Malware Research Group is in final stages of our Rogue Software test and we expect that the results will be availabe for publishing on Sunday 08/16. In this test we are using over 20 security applications, more then ever before and we have divided those applications in two categories, Internet Security Suites and Antivirus/Anti-Malware , and the results will be published separate.

We used 60 Rogue applications in many software categories such as Security Software, System Maintenance and Multimedia , the methodology will be relieved in full details when the test is published as well as the reason for the scenario that we have chosen for this test.

We are working rally hard to finish this test asap.

Regards,

Malware Research Ggroup

Malware Research Group is adding another type of test to our existing tests, Real Time protection test. As we believe that prevention is the most important part of the battle with malware, we will encourage these tests more often then other tests as they will show much clearer picture on how Anti-Malware applications deal with blocking new samples of malware in real time. In these tests we will pick the samples from the list of most distributed malware (trojans, backdoors, worms, rootkits, exploits….), we will attempt to run those samples and try to infect the system (like in the average everyday scenario when users get infected), Anti-Malware applications that will be used in this test must block all the samples from running, it is as simple as that.

For every application tested and all the samples used we will monitor the system for any changes, detecting a sample doesn’t necessarily mean that the sample is really blocked from running, as we have conducted similar tests in the past many times malware is found actively running after it was detected and “blocked” by the tested application. If any traces of the infection is found running after the test is completed (for every sample separate), the application tested will fail this test. Only those applications that manage to block all samples from running and no traces of the infection are found in the system will pass this test.

The amount of samples that we plan to use in this test is not yet set, but we are thinking of using about 50-80 samples per test, as these tests will be performed more frequently there is no need to use larger number of samples.

Stay tuned for more details about this test,

Malware Research Group

Not much is known yet, but what we have learned so far is that Conficker.D uses peer to peer communication and it contacts predefined domains attempting to download additional binaries.

As we learm more about the new variant, we will let you know.

A new variant of

Sophos warns of a new polymorphic virus called Scribble (W32.Scribble.A) which

It is confirmed now that Conficker worm has infected over 20 million computers worldwide. As we have reported earlier the regions that have the most infections are Asia, Latin America and Russia, but more and more infections are reported in Europe and Unites States.

OSX.Trojan.iServices.A is currently circulating in copies of Apple

Malware Research Group is issuing a general Malware Alert!

For all the users of Windows Live Messenger, be extremely careful when receiving messages from your contacts who appear to be offline, if the message contains a link to a JPG file that ends with DC52367.jpg, image5372.scr…….. there is a strong possibility that the file contains a Trojan which is detected by very few Antivirus programs.

The infected file was submitted to us many times in the past 48h, therefore we feel there is a need to alert the public in order to make people aware of this threat.

W32.Grenail.D!inf
W32.Grenail.C!inf
W32.Downadup!autorun
Bloodhound.PDF.5
Bloodhound.PDF.4
Bloodhound.Exploit.223
Bloodhound.Exploit.222

Security experts are warning that malware authors may be gearing up for a large-scale attack via what’s been dubbed the “Conficker worm,” a virus exploiting a Microsoft Windows server vulnerability and spread via USB device.
Panda Security compares it to the “Melissa” and “I love you” viruses, which wreaked digital havoc when floppy disks were still prevalent. Panda has set their malware alert level to “orange,” or medium, or, on Ron White’s scale, “buy a helmet.”

The Conficker worm and its variants A, B, and C, which have been tracked since November, propagates via the MSO8-067 vulnerability in the Microsoft Windows server service-patch available at the Microsoft Bulletin page-and spreads via specially crafted Remote Procedure Calls (RPC) to other machines.

It also spreads via USB drives and MP3 players, making it a potentially widespread threat that constantly updates from changing IP addresses, making it hard to block. Panda says some variants are designed to download additional malware, leading experts there to warn of a potential large-scale attack in the near future.

“The most likely scenario is that cybercriminals are looking to quickly infect a large number of computers. Once infected, secondary infections designed for economic gain can be easily downloaded onto the compromised machines,” said Ryan Sherstobitoff, Chief Corporate Evangelist for Panda Security.

“Examples of this type of malware are Trojans designed to steal online banking passwords, or rogue antimalware programs that create pop-ups constantly telling the user their computer is infected. This type of infection makes it almost impossible to use the computer until users buy and install the appropriate remedy.”

(Source: SecurityProNews)