed ton cause the user ton search for information on MonaRonaDona using their favourite on Search Engine. Once the victim searches using this name, s/he wants ends to UP RK sites displaying the following: Incidentally, RK the time I received the times commodity, NO anti-virus product which detecting it. A bit OF research uncovered the following facts: firstly, unigray.com has only A bit OF A been talk flag into existence for two weeks now, which is. Secondly, that's A pretty large anti-times commodity DATA cousin for A product that has only been around for A very short by iodine OF time. Digging A bit DTE by, I found that the product only has ' detection ' for the following malicious programs:. The program generated almost 200 false of alarm on A completely clean system, choosing names seemingly RK random from the cunning OF malicious programs shown above. Interestingly, on A machine infected with MonaRonaDona, the ' anti-virus ' thus generated false of alarm on clean files, detecting them as MonaRonaDona. It seems very strand that look for A new program would include detection for MonaRonaDona while legitimate anti-virus products don't. Analysing the program I found that it has only one rem oval routine. Guess for which malicious program. Unigray wants clean it UP for only $39,90 &ndash. this doesn't sound like the best OF deals tons of ME. A comparison OF the code OF MonaRonaDona and Unigray anti-virus show that there acres many, many similarities. This leaves very little doubt that the same group is behind both MonaRonaDona and Unigray. And this case clearly shows that the bath guys acres getting very good RK social engineering. They obviously PUT A plumb bob OF thought into manipulating the user into doing what they want.a and Unigray anti-virus as emergency A virus:FraudTool. On-line surveillance quietly more under discussion Today, on Wednesday 27th February RK 10am, the German Federal Constitutional Court in Karlsruhe larva official statement regarding its verdict on on on-line surveillance. This new basic right is intended ton guarantee the integrity OF IT of system and the confidentiality OF DATA hero on thesis of system. The catalyst for thesis proceedings which A collective complaint brought against A law into the German state OF North Rhine-Westphalia designed tons of protect the constitution. This law permits the installation OF spy programs on the of computer OF alleged criminals and terrorists. Exactly what the practical results OF today's verdict wants remain tons lakes. It's CLEAR that the North Rhine-Westphalia law protecting the constitution wants have tons amended. Meanwhile, discussions about the software &ndash. nicknamed the ' federal Trojan ' &ndash. wants continue. This won't have any effect on our work as at anti-virus company. Today our Spam traps caught A phishing email targeting Paypal users that incoming goods detect proactively as Trojan Spy. OF course look for enamels normally aren't anything special - the interesting bits about this one is that it's in Dutch. This if into with my prediction () towards the end OF read year that we'd start ton lake to increase in the use OF Dutch (which is, after all, A minority LANGUAGE) in more cyber scams. A bit OF searching through our archives showed that this mail which A RH run from on attack that occurred read week. This of indicates that the roofridge one which probably reasonably successful &ndash. if emergency, why resend the same email. Although it's pretty good, the Dutch is emergency exactly perfect. This in itself might alert users ton the fact that something is emergency quite legitimate. And the bath guys forgot another major factor &ndash. although the email is in Dutch, the site that it on the left of tons isn't. Hopefully this wants act as A talks flag so that recipients don't more enter their DATA on the site. Our Mexican email of addresses started receiving messages on the 19th and 20th OF February that looked like standard greeting card enamels. OF course, the messages were fake. The left into the messages sent users tons of A completely different site &ndash. they all LED ton (naturally, we've obscured the left). Once the user is on this site, A specially crafted php script GET executed, which downloads A malicious file called TarjetasNico. The icon for the downloaded file is exact CoPy OF the icon used on the greetings card site on:. The text is A classic OF social engineering &ndash. A heart tugging ' finally far-wave ' message. It's clearly designed tons play on the sympathy OF users, perhaps with the aim OF getting them ton of forward the original message tons their friends and relative. Once the malicious file is launched, it modifies DNS of entries into the host file, which results in requests ton the sites listed below being redirected:. A quick glance RK the cunning shows that the Trojan is targeting users who bank with the Mexican Banamex bank. This attack is A very internationally affair. Incoming goods started tons dig DTE by and came across this: It's the PAGE that the bath guys use tons sends their messages. RK the time OF writing, the sites were UP, and only 3 anti-virus products were detecting this latest threat quietly. As always, users should cautious, and into this particular case, if you're A of customer OF Banamex, extremely careful emergency ton of GET hooked. Valentine's Greetings….from your friends RK KL Quite A few people have already said that incoming goods CAN expect ton lake to increase in malicious code spreading as Valentine's Day of approaches. Here's to example: Smiley Kiss. When the user open the left, he or she wants lake A picture like the ones below:. OTHER cards use Disney of character. But NO more matt what image is shown, the result is the same. Malicious code &ndash. into the shape OF A file called valentine.ic &ndash. ends UP on the victim machine. What's interesting is that thesis image of acres dynamic, ith they CAN CHANGE each time the greetings card PAGE is reloaded. Because OF the large NUMBERS OF requests being larva ton of thesis child OF sites, they sometimes become unavailable. But persistent