Slashdot Mirror

They have a Linux version, right?

Yes.

In fact, we still do not know any OS X virus

I know two [1|2]

But there is a reason why there is not that many OS X viruses.

How about linking to the original article with screenshots and more info?

http://blogs.pandasoftware.com/blogs/pandalabs/arc hive/2007/07/18/PINCH_2C00_-THE-TROJAN-CREATOR.asp x

come on digg! err...slashdot

And? Been attacked by a tiger lately?

Seriously. AV tools have their place. They cannot be a replacement for good ol' common sense, but with the advent of MPack and similar infection tools, they're pretty much the only line of defense you have.

Getting infected is not only for the dumb and lazy anymore.

I don't (buy Enzyte! Feel like a MAN!) believe that this kind (Get your ULTRA LOW COST HOSTING here!) of advertising actually (Your computer may be infected! Click here for a free scan!) exists...

Give this guy a cigar.

I loved the end quote to the article:

"In this way users will be properly protected against any possible waves of attacks using voice over IP systems. For traditional problems (known malicious code), signature-based scanning; for new problems, new technologies (intelligent detection of unknown code)."

What, something like your goddamn TruPrevent Technology which repeatedly identified my uTorrent client as malware and my connection to WoW as an e-mail virus?

I think not, chumps!

For anyone who wants to see the original article, which is without ads, and with links, there's always the original site:
Panda Software Virus Yearbook 2006

They say that Gatt.A can infect any platform like "omg noes Linux and Mac!" but according to http://www.pandasoftware.com/virus_info/encycloped ia/overview.aspx?IdVirus=122900&sind=0 the IDA (which it exploits) is present on multiple platforms, but there are other things about windows that made the virus function.

I don't know about everyone else, but this damages the credibility of the article for me.

Apparently it only works properly on Windows... http://www.pandasoftware.com/com/virus_info/encycl opedia/overview.aspx?lst=det&idvirus=122900&sitepa nda=particulares

Windows Media Player helpfully downloads license files for you, and if a malicious media file asks for something that's nastier than a license file, well...
http://www.pandasoftware.com/about/press/viewNews. aspx?noticia=5818

In that case this is a trojan, not a worm. It doesn't exploit any vulnerability other than the willingness of users to double-click on EXEs. See the Panda Software advisory (which incidentally lists the Threat Level as low).

This worm has nothing to do with "videos/pictures stream[ing] through the chat box". The worm spreads by sending a URL to an executable. Victims run the executable (which is cleverly "disguised" by having the extension ".avi.exe") and get infected. Clearly this attack has nothing to do with GAIM or MSN Messenger, and contrary to what the summary says ("distributes itself to all your MSN contacts by sending a video"), the worm does not send any video at all. It displays some image when it first runs, but that's it.

So this has nothing to do with software bloat or WMP vulnerabilities or MSN Messenger being integrated with the OS (which it's not, by the way — you're thinking of Windows Messenger, which is different and will be removed in Vista IIRC) or software being "married to the kernel" (I have no idea what you mean by this). In fact Windows does its best to mitigate this type of attack — when you download an executable from the Web, it gets an Internet zone identifier attached that says the file came from the Internet zone. Running the file shows a warning dialog with the application name and the publisher before it will let the file run. I don't know what else Windows can do here.

This whole thing is just fulfilling the 1337 h4x0r fantasies of some kid who knows a little Visual Basic, and effectively posting his name on lights on Slashdot is completely counterproductive. If he'd done something remotely clever I could understand, but there are millions of these stupid worms floating around everywhere. There really is nothing to see here.

I guess the systems I've kept uninfested for years without reinstalling are just figments of my imagination ?

Most likely, yes.

Between spyware and viruses/worms, 80-90% of systems are infected with some kind of malware.

Microsoft itself indicates that it's worm removal tool scores about 200 million successful "hits" per month.

Saying that you keep a Windows system clean is no different than saying you run a Linux desktop. Neither is out of reach for a power user; both are not the norm.

I'd be willing to bet money that in a three way study, of casual users, you'd see the following results in terms of "ease of acheivability":

1. Transition to Mac OS X as a primary desktop.
2. Transition to Linux as a primary desktop.
3. Mainting an uninfested Windows system.

That is, if you had a large enough sample size so that you would actually see some causal users succesfully acheive #3.

