The Legacy Sunbelt Software Blog

A “Procedural Warning Security Alert”

Some of the most persistent phishing schemes out there are those aimed at stealing credit card information. We got this one today. It’s aimed at Master Card Choice Rewards customers:

(click graphic to enlarge)

Your first line of defense against these things, of course, is the practice of NOT clicking on any links in email messages. Second line: if you think you’ve received a legitimate communication from your bank or credit card company, go to the web site yourself (which you might bookmark in your browser), don’t use the offered link in an email

When we mouse over the link in the email, it becomes apparent that it goes somewhere else:

(click graphic to enlarge)

co.cc whois information is interesting:

Funny place for a server for a credit card security operation – the Cocos Islands near Australia — but I guess the “cc” is to make you think “credit card.”

The site presents the viewer with a sign-in page, which, oddly enough, will accept ANY username and password.

(click graphic to enlarge)

And then the real business end of the operation. An “Identity Check Form” where the malicious operators behind this beast get all the information they need to make purchases with the victim’s credit card.

(click graphic to enlarge)

This could be a creation of the individual or group behind a March phishing campaign aimed at eBay members documented by Red Condor Security company. The subject line on a phishing email they analyzed was “eBay Procedural Warning – Security Alert.”

Tom Kelchner

Sept. 14 — VIPRE premium Version 4
Sept. 21 — Exchange Server with VIPRE® Email Security
Sept. 28 — Sunbelt Exchange Archiver

Introducing VIPRE® Enterprise Premium, Version 4
Tuesday, September 14, 2010, 2:00pm – 3:00pm ET

The new version of VIPRE premium combines antivirus, antispyware, and now client firewall and malicious website filtering technologies. Together they’re a single agent that protects against the ever-changing wave of malware in the most comprehensive, highly efficient manner.

Register here.

Securing your Exchange Server with VIPRE® Email Security
Tuesday, September 21, 2010, 2:00pm – 3:00pm ET

VIPRE Email Security for Exchange (formerly Ninja Email Security) leverages next-generation VIPRE antivirus scanning engine as part of a multiple engine strategy to providing comprehensive protection from viruses, spam and other security threats.

Register here.

Sunbelt Exchange Archiver™ Product Demonstration
Tuesday, September 28, 2010, 2:00pm – 2:30pm ET

Sunbelt Exchange Archiver is a powerful, easy to use, enterprise-class email archiving tool that automatically enables you to comply with all requirements and allows you or your end-users to transparently retrieve any archived email.

Register here.

Tom Kelchner

(Hat-tip to Calvin).

You know you’re a big deal when scammers use you in their SEO poisoning antics, and unfortunately Marvin Sapp (American Gospel singer / songwriter) is the latest victim of Fake Antivirus peddlers. His wife died a few days ago, and it didn’t take long before malicious websites were riding high in Google image search. From the very first page:

Click to Enlarge

The highlighted image above takes the end-user to conversestore(dot)net/blog/tmp/marvin-sapp(dot)html, which presents them with some random text, screenshots and a fake video:

Click to Enlarge

Also of note: the “Youtube” favicon, which tends to pop up on fake video sites. After a few seconds (and before the user can even touch the fake video), the site forwards the user on to safe-me-please60(dot)co(dot)cc and presents them with fake scans and executable download prompts:

Click to Enlarge

Running the executable will place a fake antivirus program on the PC – in this case, “My Security Shield”.

Click to Enlarge

Detections are low for this one at present, with 16/43 catching the rogue and our good selves snagging it as Trojan.Win32.Generic!BT. Be warned that there are other sites with dubious links and redirects floating in and out of Image search, although not all of them appear to be live. You might want to avoid searching for images related to this particular story for the time being and stick to reading about it instead…

Christopher Boyd

It seems people will try to sell you anything these days. Let’s take a look at new-voip-online-access(dot)com, which is also reachable from skype-upgrade(dot)com.