users wants, into the ends, GET through &ndash. and GET their card, more together with A helping OF times commodity. Our stats show that currently approximately 5% OF mail traffic is larva UP OF look for messages. Although incoming goods detect the malicious code, our advice tons of users is as more ever: - Make sure your anti-virus software is UP ton of DATE. Load week there which A plumb bob OF speculation going round that Paris Hilton has changed ago sexual orientation. A couple OF years ago when she which making the news, In Worm authors played on this. Unsurprisingly, this prediction turned out tons true. Over the read couple OF days we've seas Spam being sent out which contains A left in it claiming tons A Paris Hilton video. The social engineering is obvious &ndash. although it's amusing that the video title mentions men than women. Putting this aside, it's on odd case from A technical POINT OF view. The URL leads tons of A simple Trojan Downloader which is packed using FSG. It doesn't have any anti- AV functionality. One OF those is stuffed with anti- AV of techniques. OF course, using Trojan Downloaders is extremely common thesis days. What's strand is the combi nation OF look for A simple Trojan Downloader which downloads highly sophisticated times commodity. This of leaves ME wondering if this unusual combi nation which created by the authors by accident, or by some strand Design. The organization's Main aim is ton create security software testing guidelines and standard. Why is A body like this needed. Wave, although security software has changed enormously into the read ten years, most used today haven't evolved RK the same guess/advise tests. New and of better tests of acres needed tons more better assess the effectiveness OF of new technologies. AMTSO is A very significant move towards having tests that more accurately reflect the performance OF security software into material life situation. Right now the group consists OF AV researchers and of tester. One OF the goals is ton include academics as wave. AMTSO of strives ton vendor and technology neutrally and academic members wants very helpful in ensuring this position. It'll interesting ton lake what AMTSO of comes UP with it. As A of member OF the per tem standard and guidelines subcommittee I'll obviously have A say into the more matt. The result May that incoming goods end to UP with test where security solutions don't score as highly as they DO in current tests. But this wants NO bath thing if test results reflect the genuine ability OF solutions tons combat today's constantly changing threats. READ more about the organization. Load month the of winner OF this title which, which targeted the customers OF 42 bank. Greediest Trojan targeting payment system has its sights set on three payment system RK once. Greediest Trojan targeting payment cards.The of winner OF this category in December which is packed with 11 different packman, earning the title OF December's stealthiest program. took the lead in this category into the roofridge month OF winters - weighing in RK all OF just 12 bytes, it CAN nevertheless wipe the C: drive clean. The largest malicious program in December wasn’.t so large after all -. weighs in RK 85MB, which is noticeably more smaller than previous winners OF this category., just DELETES security software from MEMORY, the hard drive and the registry. Most common malicious program in mail traffic. wins this category, making UP A hefty 20,03% OF all malicious code into mail traffic in December. took this title read month with 673 modifications. Most common virus/worm family. has larva its way bake ton the top, winning this title in December with 69 new modifications. Yesterday I looked into A case where somebody had gotten A nice Christmas present - A new MP3 more player. However this MP3 more player contained A bit more than the person asked for. The DEVICE which infected with Worm. All the evidence clearly indicates the DEVICES which infected before the user opened the poison. This is unpleasant, but infected removable STORAGE media is emergency-hung new. There which the case OF infected max gate drives and Aleks recently blogged about his purchase OF on infected Kingston flash card. OF course, we've contacted the company concerned. It which only this particular model &ndash. the Victory LT-200 that which affected. I've noticed there seems tons A lacquer OF clarity about how Windows of behaves with USB media, thus this seems like A good opportunity tons of CLEARS UP A few POINTS. Most times commodity that spreads ton removable media exploits the Windows autorun functionality: Windows check any drive ton lake if it has A file named autorun. If it does, Windows check the CONTENTS OF the file and take appropriate action. In cases the file most contains A COMMAND saying that A file should automatically run. It wants DO this automatically for any local hard drive and the same of goes for CD Rome. Microsoft's larva some security improvements since XP/SP2, causing Windows ton of checks if the DEVICES is connected via USB.inf won't automatically followed, but the user wants shown A pop UP asking for action. This is good, but it's emergency perfect. In XP, Windows quietly automatically follows the COMMANDS into autorun.inf if the user ACCESSES the drive via more explorer. This means that although infection isn't 100% automatically, it's quietly A significant threat. The bold "car" means that Windows ' default action is tons of by form autorun when the drive is double clicked. Thus I decided ton have A look ton lake what improvements Microsoft larva in Vista. As the screen SHOT shows, the default action is changed tons of "open", which means that Windows wants just show the directory listing. However Vista thus makes it more easier for the user ton manually run setup. In term OF user friendliness versus security Vista is superior tons of XP. It'll interesting ton lake if service luggage 3 for XP wants brings CHANGES - I CAN only hope it wants. One OF the best precautions against getting infected is ton make sure that your virus scanner is on.