InfoSecurity 2012 London – K7 Computing at the stand B60
K7 Computing is happy to announce that we are exhibiting at Info Security 2012 in London. The biggest European Information Security venue. Show is starting 24th of April 2012 and finishes 26th of April. Earls Court, London.
We would like to welcome everybody to our stand B60.
We are presenting our latest Security Software, integration and solutions for the end-users, SMB and Enterprise clients.
Retail products and Public Sector offerings will be presented by our technicians in a live presentations and any queries can be answered immediately by a members of our team.
If you get a chance, we will be delighted to welcome you at our stand B60
K7 Computing Team
Drop By @ AppData’s – Open Round the Clock
Malware authors work round the clock to serve up mouth-watering malware to an unsuspecting victim.
What we have on today’s menu is a small but effective tweak that malware authors incorporated into their “software” that makes %AppData% the prime real estate on your system’s hard drive for malware and their families.
The Application Data area of the current user, to be more specific. This is one location on your hard drive that stands exposed to multiple hits of various malware families.
For starters let’s look at where this folder is found on your machine. In WinXP it’s at <root>\Documents and settings\%Current_User%\Application Data and<root>\Documents and settings\%Current_User%\Local Settings\Application Data. For Vista and Windows 7 it’s at<root>\Users\<username>\AppData\Roaming and <root>\Users\<username>\AppData\Local. (Please feel free to do a quick check in these areas on your computer to find out if you have something suspicious lurking…)
It wasn’t always this way. It was only recently that most of the file-copy actions moved from the Windows, System32, and Program Files directories to the %AppData% directory.
So, “Why move away from the system areas?”, you might ask. Well, that’s the main course. The basic answer could well be that relatively recent flavours of Windows, i.e. Vista and Windows 7, with their more strengthen security measures, have succeeded to a certain level, in forcing malware authors out of the system areas to the %AppData% areas.
System areas are now protected and require Administrator privileges to effect a modification. So why worry about putting in extra code when it’s not needed, the malware authors might have thought. Malware families with a legacy, like ZBot, have moved out of the system directories. Yes, gone are the days of %System%\SDRA64.EXE, %System%\NTOS.EXE etc. It’s now just random folders and random filenames in the AppData path. Rogue AVs that ‘Installed’ under proper program directories, viz. %Program Files%\Antivirus 2008\Antvrs.exe, have now become ‘xyz123.exe’s in %AppData%.
And, finally, for dessert. We would only say that the system directories haven’t been deserted entirely but have just been relegated to second choice. AppData is the new “system area” for malware authors. Note, under Windows XP you don’t require administrator privileges to copy any file into a system area and masquerade as a system file.
Kaarthik
K7TCL
These Are Not The DOIDs You Are Looking For
In tales of yore, circa 2007, DNSChanger malware, which modify certain network settings to point to a rogue server, were as prevalent as the Stegosaurus. Fast forward almost four years, to the present day, their legacy still remains. They say the FBI, having discovered the rogue DNS servers, decided to clean them up and allow them to serve the public good. That is, only until the 8th of March, 2012.
According to much hyped reports in recent weeks, the 8th of March was to be the day the internet died, as the FBI would have been forced to lay to rest those servants of the public weal. If you are still reading this post then your computer didn’t fall victim to the supposed blackout. There are at least two possible reasons for this:
- The FBI has an extension on the deadline. Apparently the dreaded Death Of Internet Day (DOID) has been postponed to the 9th of July, 2012
- Lo and behold, you are not infected with DNSChanger malware and never have been
If you have been a K7 customer for a while, point 2 applies to you. Just to be on the safe side, K7 Security products sniffs for the erstwhile rogue DNS entries and snuffs them out if found, thereby ensuring that our brand new customers too are free from DOID.
Samir Mody/Lokesh Kumar
K7TCL
K7 Computing at Info Security 2012 London, UK
The number 1 IT security show in Europe.
K7 Computing UK and Ireland is happy to invite business to visit our stand at the biggest IT security show in Europe.
InfoSec London is rated for many years as the best IT security show with many opourtunities for networking, new technologies and education.
Come to our stand B60 to see our antivirus products, real life deployments and our new technologies. Speak with our Sales / Technical managers.
