145 replies to this topic

[AplusWebMaster]

FYI...

ClamAV v0.96.1 released
- http://secunia.com/advisories/39895/
Last Update: 2010-05-24
Criticality level: Moderately critical
Impact: DoS
Where: From remote
Solution: Update to version 0.96.1...

- http://www.clamav.ne...wnload/sources/
"... Latest stable release: ClamAV 0.96.1..."

- http://web.nvd.nist....d=CVE-2010-1639

- http://web.nvd.nist....d=CVE-2010-1640

Edited by AplusWebMaster, 28 May 2010 - 04:11 AM.

[AplusWebMaster]

FYI...

AV detection evasion...
- http://isc.sans.org/...ml?storyid=8857
Last Updated: 2010-05-26 05:41:55 UTC - "... Authors of malware often build various modules that allow them to extend functionality of malware but also to make analysis more difficult. The rationale behind this is pretty simple – if this particular infected machine does not need the module that, for example, attacks a certain bank it will not be downloaded and installed. This makes it more difficult for the AV vendors to collect all samples of various modules as the attackers can target them. One example of such highly modular (and heavily protected) malware is certainly Clampi – you can see a series of articles about this malware family posted on Symantec's web site*. The attackers can also use modularization to rapidly change fingerprints of malware – if only one module is detected by an AV vendor, the attacker only has to modify that particular module... One very simple malicious file was submitted to us couple of days... found the file in the /Windows/SysWOW64 directory on his Windows 7 machine. The file was named netset.exe and it wasn't signed, so it immediately looked suspicious... However, online malware scanners all happily declared the file safe – when it was initially submitted to VirusTotal it resulted in 0 detections (yes – 0 out of 40 AV programs on VirusTotal, see the report here**)... attackers are using those simple tricks to make automated analysis more difficult. Since even emulators such as Anubis, which execute the malware in an isolated environment, will not know which argument it needs, the file will appear to be benign. And judging by the VirusTotal results they have no problems with evading signature based scanning..."

* http://www.symantec....ws-trojanclampi

** http://www.virustota...ac7c-1272595124
File netset.exe received on 2010.04.30 02:38:44 (UTC)
Result: 0/40 (0.00%)

[AplusWebMaster]

FYI...

AV struggles against exploits
- http://krebsonsecuri...ainst-exploits/
August 23, 2010 - "... a series of reports released earlier this month by anti-virus testing lab AV-Test* comes to similar conclusions as NSS report about the exploit-blocking abilities of the major anti-virus products. According to AV-Test, the industry average in protecting against exploits (both known and unknown) was 75 percent."
* http://www.av-test.org/certifications

(More detail available at both URLs above.)

[AplusWebMaster]

FYI...

Trend Micro Internet Security Pro 2010 vuln - Hotfix available
- http://web.nvd.nist....d=CVE-2010-3189
Last revised: 09/01/2010
CVSS v2 Base Score: 9.3 (HIGH)
Patch Information
Hyperlink: http://esupport.tren...-attackers.aspx

- http://securitytrack...ug/1024364.html

- http://xforce.iss.ne...orce/xfdb/61397
High Risk

[AplusWebMaster]

FYI...

avast! Antivirus v5.0.677 released
- http://secunia.com/advisories/41109/
Last Update: 2010-09-13
Impact: System access
Where: From remote
... The vulnerability is confirmed in avast! Free Antivirus version 5.0.594 for Windows. Other versions may also be affected.
Solution: Update to version 5.0.677 ...
Original Advisory: Avast!:
http://www.avast.com...release-history

- http://web.nvd.nist....d=CVE-2010-3126
Last revised: 08/26/2010
CVSS v2 Base Score: 9.3 (HIGH)

Edited by AplusWebMaster, 13 September 2010 - 07:08 AM.

[AplusWebMaster]

FYI...

ClamAV v0.96.3 released
- http://secunia.com/advisories/41503/
Release Date: 2010-09-21
Criticality level: Moderately critical
Impact: DoS, System access
Where: From remote
CVE Reference: CVE-2010-0405
Solution: Update to version 0.96.3.

- http://www.clamav.ne...wnload/sources/

- http://web.nvd.nist....d=CVE-2010-3434
Last revised: 10/01/2010
CVSS v2 Base Score: 9.3 (HIGH)
___

- http://www.h-online....ne-1139430.html
19 November 2010

Edited by AplusWebMaster, 03 December 2010 - 09:51 AM.

