Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations.
Archive
Tag: trojanMcAfee Avert Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations.
The Register – One of the world’s nastiest password-stealing trojans evades detection by the majority PCs running anti-virus programs, according to a study that examined 10,000 machines.
Zeus, a stealthy piece of malware that sits on a PC and waits for users to log in to bank websites, is detected just 23 per cent of time by AV programs, according to the study (PDF) released by security firm Trusteer. Even AV programs with up-to-date malware signatures were unable to identify the infection a majority of the time, the authors said.
Zeus, which also goes by the name Zbot and PRG, escapes detection using sophisticated techniques such as root-kit technology, the Trusteer report said. The company is able to detect it by examining the fingerprint Zeus leaves when it penetrates an infected PC’s browser process.
A recent report estimated that Zeus is the No. 1 trojan, with 3.6 million infections in the US alone, or about 1 per cent of the installed base of PCs. Trusteer’s study, which found Zeus accounted for 44 per cent of the banking malware infections, was consistent with that finding. After sneaking onto a PC, it sits quietly in the background until a user logs on to a financial website. It then sends the login credentials to a remote server in real time, sometimes by use of instant messaging programs.
Of Zeus-infected machines, about 31 per cent don’t run AV at all and 14 percent run AV that’s out of date. The remaining 55 per cent had AV programs that were up to date.
More about Zeus from an earlier article from The Washington Post:
The Washington Post – September 9, 2009
Cyber Thieves Steal $447,000 From Wrecking Firm
Organized cyber thieves are increasingly looting businesses in heists that can net hundreds of thousands of dollars. Security vendors and pundits may be quick to suggest a new layer of technology to thwart such crimes, but in a great many cases, the virtual robbers are foiled because an alert observer spotted something amiss early on and raised a red flag.In mid-July, computer crooks stole $447,000 from Ferma Corp., a Santa Maria, Calif.-based demolition company, by initiating a large batch of transfers from Ferma’s online bank account to 39 “money mules,” willing or unwitting accomplices who typically are ensnared via job search Web sites into bogus work-at-home schemes…
Some types of malware, particularly a type of data-stealing Trojan horse programs known as “Zeus,” allow the attackers to change the display of a bank’s login page as a victim is entering their credentials. For example, when a victim submits his one-time password along with his credentials, the malware may force the browser to return a counterfeit page (still showing the bank’s domain name in the URL bar) stating that the bank’s site is down for maintenance, please try back again in 15 minutes. Meanwhile, those credentials are not submitted to the bank but instead sent to the attackers.
This tactic is remarkably effective: When an unwitting customer waits as instructed, the thieves use those intercepted credentials to log in as the victim and initiate unauthorized transfers from that account.
Parodi recalled that an employee who handles the company’s online account had trouble logging in just hours before the fraudulent transfers were discovered.
“The employee eventually had to reset his password, but by the time we figured out what was happening, the hacker had already withdrawn the money,” Perodi said.
Even more information about Zues:
The Zeus Trojan, otherwise known as ZBot, is widely available for purchase in the cyber-underground. Zeus was linked to a campaign that stole thousands of FTP credentials in an effort to compromise a number of high-profile Websites — including sites belonging to Symantec, Bank of America and Amazon.com.
Now, the Trojan’s purveyors are adopting a new tactic to help their data-stealing efforts. Over at RSA’s FraudAction Research Lab, researchers say cyber-crooks are now using the Jabber IM open protocol as a way to quickly transmit stolen user credentials.
“The Jabber IM modules that have been built into these particular Trojans were configured to extract stolen user credentials from the Zeus Trojan’s ‘drop’ server database — and then immediately send those credentials to the online criminal, wherever he may be,” the RSA researcher wrote in the RSA Online Fraud Report released Aug. 27.
Stolen data is not necessarily available to the cyber-crook in real time — the attacker may reside in another part of the world or may not be connected to the server 24 hours a day, the report continued. For that reason, criminals are using the Jabber IM module to automatically forward and receive stolen credentials as soon as they are harvested…
Still, the move is new for Zeus, which according to security company Fortinet experienced a surge of activity on July 24. That particular day, the Zeus Trojan posted record detection levels for a single-day run, surpassing those of not only the Sober worm in January 2006, but also the infamous Storm worm in January 2007.
“The variant flooded on this day … was HTML/Agent.E: in fact a ZBot variant attached in a MIME [Multipurpose Internet Mail Extension] sample (e-mail),” the report said. “This e-mail seeding campaign once again — as we reported in June this year — used a simple e-card social engineering hook.”
The campaign helped catapult Zeus to No. 2 on Fortinet’s list of Top 10 malware during July 21 to Aug. 20 — a slightly less distinguished Mount Olympus, but one nonetheless.
Zeus is a nasty piece of work and it’s important to understand that there are dangers out there despite the comfort level we come to accept when we have solutions such as firewall, antivirus, malware protection. This is not to mean that any of us panic but simply be vigilant, use safe practices, install and maintain useful protective solutions such as the aforementioned firewall, antivirus, malware software.
