Recently in Spyware Category
The SANS ISC Diary has a good write up of the Subpoena in a Civil Case malicious email. Wish I had seen that before investigating the copy our CEO received.
The message is from subpoena@uscourts.com with a display From of United States District Court. It says
YOU ARE HEREBY COMMANDED to appear and testify before the Grand Jury of the United States District Court at the place, date, and time specified below.
It has a link to download a document on the matter. The website prompts to install a malicious activeX control.
The malware we received doesn't seem to be the same file the ISC is reporting.
Webroot has posted the Q107 State of Internet Security.
http://www.networkworld.com/columnists/2007/032607edit.html
In a recent study about spyware by Nemertes Research, Senior Vice President Andreas Antonopoulos was surprised to find that 16% of the companies examined were not concerned about the threat.
The article notes that the reason for this isn't lack of computer security spending at the companies in question. Nor is it because the companies are small. Frustratingly the article doesn't explore further why this is the case. Perhaps its in the study, but since that study is cited but not linked we are left to speculate.
Perhaps the companies are not concerned because they've solved the problem.
Eugene Kaspersky believe that spyware should be addressed by antivirus vendors, not a separate product. Perhaps these companies feel their antivirus is good enough.
Perhaps they use HIPS and feel that prevents the spyware from being installed in the first place.
Perhaps uses aren't given local administrator right.
Perhaps they just have bigger concerns.
At our company we've used an anti-spyware product ever since enterprise ready anti-spyware became available.
I was a fan of Gerhard Eschelbeck when he was with Qualys. He's been pretty much off my radar sense he took the CTO position at Webroot. Today he comes out swinging against Windows Defender as reported in Information Week.
"If you look at the [Defender] data points, they speak for themselves," says Eschelbeck. "Defender didn't block 84% of the tested malware. That's not the kind of performance users are hoping for." Eschelbeck says that his firm's research team tested Defender against a suite of Trojan horses, adware, key loggers, system monitors, and other unwanted programs, all of which were gathered from in-the-wild threats. Webroot's own Spy Sweeper blocked 100% of the threats.
Hmm, so in tests where they gathered the malware, their own antispyware program detected everything and the competitors didn't do so well. That's quite a shock.
Take a look at Sunbelt Software's response when Webroot and Veritest released results last spring.
Eschelbeck also slammed Windows Defender, and by connection, Vista's security, for infrequent updates. Microsoft currently issues spyware definition updates every seven to 10 days, he says. Webroot, meanwhile, identifies approximately 3,000 new traces of spyware every month. "Users can't wait for a week or so to have their anti-spyware signatures updated," says Eschelbeck.
So Eshelbeck is comparing frequency of updates to number of detections added. Apples/Oranges anyone? Hopefully that is the writer's mistake.
I know nothing about Windows Defender frequency of updates. I do like that it uses an established update channel like Windows Update. However, I prefer my anti-malware apps on the desktop to check for updates hourly.
Getting hit with some spyware laden links here at work. Our blocker got it no problem. But for everyone without IM protection watch out for
hxxp://nsl-school.org/?id=18388
hxxp://nsl-school.org/?id=winning_list
hxxp://mytermex.com/?news_id=18388
hxxp://mytermex.com/?id=virus_shield
hxxp://nsl-school.org/?id=news X-(
http changed to hxxp to avoid anyone accidently infecting themselves. If you go to the sites, you're on your own.
