[SecurityRatty] tag: bitdefender

Way to go BitDefender!

Tue, 11 Nov 2008 15:00:44 +0000

Ive been using their products for two years now and Im very satisfied.
BitDefender even works with Vista!
Their online support is excellent and Its not a resource hog.

clipped from www.marketwatch.com

BitDefender Receives Prestigious Integrated Threat Management
Checkmark Certification From West Coast Labs

MOUNTAIN VIEW, CA, Nov 10, 2008 (MARKET WIRE via COMTEX) –
BitDefender(R), an award-winning provider of antivirus software and
data security solutions, announced today that BitDefender Total
Security 2008 received the prestigious Integrated Threat Management
Certification following independent testing performed by West Coast
Labs. The Integrated Threat Management Checkmark Certification is
granted only to products that have successfully passed and
continuously satisfy the requirements of a combination of Checkmark
certifications that together provide an effective integration of
security technologies in a content security context.

What Im using right now.

Sat, 23 Aug 2008 12:09:19 +0000

BitDefender Internet Security 2008

These are real nasties folks, be afraid, be very afraid

Wed, 04 Jun 2008 19:42:09 +0000

Read the article to see what came in 3rd. Its actually the one Ive seen most talked about in Forums and Blogs.

clipped from www.marketwire.com

BitDefender Lab Reveals Top Three E-Threats in May

The top menace of the month is Trojan.Clicker.CM, a
pop-up-ad-serving trojan distributed via infected websites. In order to
successfully display the pop-ups containing advertisements, the trojan has
the ability to bypass the Norton Internet Security Pop-up Blocker.

In second place is Trojan.Downloader.WMA.Wimad.N. Despite the
complicated-sounding name, this trojan serves a very simple function: to
load another piece of malware. It does so by pretending to be a helper
application that downloads a “codec” playing a “special type” of WMA file.
Once the user is tricked, it downloads and runs Adware.PlayMp3z.A, an
application meant to take personal information from the computer and use it
for marketing or suspicious practices. When executed, the adware displays a
pop-up with an EULA, in an attempt to convince users of its legitimacy.

BitDefender Tops Latest Rootkit Detection Test by AV-Test.org

Tue, 27 May 2008 09:28:30 +0000

MOUNTAIN VIEW, CA–(Marketwire - May 27, 2008) - BitDefender®, an award-winning provider of antivirus software and data security solutions, announced today that BitDefender Internet Security Suite 2008, running on Microsoft Windows XP, received top rootkit detection results in a test conducted by AV-Test.org last month. On Microsoft Windows Vista Ultimate, BitDefender was also one of the top three products.

The tests, running on Microsoft XP Home Edition and Microsoft Vista Ultimate Edition, pitted 60 active malware samples (both rootkits and malware hidden using rootkits) against a selection of antivirus software packages.

While the results of the test showed that detection and removal of running rootkits is a problem for most major antivirus companies, BitDefender Internet Security 2008 managed to remove 23 rootkits and 27 hidden malware programs, a success which BitDefender CTO Bogdan Dumitru partly attributed to the B-HAVE pro-active detection technology developed by BitDefender.

“The results of tests conducted by independent organizations like AV-Test.org, reinforces BitDefender’s success as we strive to improve our proactive detection technologies,” said Bogdan Dumitru, BitDefender’s CTO.

For further details on the results of this test, please visit AV-Test.org (http://www.av-test.org). Details on the company’s testing techniques can also be obtained here.

Jordan the SpywareBiz mascot highly recommends BitDefender for your XP and Vista machines.

Visit SpywareBiz.com to purchase this great product.

Nigerian 419 scam on LinkedIn

Thu, 24 Apr 2008 14:41:39 +0000

Researchers from BitDefender have detected that social networks are the newest medium for Nigerian "4-1-9" scams...In the most recent outbreak of the Nigerian scam -- an advance fee fraud that is estimated to gross hundreds of millions of dollars annually -- the scam letter is sent as a LinkedIn or other social networking sites' invite to join the user's network. A profile page is established with the social networking site, to make the claims in the scam letter appear legitimate. Since the scams are only delivered to the social networking site's user accounts, they completely bypass antispam filters... Read the full article here. Social networking sites have their place and I've seen enough demonstrations of what a powerful tool they can be to have become convinced of their value and potential for being a source of revenue. However, I'll repeat my earlier message that we need to get a good handle on the risks before we jump in for the corporate long haul. The issue of identity on social networking sites is, in my opinion, the one thing that will see them either succeed or fail. If you can't ascertain that the person pertaining to be Ingrid from Stockholm is really Barry from Bath then you can't do business.

