Will Kaspersky Lab be acquired by Microsoft Corp.?

he normally very well-informed anti-malware branch insider Bill Guttman told me past week he had (not confirmed) information that Microsoft Corp. would be interested in acquirement of the Russian security software vendor Kaspersky Lab.

It is no secret that Microsoft H.Q. isn’t happy with the negative resonance of the Windows user on products like e.g. Windows OneCare and Windows Defender, and that Microsoft CEO Steve Ballmer is determined to go new directions with the Windows Vista successor Windows 7.

Like Vista, security is a main issue in Windows 7 development and it is the intention of Microsoft to revamp the Security Center in Windows 7 thorough. Part of the plans is to rebuild it on modular base with the components antivirus, HIPS, antispyware and firewall. It seem to be the intention too that development of the new Windows 7 Security Center will be performed by Kaspersky Lab for reason of it’s know-how and excellent security products.

Amount that will be paid for the (possible) Kaspersky Lab acquirement is not known but seem to be considerable. Not known too is what will happen with the antivirus products running with a Kaspersky engine if Microsoft succeed with it’s efforts to acquire Kaspersky Lab.

Of course i have tried to become confirmation about what Bill Guttman told me, but (as expected) both involved companies reacted with the usual: “no comment”.

The Pedophile's Secret Code

Every subculture speaks its own dialect, and pedophiles are no exception. Hence the FBI's January 2007 "intelligence bulletin" on "symbols and logos used by pedophiles to identify sexual preferences." The document (see Pages 2-4), was prepared and distributed to FBI divisions and field offices earlier this year by the Cyber Division's Innocent Images National Initiative. These are the G-men and -women who work on cases involving child exploitation and sexual abuse.

Did you know that "boylovers" make their presence known with a "small blue spiral-shaped triangle surrounded by a larger triangle"? The larger triangle signifies an adult male; the smaller triangle, a boy. If the boylover wishes to emphasize the smallness of the boys he covets, then he uses the "little boy lover" logo, which is more rounded and thinner than the boylover logo, apparently to "resemble a scribbling by a young child." Males or females whose taste runs to young girls identify themselves with a logo showing one heart inside a larger heart, while "non-preferential gender child abusers" indicate their enthusiasms with a butterfly logo made up of two large hearts and two smaller hearts. These logos are sometimes incorporated into jewelry or even stamped onto coins. (See Pages 2 and 3.)

Included with the intelligence bulletin is a customer-satisfaction survey aimed at measuring how helpful the report was-not to pedophiles but to law enforcement professionals (see below). Recipients (Page 5) are asked to "[p]lease take a moment to complete this survey and help evaluate the quality and value of FBI products." Was the report "delivered within established deadlines"? Did it identify "new information associated with pending matters"? Respondents are asked to indicate their opinion by circling a number (1 = Strongly Disagree; 5 = Strongly Agree). The inapplicability of Total Quality Management to this particular topic is underlined when respondents are asked whether the report "is reliable (i.e., sources well documented and reputable)." Well-documented, yes. But reputable? As a general rule, you can't find information of this nature in a reputable source. The report's footnotes to online sources (see Page 6) bear this out.

More

How to boot in Safe Mode ?

To use a Safe Boot option, follow these steps:

1. Restart your computer and start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when the Boot Menu appears.
2. Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
3. When the Boot menu appears again, and the words "Safe Mode" appear in blue at the bottom, select the operating system installation that you want to start, and then press ENTER.

Please visit this page if you need some additional info: http://support.microsoft.com/kb/315222

If it doesn't work (there could be some system issues or virus actions), please execute the following script in the AVZ utility:

Code:

begin
ExecuteRepair(10);
RebootWindows(true);
end.

It will automatically restart your system. Please try booting in the safe mode one more time.

Virus scan freeware. The rules.

• To ask for help you should open a new thread.


• Logs should be attached to the message (and not posted separately in the thread).


• Do not send Logs orqueries directly to a helper, a moderator or an administrator as a private message or an e-mail. Use a separate thread every time.


• Please see Appendix 1 to find out how to turn off System restore.