Click to Enlarge

The site really wants you to try out Skype – along with the various “Download Now” buttons, there are links saying “Upgrade now” and “Get instant access to Skype add ons”. All of these links take you to what they claim is a Skype (or Skype related) download.

This is where it all goes horribly wrong.

Skype is free to download. You don’t need to go through third parties or sign up to spam, and you certainly don’t need to pay to download the program.

Here?

Click to Enlarge

The end-user is informed of the many benefits of Skype in banners down the side, while being asked to fill in contact information above a preticked “coupons, offers and promotions” box. Moving on to the next step will only serve to trigger the “Danger, Will Robinson” alarms:

Click to Enlarge

You have to pay a membership fee to access whatever wonderful bit of VoIP related goodness the site owner is willing to dish out. I’m willing to bet the “2 day promo” at the side will never actually expire, and I can’t help but notice there’s an additional checkbox ticked which gives you “the award winning audio recorder for only £7.95” alongside the membership fee.

Or you could just Google it and get a program for nothing. In fact, grab Skype for nothing too and avoid being charged anything by this website. Their disclaimer reads:

“Membership is for unlimited access to our site’s resources. We provide an organized website with links to third party freeware and shareware software, technical support, tutorials and step by step guides.”

I’m going to go one better than that. Download Skype right here, for free, with no spam required and no “award winning audio recorder” to pay for either. Don’t get caught out by sites asking for cash in return for what should be free downloads.

Christopher Boyd

An email worm that appears to be a decade-old throwback was spotted yesterday and widely reported.

The subject line on the email was “Here you have” or “Just For you.”

The body of the email was:

“Hello:

“This is The Document I told you about, you can find it Here. http://www (dot) sharedocuments (dot) com/library/PDF_Document21.025542010.pdf

“Please check it and reply as soon as possible.
“Cheers”

A second variant offered a porn movie:

“Hello:

“This is The Free Dowload Sex Movies, you can find it Here.
http://www.sharemovies.com/library/SEX21.025542010.wmv

“Enjoy Your Time.
“Cheers”

The URL in the email actually led to a screen-saver (.scr) file on a site that has been taken down.

“Here you have” worm and the power of social engineering

Francis Montesino, manager of malware processing at GFI-Sunbelt’s Clearwater labs commented:

“The worm is pretty much is the same as all the other e-mail worms I’ve encountered in the past. I guess this just got more attention because of the scope of the infection.

“It’s another demonstration perhaps of how powerful a technique social engineering still is:
— It uses an interesting e-mail subject and wording.
— it contains a link that pretends to point to a pdf or wmv but in reality an executable which has the icon of a PDF.”

Sunbelt Detection: Trojan.Win32.Generic!BT

Here are names assigned by other anti-virus companies.

Tom Kelchner

Microsoft has announced that it will release nine bulletins for the September “Patch Tuesday” next week. The updates will fix seven vulnerabilities in Windows and Office that could allow remote execution of code and two that could permit elevation of privileges.

Nine of the bulletins affect Windows and two of them affect Office. Four are rated “critical” and five “important.

Microsoft Security Bulletin Advance Notification for September 2010 here.

Tom Kelchner

“Computer Maintenance department of your operating system” calling

A loyal VIPRE user contacted us yesterday with a great story about how she cleverly defeated the efforts of a persistent phone scammer who was posing as a help-desk technician. The scammer pretended to be warning her that her machine was infected. Here are a few excerpts from a very well-written blog account of the incident:

“The caller had a very heavy accent that I could barely understand. He ID’d himself as Mumble, Mumble of the Computer Maintenance Dept of “your” (meaning my) operating system, which makes no sense. Said he was calling because they’ve had so many error reports from my web browsing. That I have been downloading infected files, my OS has been badly corrupted with malicious programs without my knowledge, and my computer is 60 – 70% not working. This would get worse and my computer is going to crash. I said he had the wrong number but then he asked for me by name.

