Best Virus Removal

A new exploit has been found in the Japanese word processor Ichitaro. JP-RTL engineers have received a sample Ichitaro document, which is capable of exploiting the previously unknown vulnerability. If exploited, arbitrary code could be run on users’ systems.

The file that exploits this new vulnerability has been detected as TROJ_TARODROP.XZ. This malicious Ichitaro document actually contains two files, which are both dropped and opened on the affected system: a malicious executable file detected as TROJ_TARO.XZ, and a non-malicious document.

TROJ_TARO.XZ primarily serves as a means for malicious users to download malicious files onto the affected system. At this time, the downloaded file does not execute on user systems. However, this file could easily be replaced by a working malicious file at a later date.

JustSystems, Ichitaro’s publisher, has released a patch to remedy this flaw. (An English-language version of the patch page can be found here.) Until users can patch their system, Trend Micro advises users to be cautious in opening Ichitaro documents, especially those that come from unknown or untrustworthy sources. More TROJ_TARODROP variants are expected to be seen in the coming days, as cybercriminals rush to exploit this flaw.

Trend Micro product users, however, need not fret as Smart Protection Network™ already protects them from this threat by detecting TROJ_TARODROP.XZ, TROJ_TARO.XZ, and preventing their execution on users’ systems.

Post from: TrendLabs | Malware Blog – by Trend Micro

Another Vulnerability Discovered in Ichitaro

Today is the last day of May and for some people, the last day their Facebook accounts are available online. Recent changes on Facebook’s privacy settings are regarded as rather confusing and not readily apparent to users. Not even the latest update that Facebook made last May 26, which attempted to address its long-running issues with user privacy, was enough to make critics feel secure. The discontent—and even outrage for some users—eventually spurred a group of individuals to declare May 31st as “Quit Facebook Day.”

Privacy Issue: Facebook Privacy Policy vs. User Behavior

Facebook is one of the newer and very active social networks on the planet today. Its open attitude to 3rd party development and widget features from the get-go was one of its major moving changes. This led the way to how people viewed social networking today—a more fun and interactive online community. It took some of the best ideas from various existing sites and integrated them seamlessly.

However, to become the widely connected social network that it is today, Facebook has to compromise the privacy of a lot of the data that users post and share on the site. While this may provide a good way for users to be more “social” on the site, it is also the major issue that is pushing a large number of users to cancel their accounts.

Perhaps the question is not limited to “should users quit Facebook?” but moreover, “should users quit social networking altogether?” Compared to other social networks that came before it, Facebook has done a whole lot better than most of these pioneer sites did. In terms of data available, those sites were even more unprotected then than they are now.

Another aspect of this privacy issue is how users tend to behave online. With or without Facebook, unenlightened users will make a mistake and divulge private information no matter what social network you drop them into.

As senior threat researcher Alice Decker puts it, “There is no reason to assume that people don’t know what they are doing. I have never heard anybody say that they actually don’t want to share their private information.”

Antivirus engineer Joseph Cepe adds, “Users who sign up for an account have every intention to connect and reach out to others. Setting up a secure account is probably the least of a new user’s priorities.”

If you don’t want it out there, don’t share it

TrendLabs research engineer Jayronn Bucu notes that creating an account on a social networking site comes with the intention of sharing information via the Internet. “Facebook carries the vision of creating a more open place. If there are no threats… then we could freely connect and share. However, that’s not how things roll.”

As we all know, the proliferation of online threats, such as the KOOBFACE malware, is another popular Facebook issue that threatens the privacy of user information within the network. TrendLabs^SM Malware Blog has discussed this threat on the following posts:

• The Evolution of KOOBFACE: A Web 2.0 Botnet
• KOOBFACE IP Taken Down, Gang Transfers Hosting to China
• Shortened URLs in IM Apps Lead to a Worm
• KOOBFACE Makes a Comeback
• From KOOBFACE with Love

At the end of the day, keeping personal information private is still the user’s responsibility. If you don’t want it out there, don’t share it. Your real friends online should also be aware of your decision and respect it, otherwise they aren’t your friends after all. Perhaps the better question one should consider is, “Is it time to de-friend your social network’s weakest link?”

Post from: TrendLabs | Malware Blog – by Trend Micro

Is It Time to Quit Facebook?

During the weekend I came across a news item regarding an FBI indictment over “Scareware fraud”. The indictment, available here, alleges a scheme that employs malicious advertisements served on legitimate websites. These advertisements trick users into believing their computer is infected. The fake infection report is then used to induce users to purchase “Scareware” products that fixes nothing and has little if any value. The scheme is reported caused over $100 million in losses. In 2008, the US Federal Trade Commission (FTC) had shut down the two firms related to this scheme.

Of course, reader of this blog will be much more familiar with the commonly referred name of “Fake AV” or “Rogue anti-virus”. Some of the product names mentioned included “Malware Alarm,” “Antivirus 2008,” and “VirusRemover 2008.” Looking into the indictment, it makes me wonder if this group of people are the one and same who is responsible for the NY Times website poisoned ad-stream attack back in September 2009.

Examining the names of the alleged masterminds makes me realize that these people are not new to the “anti-virus” business. The defendant Shaileshkumar P. Jain had his run-ins with the community earlier in the decade. Back in 2004, he and his cohorts were tricking Symantec users into buying counterfeited software through fake advertisements claiming the users’ subscription had expired. A civil court action awarded a 3.1 million judgment against him. Shortly after Jain was charged with the criminal offense of counterfeiting software in California, which got him listed on Interpol Wanted List before the latest indictment surfaced.

So, putting his previous and latest schemes together, a common modus operanti emerges: Fake ads and selling of antivirus software (counterfeit or otherwise fake). Currently, FBI reports that Jain is operating out of Ukraine. His co-conspirator, Bjorn Daniel Sundin, is in Swedan. A third member, James Reno, resides in the United States. It is not known whether Jain and Sundin will be extradicted to the face trial, or if this indictment has any effect at all in stemming the flow of Fake AV served by websites. We can only hope that this will be the beginning of crackdowns that will make the Internet a safer place.

Type: Vulnerability. Ichitaro is prone to a remote code-execution vulnerability; fixes are available.

Risk Level: Very Low. Type: Trojan, Virus, Worm.