• Please follow the directions in Appendix 3 to create an attachment.


• Please check the FAQ section on our website for answers to the most commonly asked questions.


• To expedite the processing of yourquery please follow the regulations.

Scan your PC:

1. If you have an antivirus installed, please, update its databases and scan your PC.

2. Before the analysis please download the DrWeb - CureIT! utility (about 5 mb) and perform the system scan in Safe Mode.After that you should reboot the computer normaly ( Normal Mode).
* Note: If you use DrWeb antivirus, please skip this step)

3. Download the AVZ Antiviral Toolkit. Even if you have once downloaded AVZ, you should still download it again, because the new diagnostics options for the malware programs are being regularly updated. (About 2 mb)
* The utility offers a wide range of options for a system scan besides the malicious software neutralization: please read the help file of the Toolkit.

4. Extract it from the archive to its own folder.
* Start AVZ and update its databases ("File" => "On-line automatic update "). Close AVZ.

5. Download the last version of HijackThis.
* Even if you have once downloaded HijackThis, download it again to make sure you have the latest version. (About 200kb)

6. Extract HijackThis from the archive to its own folder.

7. Turn off System restore (Windows Me/XP).
*Follow the instructions in Appendix 1.

Prior to taking the following steps (8, 10, 12), please close all of your anti-virus programs, games, text editors and all other applications, except your Internet browser!!!

8. Start AVZ. Choose from the menu "File" => "Standard scripts " and mark the "Healing/Quarantine and Advanced System Investigation" check box. Click on the "Execute selected scripts".
Automatic scanning, healing and system check will be executed. A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.

9. It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan. All applications will work properly after the system restart.

10. Start AVZ. Choose from the menu "File" => "Standard scripts " and mark the "Advanced System Investigation" check box. Click on the "Execute selected scripts".
A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

11. Start HijackThis. If the program malfunctions or stops working right after the start, download the renamed file of HijackThis here and use it in the following instructions.

12. Click on the "Do a system scan and save a logfile ".

13. Save the logfile. The logfile will be saved in the program folder as hijackthis.log by default.

14. Create a new thread in the "Help Me" section only. The header should contain a brief description of the problem and the body should provide the details. Attach the logfiles created at steps 8 (AVZ - virusinfo_syscure.zip), 10 (AVZ - virusinfo_syscheck.zip) and 13 (HJT - hijackthis.log) to the message. There should be 3 logs in general. We will do our best to help you.

Attention!!

Please do not create threads named "Help!!!", "SOS", etc.
Also please do not attach any other logs, except HijackThis and AVZ logs,
unless specifically asked.

Please note that developers, helpers, and forum administration are not responsible for any possible damage caused by use of any of the tools enumerated above. See EULAs for details.

Appendix 1. How to turn off System restore.

1. "System restore" (Windows Me/XP)
Windows protects the system restore folders from all external programs. When viruses get into PC, Windows can also keep them in the system restore folders. Antiviruses and utilities cannot delete viruses from these folders. It is necessary to turn off System restore for healing. After healing it is necessary to turn it back on.

Windows Me:
1.Right-click My Computer, and then click Properties.
2. On the Performance tab, click File System, or press ALT+F.
3.On the Troubleshooting tab, click to select the Disable System Restore check box.4.Click OK twice, and then click Yes when you are prompted to restart the computer.
5. To re-enable System Restore, follow steps 1-3, but in step 3, click to clear the Disable System Restore check box.

Windows XP:
1.Click Start, right-click My Computer, and then click Properties.
2. In the System Properties dialog box, click the System Restore tab.
3. Click to select the Turn off System Restore check box. Or, click to select the Turn off System Restore on all drives check box.
4. Click OK.
5. When you receive the following message, click Yes to confirm that you want to turn off System Restore: You have chosen to turn off System Restore. If you continue, all existing restore points will be deleted, and you will not be able to track or undo changes to your computer. Do you want to turn off System Restore? After a few moments, the System Properties dialog box closes.