“Ever since the new power supply was installed, my computer has been working great and I have been using Vipre av and fw since last December. I also occasionally run a scan with the free Malwarbytes program. I asked him repeatedly who he was and why he was calling and the closest he got to naming my OS was ‘Windows OS.’ Never which one, which in itself is suspicious because if he was getting all these error reports, shouldn’t he know the OS?”

“He told me several times to go online with IE and then tell him what is my home page. I don’t use IE and I wasn’t about to go online for a stranger. I asked why he wanted me to and why it had to be with IE and he finally said he was going to send me somewhere they could help me fix this problem before my computer crashes.”

The long and short of it is that she hung up and didn’t answer the phone when he called back. She then contacted us through the Sunbelt live chat line.

Entire blog post here.

VIPRE customers can go to this page on the GFI Sunbelt site for on-line and other forms of technical support: “How to Obtain Technical Support for Sunbelt Products”

Tom Kelchner

I saw this floating around in IRC and on a couple of hacking forums:

I guess script kiddies and malware authors must really be pressed for time, because here comes a Terms of Service generator.

You simply enter your name, email, product name and country then hit the “Generate” button.

As you can see, there’s lots and lots of text. So much text, in fact, that it almost becomes a kind of Adware EULA, especially as regular Malware doesn’t tend to have a EULA and it contains many references to promotions and the like.

With that in mind, I started to wonder if the ready rolled EULA was actually any good, or if it needed a little work. If you’re going to fool people into running things, you should make sure the language is nice and clear so you have an excuse when the cops come, right?

Time to fire up a program called the EULA Analyzer – it digs through all the text in the EULA, checks for anything suspicious and lets you know if there’s more chance of reaching the end of War & Peace than the text in the popup box. With that in mind, let’s see the scores on the doors:

Scoring Metrics

Number of characters: 2701
Number of words: 540
Number of sentences: 9
Average words per sentence: 60

60 words per sentence? When the average sentence length is supposed to be around 14 to 20 words, you might have a bit of a readability issue there. Worse are the Flesch scores:

Flesch Score: 2.74
Flesch Grade: 28 : Beyond Twelfth Grade reading level
Automated Readability Index: 32 : Beyond Twelfth Grade reading level
Coleman-Liau Index: 14 : Beyond Twelfth Grade reading level
Gunning-Fog Index: 73 : Beyond Twelfth Grade reading level

Here is the Wikipedia page for Flesch scores and grades. In a nutshell, the lower the Flesch score, the harder the content is to read.

90.0–100.0  easily understandable by an average 11-year-old student
60.0–70.0  easily understandable by 13- to 15-year-old students
0.0–30.0  best understood by university graduates

The score for the text generated by this program is 2.74. Exactly like a typical Adware EULA, then!

As for the Grade, the higher the number the more years of education is required to make sense of the text. Anything higher than 12 is (of course) “beyond twelfth grade level”; the score here is 28.

Additionally, the EULA Analyzer flagged 9 sentences that might strike the end-user as suspicious including one “Reference to removal restrictions or removal rules by third party tools” and three counts of “Advertising: reference to online promotions”.

I give it an A for effort but a D for execution.

Christopher Boyd

Web of Trust, the free website reputation rating tool, is recommending GFI-Sunbelt’s VIPRE anti-virus package to its members and GFI is giving them a $10 discount.

Web of Trust VIPRE offer here.

Web of Trust is going to be promoting VIPRE as a recommended antivirus solution to its 13 million users and GFI will promote the free Web of Trust add-on to its consumer customers.

The Web of Trust add-on shows reputation ratings for search results from Firefox, Google Chrome, Internet Explorer and Safari. Website ratings are updated in real time by millions of members of the WOT community.

