Trend Micro detected TROJ_PIDIEF.WIA, a trojan that arrives as a mass email attachment. This trojan may also be downloaded by visiting malicious Web sites. According to Trend Micro’s malware blog, it “uses the heap spray technique to execute shellcode in its stream.” This, in turn, infects your system with the malicious backdoor file, BKDR_POISON.UC, and allows a malicious user to “execute any command on the affected system.”

Adobe will release a patch for this vulnerability on January 12, 2010. In the meantime, protect yourself by disabling JavaScript in Adobe Acrobat.

1. Under the Edit menu, select Preferences (or use the shortcut key Ctrl+K)
2. Select JavaScript in the left panel menu.
3. Uncheck the “Enable Acrobat JavaScript” option.
4. Hit OK to apply the new settings.

Did you know that over 20 threats emerge every minute? Actually, there is a new one every 2.5 seconds. Most of these threats are from the web. According to a survey conducted by Harris Interactive, the average adult Internet user spends an average of 13 hours a week online — a trend that has been increasing over the years. Hence, more cause for concern in our technological future?

Cloud-computing and virtualization are becoming increasingly popular. At cheaper costs, the ease of work mobility, increased reliability, lighter installations and improved efficiency, it’s hard not to progress with this trend. But with the ups must come the downs, I suppose. The Trend Micro 2010 Future Threat Report (released December 2009) predicts the grounds on which cyber-criminals prey are also expanded due to the expansion of cloud-computing and virtualization.

Continue reading more security threat predictions in 2010 >>

Despite a stream of updates and patches from Microsoft and the best efforts of security companies, the Conficker/Downadup worm has proven itself to be the most resilient and adaptable security threat to date. Perhaps it should be reclassified as a cyber cockroach.

The worm first appeared in November 2008, and has since propagated itself throughout the world. Currently it infects more than five million computers, according to the New York Times.

The worm operates by exploiting vulnerability in all releases of Windows to date, with more crafty versions appearing regularly. Depending on the version, once the worm is on a machine in stores itself in random files, and creates restore points and backdoors for reinfection, as well as watching and terminating any antiviral processes. By infecting removable storage devices, it then uses Window’s AutuRun Command to capture computers into which it is plugged.

Some versions of the worm can even create ad-hoc peer-to-peer networks, which then send and receive information over the internet. The ease and speed in which each successive version of the worm anticipates its own vulnerabilities has led many researchers to believe that Coficker’s authors have access to the anti-malware efforts of network operators and law enforcement.

The purpose of the worm is also allusive, and some researchers believe it is nothing more than ghost; others think that the intentions of the authors have not yet been revealed.

The creators of the worm are still unknown, but are believed to be operating from Ukraine. Microsoft is offering a $250,000 reward for information leading to their arrest and conviction.

Third-party anti-virus software have such as McAfee, Panda Security, Symantec Norton, Sophos, and Trend Micro have watched the malware’s evolution vigilently, and are able to detect and remove the worm.

Comment!

Norton AntiVirus 2009 (Full Product)

Prices start at

$17.84

Avg user rating

5 user reviews

Merchant

Price

Rating

$16.89

405 Reviews

$16.95

159 Reviews

$17.88

1 Reviews

Computers Worth

$18.50

436 Reviews

Baseline Software

$18.97

2 Reviews

Prices and availability are subject to change by merchant without notice. Please check with merchant for details. For all prices or availability click here

On Sunday, 60 minutes joined the multitude of websites and blogs that are reporting on the Conficker worm that is supposedly set to deliver its malware payload on April 1st. The CBS 60 minutes report is mostly background information on computer viruses for the uninformed masses, but it does bring up a few good points. Watch the episode below:

EDIT: CBS has apparently removed this video from their website (transcript is still available here). I assume it is because of numerous reporting errors, and the use of an image of Finnish school kids that are supposed “Russian hackers”. This image was used in an internet joke 5 years ago and these kids have nothing to do with internet viruses. More on this in the comments of the removed video.

60 Minutes is the latest mass media outlet to join in on the Conficker hype. It seems that viruses and worms that have set activation dates, like Conficker does, generate a large amount of press just prior to the event. However, most viruses like this one end up not causing much damage, and they fade away very quickly. The TrendLabs Malware Blog seems to think this will be the case with Conficker as well.

The fact is, most people are already protected from Conficker because of a Microsoft security patch that should have been automatically installed back in October. If for one reason or another you didn’t install this patch, you may be infected already. Reports from around the web state that most infections are located in China, Brazil, Russia, India, and Argentina, but there are instances of infection surfacing in the US.

The creators of worms like Conficker love all of this hype because it gives them a chance to infect new systems. Searches on Google for things like “remove conficker” bring up harmful links that will in fact deliver the worm to the very people looking to remove it. In its detailed report of the different instances of Conficker, Trend Micro states that internet based virus scans will not be effective at removing this worm because it is programmed to block these websites. If you can’t access one of these online system scans, you system is most likely infected.

If that is the case, your best bet is to download the free Trend Micro Sysclean Package to a flash drive using a clean computer. Run the scan, install the latest Microsoft Windows patches, and go on with your life.

One other way to avoid this virus and many other viruses? Get a Mac. The Conficker worm and many, many other viruses only target PC’s, and more specifically Windows.

Tomorrow we will know the true extent of this worm’s damage to the worldwide internet, but my guess is it will come and go without much fanfare.

The researchers at Trend Micro issued a warning yesterday regarding new malware embedded in links and banners pointing to warez and crack websites promoting illegal software downloads. In the past, most viruses on these types of illegal download sites were found in the downloaded programs themselves. Now, malware is present in links, ads, and search results pointing to these sites, infecting your computer before you download anything. Typical searches that result in these infected links include searches for serial numbers and cracks of popular software.

These recently found viruses are a version of the VIRUX and VIRUT viruses, which use various infection techniques to eventually connect your PC to an IRC server. This allows the creator of the virus to execute commands and gain complete control over your PC. Particularly notable is the rate at which these viruses spread, with around 20,000 computers per day becoming infected.

To protect yourself, stay away from illegal download sites and refrain from even searching for serial and software cracks.