Think Fortune 500 companies are on the ball? Think again. According to a startling RSA study released this week, as many as 88 percent of Fortune 500 companies might be affected by botnet activity.
As frightening as that sounds, RSA stands behind those numbers. Sean Brady, manager of the Identity Protection and Verification Group at RSA, says his firm analyzed data stolen by the Zeus botnet from compromised PCs in August. The evidence they found led them to IP addresses and email accounts belonging to the U.S.'s top corporations.
"Domains individually representing 88 percent of the Fortune 500 were shown to have been accessed to some extent by computers infected by the Zeus Trojan," the study said.
It also appears that the smaller company, the higher the threat. The study noted a higher ratio of botnet activity to employee accounts in companies with fewer than 75,000 employees.
We suppose one way to protect users from a malware infestation is to prevent Windows from loading in the first place, and that's exactly what BitDefender did, though not on purpose. Borked WIndows installations were the inadvertent result of an overzealous definitions update that mistakenly detected several windows and BitDefender files as infected with Trojan.FakeAlert.5.
"We apologize for the issues that you are experiencing because of an update released today for Windows 64-bit systems," BitDefender told its customers. "The faulty update has been removed and we are quickly working on a fix for the issue experienced by the users that downloaded the update."
BitDefender has since issued a software patch along with instructions on how to apply it if your system refuses to boot. The company also warns that "there have been several 'self help' articles on the Internet that do not fully solve the problem" and is instructing users to only follow BD's official instructions.
We talked to BitDefender about this issue and were told that "due to the fast reaction with a reversed update after the faulty one, there has only been a few hundred machiens that were critically affected; however at this moment many of them have had one-to-one support.
There's a new botnet in town, and this one has the potential to trump Conficker, says security firm Netwitness, which discovered the botnet. According to Netwitness, the Kneber botnet has already infected more than 74,000 macnines worldwide.
Netwitness describes Kneber as a ZeuS Trojan botnet, and more than half of the systems infected also have the Waledac Trojan, the same worm that was used to create email spam botnets assoicated with Conficker. But unlike Conficker, whose dastardly deeds have yet to be revealed, Netwitness says Kneber has been designed to target and steal login credentials and other private information.
Kneber has been found in 196 countries so far, but is most prominent in Egypt, Mexico, Saudi Arabia, Turkey, and the U.S. It targets Windows machines, most of which include Windows XP Professional SP2, and most of which reside in corporate and government infrastructures.
According to Netwitness, Kneber has nabbed some 68,000 login credentials in the past 4 weeks.
Kaspersky on Monday announced it has been successful in patenting a hardware-based antivirus system designed primarily for fighting rootkits.
Patent No. 7,657,941 was registered earlier this month and describes a technology developed by Oleg Zaitsev, senior technology expert at Kaspersky Lab. The patent describes a device that is installed between a hard drive or SSD and the computing unit (CPU or RAM) and connected to a system bus. It can also be integrated into the disk controller. The hardware solution decides whether or not to allow or block writing data to disk.
"Antivirus solutions and malware are both types of software with similar rights," says Oleg Zaitsev, Technology Expert at Kaspersky Lab. "This is where a hardware-based antivirus solution has a distinct advantage over conventional AV solutions because it monitors all attempts to access a memory device while remaining inaccessible to malware. This is critical for fighting such sophisticated threats as rootkits and bootkits."
Kaspersky claims this solution is particularly effective since it's implemented on the hardware level and isn't dependent on the OS's configuration. It also "integrates seamlessly with other security solutions," Zaitsev added, and could find use in server software and specialized computers like ATMs.
In the lawsuit, Kenneth Elan says he purchased a copy of Norton Antivirus in 2007. According to Elan, Symantec notified him in early 2009 that his software license had been automatically renewed and his credit card charged $76.03. Now Elan is taking Symantec to court, claiming the company did not abide by the above-mentioned settlement, in which Symantec and McAfee agreed to "provide electronics notification to consumers before and after renewal of the subscription."
"Prior to the automatic renewal, defendant failed to offer plaintiff an opportunity to decline to renew the license for another year," the lawsuit alleges. "If plaintiff had notice of an opportunity to decline the automatic renewal, plaintiff would not have renewed the license."