2. Correct cleaning of the system restore folders.

It is not recommended to turn off System restore at once if you keep any valuable information on the PC.
You should be absolutely sure that the system restore folders are infected. If there are clean copies, they should be used for restorating clean files.

Appendix 2. Searching files on disk with AVZ.

1. Click "File" - "Add to quarantine by list ".
2. Enter the list of files which were asked to send in the top window.
3. Press "Start" and wait until "File addition process - complete" notification appears at the bottom of the window.
4. Close current window "Add to quarantine by list ".
5. Choose from the menu "File"-> "Quarantine folder viewer ".
6. Mark files in the list which should be sent.
7. Click "Archive" and specify a place on the disk where the archive should be kept.
8. Upload the archive using the upload link (Upload quarantined files) at the top of your thread (the "thread link" field will be filled automatically), or use this link: http://virusinfo.info/upload_virus_eng.php , where you need to fill the "thread link" field manually. (It should look like httр: // virusinfo.info/showthread.php?t=ХХХХ).

Appendix 3. How to send us requested files.

1. Start AVZ, choose from the menu "File"-> "Quarantine folder viewer ".
2. Mark files in the list which should be sent.
3. Click "Archive" and specify a place on the disk where the archive should be kept.

4. Upload the archive using the upload link (Upload quarantined files) at the top of your thread (the "thread link" field will be filled automatically), or use this link: http://virusinfo.info/upload_virus_eng.php , where you need to fill the "thread link" field manually. (It should look like httр: // virusinfo.info/showthread.php?t=ХХХХ).

http://virusinfo.info/showthread.php?t=9184

Kaspersky Anti-Virus 7.0 wins top awards from PC Pro

Kaspersky Anti-Virus 7.0 has won two top awards - "Labs Winner" and "A List" from PC Pro, one of the oldest and most influential British IT magazines, with a six-star rating against all three criteria: performance; ease of use; and value for money.

PC Pro tested the effectiveness of 13 leading antivirus products available in the UK market. The experts also analyzed how easy the product is to use, and whether it represents value for money. It should be noted that Kaspersky Anti-Virus 7.0 was represented by a beta version, while all the other products tested were final versions.

According to the authors of the review, Kaspersky Anti-Virus demonstrated unrivaled effectiveness of antivirus protection: it "managed to find and remove an incredible 98% of the malware." "While many packages check for new virus signatures on a daily basis, Kaspersky runs to an hourly schedule, improving your PC's chances of being immunized before an infection reaches it," states the article.

The review also notes that the software is efficient, being one of the lowest users of total system RAM of all the products tested: "It's refreshing to find an antivirus package that's so respectful of resources… the impact upon system resources is negligible."

It cites the product's breadth of features as a major benefit of the software: "No other package combines such a range of useful functions." Importantly, even an inexperienced user will be able to control all these features. "With peerless detection capabilities, this well-conceived package is a joy to use," say the reviewers.

The review closes by saying: "In short, Kaspersky towers over the competition… for £2 a month, you won't find a more deserving winner."

For more information on the testing conducted by PC Pro experts, please visit the magazine's official website at www.pcpro.co.uk.

Technorati : kaspersky
Del.icio.us : kaspersky
Ice Rocket : kaspersky
Flickr : kaspersky
Zooomr : kaspersky
Buzznet : kaspersky
Riya : kaspersky
43 Things : kaspersky

FBI remotely installs spyware to trace bomb threat

The FBI used a novel type of remotely installed spyware last month to investigate who was e-mailing bomb threats to a high school near Olympia, Wash.

Federal agents obtained a court order on June 12 to send spyware called CIPAV to a MySpace account suspected of being used by the bomb threat hoaxster. Once implanted, the software was designed to report back to the FBI with the Internet Protocol address of the suspect's computer, other information found on the PC and, notably, an ongoing log of the user's outbound connections.

Screen snapshot of 'timberlinebombinfo' MySpace account The suspect, former Timberline High School student Josh Glazebrook, was sentenced this week to 90 days in juvenile detention after pleading guilty to making bomb threats and other charges.