Alex Eckelberry, vice president and general manager, GFI’s Security Business Unit said “Consumers, just like large enterprises, require a layered approach to Web security. The combination of Web of Trust’s community-driven rating system and GFI’s VIPRE anti-malware technology provides customers with a two-tiered approach to security that can help to keep Internet browsing safe.”

News release here.

Tom Kelchner

Beta tests are always popular with gamers, and it seems some unscrupulous individuals are stepping up their campaign to make some easy money. A site called gamertestingground(dot)com has been the subject of complaints for some time now – see an overview why you’re NOT going to make a fortune from testing videogames in an article from 2008 and Web of Trust / Siteadvisor feedback.

Click to Enlarge

“$150 a day”? Oh ho ho ha ha etc.

You can forget about the soda, too.

The website hits you around the head with about six miles of text, only to ask for cash without revealing what you’re paying for (starting at $34.95 and working up to $44.95):

Click to Enlarge

I particularly like the fake “three day sale”, which always puts the expiry date to today:

Click to Enlarge

Check Google Cache, whatever date the cache snapshot is taken will be the expiry date of the “3 day sale”.

So what are they up to now, I hear you ask. Well, it seems someone had the bright idea to register as a (fake) member of staff on a major videogaming website (Eurogamer.net) then send the following spam by direct message to random users:

Click to Enlarge

For quite a while, some of us have been making a living from playing games, and it’s quite a shock to see this go so mainstream. Now is the time to act if you want to BETA test video games full or part time and get paid. Anyone, from any country, can do it, even if you’re under 18. Also, don’t worry about going to work as all the games will be shipped to your house, free of charge.

EuroGamer.net members will get a 75% discount for a limited time so click this link [deleted] to sign up with our newest partner and start getting paid today!

Mike Sawyer
EuroGamer.net Staff

Pretending to be a member of staff is bad enough, but one specific line of texts suggests they may be getting desperate to sign people up:

“Anyone, from any country, can do it, even if you’re under 18”

The website promoting videogame testing says you have to be 18 or over. Shenanigans!

It goes without saying that you should avoid any dubious messages on forums promising you lots of money (and soda), because it seems all you’ll get for your trouble is “links to job search sites(most of which you still have to pay for) and links to the career pages on game developer sites. A simple google search can help you find both, no need paying $35 for it.”

You said it.

Christopher Boyd

A website advertising a “webcam hacking program” has been doing the rounds on a number of adverts lately so I thought it might be worth taking a look. Anyone foolish enough to try this out can look forward to a double whammy of fail.

Here’s the website, which can be found at webcamhackerlive(dot)com:

Click to Enlarge

“We posted out video on youtube. It shows how it really works!”

At least, it would – if it hadn’t been removed for terms of service violation. Well, maybe the “How does it work page” will be more usef-

“Download the hacker, install the app and make sure Windows Live Messenger is running!”

You know, something is telling me this isn’t going to end well for the victim. Did I say “victim”? I sure did, because to download this wonderful bit of kit you have to jump through some hoops.

Hoops made out of money.

Oh good, a premium rate phoneline. Before the victim can cry out “horrible scam”, they have a familiar cartoon character staring out at them from the desktop:

I like Cartman as much as the next guy, but as you’ve probably guessed he isn’t going to help you hack any webcams. Here’s the program loading up:

Here it is in action:

Click to Enlarge

Here it is giving a 26/43 result on Virustotal, which means you should probably think long and hard about why they want you to run Windows Messenger Live in the background while using this executable. End-users are advised to steer clear of this money spinner, which we detect as Trojan.Win32.Generic!BT.

Christopher Boyd

Alert blog reader Marco F. sent us this one: Gmail account phishing. The email has all the clean look of Google’s communication style.

(click on graphic to enlarge)

Anyone foolish enough to bite on this and click on the attachment will see the following web page. If you check the attachment source code you can see that it sucks genuine Gmail page elements.