Elan is seeking both a refund and has asked the court to grant the lawsuit class-action status.
Facebook just added McAfee to its friends list in a big way by announcing a year-long partnership with the security firm that will allow all 350 million Facebookers to download a six-month subscription to McAfee's security software.
"We have a lot of control over security measures on Facebook. However, we don't control other websites and services you visit that might infect your computer. For this reason, we recommend that you install updated security software, which you can now do at no cost through this partnership," Jake Brill, a project manager for Facebook's integrity team, wrote in a blog.
More than just a marketing promotion, Facebook is actively integrating McAfee into its operations. Should the social networking site detect that your computer has been compromised, you'll be asked to run a scan before accessing the site.
After sitting in beta for six months, Panda today announced its Cloud Antivirus is now ready for prime time and is available as a free download for all consumers.
"Since the beta release of Panda Cloud Antivirus in April, we have been judiciously testing our cloud-based protection model, making upgrades in security and performance, and listening to our user community," said Juan Santana, CEO of Panda Security. "With Panda Cloud Antivirus 1.0, we've really changed the game, providing our users the most powerful and lightweight free protection available on the market today."
There's been a few improvements from when we first glimpsed the beta back in April, such as a polished interface, better performance thanks in large part to cache optimizations and memory management schemes, a Collective Intelligence Monitor which keeps a list of malware from the community updated in real time, and new support forums.
You can grab the free download here (and if you're a fan of the banjo, be sure to check out the video in that same link).
Sherwood today announced another set-top box the company hopes will vie for a place in your home theater. Towards that end, the new 700W R904-N NetBoxx AV receiver serves as both a 7.1-channel AV receiver and an internet media portal for streaming online content.
The 700W box measures just 17 x 10 x 2.5 inches and includes three HDMI 1.3 inputs, a Toslink input, two coaxial audio inputs, and support for Dolby Volume, Dolby TruHD, and DTS-HD Master high-res audio formats.
Once connected, you'll have access to Internet content from CinemaNow, YouTube, various TV channels, SHOUTcast audio "Internet radio" stations, and the ability to stream personal media and content from Hulu, Netflix, CBS, CNN, ESPN, Rhapsody, and Amazon Video On Demand, Sherwood says. You'll also find a USB port in the mix.
Sounds groovy, but it's anything but cheap. Slated for release later this month, the NetBoxx carries an MSRP of $650.
Many of our readers were taken off-guard when we rated Norton Internet Security 2009 a 9/Kickass in last year's antivirus roundup, and we even admit to being surprised at Norton's transformation from a resource-heavy sloth to a lean and competent antimalware package. We hope the trend continues, and we'll have a chance to see if it does now that Symatec has released beta versions of its upcoming 2010 releases to the public.
The new version features a new protection model codenamed Quorum and will put a heavier focus on reputation-based malware detection. While it won't replace existing signature-based detection for known threats, Norton says the reputation model can detect zero-day malware that's never been seen before.
"Our new approach changes the rules by both enhancing traditional security techniques to make them more aggressvie and by making it dramatically more difficult for attackers to evade detection by simply changing their malware," said Rowan Trollope, Symantec senior vice president, Consumer Business Unit.
Other features include an overhaul to parental control and spam filtering, more detailed information provided by Norton Insight, which identifies known good programs for faster scanning, and a new feature called Autopsy, which is designed to help the user understand what just happened when Norton automatically removes an infection.
Oopsy-daisy! According to complaints on McAfee's message board, a mandatory service pack for the company's antivirus VSE 8.7 software has left some machines unbootable. The update, which was issued on May 27 and later pulled on June 2, was intended to squash minor security bugs, but also inadvertently flagged some Windows system files as malware.
"McAfee removed Patch 1 for McAfee VirusScan Enterprise 8.7i from its download servers out of precaution after a potential issue with the update was discovered," McAfee said in a statement. "A very small number of customers reported trouble with the patch on a limited number of computers."
McAfee went on to say that it's working on identifying the cause of the false positives and, once resolved, will repost the mandatory update.