Also there is a new Trojan dropper malware out there using PDF's and fake ( your Email settings have changed language) to get people to download or view a doc1.pdf file accordingly, which has a nasty payload.
The writeup was posted at Secureworks earlier yesterday, tried posting it to the list multiple times and everyones forefront email clients are beating me over the head saying I am sending them a Trojan dropper email, ohh well so much for trying to get the word out :) Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 [email protected] -----Original Message----- From: Mayo, Bill [mailto:[email protected]] Sent: Wednesday, April 28, 2010 4:33 PM To: NT System Admin Issues Subject: RE: WTF? Fake AV Not sure what point you are disputing but 115 (total) versus 70,000 per day (your numbers from earlier today) is kind of lopsided. I'm not saying that 115 isn't enough to worry about, but if 115 in 8 years is "growing fast", what in the world do you call 70,000 per day?!?! -----Original Message----- From: Stu Sjouwerman [mailto:[email protected]] Sent: Wednesday, April 28, 2010 4:17 PM To: NT System Admin Issues Subject: RE: WTF? Fake AV Erm, There are 115 known strains (and growing fast) of malware for the Mac. That's why we are releasing a VIPRE client for the Mac in Q2. They have sold enough machines to make it attractive for cyber crime to go after. All security models will break as per the principle of the 'bigger hammer'. Warm regards, Stu Sjouwerman Co-Founder, Publisher, Sunbelt Media P: +1-727-562-0101 ext 218 F: +1-727-562-5199 [email protected] -----Original Message----- From: Steven M. Caesare [mailto:[email protected]] Sent: Wednesday, April 28, 2010 4:10 PM To: NT System Admin Issues Subject: RE: WTF? Fake AV And you are making the (rather dramatic, IMO) over generalization that Microsoft simply tells app vendors what to do and expects them to move at the drop of a hat. The reality is that MS has typically bent over backwards to ensure backwards compatibility (to a fault you may argue) for applications wherever possible. That has been one of the tenets of their OS design since Windows had DOS boxes. They have compatibility flags within the OS to special case specific apps and installers. They has wow32 and wow64. They did FX!32 on Alpha. They've supported old versions of API's along with new versions. They allow unsigned hardware even though the new model requires signed hardware. Etc, etc... Heck, up until Vista you could still run something from 20 yr old DOS.. Now would they LIKE apps vendors to comply with new direction day1? Yes. Do they all? No. So there is much notification, suggestion, development guidelines, DevCons, etc... to shepherd app vendors the right direction. Your "MS simply flips a switch and expects devs to comply" sentiment is an inaccurate oversimplification. -sc > -----Original Message----- > From: Ben Scott [mailto:[email protected]] > Sent: Wednesday, April 28, 2010 3:57 PM > To: NT System Admin Issues > Subject: Re: WTF? Fake AV > > On Wed, Apr 28, 2010 at 12:53 PM, Steven M. Caesare > <[email protected]> wrote: > > A) hardware driver models are a somewhat different beast, and that's > > held true for many a platform, and isn't really germane to what we are > > discussing here. > > The only point I was making (and the one you're determined to ignore, it > appears): Microsoft routinely throws their weight around to tell the rest of > the industry to change to Microsoft's new way of doing things. Microsoft > elected not to do that with security. > > The question was asked (paraphrased): "Why did it take Microsoft so long to > do anything about security?" I answered that question. No less, no more. > You're the one who keeps trying to drag the question off into the weeds. > > Of course, an equally valid question would be, "Why did it take Apple so > long to do anything about security?" But that wasn't the question I was > addressing. > > > Using AV infection #'s to compare those things and draw the conclusion > > he did is no accurate, IMO. > > That I would agree with. > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