(click graphic to enlarge)

Genuine that is, except for this:

(click graphic to enlarge)

The information entered on the bogus page is snatched by a site registered to someone in Sremska Kamenica, Serbia.

A Google search shows that it’s a lovely little town on the Danube.

Thanks Marco.

Tom Kelchner

Over the next few months, workers in the UK may be informed they can expect a tidy payout or a demand for money, after it was revealed that up to 6 million people have been paying the wrong amount of tax.

As you might expect, scammers have been quick to jump on the payout bandwagon. Here’s an email that dropped into one of the spamtraps yesterday:

From: serviceAThmrc.gov.uk [hmrcATglobalnet.co.uk]
Subject: Please Submit Your Tax Refund

Dear Applicant:

Following an upgrade of our computer systems and review of our records we have investigated your payments and latest tax returns over the past years, our calculations show you have made over payments of 302.25GBP Due to the high volume of refunds you must complete the online application.

Your refund may take up to 6 weeks to process please make sure you complete the form correctly.

In order to process your refund you will need to complete the attached application form.

Note: If you are using Internet Explorer please allow ActiveX for scripts to perform all data transfers securely .

—————————————————————————–
Regards,
HM Revenue & Customs
The email directed me to hmrc(dot)gov(dot)uk(dot)refundhmrc(dot)com/refund(dot)php. The website has since been pulled, but you can guarantee a lot more will be springing up. Here’s the site in question:

Click to Enlarge

The website asks for a comprehensive chunk of information including full name, address, DOB, phone number and mother’s maiden name. It also prefills a “Tax file number”, which pops up here in a phishing email from 2009.

Additionally, it seems we can expect the usual deluge of spam mail with infectious attachments so be careful what you’re opening – the UK tax office DOES NOT send out random emails asking for personal information such as the above. Tax refund scam mails have been popular for a long time, but in the current climate of “our tax office has screwed up in spectacular fashion” it seems phishers will be giving it some serious attention.

Christopher Boyd

Are grade schoolers writing the spam these days?

What does: “revert ASAP” mean?

From: From International Commercial Bank of Ghana [felistax@yahoo.com]
Sent: Friday, September 03, 2010 2:15 PM
Subject: Attn: Beneficiary, From International Commercial Bank of Ghana.

Attn:Beneficiary,

This is to notify you that $4.5 million has been credited in your favor, contact Mr. James Appiah, with the following information to enable your fund transferred via bank to bank, AS THE CASE MAY BE.

Your full name, Age, Sex, Nationality, Direct phone number, Residential Address, Occupation.

Thank you for banking with us
Revert ASAP
Regards,
James Appiah

You’d think a bank official would have a title and company email instead of a Yahoo account.

Tom Kelchner

GFI Sunbelt Internet connectivity was lost when a fiber optic line was cut in Clearwater, Fla., near the end of the business day yesterday.

Service provider Time Warner said the line was accidentally cut by a construction crew near the GFI Sunbelt headquarters about 4:50 p.m. Service was restored about 11:10 p.m.

VIPRE definition Version 6827 was issued at 11:17 p.m. (GMT-5)

Alex Eckelberry, general manager of GFI’s Security Business Unit said: “We are currently in the process of reorganizing our data center locations to avoid such an occurrence again.”

Tom Kelchner

Zombies. Whether they’re shuffling Romero types, the wisecracking “send more cops” variety or even the crumbling Fulci efforts it’s important to be prepared (no, I’m not counting the ones that run. Those are stupid).

As you can see, I’m ready for pretty much anything:

Nobody is immune to the zombie menace, however, so I thought it might be useful to let you go forth and warn friends & relatives about a new zombie scam popping up on the internet.

Dead Rising: Case Zero has just been released on XBox Live as a standalone chapter for the upcoming Dead Rising 2, and of course scammers want a tasty slice of zombie pie.

Forums and sites such as Youtube (surprise!) are filling up with posts and videos promoting various websites claiming to offer “cracks” and redeemable download codes to let you get your hands on the game for free.

