Evgeny Legerov has reported two vulnerabilities in F-PROT Antivirus, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.

1) An error within the processing of ACE files can be exploited to cause an infinite loop that consumes available CPU resources.

2) An error within the processing of CHM files can be exploited to cause a heap-based buffer overflow via a specially crafted CHM file.

The vulnerabilities are reported in version 4.6.6. Prior versions may also be affected.

Informática Notarial has chosen Panda WebAdmin Antivirus, the remote Web-managed anti-malware solution to protect its clients from Internet threats. Informática Notarial provides IT solutions to notary offices across Spain, using the latest technology to operate as swiftly and effectively as possible. This strategy has seen it become a leader in its sector, both in the number of clients and the amount of products it offers dedicated exclusively to this market.

Panda WebAdmin Antivirus is Panda Software’s solution for remote management of corporate security via the Internet, protecting not just against viruses, worms and Trojans, but also other Internet-borne threats such as spyware, adware, dialers or hacking tools. Panda WebAdmin comprises an antivirus client installed locally on computers, as well as an innovative centralized management system hosted on Panda Software’s servers, from which administrators can install, configure and monitor security remotely across the entire organization.

Outgoing Microsoft co-president Jim Allchin posted a blog entry Friday apologizing for the confusion surrounding comments he made to reporters Wednesday about being so confident in Windows Vista’s security that his seven-year-old son’s PC had no antivirus software installed.

As first reported by BetaNews, the remarks came in response to a question about his relative level of confidence that Vista would be more secure than Windows XP SP2. Allchin replied by explaining that Vista includes key security features that could not be added to XP, using his son as an example.

“My son, seven years old, runs Windows Vista, and, honestly, he doesn’t have an antivirus system on his machine. His machine is locked down with parental controls, he can’t download things unless it’s to the places that I’ve said that he could do, and I’m feeling totally confident about that,” Allchin said. “That is quite a statement. I couldn’t say that in Windows XP SP2.”

IBM said it has partnered with BitDefender to incorporate that company’s antivirus and antispyware technologies into its Internet Security Systems division’s endpoint security products.

IBM’s Proventia Desktop Endpoint Security offering today includes a personal firewall, intrusion-prevention software and behavior-based virus prevention. ISS said it partnered with Bucharest, Romania-based BitDefender to add traditional, signature-based antivirus and antispyware protections.

“We continue to add layers of protection to our existing integrated security platform to provide customers with a robust, centrally managed security solution that can help customers avoid the need to implement additional products to deal with each emerging threats,” said Greg Adams, vice president of product development for IBM ISS.

During a telephone conference with reporters yesterday, outgoing Microsoft co-president Jim Allchin, while touting the new security features of Windows Vista, which was released to manufacturing yesterday, told a reporter that the system’s new lockdown features are so capable and thorough that he was comfortable with his own seven-year-old son using Vista without antivirus software installed.

Allchin’s statement came in response to a question about his relative level of confidence that Vista would be more secure than Windows XP SP2. In response, he noted there were key security features added to Vista which could not be added to Windows XP SP2 even though, he said, his people apparently tried to do so.

Two such features — namely Vista’s new parental controls, and Address Space Layout Randomization (ASLR), which renders the object code of the system kernel in memory differently each time to thwart the designs of malicious code — render his son’s Vista machine comfortable enough for him to use, even though production-quality anti-virus software for the unit has yet to be completed.

“I would say that Windows XP SP2 did an amazing job, and I’m proud of what we did there. But you have to understand, we learned a lot during Windows XP SP2, and there were things that we couldn’t put in that product,” explained Allchin.

“I’ll give you an example: It’s my favorite feature within Windows Vista, it’s called ASLR (Address Space [Layout] Randomization). What it does is, each Windows Vista machine is slightly different than every other Windows Vista machine. So even if there is a remote exploit on one machine, and a worm tries to jump from one machine to another, the probability of that actually succeeding is very small. And I wanted to do this in Windows XP SP2, but we couldn’t figure out how to do it. So then a smart guy here came up with a solution, so we put it in Windows Vista.”

Zone Labs, a division of Check Point Software Technologies, is planning to release tomorrow a public beta for ZoneAlarm Internet Security Suite 7.0. This is the upgrade to the 6.0 product, which ranked sixth in our All-in-One Security suite round-up earlier this year.

While we haven’t looked at it yet, version 7.0 looks promising since Zone Labs is integrating the top-performing Kaspersky antivirus engine. (To get an idea of how it performs, read our review of Kaspersky Internet Security 6.0.) The Kasperksy engine replaces a lackluster version of the CA antivirus engine that was integrated into ZoneAlarm 6.0

It’s air-points with a difference — the Zero Day Initiative (ZDI) is a 3Com TippingPoint programme that pays security researchers for finding unpublished vulnerabilities and reporting them to TippingPoint.

ZDI stacks up points for vulnerabilities reported by researchers — the more vulnerabilities reported the more points awarded. These points are then translated to a status system, where the higher the status the higher the annual bonus, as well as other rewards.

Currently, around 450 researchers are signed up to the ZDI programme, according to Bruce Cossill, 3Com’s New Zealand country manager. 3Com buys the information from the researcher and then provides its customers with a filter, or a vaccine, for the vulnerability through its intrusion prevention technology. The company also notifies the affected product vendor that there is a problem. Later, 3Com shares this vulnerability information with other security vendors, before making a public announcement.