[AplusWebMaster]

FYI...

Sophos/Mac AV - Top malware seen
- http://sophosnews.fi...d-mac.jpg?w=640
Nov. 2 - Nov. 16, 2010 [150K users]

> http://www.sophos.com/freemacav

- http://nakedsecurity...-malware-found/
November 18, 2010 - "... 50,000 malware reports from the Mac users during the time period... We don't see as much Mac malware as Windows malware... unfortunately, so long as Mac users don't properly defend themselves they will increasingly be perceived as a soft target by cybercriminals..."

[AplusWebMaster]

FYI...

McAfee SB10013...
- http://isc.sans.edu/...l?storyid=10012
Last Updated: 2010-12-01 15:55:08 UTC - "McAfee Released Security Bulletin SB10013 this morning. The bulletin pertains to a potential code execution vulnerability for VirusScan Enterprise 8.5i and earlier versions. According to the information from McAfee they are investigating the publicly disclosed security issue and will publish a hotfix as soon as the investigation is complete. They have listed this as a Severity Rating of Medium. For more information and to check for the hotfix* ..."
* https://kc.mcafee.co...=...&id=SB10013
December 01, 2010 - "... McAfee is aware of a publicly disclosed security issue that may affect VirusScan Enterprise version 8.5 and prior. We are investigating the claims and will update this KB with additional details when they are available. We will be publishing a hotfix for this issue as soon as we are certain the fix closes all avenues of attack. This hotfix will mitigate the issue in affected configurations. .. VSE 8.7i and beyond are not affected by this issue and are readily available immediately. Upgrading to the newest version effectively closes this issue completely... Remediation: Upgrade to or install VSE 8.7..."

- http://secunia.com/advisories/41482/
Release Date: 2010-11-29
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched ...
... The vulnerability is caused due to the application loading libraries (e.g. traceapp.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a Word Document with an embedded ActiveX control located on a remote WebDAV or SMB share in Microsoft Office 2003...

Edited by AplusWebMaster, 01 December 2010 - 04:04 PM.

[AplusWebMaster]

FYI...

AVG bad update bricks Win7 64-bit
- http://isc.sans.edu/...l?storyid=10030
Last Updated: 2010-12-03 04:24:55 UTC - "... reports on AVG updates breaking things on Windows 7 64 bit... The problem lies with the mandatory update. The AVG site has some info on how to deal with the issue here http://forums.avg.co...m...ow&id=94159
* Basically get the machine started somehow (use AVG rescue Disk or any Linux Live CD). In the windows/system32/drivers directory rename everything starting with avg. Reboot and your system will be back (minus the AV). I guess it will then be a matter of waiting for it to be fixed, reinstall or change to something else."
___

AVG fix for computers running on Windows 7 64-bit platform - updated
- http://product-team....t-platform.html
12/02/2010 - "... we have identified a potential conflict between one of our recent updates (3292) and a significant number of systems running on the Windows 7 64-bit platform that has caused systems to go into an infinite crash loop... video to help you solve this problem..."

- http://forums.avg.co...999#post_132999
[Read -entire- thread]

System crash after the recent AVG 2011 update 3292 (BSOD)
- http://free.avg.com/ww-en/faq?num=4080

- http://www.avg.com/us-en/faq?num=4079

Updated AVG 2011 Rescue CD/USB (for 3292 update)
-
___

- http://forums.avg.co...m...w&id=132917

-

Edited by AplusWebMaster, 03 December 2010 - 05:30 AM.

[AplusWebMaster]

FYI...

ClamAV v0.96.5 released
- http://secunia.com/advisories/42426
Last Update: 2010-12-08
Criticality level: Moderately critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch
... The vulnerabilities are reported in versions prior to 0.96.5.
Solution: Update to version 0.96.5.

- http://www.clamav.ne...wnload/sources/
Latest stable release: ClamAV 0.96.5

- http://web.nvd.nist....d=CVE-2010-4260
- http://web.nvd.nist....d=CVE-2010-4261

- http://www.h-online....ne-1139430.html
19 November 2010

[AplusWebMaster]

FYI...