Quality and Assurance in Malware Attacks

Wed, 02 Apr 2008 07:49:20 +0000

The rise of multiple antivirus scanners and sandboxes as a web service, did not only increase the productivity level of researchers and utilized the wisdom of crowds concept by sharing the infected samples among all the participants courstesy of the crowds submitting them, it also logically contributed to the use of these freely available services by malware authors themselves. In fact, the low detection rate is often pointed out as the quality of the crypting service by the authors themselves while advertising their malware or crypting services. And when a popular piece of malware known as Shark introduced a built-in VirusTotal submission to verify the low detecting rate of the newly generated server, something really had to change - like it did.

At the beginning of 2008, VirusTotal which is among the most widely known and used such multiple antivirus scanner as a web service, decided to remove the "Do not distribute the sample" option, directly undermining the malware authors' logical option not to share their malware with anti virus vendors, but continue using the service. The multiple antivirus scanner as a web service is such a popular model, that there're several other such services available for free, with many other underground alternatives for internal Q&A purposes. But now that each and every possible service that comes with the malware product is starting to get commercialized, it is logical to question how would quality and assurance obsessed malware authors disintermediate the intermediary to actually break-even out of their investment in a malware campaign? Would they continue porting malware services to the Web, or would they take some of their Q&A activities offline?

In the past, there've been numerous underground initiatives to come up with an offline multiple virus scanners, and here are some examples courtesy of PandaSecurity's Xabier Francisco, and as you can see in the attached screenshot, development in this area is continuing, with the following anti virus scanners included within this all-in-one offline malware scanner :

"A-Squared, AntiVir, Avast; AVG Anti-Virus Free Edition, BitDefender, Clam Win, Dr.Web, eTrust; F-Prot, Kaspersky Antivirus 7, McAfee, Nod32; Norman, Norton, Panda, QuickHeal, Sophos, TrendMicro, VBA32"

Talking about reactive security, the concept of doing this has always been there, and will continue to evolve despite that the most popular online multiple anti virus scanning services started sharing all the infected samples between the anti virus vendors themselves. And now that malware authors are also starting to understand what behavior-based malware detection is, and how a host based firewall can prevent their malware from phoning back home, even though the host is already infected, the success rates of their malware campaigns is prone to improve even before they've launched the campaign.

When malware authors start embracing the OODA loop concept -- Observation, Orientation, Decision, Action -- things can get really ugly. Why haven't they done this yet? They Keep it Simple, and it seems to work just fine in terms of the ROI out of their actions. One thing's for sure - malware will start getting benchmarked against each and every antivirus solution and firewall before the campaign gets launched, in a much more efficient and Q&A structured approach than it is for the time being.

CeBIT 2008: Green Security?

Fri, 14 Mar 2008 06:15:59 +0000

Green IT was the key topic at the 2008 CeBIT, Europe’s biggest IT trade show held annually in Hanover, Germany (http://www.cebit.de). Great! While green giants like IBM and Microsoft, and also some public entities with junglesque floor representations were pushing the environmental aspects of IT mostly in noisy public announcements and glossy press material – taking a closer look at what exactly was featured on the floor displayed a different truth: Underneath the green mantle, most of CeBIT featured high-powered, Watt-hungry, fast pacing computing equipment – often assisted by sports cars, stretch limos, etc. when being presented on the floor. So much for Green IT.