Click to Enlarge

I’ve also seen a few videos claim to offer up a PC version (lies) and another one offering up a “Wii version” (more lies, these versions of the game don’t exist).

Here’s a sample:

Click to Enlarge

I took this screenshot a day or two ago; let’s make a tenuous reference to zombies and say they’re now multiplying uncontrollably, and you’ll probably have to go live in a supermarket or whatever.

Anyway. The majority of the videos seem to link to one particular website – deadrising2casezero(dot)blogspot(dot)com. Here it is:

Click to Enlarge

There’s a lot of nonsense on the site about the download being restricted to the first 2,000 users – and the “total downloads so far” indicator seems to be stuck on 354 people. Following a similar pattern to the recent DC Universe Online scam, attempting to download the program will give you some wonderful surveys to fill in.

Click to Enlarge

I’m almost certain I have more important things to worry about in the middle of a zombie apocalypse than whether or not I’m Justin Bieber’s ideal girl but oh well. Filling in one of the surveys will give you this somewhat unimpressive program on your desktop:

I say unimpressive, because it’s about as much use as slapping a zombie in the face with a wet newspaper. Just like the DC Universe fakeout, the program will “generate” about 20 or so codes that just repeat themselves endlessly.

A bit like these “free app / here’s a survey” scams, perhaps.

Now if you’ll excuse me, I’m off to meet an ironic doom at the hands of some running zombies. While I’m donating my brains to the undead community, please try to avoid any and all “freebies” related to Dead Rising: Case Zero.

Christopher Boyd

Safe Web Surfing Rule # 2: See Rule # 1

Email and social networking sites might be a global phenomena, but English remains widely used in URLs and elsewhere on the Internet. In the English verbiage in malicious email, URLs and web sites there are words that instantly raise red flags to native speakers. However those red flags may not wave for those who speak no English or it is their second language. Here is yet one more example.

It starts with a Facebook post with a picture of a cute girl (not shown since the photo might be misappropriated) and a link to what looks like Facebook chat. The hyphens that are used in the URL instead of periods should be one giveaway. The fact that it’s a URL with a country domain TK should be another giveaway (probably in any language). That’s Tokelau, a territory of New Zealand in the South Pacific.

(click on graphic to enlarge it)

So the unwise Albanian Web user, seeking to chat with a pretty girl in Tokelau, possibly thinking she’s in Turkey (country domain “TR” ) , goes to the site:

(click on graphic to enlarge it)

The Facebook page is initially grayed out, so the average computer user clicks on it. The gray goes away. However, if he (and you can be sure this would be a he) watches the browser bar, the site has redirected to: http://h1.ripway.com/hacker1992/login.php.

(click on graphic to enlarge it)

Oh, that’s just adding insult to injury – actually putting the word “hacker” in the URL – assuming you know enough English to recognize the word “hacker” and know the implications. Of course “ripway.com” is almost as blatant.

The ripway.com site was registered yesterday with an address in Highlands Ranch, Colorado.

Google Translate says the language is Albanian. You can be sure it’s a scheme to snatch email addresses and Facebook logins of Albanian-speaking Facebook users or get them to set up new accounts AND snatch their information:
(click on graphic to enlarge it)

Tom Kelchner

Holidays are times when we see a big uptick in email retail advertising. They are also a time when we should be especially aware of threats from phishing schemes in all those ads.

In that surge of emails promoting holiday sales we can expect fraudulent messages with links to sites that download malicious software or phishing sites set up to steal personal information.

Phishing tracker site Phishtank.com, estimates there are more than 2,900 active phishing web sites currently verified on the internet. Popular social media sites such as Facebook and Twitter are increasingly attractive platforms for holiday-themed attacks.

Here are three simple rules that can help you reduce your risk of becoming a victim:

— Make sure your computer is protected against the newest malware threats by installing a combined antivirus and antispyware solution. This is your first point of protection against dangerous viruses and Trojans – and one without the other is no longer effective.