While there's been plenty of speculation about how the FBI might deliver spyware electronically, this case appears to be the first to reveal how the technique is used in practice. The FBI did confirm in 2001 that it was working on a virus called Magic Lantern but hasn't said much about it since. The two other cases in which federal investigators were known to have used spyware--the Scarfo and Forrester cases--involved agents actually sneaking into offices to implant key loggers.

An 18-page affidavit filed in federal court by FBI Agent Norm Sanders last month and obtained by CNET News.com claims details about the governmental spyware are confidential. The FBI calls its spyware a Computer and Internet Protocol Address Verifier, or CIPAV.

"The exact nature of these commands, processes, capabilities, and their configuration is classified as a law enforcement sensitive investigative technique, the disclosure of which would likely jeopardize other ongoing investigations and/or future use of the technique," Sanders wrote. A reference to the operating system's registry indicates that CIPAV can target, as you might expect given its market share, Microsoft Windows. Other data sent back to the FBI include the operating system type and serial number, the logged-in user name, and the Web URL that the computer was "previously connected to."

News.com has posted Sanders' affidavit and a summary of the CIPAV results that the FBI submitted to U.S. Magistrate Judge James Donohue.

There have been hints in the past that the FBI has employed this technique. In 2004, an article in the Minneapolis Star Tribune reported that the bureau had used an "Internet Protocol Address Verifier" that was sent to a suspect via e-mail.

But bloggers at the time dismissed it--in hindsight, perhaps erroneously--as the FBI merely using an embedded image in an HTML-formatted e-mail message, also known as a Web bug.

Finding out who's behind a MySpace account
An interesting twist in the current case is that the county sheriff's office learned about the MySpace profile--timberlinebombinfo--when the creator tried to persuade other students to link to it and at least one of their parents called the police. The sheriff's office reported that 33 students received a request to post the link to "timberlinebombinfo" on their own MySpace pages.

In addition, the bomb hoaxster was sending a series of taunting messages from Google Gmail accounts (including dougbrigs@gmail.com) the week of June 4. A representative excerpt: "There are 4 bombs planted throughout Timberline High School. One in the math hall, library hall, and one portable. The bombs will go off in 5 minute intervals at 9:15 am."

The FBI replied by obtaining account logs from Google and MySpace. Both pointed to the Internet Protocol address of 80.76.80.103, which turned out to be a compromised computer in Italy.

That's when the FBI decided to roll out the heavy artillery: CIPAV. "I have concluded that using a CIPAV on the target MySpace 'Timberlinebombinfo' account may assist the FBI to determine the identities of the individual(s) using the activating computer," Sanders' affidavit says.

CIPAV was going to be installed "through an electronic messaging program from an account controlled by the FBI," which probably means e-mail. (Either e-mail or instant messaging could be used to deliver an infected file with CIPAV hidden in it, but the wording of that portion of the affidavit makes e-mail more likely.)

After CIPAV is installed, the FBI said, it will immediately report back to the government the computer's Internet Protocol address, Ethernet MAC address, "other variables, and certain registry-type information." And then, for the next 60 days, it will record Internet Protocol addresses visited but not the contents of the communications.

Putting the legal issues aside for the moment, one key question remains a mystery: Assuming the FBI delivered the CIPAV spyware via e-mail, how did the the program bypass antispyware defenses and install itself as malicious software? (There's no mention of antivirus defenses in the court documents, true, but the bomb-hoaxster also performed a denial of service attack against the school district computers -- which, coupled with compromising the server in Italy, points to some modicum of technical knowledge.)

One possibility is that the FBI has persuaded security software makers to overlook CIPAV and not alert their users to its presence.

Another is that the FBI has found (or paid someone to uncover) unknown vulnerabilities in Windows or Windows-based security software that would permit CIPAV to be installed. From the FBI's perspective, this would be the most desirable: for one thing, it would also obviate the need to strong-arm dozens of different security vendors, some with headquarters in other countries, into whitelisting CIPAV. Earlier this week, News.com surveyed 13 security vendors and all said it was their general policy to detect police spyware. Some, however, indicated they would obey a court order to ignore policeware, and neither McAfee nor Microsoft would say whether they had received such a court order. The verbatim results of our survey are here.