Avira v10 SP1 updated
- http://techblog.avir...ol-problems/en/
December 8, 2010 - "We just published an update for Avira AntiVir 10 with Service Pack 1 that solves an issue some users were experiencing where their computers stopped to respond after a short time of running. An error message indicates in those cases that the paged pool memory isn’t sufficient. As a workaround it was possible to disable the process protection of Avira AntiVir. The now released update solves that issue. Those who disabled the process protection may enable it again after applying that update, which should happen automatically within the usual update cycle (exception: if the default configuration got changed and product updates explicitly got disabled)..."
Update 09.12.2010 - "On developer systems, this update may lead to problems when trying to debug software (thus only developers should be affected). We are still investigating the issue. As a workaround in case you experience this problem, disable the registry- and file-protection for the Avira AntiVir files in the configuration: Switch to expert mode in the configuration and scroll down to “general”, “security”. There untick the box next to the entry which protects from file- and registry manipulations. After that, reboot the computer. In some cases it is necessary to rename the Avira file avipbb.sys to avipbb.old (possible in safe mode)."

Edited by AplusWebMaster, 09 December 2010 - 03:12 PM.

[AplusWebMaster]

FYI...

F-secure: false positive...
- http://www.f-secure....s/00002073.html
December 10, 2010 07:22 GMT - "Unfortunately we had a nasty false alarm couple of hours ago. The false alarm involved the detection Adware.smartad.d, which was in the database update 2010-12-09_10, released on 9th Dec 2236 UTC. This detection inadvertently triggered on the file google-analytics.com/ga.js. This file is a script associated with Google Analytics, and it's found on a fair number of websites. An exclusion for the file was released in the database update 2010-12-10_01 at 10th Dec 0052 UTC - about 2.5 hours after the bad update went out.
Apologies for any disruptions caused by this false alarm. We're sorry. To minimize disruptions, please make sure your product has been updated to use the latest database updates."

[AplusWebMaster]

FYI...

F-Secure remote binary vuln - updates available
- http://secunia.com/advisories/42566/
Release Date: 2010-12-15
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Solution: Apply patches. Patches are also distributed via the automatic update channel.
Original Advisory: F-Secure Security Advisory FSC-2010-4:
http://www.f-secure....fsc-2010-4.html
Last updated: 2010-12-15
Risk level: High
Brief description: Under certain circumstances, an attacker can trick the system into executing a binary file that has been planted on a disk resource that the computer can access... Administrators should download and apply the hotfixes listed...

- http://www.securityt....com/id?1024895
Dec 15 2010

Edited by AplusWebMaster, 16 December 2010 - 08:16 AM.

[AplusWebMaster]

FYI...

Symantec AV multiple vulns - update available
- http://secunia.com/advisories/43099/
Release Date: 2011-01-27
Criticality level: Moderately critical
Impact: DoS, System access
Where: From local network
Solution Status: Vendor Patch
Software: Symantec AntiVirus Corporate Edition 10.x, System Center 10.x
CVE Reference(s): CVE-2010-0110, CVE-2010-0111
... Intel AMS2 component when processing certain messages can be exploited to run arbitrary commands | cause a buffer overflow | create arbitrary events | cause a DoS ...
Solution: Update to version 10.1 MR10.
Original Advisory:
- http://www.symantec....uid=20110126_00
- http://www.symantec....uid=20110126_01

- http://www.securityt....com/id/1024996
Jan 27 2011
- http://www.securityt....com/id/1024997
Jan 28 2011

Edited by AplusWebMaster, 28 January 2011 - 04:31 AM.

[AplusWebMaster]

FYI...

Clam AV vuln - update v0.97 available
- http://secunia.com/advisories/43392/
Release Date: 2011-02-21
Criticality level: Moderately critical
Impact: DoS, System access
Where: From remote
... The vulnerability is reported in versions prior to 0.97.
Solution: Update to version 0.97...
- http://www.clamav.ne...wnload/sources/
"... Latest stable release: ClamAV 0.97... Please read the upgrade instructions before upgrading..."
* [url="http://wiki.clamav.net/Main/UpgradeInstructions""]http://wiki.clamav.net/Main/UpgradeInstructions"[/url]

- http://web.nvd.nist....d=CVE-2011-1003
Last revised: 02/24/2011

- http://www.securityt....com/id/1025100
Feb 21 2011

Edited by AplusWebMaster, 28 February 2011 - 02:27 PM.