Viruses/malware are not a joke. Your anecdotal evidence proves absolutely nothing; statistically, the vast majority of computer users are infested, badly. More computer users are infested with viruses/malware than vote in the presidental election. More computer users are infested than support ANY given political issue, *including* the concept of first amendment rights.

Statistically, you are in a minority category similar to OS X users and Linux Desktop users. The level of sophstication (or at least market savvyness) needed to achieve your position is no less than for those of us administering Linux Desktops, and probably significantly higher than people who use OS X as a primary desktop.

As another alternative, check out Panda Security. I've used their software on a couple of small networks and found it stable and effective. Their managment software easily allows remote installation as well as signature distribution.

http://www.pandasoftware.com/home/empresas/default

I really like the 'admin secure' package, it's what I use in my small 40 seat shop. The central administration part is nice, fully supports AD and can install itself via group policy. It take updates to the admin server and pushes them out from there. It's install packages are great, has a POP3 proxy and can tie right into outlook. It has windows xp, windows server, exchange, lotus, and linux versions... All in all a great package.

It seems to be very easy on a machines resources, and is very unobtrusive (other than the cute little panda guy there even befor login, you hardly know it's running).

Check it out. http://www.pandasoftware.com/

We have a penalty for blatant ignorance. This results in a two year internet privilege suspension and an additional beating around the ears with an Internet for Total Fucking Dummies book. PLease step away from the keyboard and assume the position!

Symantec Antivirus Center
Computer Associates Virus Information Center"
McAfee Virus Library
Kaspersky Virus Encyclopedia
Panda Software Virus Encyclopedia
Sophos virus analyses
BitDefender Virus Encyclopedia

For those that will argue that these search engines do not behave as the article requested; it is simply a matter of searching for the right symptoms. If you accurately describe the behavior of the virus, all of these search engines give you the answer.

The fact of the matter is that the very best solution is simply to use a commercial antivirus solution. If you are infected with a 0hour virus, simply wait an hour and run the update utility. Such a product will at least see the virus and tell you its name, even if it is unable to clean it. Worst case you have to use a bootable CD-ROM OS to catch/clean it.

Hello,

A bit of searching came up with the following free or trial versions of anti-virus programs which are capable of detecting and removing Win32/MyWife (née CME-24):

Alwil - Avast! 4 Home Edition (free for personal non-commercial use)
ESET - NOD32 trial version (30-day evaluation)
Grisoft - AVG Free Edition (free for personal non-commercial use)
Kaspersky Lab - Anti-Virus Personal 5.0 (30-day evaluation)
McAfee - VirusScan (30-day evaluation)
Microsoft - Windows Malicious Software Removal Tool (KB890830) (free)
Panda - Titanium Antivirus 2006 (30-day evaluation)
Sophos - Anti-Virus (30-day evaluation)
Symantec - W32.Blackmal@mm Removal Tool (free)
Trend Micro - PC-cillin Trial Version (30-day evaluation)

I'm certain other readers will look up and post links to additional vendors, too. Ob-disclaimer: I happen to work for one of the companies listed above, so there.

Regards,

Aryeh Goretsky

Hello,

A bit of searching came up with the following free or trial versions of anti-virus programs which are capable of detecting and removing Win32/MyWife (née CME-24):

Alwil - Avast! 4 Home Edition (free for personal non-commercial use)
ESET - NOD32 trial version (30-day evaluation)
Grisoft - AVG Free Edition (free for personal non-commercial use)
Kaspersky Lab - Anti-Virus Personal 5.0 (30-day evaluation)
McAfee - VirusScan (30-day evaluation)
Microsoft - Windows Malicious Software Removal Tool (KB890830) (free)
Panda - Titanium Antivirus 2006 (30-day evaluation)
Sophos - Anti-Virus (30-day evaluation)
Symantec - W32.Blackmal@mm Removal Tool (free)
Trend Micro - PC-cillin Trial Version (30-day evaluation)

I'm certain other readers will look up and post links to additional vendors, too. Ob-disclaimer: I happen to work for one of the companies listed above, so there.

Regards,

Aryeh Goretsky

..and say "Windows Media Player" and "http://www.pandasoftware.com/virus_info/encyclope dia/overview.aspx?idvirus=57265delivering the best experience" in the same sentance without flinching.

