HomeCommunitySecurity Blog

Security Blog

 

March 2010 Archives

Threat Lab Report - FAKEAV Uses Iceland's Volcanic Eruptions to Spread

Posted By Netgear Threat Lab at 5:06 PM, March 29, 2010

As we have previously expected, FAKEAV (FAKEAV is malware disguised in the form of an anti-virus program) will only be more prominent in 2010. Every newsworthy headline will be another opportunity for FAKEAV to infect unknowing victims.

We found that shortly after Iceland's volcanic eruption this week, FAKEAV started to take advantage of this topic to spread using a large number of SEO techniques. If you do an online search on the phrases "Iceland Volcanic Eruption" or "Iceland Volcano", you will find that many of the results are actually links to FAKEAV listed in a prominent position. If the user clicks on one of these links, the user will be directed to a fake malware scan page. This page will then play fake malware scanning animations. When the animation has finishes playing, the page will intimidate the user by showing that it has found viruses within the user's system and that to remove the viruses would require the user to download and run some type of anti-virus software (which is actually malware disguised as anti-virus software) program.

fakeav.PNG Our STM detects the latest fake antivirus (FAKEAV) code as packed.win32.krap.as.

Posted by: Netgear Threat Lab at 5:06 PM
Categories: Malware , Netgear Threat Lab

 

New Zero-day IE Vulnerability for IE6 and IE7

Posted By Netgear Threat Lab at 9:51 AM, March 12, 2010

Last week Microsoft released a new security bulletin Security Advisory 981374 (http://www.microsoft.com/technet/security/advisory/981374.mspx), which is a IE6 and IE7 remote code execution vulnerability.

IE through the use of the iepeers.dll component provides Web folder and print support, and erroneous use after the release of this component (unspecified use-after-free error) will lead to the occurrence of this vulnerability. If the user opens a malicious HTML or specially crafted Office document, a remote attacker can gain control the user's machine and execute arbitrary code.

At this time, there is no official Microsoft patch, we recommend that you can use the following temporary workaround:

  • Configure the ActiveX Controls and Active Scripting. settings in the Internet and Local Intranet security zones in Internet Explorer.
  • Change the Internet and Local Intranet security zone settings to "High" in order to run ActiveX controls in these zones and prompt before Active Scripting.
  • Manually open the Global DEP: For Windows XP users, please click on the Start menu's "Run", type "sysdm.cpl", click "OK." Click the "Advanced" page, then click on "performance" sub-column "Settings" button. Select "Data Execution Protection" page, select "In addition to the selected addition, for all programs and services to enable Data Execution Prevention." Then click on the "OK" button. You may need to restart your system after changing this setting.

Posted by: Netgear Threat Lab at 9:51 AM
Categories: Malware , Netgear Threat Lab

 

« February 2010 | Main Index | Archives | April 2010 »