“Security” you might ask? Well, this megalomanical trade show also is host to the embedded “CeBIT Security World” (interestingly enough, this “world-leading security event” (quote!) was in the same hall as the e-learning part of CeBIT…) which featured larger representations from vendors with a significant European presence like: Utimaco Safeware, Kaspersky, BitDefender, Evidian, Aladdin Knowledge Systems, or Avira (Antivir). Security heavy weights like McAfee and Trend Micro were also present. Based on marketing material and vendor speak, key topics were supposedly data leak prevention (DLP) and unified threat management (UTM) appliances! Well, UTMs have been around for a while and were to be found in abundance in Hall Six (the security and e-learning hall). Finding DLP evidence on the floor proved to be more difficult. With the exception of McAfee and Trend Micro, only the German vendor Utimaco (through its OEM deal with Trend) and Kaspersky, daughter InfoWatch, were addressing the problem. InfoWatch took up literally 2x3 meters (Europe, right?) of the huge antivirus threat booth that Kaspersky had rented. Judging from conversations with attendees and journalists, DLP still has a long ways to go on the continent before it reaches similar awareness levels as in the US or the UK (it will be interesting to see if InfoSec in London next month will again lead with the insider threat protection angle…)

Final question: Was there a trace of Green in the security hall? Not really – but I guess you also didn’t expect that, right?

Sunbelt + Dell = Ninja Blade

Tue, 15 Jan 2008 08:14:38 +0000

Sunbelt Software is probably best-known as a pioneering anti-spyware vendor, but they have made network security products for many years as well. Their specialty is products to secure and enhance Microsoft Exchange. I have used their Ninja e-mail security product here on my network for many years. Now they have made Ninja into an appliance product with Ninja Blade, through a partnership with Dell. These 1U rack units have a variety of hardware configurations that Sunbelt rates with user capacity of 500 up to 5000. The low-end unit starts at $1,995. Ninja Blade, like Ninja, uses multiple anti-spam engines to block unwanted e-mail. BitDefender anti-virus scrubs e-mail of malware, and flexible attachment filtering allows administrators to stop or allow files as they see fit. Exchange sites may be able to look at a solution like Ninja Blade as an upgrade to their existing server, if it replaces security software running on that server. Not only will the load be separated from the server system, but the amount of e-mail coming into the Exchange server will decrease by all of the spam and malware blocked by Ninja.

Sunbelt + Dell = Ninja Blade

Tue, 15 Jan 2008 08:14:38 +0000

Storm keeps coming (4th variant)

Thu, 27 Dec 2007 07:43:00 +0000

They just keep coming...this one is very similar to the 3rd variant we reviewed, but some changes are apparent.
1) Hash: 1f362ad74d62262bff6bcb1d078cbf7d
2) Aside from yet again changing the domain and binary, the hidden files written upon execution are as follows:

Helios Rootkit Detector
Scanning File System For Hidden Files

[*] Scanning Drive C
1 C:\WINDOWS\system32\bldy.config Hidden From API
2 C:\WINDOWS\system32\bldy3a80-61.sys Hidden From API
Execute Duration (in seconds)=18

Loaded Drivers:
Driver File Company Name Description
C:\WINDOWS\System32\bldy3a80-61.sys

Kernel31 Api Log
***** Installing Hooks *****
4012d8 CreateFileA(C:\WINDOWS\System32\bldy.config)
40117f CreateFileA(C:\WINDOWS\System32\bldy3a80-61.sys)

DirwatchData
WatchDir Initilized OK
Watching C:\WINDOWS
Created: C:\WINDOWS\system32\bldy.config
Modifed: C:\WINDOWS\system32\bldy.config
Modifed: C:\WINDOWS\system32
Created: C:\WINDOWS\system32\bldy3a80-61.sys
Modifed: C:\WINDOWS\system32\bldy3a80-61.sys

Better AV coverage again:

AntiVir - TR/Crypt.XDR.Gen
Authentium - W32/Dropper.gen6
Avast - Win32:Zhelatin-ASX
AVG - Dropper.Generic.TLX
BitDefender - Trojan.Peed.IRG
ClamAV - Trojan.Peed-66
DrWeb - Trojan.Spambot.2386
Fortinet - W32/Tibs.G@mm
F-Prot - W32/Dropper.gen6
F-Secure - Email-Worm.Win32.Zhelatin.pr
Kaspersky - Email-Worm.Win32.Zhelatin.pr
NOD32v2 - Win32/Nuwar.BA
Panda - Suspicious file
Prevx1 - Stormy:Worm-All Variants
Sophos - Mal/Dorf-H
Symantec - Trojan.Peacomm
VirusBuster - Trojan.DR.Zhelatin.AS
Webwasher-Gateway - Trojan.Crypt.XDR.Gen

Aside from the inherent value of keeping an eye on the ISC Diary, please refer to the US-CERT alert.
They'll keep coming, we'll keep watching.