— Never click on a link in an email to make a credit card purchase. The email you’ve received may look legitimate, but there’s a high probability that the link will take you to a spoofed site where your credit card information will be stolen by cyber criminals.

Instead, navigate to the retailer’s Web site directly through your browser. The email may look harmless, but it’s better to be safe than sorry.

— Even when you visit a trusted Web site, be vigilant about anything that looks out of the ordinary. Social networking sites like Facebook, Twitter and MySpace have all served as points of infection recently. Do not download anything, even from a trusted site, unless you are 100 sure it’s safe.

Every Labor Day, we see a wave of phishing attacks taking advantage of consumers’ expectations of increased retail email promotions connected with the holiday

Cyber criminals see an opportunity to slip by unnoticed among the legitimate promotions. Along with making sure virus updates and security software patches are current, consumers need to stay vigilant and use common sense in order to avoid any unnecessary headaches that these fraudulent emails look to deliver over the long weekend.

Tom Kelchner

Fiverr is an excellent site that allows you to buy / sell services – all of which cost $5.

There’s all sorts of crazy things on there, but does it attract rogues and individuals who generally want to mess up your day?

You bet. With a little furtive digging you can uncover all sorts of dubious antics up for grabs – for the low, low price of $5!

There’s this guy, who is selling an XBox Live account (not something we’d advise purchasing, as more often than not XBox Live accounts up for sale have been phished):

We also have someone claiming they can “unlock all achievements” in your games. This will be done by using custom made software to tamper with the data on your XBox profile (again, not advisable) and unlock all the gaming achievements artificially.

Click to Enlarge

Note that unless they do it the “right” way (and this is a very tricky thing to pull off), Microsoft can easily tell which profiles have been fiddled with leading to a banhammer – and there’s no guarantee the seller will give you your account back at the end of it.

The Playstation network isn’t safe from these kinds of sales either:

Click to Enlarge

Moving the notch up a little bit, you can find a lot of spreading guides and hacking tutorials (cpalead surveys and i-stealers are popular topics of conversation):

Click to Enlarge

Can we find guidance on how to phish accounts and sell them on for a profit too? You bet:

Click to Enlarge

Some users also spend their time offering up “undetectable keyloggers”:

I’m not entirely sure what the deal is with the odd Blue Steel pose there, but if you really want to be annoying you can find people who will happily delete accounts on sites such as Facebook:

Ouch.

I don’t know about you, but I’m going to stick to “Learn to be a Ninja” and “Will sing any song in Hindi for $5”.

Christopher Boyd

“Turn the Tables on the Bad Guys, Malware Unmasked”

The Sunbelt Labs quarterly briefing “Turn the Tables on the Bad Guys, Malware Unmasked” is available for your viewing pleasure.

Malware Unmasked 2 from OEM Sales on Vimeo.

Schwartzkopf began by describing GFI’s recent acquisition of Sunbelt Software. Schwartzkopf said the move will enable GFI to merge innovative VIPRE technology into GFI’s email and Web security products and move into new markets.

The presentation features a 25-minute PowerPoint presentation and 20 minutes of Q&A.

In the presentation, Glenn and Jack discuss the details of the TDL 3 (TDSS or Alureon) rootkit and the Sunbelt Labs CWSandbox.
(click to enlarge image)

They credit CWSandbox with VIPRE’s recent showing in Virus Bulletin’s Reactive and Proactive (RAP) analysis of detection rates. VIPRE was evaluated as the AV engine with the highest proactive behavioral detection rate.

Glenn and Jack also discussed their analysis of the zero-day Stuxnet exploit, the first malicious code that can infect 64-bit systems running Windows 7.
Next webinar: December 8, 9 a.m. and 2 p.m. Eastern Time

Sign up here.

(click to enlarge image)

Tom Kelchner