Avira 资讯（英文 较多）正在整理中！！

mamigo

Avira warns against of a new wave of attacks with infected email invoices.

Tettnang, 30 January 2007 – The old trick now has a system behind it – Avira security experts have detected a pattern to the current attacks with infected email invoices: whereas last week users were taken for a ride with spoofed digital invoices of the Internet provider 1&1, emails with attached malware are currently in circulation that claim to be from the GEZ (TV and radio license fee collection agency).

Common to all emails is that they look deceptively genuine and contain a malicious .exe file attachment. In a second wave, the directly executable .exe-file is packed in an archive, usually in .zip format. This recurring strategy indicates that organized attackers arte behind the attacks. The Avira security experts are therefore warning against this method: the Internet fraudsters are misusing the familiarity of certain companies who may send invoices by email and are sending several versions of the infected emails within a few days. Other current tricks are alleged invoices from Neckermann, returned debits at eBay, orders from Sunrise or credit card debits by Dell via PayPal. Avira advises users to carefully check attachments for the extensions .exe and .zip and not to click on executable program files in connection with online invoices. Files from uncertain sources should never be opened. It is also important to update anti-virus software regularly.

Even if the name of the company changes, the principle always remains the same: if users click on the alleged invoice in the attachment, they do not open an official document but instead activate malware. This is frequently a Trojan that spies on personal data of the unwitting user or opens backdoors in the system for further criminal activities. The user does not usually notice the machinations of the malware on the computer.

“Although the method is actually old hat, unfortunately it still works well”, says Tjark Auerbach, the founder and CEO of Avira. “To avoid mountains of paper, many users have switched from sending their invoices by regular mail to digital invoices. Therefore they also react to the names of the companies and are not suspicious of the invoices. A further aspect is that most users through common sense when an alleged invoice for a three-figure sum lands in their mailbox. They don’t stop to think but immediately open the attachment – and the computer is already infected”.

Those using up-to-date virus protection such as Avira AntiVir is ideally protected, as the heuristic of the software also detects unknown malware. A comprehensive program such as Avira AntiVir Premium is recommended, which also detects spyware and adware. A free basic protection program, the Avira AntiVir PersonalEdition Classic, can be downloaded from: www.free-av.com.

About Avira

Avira is a worldwide leading supplier of self-developed security solutions for professional and private use. With more than twenty years of experience, the company is one of the pioneers in this field.

The security expert has several locations in Germany and partnerships in Europe, Asia and America. At its headquarters in Tettnang near Lake Constance, Avira is one of the region’s largest employers with more than 180 employees. Worldwide more than 250 persons are employed and their work regularly wins awards. Avira AntiVir Personal, used by millions of private users, represents a significant contribution to security.

Avira’s national and international customers include renowned corporations listed on the stock exchange but also educational institutions and public authorities. In addition to protection of the virtual environment, Avira also provides for more protection and security in the real world by supporting the Auerbach Foundation. Established by the founder of the company, the Auerbach Foundation promotes charitable and social projects as well as the arts, culture and science.

Company Contact:

Avira GmbH
Adela Kohl
Lindauer Str. 21
D-88069 Tettnang
Telefon: 49 (0) 7542-500 0
Telefax: 49 (0) 7542-525 10
Email: press@avira.com

Press Contact:

Jacklin Montag
LEWIS Global PR
Baierbrunner Strasse 15
D-81379 München
Tel.: 49 (0) 89-17 30 19 19
Telefax: 49 (0) 89 1730 19 99
Email: avira@lewispr.com

mamigo

Tettnang, 8 February 2007– May we introduce you to: TR/Dldr.iBill.M. A new version of the “Storm-Worm” has been circulating since yesterday. The Trojan is contained in the attachment “Postcard.exe”. However, the malware is only activated when the email recipient opens this attachment. The Trojan has rootkit functions that make it difficult to find and eliminate.

Computers Avira AntiVir have no problems with the wrongdoer: the anti-virus software detected the malware in advance as “TR/Crypt.ULMP.Gen” and with the current VDF as “TR/Dldr.iBill.M”.

mamigo

New Year … new threats … old tricks

Tettnang, 12 February 2007– Avira reveals today the monthly malware ranking counting down the worst threats discovered in January. Only the first month in 2007 and we already were confronted with a dangerous virus attack.

The large media cover about the terrible hurricane - Kyrill - which produced a lot of damages in the northern Europe, was a real inspiration for the hackers. On January 23rd Avira specialists noticed the e-mail spreading of messages that pretended to contain sensational news about Kyrill hurricane. The authors of this message were clearly taking advantage of social engineering, using news of the European storm to make people to open the infected attachments. The fake emails contained a Trojan, the so-called "storm worm", which turns to action when the attachment is opened.

