NEWS

HAURI News

[PC Magazine] Gaobot's Many Unwelcome Faces---PC Magazine
06/01/04
The big news this week is the proof of concept 64 bit Rugrat virus. Tagged by Symantec as W64/Rugrat3344 and W64/Rugrat by McAfee, the Windows 64 bit virus infects all files in the folder and any subfolders in which it executes. It uses Thread Local Storage (TLS) for executing its code. Simply speaking, this is an area of memory that is allocated separate from other types of memory, and is unusual for normal programs to use it for execution. The virus is written in 64 bit assembly language, and does not infect 32 bit (Windows NT/2000/XP) executables, but can run on a 32 bit machine running a 64bit emulator. Needless to say, the news is that it's new, and not that it is a general threat.

The last few weeks have been thankfully quiet in terms of new, large scale outbreaks. We can't afford to let our guard down, as we saw this past January when things were slow until we got hit with the MyDoom worm. As mentioned last week, we've seen several new worms exploiting the MS04-011 exploit, but it appears that most people have gotten the message on updating. As Larry Seltzer notes in his eWeek column, now is a good time to take stock of your security situation and beef up your defenses. It is much easier to avoid getting a worm than to remove it. The ol' Ben Franklin ounce of prevention saw is especially true here.


This week's top threat is another not so prolific, but dangerous worm, Gaobot.alw. This worm uses multiple Microsoft vulnerabilities and weak passwords on networks to spread. It has a moderate potential to spread but luckily it hasn't gotten too far yet. We show you some of its tricks in this week's top threat section.

This past week was the CeBit America trade show. While the show centered on Customer Resource Management (CRM), there were still a few interesting security products being shown. One really interesting idea we saw was Global Hauri's Live Suite security tool. Targeted at large retailers and financial institutions, Live Suite is an online component that will check a customer's machine for security risks. The web based tool scans a client's computer for threats such as viruses, trojansTrojans, spyware or phishing code. The tool can also be used by corporations for remote knowledge workers to minimize security problems, such as when using a VPN or web-based e-mail. Live Suite requires only that a user okay the download of a small agent, and the rest is automatic. The user is warned on any threats, and can optionally clean the client's machine before allowing the transaction. With upcoming legislation holding retailers and companies responsible for security and identity breaches, this type of solution will become very attractive.

Spam is the number one problem on the web today, bringing with it privacy, security and sanity risks. Spam prevention and virus prevention are strongly linked. The current e-mail borne viruses that spoof addresses use the same techniques that spammers use, so preventing one can prevent the other. We spoke with David Radin, co-founder of SpamSlicer, about his company's solution to not only curb spam, but track who's giving/selling your name. The service works by appending a virtual ID to your e-mail address. You can create unique IDs for things you sign up for, such as johndoe.MoneyNewsletter@spamslicer.com. SpamSlicer filters out non-tagged email, and passes along ones that are. This blocks a lot of spam and lets you know if the GamblingNewsletter got your name from the MoneyNewsletter. While we haven't had a chance to do any hands-on testing, we will be trying out SpamSlicer soon.

An interesting product we saw to keep spyware and Trojans in check was Spy Sweeper 3.0 ($29.95 yr) from Webroot software. Spy Sweeper offers both scanning with a library of over 23,000 spyware signatures, as well as an active set of shields to prevent browser hijacks, additions to their IE favorites, and Host file hijacks (used to re-route things like search engines). A free spyware audit is available on their site, which can help find spyware, adware and Trojan threats. Unfortunately, this install-less scanner doesn't actually remove the threats, but you can download a trial version of the product to do a cleanup.

ttp://www.pcmag.com/article2/0,1759,1604724,00.asp
List