WMP is a steaming pile.

I feel so sure about that statement Im not even going to bother to qualify it.

I use Panda WebAdmin on about 50 workstations, 8 laptops, and several windows servers. It works great, and you can log in anytime to see the current status of all the machines (even laptops). Luv it.... Although I wish they would release a *nix client as well

I've heard a lot of good things about NOD32 http://www.nod32.com/. Its a product you gotta pay for, and it runs on windows. It doesn't seem to have the bloat that Symantec or Mcafee has. They have a free trial, so it may be worth looking at. Another good one is Panda http://www.pandasoftware.com/. You will definately want to check out what they have for management options.

Now someone mod me down cause I didn't tell them to switch to linux.

think of the the amount of scammers that would go out of business

when there is so much money in it, its never gonna stop until we kill the disease, not treat the symptoms

Plenty of options available Antivir, Panda, even AVG to name a few. I would not use Mcafee either. I tell all my client and people I know to get Symantec, especially Norton, off of their machine pronto. You are better off without it. the rules are a bit different in an enterprise, but the home use would be better off with nothing (no antivirus software) than with Norton.

Norton because it is the default OEM AV on M$ it is a target. Symantec sells junk because it can do that, well.

Get your money back on it fast and talk to somebody else about your AV solution.

Norton because it is the default OEM AV on M$ it is a target. Symantec sells junk because it can do that, well. Get your money back on it fast and talk to somebody else about your AV solution.

Just so you know, there's about a zillion free-for-home-use Linux antivirus applications. F-prot and Panda are just two of them. Personally, I run NOD32 on both Windows and Linux, but it aint free. It's good to see McAfee with a no-setup-drama on-access scanner though.

Panda Antivirus seems to do fairly well at removing spyware. It even removed the latest versions of Cool Web Search that Symantec, Lavasoft, and Spybot wouldn't even touch (and yes that is with the latest definitions).

I make use of Panda Software's ActiveScan (free online virus scanner). It doesn't work in Firefox, saying it "requires the browser Microsoft Internet Explorer 4.0 or later version." That and my bank's web site are the only things I still need IE for. But I still need to get into those 2 places, so I can't avoid having to use IE now and then.

ARP poisoning is fairly easy to detect too. Panda Antivirus Platinum 7 detects it and alerts the user. And even Windows can be locked down to hard-coded MAC-IP pairs if you know what you're doing.

Most people don't, and it's a bit of a pain in the ass (and I haven't actually done it on my LAN at home so I don't *know* that it works properly), but it's an option.

uhm no, you have spyware, that's the problem. The googlebar blocks pop-ups from webpages. IF the pop-ups aren't being blocked, then the pop-ups aren't coming from the pages. Go download spybot. Once that has finished, go run the free panda virus scanner http://www.pandasoftware.com/

Avast is very good. You may like the cost. Other than that Panda is the best. Mcafee/Norton are getting worse as they expand their product line.


would you like to

Because when they did that with web browsers, they got slapped with antitrust lawsuits?

Nobody is going to be "required" to purchase Microsoft's AntiVirus product. Nortan AntiVirus will continue to exist and it's what many people will continue to remain comfortable using. Microsoft's poor track record of dozens upon dozens of critical vulnerabilities in their OS and other software isn't going to make them the first company people think to go to for an antivirus solution... especially while Symantec has been making a name for itself as a legitimate security/antivirus company for years. Meanwhile, free antivirus software exists out there (for home users at least), including

On top of that, since Microsoft is not bundling the AV software as a part of the OS, so it's not going to be free. It's hard to compete against free, and there are a free ways that home users have to protect themselves against malicious code (Grisoft AVG, AntiVir Personal Edition, as well as free online options, like Panda ActiveScan and Trend Micro's Housecall).

So Microsoft has to compete against both an established anti-virus/system utility software company which many people are already using, as well as several viable free alternatives. No doubt Microsoft will have some success, but while these alternatives exist (and I suspect at least some of them will continue to exist for a long while), I don't quite see how you can call it extortion.

Because when they did that with web browsers, they got slapped with antitrust lawsuits?