DON’T CLICK IT!
I can’t tell you how many times I have had a user call or email me stating that he/she saw a pop-up saying they needed antivirus so they clicked the ad. As someone that has been around the block as far as computers and viruses go I know how the story is going to go: “Hey, I saw an ad for *** and clicked it… Now my computer is *** and I can’t ***. What happened and what should I do?” Ouch. Those times for the user is not fun and many feel helpless and at the mercy of the technician helping them.
Some nasty ads have hit the Web browsers of visitors to NYTimes.com and some other sites in recent days. The ads, which are not authorized or endorsed by The Times, can hijack a person’s browser and make it appear as if a scan for viruses is running. The ads then promote “antivirus” software that is itself virus-like. The Times believes it has eliminated these ads, but if they popped up on your screen, here’s what you need to know about your computer’s security.
According to Rik Ferguson of the security-software maker Trend Micro, a malicious ad sparked a pop-up window with a bogus claim that the PC was infected with malware. It urged the user to run a system scan with its “Personal Antivirus” program — a convincing-looking ruse, but a complete fake — to clean out the infection.
If you closed this box, you should be O.K., though it’s a good idea to empty your browser cache — which stores temporary copies of many of the files used by your browser to render Web sites and, thus, can store malicious content.
This story reminds me that I need to recreate an antivirus section as the BYKYC website once had one before evolving to a WordPress setup. I will see what I can come up in the next few weeks.
Security must not be a privilege. Under this motto, Emsi Software provides the Malware scanner a-squared Free completely free of charge for private use. But it is not a very limited version, it is a full tool to clean your computer from Malware. Not only Spywares, as detected by classic Anti-Spyware programs, but also especially Trojans, Backdoors, Worms, Dialers, Keyloggers and a lot of other destructive pests, which makes it dangerous to surf the web.
* Remove infections of Trojans, Spyware, Adware, Worms, Keyloggers, Rootkits, Dialers and other malicious programs.
* 4 million users world wide rely on a-squared to clean their PC from Malware.
* Remarkable easy to use and completely free or charge.
Download a-squared Free 3.5.0.8
Tip: This software is a nice complement to Ad-Aware 2007 and Spybot: Search and Destroy but the one thing that concerns me is that the default install has the “Join the Anti-Malware Network” option automatically turned on. With this setting on, the program will automatically upload infected objects to emisoft. This option should be disabled by default, IMHO, and the user asked if they’d like to participate. Keep this in mind if you choose to use this software. You can also disable the option to download additional languages. See the picture to the right (click to enlarge).
Yahoo! owned RightMedia has been serving ads to popular networks such as MySpace, Bebo and Photobucket that could wreak havoc on visitors’ machines.
The Trojan which was reported to have been inserted by a third party ad server, was tracked down to RightMedia. The infected banner ad supposedly ran several million times over a three week period after it was first spotted on August 8th by a web security company before it was removed.
The ads used Flash to load an invisible iFrame which in turn would load content in from another website. RightMedia has said that it has systems in place to test and determine whether ads contain malicious code, and will flag them appropriately. Upon further investigation of the ad, code inserted was actually designed to tell the difference between RightMedia’s protection systems and not display the Trojan when the company ran the testing process.
All we can say is, “Hello Firefox with AdBlock!”
McAfee Avert Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations.
Download Stinger v3.8.0 – Updated September 10, 2007 to include PWS-JA and related threats
Download Stinger for W32/Polip
Download Stinger for W32/Bacalid
Download ePO Compatible Stinger for W32/Bacalid
Download Stinger for W32/ QQPass.worm and W32/ Rjump.worm
Download Stinger for W32/HLLP.Philis.bq
Download ePO Compatible Stinger for W32/HLLP.Philis.bq
Spybot – Search & Destroy can detect and remove spyware of different kinds from your computer. Spyware is a relatively new kind of threat that common anti-virus applications do not yet cover. If you see new toolbars in your Internet Explorer that you didn’t intentionally install, if your browser crashes, or if you browser start page has changed without your knowing, you most probably have spyware. But even if you don’t see anything, you may be infected, because more and more spyware is emerging that is silently tracking your surfing behaviour to create a marketing profile of you that will be sold to advertisement companies. Spybot-S&D is free, so there’s no harm in trying to see if something snooped into your computer, too 
Life is getting pretty dangerous out there in the wild wild web. Enter “Trojan.Kardphisher“, a new trojan that opens an official-looking “Microsoft Piracy Control” box (screenshot1, screenshot2).
Trojan.Kardphisher is a Trojan horse that attempts to steal credit card numbers by tricking the user into entering their credit card details to activate Windows.
Although Symantec lists the risk level for Trojan.Kardphisher as “Very Low” any trojan that wants credit card information should be regarded as serious. Never enter personal information, especially credit card information is you are ever in doubt.
If you do have the trojan you can follow the removal instructions here.
Vista users should beware as there is a variant for Vista as well.