To receive a complimentary ticket please fill the following form: InfoSecurity 2011 Registration Form
we are looking forward to see you at our stand B60
K7 Computing Profile Page at InfoSecurity 2012: here
K7 2012 products released
February 2012
The world’s fastest antivirus got even better
K7 antivirus is known for the speed of its scanning engine and for the very low impact
it has on system resources of PCs. Numerous awards for best performance and productivity were secured by K7 Computing recently.
AV-Comparatives’ latest PC Mark test ranked K7 antivirus no.1 for having virtually no impact on system resources.
All K7 Computing products for 2012 come with a brand new Graphical User Interface to greatly improve user experience. This new design makes it even easier for every user to understand what is happening to their PC in terms of security and to manage and eliminate possible threats.
New features
Cyber criminals and their methods are getting more and more sophisticated. Malware is rapidly evolving every day. Two of the most common sources of malware infection are malicious websites and infected USB devices.
K7 Computing decided to stop these threats at their core by implementing a Cloud based annotation and website verification system in their software. This system checks and verifies every URL and places a clearly visible checkmark next to search results if the website is safe. Phishing and unsafe websites are automatically blocked.
As far as USB devices are concerned each one is scanned when plugged in. On top if this, users have the option to “vaccinate” their USB devices, which will prevent spreading of any malicious auto-run malware.
Lineup for 2012
K7 Desktop Edition products for 2012 are the following: K7 Antivirus Plus, K7 Total Security and K7 Ultimate Security.
K7 Business edition products are suitable for companies of all sizes. The flagship business product – K7 Enterprise Security is easily managed by a web based admin console accessible from any workstation within the network.
K7 Mail Security is a security suite specially developed for MS Exchange servers taking care of antivirus protection and spam filtering.
K7 2012 antivirus products
About K7 Computing
K7 Computing was founded in 1991 in Chennai, India. Over the course of years they became one of the major players on the Asian antivirus market as well as Japan’s best selling Internet security suite.
European operations were established subsequently with offices located in the UK, Ireland, Germany, Italy, Greece and more.
For more information please visit UK www.k7computing.co.uk or IRL www.k7computing.ie
Phone text – free calls offer?
Phone Text phishing scams are nothing new in the recent years, but they are just not so common, like e-mail scams are. You know those Millions winning offers, bank details request to transfer gadzillions of dolars from some princess in some country, and many others. Funny ones or sometimes even very convincing one. Recently we have received screenshots from our colleges in Ireland for a phishing scam targeting O2 provider customers via text message.
Message is simple:
If you are not many of us – click at what ever shows up on the screen, than you will notice what’s wrong with the message: The link is not to O2 page, which is o2.co.uk or o2.ie but it’s to o2upgrades.org
ORG domain is purposely for organization with non-profit character. So deferentially not O2.
If you click at the link you are redirected to:
And here is exactly what we expected – phishing page where you enter your Mobile number and password. Therefore exposing your account details.
We have entered fictive details in to the form, and what happens next is that we are redirected after to legitimate O2 website login page:
And this is what most user are not aware of. For that split of second you have entered your login details on the page 2 and pressed submit, your records were written to someones database, and than you are passed to the legitimate O2 website. You think, hm… maybe I did enter it wrong. If yo did it right, you have just gave your details to some cyber criminal who can pass your details further, sell it on the black market or even use it himself. You are now on the legitimate O2 website login page, but no sign about the special offer. Why? Because it never existed. That was the whole phishing scam – phishing because what it means – to lure you somewhere where you would enter your login details so they get recorded for someone, somewhere for some purpose.
Be aware: if something looks as a very good offer, and it’s sent straight to you, stop, and think. In most cases it’s a scam. And if you are not sure, why not to ring the sender to make sure that the message is legitimate?
And in case you fell for the scam, just change your login details immediately.
-sg-
Prepared by K7 Computing UK and K7 Computing Ireland.
Malware Authors and Multiple Scanners
One of the items on a malware authors checklist while distributing malicious code is to make sure that their malware (virus, trojan, backdoor, keylogger, phishing tool, etc.) remains undetected, for as long as possible. Scanning their creation using a multiple Anti-Virus scanning system is one among the many techniques in their arsenal which ensures just that.