As Malware has progressed over the years, it has become more and more specific in terms of the type of damage it can do. For that reason, antivirus companies are now releasing more sophisticated detection tools to hopefully catch these infections before they cause serious problems.

Over the past few years, malware attacks have evolved from a sawn-off shotgun approach, where a virus is released into the wild with the objective of infecting as many computers as possible, to a sniper approach, where Trojans are specifically crafted to spy on a particular company or even an individual.

For comprehensive system protection with minimal performance penalty, ESET NOD32 Antivirus System is a solid, affordable solution. I tested NOD32 for Workstations on a variety of systems, including Windows Server 2003, Windows Server 2003 x64 Edition, and Windows XP. ESET offers home, small business, and enterprise editions. ESET also makes versions for a variety of OSs and email server products.

NOD32 for Workstations consists of five modules residing on the client system, each of which performs a separate function. All use a single virus-scanning engine using ESET’s proprietary ThreatSense technology. On my test systems, this kernel took up a little over 24MB of system memory with all five modules enabled.

The program, called “Spybot.ACYR” by Symantec and “Sdbot.worm!811a7027″ by McAfee, appears to be targeting educational institutions, according to a blog item posted by Symantec Tuesday. “We are seeing a spike in traffic on port 2967 with activity only in the .edu domain,” the security company said. “The impact of the attack is minimal thus far.”

This Spybot variant attempts to break into computers through a six-month-old vulnerability in Symantec Client Security and Symantec AntiVirus. A fix has been available since May 25. “Customers who have applied the patch in their environment are unaffected by the worm,” Symantec said.

Additionally, the bot program tries to exploit five flaws in Microsoft Windows, the most recent of which was patched in August and affects Windows file and printer sharing. The oldest Windows flaw of the five dates back to 2004, according to Symantec’s alert.

Microsoft launched the Windows Vista operating system for their corporate customers last month. And security application maker Symantec has launched their product for this platform.

The company has made available beta versions of the Norton range of Anti-Virus products for consumers and a production version for enterprise clients. The corporate consumers can get the Symantec AntiVirus Corporate Edition 10.2, which is designed to provide automatic defense and response against viruses and spyware/adware for the Microsoft Windows Vista operating system.

Symantec claims that this corporate edition application has been redesigned to make use of the new Vista architecture. Jeremy Burton, group president, Enterprise Security and Data Management, Symantec spoke about this product release: “Businesses deploying Windows Vista are offered new opportunities but are also faced with potential security, availability, performance, and compliance risks. Symantec uniquely provides businesses of all sizes best-of-breed, Windows Vista-compatible software that helps mitigate IT risk.”

Multiple vulnerabilities have been identified in various Sophos Anti-Virus products, which could be exploited by attackers or malware to take complete control of an affected system or cause a denial of service.

The first issue is due to a format string error when processing SIT files with specially crafted filenames, which could be exploited by attackers to execute arbitrary commands on a system protected by a vulnerable application.

The second vulnerability is due to a buffer overflow error when handling CPIO files with specially crafted filenames, which could be exploited by attackers to compromise a vulnerable system via a specially crafted file.

Affected Products

Sophos Anti-Virus for Windows 2000 versions 6.x
Sophos Anti-Virus for Windows XP versions 6.x
Sophos Anti-Virus for Windows 2003 versions 6.x
Sophos Anti-Virus for Windows Vista versions 6.x
Sophos Anti-Virus for Windows NT versions 4.x
Sophos Anti-Virus for Windows 95/98/Me versions 4.x
Sophos Anti-Virus for Mac OS X versions 4.x
Sophos Anti-Virus for Linux versions 5.x
Sophos Anti-Virus for UNIX/Linux versions 4.x
Sophos Anti-Virus for OpenVMS versions 4.x

Security watchers have discovered a Trojan that’s designed to steal user names and passwords from World of Warcraft players.

Wowcraft, which also attempts to disable security software packages on compromised PCs, has been planted on maliciously constructed websites. Unprotected Windows users visiting these sites can get infected through malicious browser pop-ups. The malware also spreads through infectious email attachments or as files downloaded from P2P networks.

Read more »

Just when you thought you’d seen everything P2P is useful for. A recently discovered Internet worm, “Nugache-A” is spreading widely via AIM as ell as MSN Messenger.

In and of themselves, new internet worms pop up too frequently to be news anymore. What is significant about this worm is the way in which it can be remotely controlled, via P2P.

Read more »

Emails purporting to prove that the recently deceased former Yugoslav president Slobodan Milosevic was killed contain a malicious Trojan, called Dropper-FB. Milosevic, whose trial on charges of genocide was nearing its conclusion, was found dead in his cell in the Netherlands on Saturday.

Prospective marks are invited to open emails with subject line “Slobodan Milosevic was killed” and open a file which claims to offer an “image” purporting to prove the war crimes suspect was done in. If this attached file (actually an 16.5KB executable, compressed in the UPX format) is opened, a Trojan is downloaded onto Windows PCs. Online security firm BlackSpider estimates that more than 800,000 emails containing the new Trojan-downloader were sent to UK businesses before the first anti-virus software firm updated their software early this morning.

Read more »