Posts Tagged ‘panda’

Clampi Virus targets online banking

In the modern world, most peo­ple never see their bank (with the excep­tion of ATM with­dra­wals).  We use bill pay, direct depo­sit and bank debit cards.  This is the exact beha­vior that the Clampi virus is living on.

Clampi is a very stealthy virus, just biding it’s time on a com­pro­mi­sed machine and watching for con­nec­tions to online finan­cial web­si­tes.  So many so that the Lon­don Times Online reports:

The tro­jan has a list of more than 4,500 finance-related web­si­tes that it moni­tors, inc­lu­ding Bri­tish high street banks. Secu­rity experts war­ned that it was one of the stealthiest and most per­va­sive threats to com­pu­ters using the Mic­ro­soft Win­dows ope­ra­ting systems.

The virus appears to be gea­red with more of the busi­ness users ins­tead of the nor­mal home user (though it does infect home users).  If the virus does end on a work com­pu­ter, it will attempt to cap­ture login cre­den­tials admi­nis­tra­tors and spread itself through the net­work.  As it spreads, it con­ti­nually moni­tors for login infor­ma­tion to the watch list of finan­cial web­si­tes.  If this virus does infect the finance group of a com­pany, it will attempt to send wire trans­fers from that account.  You can ask Slack Auto Parts.  It has been repor­ted that they lost $75,000 July 3–7, says owner Henry Slack. Clampi-infected com­pu­ters sent nine pay­ments to six dif­fe­rent mules � and fai­led to trans­fer an addi­tio­nal $69,000 in eight other attempts.

A word of war­ning, if your com­pu­ter is desig­na­ted for finan­cial usage, please do not surf the inter­net or use social media sites to mini­mize the risk of infections.

Since this virus has been out for a while, all the major anti­vi­rus ven­dors have upda­ted defi­ni­tion files that inc­lude the scan for this par­ti­cu­lar virus.  Make sure your sys­tem is always upda­ted and scan­ned on a regu­lar basis.  If you would like to run a quick check, using a dif­fe­rent ven­dor, I recom­mend these online scanners:

Trend­Micro: http://housecall65.trendmicro.com/
Syman­tec: http://security.symantec.com/sscv6/WelcomePage.asp
McA­fee: http://home.mcafee.com/downloads/freescan.aspx?cid=60447
Panda: http://www.pandasecurity.com/activescan/index/

Panda Cloud Antivirus

How does an anti­vi­rus pro­gram that you never have to update sound?  To me it sounds like a win­ner.  That is what Panda is trying with it’s new Cloud Anti­vi­rus.

I have recently ins­ta­lled it and have been pretty happy over all.  I have not noti­ced any per­for­mance hit at all, in fact, since I have remo­ved my other appli­ca­tion, I have found my sys­tem run­ning better.

Since it is a cloud appli­ca­tion, it takes all of the guess work out of what to do, though you can set it to notify you for action ins­tead of auto­ma­ti­cally correc­ting the issue.  Also, the cloud func­tio­na­lity allows it to react quic­ker to new and emer­ging threats.

The only draw­back I have found is there is no option for sche­du­led scan­ning, but it does adver­tise that it runs real time scans on any file you open or run.

Please rea­lize I have this on a machine that I do not keep anything impor­tant on, just for a bit more pro­tec­tion.  Until you are sure something like this does work, keep it as sepa­ra­ted from all impor­tant com­pu­ters you can.

When is an antivirus really a virus?

Today I recei­ved a call from one of my exter­nal users that was una­ble to access any web­si­tes because some new anti­vi­rus was saying he was unpro­tec­ted and every web­site had mali­cious code.

Since I know that we have McA­fee 8.5 deplo­yed to our users, I knew that this was not a McA­fee issue.  As we dis­cus­sed it a little further he was men­tio­ning that the Anti­vi­rus wan­ted him to purchase the software.

This isn’t the first I have heard of this.  There is a soft­ware com­pany Inno­va­gest 2000 that is pro­du­cing this soft­ware.  They adver­tise it as an antispy­ware appli­ca­tion, but it is the spy­ware.  On some less then savory web­si­tes you will get a pop up that says that your com­pu­ter maybe infec­ted and they offer a free scan.

The fear of being infec­ted moti­va­tes a lot of peo­ple to run this free scan.  Unk­nown to them this appli­ca­tion ins­talls under­neath and now you are stuck.  On that note, I do recom­mend only doing the online scans from repu­ta­ble sites.  I per­so­nally recom­mend the follo­wing: Syman­tec, Panda, and McA­fee.

This appli­ca­tion is extre­mely hard to get rid of.  It rere­gis­ters and ins­talls if it is not com­ple­tely unins­ta­lled correctly.

I hate pro­grams like this.  But it is a fact of life out there.  The modern day snake-oil salesman.

While the pro­gram is run­ning you will see the follo­wing unde­si­ra­ble behavior:

• A “Win­dows Secu­rity Cen­ter” sta­ting that you should purchase Per­so­nal Antivirus.
• Nume­rous alerts sta­ting that your com­pu­ter is under attack or that you have mal­ware run­ning on your com­pu­ter. If you click on these alerts, Per­so­nal Anti­vi­rus will be ins­ta­lled, or you will be brought to the purchase page for the program.
• Your Inter­net Explo­rer brow­ser will be hijac­ked to show secu­rity war­nings when brow­sing the web that stop you from reaching your desi­red page.

As I men­tio­ned before this bug­ger is very hard to get rid off.  But not impos­si­ble.  I found these ins­truc­tions at BleepingComputer.com.

Read more…