Major Virus Alert. Other Internet Security Breaches Updated this Week
CyberDefender Corporation, the developer with the Internet’s most advanced early detection and Internet security tools, has identified the Scvhost.exe~u virus as a category 9.9 in their Virus Alert-Internet Security Center. 9.9 rating is considered to be an extremely high risk computer virus.
Typically this extremely high level rating indicates the virus can log user activity and present a high risk of potential system damage or distribution. These types of threats are difficult to contain and often use unauthorized, invisible installation. In addition to logging keyboard activity and taking system snapshots, these high risk viruses may profile users, send confidential user data to remote servers, and have the ability to disable some anti-virus or firewall programs.
Svchost.exe is a valid generic host process name for services that run from dynamic-link libraries. At startup, Svchost.exe checks the services part of the registry to construct a list of services that it must load. Multiple instances of Svchost.exe can run at the same time.
On the other hand, Scvhost.exe is virus or in some Antivirus programs categorized as Adware or Spyware.
The good guy is svchost.exe the scvhost.exe is a bad guy as stated at this link http://www.liutilities.com/products/wintaskspro/processlibrary/scvhost/
Run one of these free online scans:
These take a little while to run but will be worth it. Be sure to set them to auto clean if asked and any files that cannot be cleaned or deleted write them down (full path for example C:\WINDOWS\System32\svhost.exe)
Malicious messages and phishing
source Darya Gudkova: http://www.viruslist.com/en/analysis?pubid=204792038
Malicious files were attached to 1.09% of all email messages, 0.39% more than August’s figure.
Links to phishing sites were present in 0.62% of messages. Several limited attacks by the RockPhish group were detected in September. In most cases about 100-300 fake URLs were used.
The majority of phishing attacks targeted PayPal (36%) and eBay (18%).
Organizations targeted by phishing attacks
Russian phishers continued to attack users of the popular Russian email services Mail.ru and Rambler and the Yandex.Money e-payement system.
Spam by category
Breakdown of spam categories on the Russian internet in September 2008
In September, the top five categories were Adult content spam (28%), Medications, health-related goods and services (19%), Education (12%), Fake designer goods (6%), Travel and tourism (6%)
The Adult content spam category took first place from the Medications, health-related goods and services category, the first time there has been a change at the top since April 2007. The upturn in fortunes of the adult content category and its impressive 9% lead was mostly due to Russian-language spammers advertising pornographic websites. The mailing of pornographic spam has recently become so aggressive that it may account for more than half of all emails sent to the addresses listed in spammers’ databases.
Spam is still being used for negative PR. Earlier, the use of spam as a negative PR tool was limited mainly to election campaigns. Now, however, those initiating such mailings are distributing information designed to discredit certain companies or businessmen, by warning the user of their supposed unreliability. These types of messages started to appear in the middle of the summer and show no sign of letting up. It reminds us once again that by trusting the information contained in unsolicited messages from unknown senders, the recipient is allowing complete strangers to influence his own opinion.
Spammer methods and tricks
Spammers didn’t make any real new technical innovations in September. HTML tags and “invisible” text (white letters on a white background) were used to “hide” adverts from context filters, while the site addresses in messages advertising adult content were “drawn” using various symbols with a certain amount of spaces and paragraphs between them.
Even if spam messages reach users’ mail boxes, in most cases the messages are deleted by the recipients. Spammers, therefore, use social engineering to ensure that recipients notice their emails and believe the message content.
Social engineering is used extensively by spammers when spreading malicious programs. One mass mailing offered users the chance to download a new antivirus solution; the message was allegedly sent to 100 “lucky” addresses which had been chosen at random. The message also recommended that any antivirus protection installed on the user’s machine should be disabled before downloading the new program. When a user tried to download Antivirus Raptor, Trojan-PSW.Win32.LdPinch was downloaded instead.
In another email, supposedly sent by a former student missing his classmates, the recipient was asked to look through the list of graduates attached to the message. Instead of a list of ex-students, however, the attachment contained a malicious program: Trojan-Dropper.MSWord.1Table.gm.
Emails imitating legitimate messages from popular Internet resources became a common feature of spam mailings in September. Russian spammers spreading malicious programs already have experience of sending out emails that appear to be messages from social networks. In September, spammers started sending out emails that imitated messages from non-Russian resources of this type. Recipients were asked to visit the site of a school friend which actually turned out to be the spammer’s webpage.
Personal Firewall: Thing of the Past?
Personal computer firewalls are something that many home users are aware of, but aren’t actually sure if they are installed. Business environments are a bit different when it comes to firewall protection. They want it, they need it, and they pretty much go out of their way to make sure employees know they have it. Since businesses can’t depend on employees to have enough common sense to not download things from people they don’t know (after all, many of us do receive legit work-related emails from names we’ve forgotten or never knew in the first place) or install things they really shouldn’t be installing, firewalls are still necessary.
At home, the story is changing. Many home PC users are now interested in wireless home networks. When you get one of these fine set-ups, you get a wireless router. The wireless router should have options for creating a secure,
password-enabled network so neighbors and kids biking by with their laptops open (ha ha) can’t just log on and steal whatever is exposed, simply because you wanted the convenience of not tripping over wires and cables.
When you properly enable a home router to be secure and inaccessible to those without the secret codes, that router now functions as your personal firewall. Don’t let the fact that your employers don’t trust you convince you that you need to spend yet more money on software that says “firewall”. And when you do get those lovely reminders at work of their firewall, well, grin and bear it. It’s not likely to change anytime soon.
Securing Basics: The Rings
I played with titles for this blog to come up with one that would resemble that of a Japanese horror flick, but this was the best I could do, folks. Kidding aside, protecting your PC from the throes of evil viruses is serious business. But truly, not that scary. Though it seems like it’s been awhile since a computer virus made the nightly news, Americans have been well-indoctrinated into the need to pay big bucks to keep their even-more-expensive computer and gaming systems protected. But what do you really need?
Breaking it down, computer protection and security comes in three rings—the outtie, the middle, the innie (Is it scarier now that I’m using belly button references?). The outer ring consists of your basic firewall and router. The middle ring consists of the typical antivirus software we expect to pay an arm and a leg for (sometimes unnecessarily, but more on that later!). Finally, the inner ring of PC security consists of the software you utilize—including your operating system.
The outer ring is one many home PC users don’t think too much about. Oftentimes the desktop and laptop units they buy come with so much “stuff” already programmed in, they don’t think about checking whether there’s an actual firewall included in that. As for the router, if you’re geeky, you’ve already probably password-enabled the highest level of protection available. You’ve seen the commercials and Dateline specials that show how easy it is to tap into your neighbors’ wireless networks and guess what? You’re not so willing to share that particular cup of sugar, no matter how neighborly you normally are.
The middle ring is the one that seems to get the most commercial and consumer attention—the antivirus programs and software that are available. A PC user need only turn on their system, check the task bar, and see whichever reassuring icon represents their antivirus protection to feel, well… reassured. Many times, this middle ring is the one that comes pre-packaged with a big box system and its highly-visual presence is enough to inspire consumers to look no further at their protection.
The final ring, the inner ring, is the operating system and software you use. Anything that communicates with the internet is both hopefully keeping your system patched and updated and free of incoming viruses, but is also then yet another avenue for the icky bugs to infect your computer. Follow the system prompts when it tells you updates are needed, or regularly check with the manufacturer’s website for updates.
The Rings are nothing to be afraid of or intimidated by. In fact, common sense will take care of the majority of your security problems. So do a quick check to see what you have, be aware but not vigilant, relax, and spend some good quality time watching something truly scary on that monitor of yesteryear—the television set.
1 comment