Although time consuming and resource intensive, the malware author installs various Anti-Virus software and keeps them updated. The malicious files are scanned on this system before they are distributed to the victim.
For malware authors/script kiddies who can’t afford to build such a system, there are underground sites which mimic genuine online file/URL scanning services. A significant difference being, these underground sites in exchange for money, promise not to distribute the scanned files to the Anti-Virus vendors. Given below are screen shots of two such sites:
Then there are tools which incorporate multiple scanners & are distributed for free. For example one such a tool for multiple AV engines scanning:
If their malicious code is detected by the Anti-Virus vendors during the initial stage of the attack, the malware authors reacts quickly and change their binary.
While traditional checksum MD5 based detections alone might be ineffective against such files, a combination of several detection methods, which include a behavior based approach will prove far more effective.
R.V Shyam Charan
K7 TCL
Published by K7 Computing United Kingdom and K7 Computing Ireland
K7 received VB-100 award
We are proud to announce that K7 Total Security received VB-100 prestigious award.
K7 Total Security passed with flawless results and has received award with 100% score in detection and performance testing, without any false alarms. Flawless performance during the testing gain another VB-100 award to K7 products portfolio.
VB-100 December 2011 test was performed on Windows 7 Professional machines, tested 54 products, Passed 33, Failed 21.
About VB-100: VB100 comparative testing is a regular independent comparison of anti-malware solutions. Each test report combines the unique VB100 certification scheme with in-depth analysis of product performance on a range of scales. Test link: VB-100
The Art of Cyber War
Nation-specific Attacks
Stuxnet, a worm with a particularly venomous, damaging payload, was almost certainly targeting the Iranian nuclear establishment. Given the means and the end, if one were to consider the motive, one would have no alternative but to attribute the creation of Stuxnet to powerful nations inimical to Iran’s nuclear program, a couple of which are in West Asia.
The use of malware as an instrument of state policy may have already been in effect for a couple decades[Rainer Fahs, keynote address, EICAR2011]. In modern times nation-to-nation attacks, alleged or otherwise, have been given considerable publicity with much finger wagging and pointing. Many of these instances of cyber warfare appear to originate in Asia, which is hardly surprising given the frosty relationships that exist between several neighborhood countries in Asia, e.g. North Korea-South Korea, India-Pakistan, etc. Indeed, avoiding the mention of China’s alleged contribution to cyber warfare would be like ignoring the elephant in the room, and the apparent involvement of Israeli personnel most certainly deserves an explicit mention.
There have been several documented cases of nation-specific cyber attacks, some of which are potentially ongoing. These cases may be summarized as follows:
The strategic advantage offered to powerful and resourceful nations via targeted cyber attacking is highly significant. As described in Table 2, the scope of these attacks could be anything from the stealing of state secrets to the targeted damage of both government hardware and software. Critical modern infrastructure is controlled by computer systems which presents an irresistible target for cyber attacks.
The stakes and incentives involved in cyber warfare are high, and cyber attacks are unlikely to diminish in the years to come. On the contrary, cyber warfare is likely to increase manifold with an eastward shift in the balance of power in the global hegemony suggesting an increasing involvement of Asian states.
There can be little doubt that the military and intelligence establishments of various nations have wings dedicated to cyber warfare. Sun Tzu would have been proud. Given the enormous resources involved and the high-profile, targeted nature of cyber attacks, it is difficult to predict the security responses of commercial Anti-Virus companies and the general public at large. It is likely that standard civilian bodies would be largely bystanders in these events. Indeed, for every attack that is reported and documented in the public domain, there may well be several others which are kept very firmly under wraps.
However, perhaps there are some mitigating circumstances:
As a diplomatic preventative measure, it is possible that there could be an international convention, perhaps UN-brokered, on cyber warfare. The US government has already been contemplating diplomatic talks with certain countries. The main issue herein could well be the difficulty in proving state versus non-state actors, a challenge even in conventional warfare where proxy militant groups have been used with impunity to perpetrate attacks across international boundaries.
Standard technical measures to secure systems, including instituting prescribed system configurations and policies, may be sufficient to prevent “80 percent of commonly known cyber attacks”.