Technorati : FBI, Spyware, adware
Del.icio.us : FBI, Spyware, adware
Ice Rocket : FBI, Spyware, adware
Flickr : FBI, Spyware, adware
Zooomr : FBI, Spyware, adware
Buzznet : FBI, Spyware, adware
Riya : FBI, Spyware, adware
43 Things : FBI, Spyware, adware

Lenders illicitly accessing student database

A database containing the personal and financial details of nearly 60 million students had repeatedly been accessed by some lending companies in ways the violated federal privacy laws, the Washington Post reported on Sunday.

According to the article, the database contains everything needed to steal a person's identity, including students' names, Social Security numbers, addresses, phone numbers, birth dates and phone numbers as well as information on loan balances. Some lending companies have apparently given unauthorized users, such as marketing companies, access to the information in the database on a regular basis, according to the Post's article.

"We are just in shock that student data could be compromised like this," Nancy Hoover, director of financial aid at Denison University, told the Washington Post.

The revelation comes as some lending companies and schools are under fire for improper relationships. At least three financial aid directors at various schools have resigned positions or been put on administrative leave after ties with student-lending firm Student Loan Xpress were uncovered. The possible improper access of a database on 60 million students puts the breach in the same category as the repeated breaches of retail giant TJX that led to the leak of at least 46.5 million credit-card numbers and the attack on CardSystems Solutions that resulted in the possible compromise of some 40 million credit-card numbers.

Officials at the U.S. Department of Education are mulling a possible shut down of the database system while access policies and security are tightened, according to the Post.

securityfocus.com

Only 244 copies of Genuine Windows Vista sold in China

Microsoft spent millions of dollars advertising its next generation OS 'Windows Vista' in China, in fact the IT juggernaut threw up the biggest Vista Ad on the 421 meter high Jin Mao tower in Shanghai China.

However after 2 weeks (Jan 19 to Feb 2) from launch Microsoft managed to sell a mere 244 copies of Windows Vista. Software piracy is rampant in the middle kingdom and a pirated version of Vista sells for a mere $1 on the streets. The following numbers are quote by Windows Vista chief distributor in Bejing.


newlaunches.com

New worm targets Skype users

A new instant-messaging pest that spreads using the chat feature in Skype has surfaced, security firm F-Secure warned Monday.

The worm, dubbed Pykse.A, is similar to threats that affect instant-messaging applications. A targeted Skype user will receive a chat message with text and a Web link that looks like it goes to a JPEG file on a Web site, F-Secure said on its Web site.

Clicking the link will redirect the user to a malicious file. The file, after executing, will send a malicious link to all online contacts in a Skype user's list and will show a picture of a scantily clad woman, F-Secure said. In addition, it sets the user's Skype status message to "Do Not Disturb," the security firm said.

Pykse also visits a number of Web sites that don't host any malicious code and a site that appears to count infected machines, F-Secure said. The Finnish security company doesn't list any particular malicious payload for Pykse other than it spreading and visiting Web sites. The IM worm affects Skype users running Windows.

Such threats for Skype aren't new. Last month, miscreants adapted the Warezov Trojan horse to target Skype users. This threat also arrived with a Web link sent in a Skype chat message. Clicking on the link would result in a PC being at the beck and call of the attacker and the Trojan horse sending messages to the victim's Skype contacts.

In February, attackers also targeted Skype users with another Trojan horse that had propagation capabilities.

Skype has acknowledged in the past that its instant-messaging feature could be used for nefarious purposes just like any other IM service. Kurt Sauer, Skype's chief security officer, repeated that acknowledgment on Monday in a statement sent by the company's public relations agency.

"Harmful viruses and Trojan horses may damage a user's computer and collect private data, regardless of whether a person is using Skype, e-mail or other IM clients," Sauer said in the statement. "Skype strongly recommends that users take extra caution in general when asked to open attachments or links from unknown people, or suspicious-looking attachments even from people you know."

Skype also recommends using antivirus software to check the files received from other people.

zdnet.com