Nobody is going to be "required" to purchase Microsoft's AntiVirus product. Nortan AntiVirus will continue to exist and it's what many people will continue to remain comfortable using. Microsoft's poor track record of dozens upon dozens of critical vulnerabilities in their OS and other software isn't going to make them the first company people think to go to for an antivirus solution... especially while Symantec has been making a name for itself as a legitimate security/antivirus company for years. Meanwhile, free antivirus software exists out there (for home users at least), including

On top of that, since Microsoft is not bundling the AV software as a part of the OS, so it's not going to be free. It's hard to compete against free, and there are a free ways that home users have to protect themselves against malicious code (Grisoft AVG, AntiVir Personal Edition, as well as free online options, like Panda ActiveScan and Trend Micro's Housecall).

So Microsoft has to compete against both an established anti-virus/system utility software company which many people are already using, as well as several viable free alternatives. No doubt Microsoft will have some success, but while these alternatives exist (and I suspect at least some of them will continue to exist for a long while), I don't quite see how you can call it extortion.

More information at Computer Associates, F-Secure, Symantec and McAfee.

Where's Panda in that list? Personally I prefer Panda over those.

Panda detects spyware, adware, and virus hoaxes, not to mention regular viruses, in their Corporate Antivirus Solution and thier Platinum Internet Security version.

I'm currently using thier corporate version and like it alot. It's not quite as good as ad-aware, but the mere fact that they seem to have commited themselves to addressing this issue speaks volumes to me.

I see many more problems caused by adware and spyware then by true viruses.

You can download the free PQREMOVE application from Panda Software's web site: http://www.pandasoftware.com/download/utilities/.

2. Offer different proxies with multiple levels of popup/junk filtering that your savvy customers can opt-into.

3. Send out a CD with free versions of Ad-Aware, Spybot S&D, and so on. Or point them to links like the online version of X-Cleaner or one of many online virus scans.

4. You could also be a real saint and figure out how to put most of the important Windows Updates on CD for your dial-up users and have it automatically do its thang. At a minimum, the Service Packs and Security Rollups will make you their hero.

5. ???
6. Profit!!!

We know there isn't a quick fix solution, but 1 and 2 are eminently doable. I personally use a proggie called AdMuncher(.com) and since Dec. 25th its blocked 13,100 ads/popups/etc and supposedly saved me around 102MB of bandwidth. It ain't free, but goddamn its good (and only 157K).

Another possibility would be to use Panda Software Antivirus (free -as in beer- edition).

Anyways, when I told him about practices that spammers use like reselling email lists, scavenging webpages for emails, etc... He was outraged. Yes, you read that right. It just went completely against ethics for him, because that is not what they teached him at the business school.
He even got more outraged when I explained him what spyware is, but that is another can of worms.

Essentially, SPAM and Spyware is what the "real" marketers look bad. They're just the scum of the industry.

Ok, sorry for the original light post.

I got the 7.2% infected stat from
Yahoo! Japan headlines, which was quoting ZDNet, which was quoting Panda Software, an anti-virus removal service company.

And I got this link ftp://ftp.kaspersky.ru/utils/clrav.com from Download.com, which requires you to register to use it's auto-download service. So I'm trusting download.com to be referring me a "safe" program.

And I guess I'll use the term viruses instead of virii from now on :)

Im personally using Mcafee, mainly because i have good experiences with it from work where we have it running both on all windows clients and linux file servers. And if you aren't behind a "real" firewall it does come with McAfee firewall included, which i haven't actually tried myself. I think there is a trial version but im not sure. And if you like all kinds of other crap^H^H^H^Hutilities then you can get it from McAfee as well.

An alternative i have heard some good things about though is Panda antivirus. One of the good things is that you can get an evalution version so you can try it before shelling out the money.

Another one i haven't seen mentioned on here, and that i actually own but havent tried (came with my motherboard) is PC-cillin. This one allows you to download an evaluation version as well.

I could mention a few others, but they have already been mentioned by others... (Norton antivirus for instance)

As for Viable Options, have you taken a look at Panda Platinum (or the new "Titanium") Anti Virus. They've come on the top of every review I've seen, and their customer service is great.
You have trial versions at http://www.pandasoftware.com/
I think they're really worth checking out!

No, I'm in no way affiliated with them... They're just the only AV SW I've tried that I've found worth registering and paying for! :)

Does anyone know whether non-US A/V vendors (like Panda) will detect this virus? Might be a great time for them to advertise this.