Notwithstanding, it will be interesting to track how events transpire in the future. The average citizen of the world may well have to wait for the future offerings from Hollywood or Bollywood, with their vivid imaginations, to gauge the extent of the issues dealt with by sedentary agents code named ‘0000 0000 0111’, ‘JS0N B0URN3’, etc.
Corporate Insecurities
The attacks on large, well-known corporate entities over the recent past have been much publicized. The alleged origin of some of these high-profile, ongoing, attacks lie in Asia. It is worth summarizing some of these attacks, described as “Advanced Persistent Threats”, as follows:
The origin of some of the attacks mentioned in Table 3 is up for heated debate as the parties concerned accuse each other of skulduggery and conspiratorial activity. In many cases, hard evidence pointing the finger at a specific culprit is rather difficult to gather which provides a level of immunity from risk for the perpetrators.
Targeted attacks on large corporate entities could, no doubt, yield valuable information which can eventually be used for significant financial gain, whether through a transfer of intellectual property, sabotage of competitor infrastructure, or a straightforward theft of classified financial data. The perceived or real benefits from such attacks for the perpetrators provide a clear incentive to invest resources.
Under these circumstances of high reward versus relatively low risk, and given the recent record of security breaches, the trend of targeted cyber attacks against corporations looks set to continue, and probably at an increasing rate.
Malware in Societal Conflicts
Terrorism may be defined as the systematic use of coercive tactics to instil fear in a targeted group as a means to the end of a perceived political gain.
Conflicts between different groups, whether within the bounds of the same sovereign territory or across international frontiers, have existed since the dawn of mankind. Some of the high-profile modern day conflicts involve actors, “state” or “non-state”, based in Asia who resort to forms of terrorism, whose definition and application to any given scenario is highly subjective, in an attempt to seek political mileage or redress against perceived grievances.
Given the advance of technology and the ubiquity of computer systems, many in critical infrastructure, acts of terror have included or are likely to include, at an increasing rate, attacks via binary media, i.e. code, software, etc. These attacks may be described as “Cyber Terrorism”.
Groups involved in international terrorist activities, many based in Pakistan and Afghanistan, include individuals familiar with modern computer systems and communication channels. Groups such as “al-Qaeda” allegedly have a dedicated R&D wing with ‘digital specialists’ successfully exploiting smartphone platforms for the theft of sensitive data. Given the impact it would likely have in spreading anxiety, there is a possibility, nay probability, that attempts will be made to cause the targeted destruction of systems in the future, via the mass deployment of malware, in addition to data theft.
Sometimes civilian bodies have been targeted by groups which are unlikely to be described as “militant”. Rather, it is possible that the civilian bodies themselves may conform to the definition of “militant”, yet another subjective and emotive term. For example, there have been numerous, but intermittent, malware attacks on pro-Tibet groups in recent years, the ones in 2008 just before the Beijing Olympics being widely reported by the media and in various IT security blogs. Many of these attacks involve the use of documents such as PPT and PDF containing crafted exploit code (some attacks have involved browser exploits), mailed to known individuals or posted to various fora. Attacks such as these have been alleged to originate in China , but some or all of them could have involved a social engineering angle, financially motivated, to exploit the media attention attributed to societal conflicts in areas such as Palestine or Tibet . Once again, it is difficult to garner specific evidence to arraign any one party. It remains to be seen how malware might be used in the future against such groups as the number of documented incidents appears to be waning.
The security industry has played, and will continue to play, a role in mitigating and re-mediating many of these attacks since the victims tend to be ordinary civilians, even if specifically targeted on occasion, and visibility of such attacks is relatively high.
To be continued…
Samir Mody
Senior Manager, K7TCL
Re-published by: K7 Computing UK and K7 Computign IRL
Images courtesy of:
cyberlawsinindia.blogspot.com
mumbai.olx.in
www.warchat.org
Anatomy of Stuxnet.
Duqu trojan is very similar to Stuxnet. Therefore this video was accurate in prediction:
Stuxnet: Anatomy of a Computer Virus from Patrick Clair on Vimeo.
An infographic dissecting the nature and ramifications of Stuxnet, the first weapon made entirely out of code. This was produced for Australian TV program HungryBeast on Australia’s ABC1
Direction and Motion Graphics: Patrick Clair patrickclair.com
Written by: Scott Mitchell
Production Company: Zapruder’s Other Films.