The trick became a custom for the virus writers: in order to deceive people it's enough to create emails to look deceptively genuine and contain a malicious .exe file attachment or an executable .exe-file packed in an archive, usually in .zip format and to give them attention-grabbing subjects. Despite years of warning, computer users are still deceived by these scams. Besides the "storm worm" attack Avira virus analysts detected two other threats that also used social engineering: the false 1&1 and GEZ invoices.

The emails detected on January 8th that seemed to come from 1&1 had the subject "Invoice from 26.12.2006" (Rechnung vom 26.12.2006) and a viral code hidden in the attached file "Rechnung.pdf.exe". Avira AntiVir has proactively detected the malware as HEUR/Crypted and the current VDF classified it as "TR/Dldr.iBill.A". After a week, the same trick but a different subject: emails with false GEZ (Central radio and television toll collecting agency) invoices were seeded. Like the other threat, the false invoice demands payment of a three-digit amount. Also this time AntiVir has proactively detected the Trojan as HEUR/Malware and the current VDF classified it as "TR/Dldr.iBill.C". These malicious schemes were almost certainly generated by the same malware author who made use of people's curiosity or greed. And the wave of fake invoices continued to spread. The false 1&1 and GEZ invoices came back on email on January 23rd. They had attached new versions of the Trojan "TR/Dldr.iBill".

Other recent tricks are so-called invoices from Neckermann, returned debits at eBay, orders from Sunrise or credit card debits by Dell via PayPal. Avira advises users to carefully check attachments for the extensions .exe and .zip and not to click on executable program files in connection with online invoices. Files from uncertain sources should never be opened.

But there is no surprise that old tricks are still the most dangerous ones. Look for example at the never-dying - Netsky.P - which is not only still spreading, but continues to infect so many computers that is the number one threat with 23.4 % of all malicious programs discovered in January. Due to the fact that Windows XP systems get the removal tool delivered by Microsoft during the update process we assume that the   majority are older Windows operating systems without AV protection. Maybe the launch of Vista at the end of January will show a decrease of Netsky.P over the next months.  

And besides Netsky we have the Mytobs, other old timers which still cause damages to computer systems. After Mytobs variants disappeared completely from the November Virus Top 10, now we can observe that they represented the most prevalent malware family in January 2007, with five members in the virus chart. The reason is probably the disappearing of the Stration versions, as we predicted in November.

One year after it was discovered, on the 19th January 2006, the worm KillAV.GR reappeared in our Virus Top 10. As its name clearly states, this viral infection disable security applications and uses its own email engine for spreading. Also Worm/Mytob.MR was discovered in January 2006. Malicious anniversary or simple coincidence?

According to our specific statistic dates, spam emails represented 82.51 % of all email submissions detected on our trap system in January 2007. And the worst is yet to come, as Avira experts anticipate that the percentage of spam emails will continue to rise in 2007. Lately spammers developed new techniques in order to make it hard to analyze spam by spamfilters, like random colored shapes as background and text written in waves.

Only 5.10 % of malicious samples detected during January have been classified as viruses and 12.40 % were phishing attacks.

Here is a shot of our January Virus Top 10:                                                                                       
For technical information on any of these worms, please see the detailed descriptions on the Avira website. Also, please keep in mind that all Avira users are perfectly protected against these threats.

Make sure you update your Avira product on a regular basis in order to detect the latest threats.
Worm/NetSky.P        23.4 %
TR/Dldr.Stration.Gen        22.1 %
TR/Bagle.GD        9.6 %
Worm/Mytob.MR        3.8 %
Worm/Womble.D        3.6 %
Worm/Mytob.HA        3.5 %
Worm/Mytob.AT        2.3 %
Worm/Mytob.J        1.2 %
Worm/KillAV.GR        1.2 %
Worm/Mytob.T.6          1.2 %
Others        29.3 %

As for the monthly analyze of phishing scams, we find little changes in the phishing ranking in January.
                                                                                             
For more information on how to recognize a phishing fraud, take your time to read our dedicated page.

PayPal        27.78 %
Ebay        18.77 %
Bank of America        11.58 %
Volksbank        10.58 %
Chase Bank          9.24 %
New phishing-emails          0.12 %
Others        22.46 %

New targets of phishing emails that have never seen before were discovered in January: Australian and New Zealand Banking Group and Catoosa Teachers Federal Credit Union.

Avira strongly recommends all users to be careful with suspicious emails and unexpected attachments, no matter what interesting subjects they might claim to be carrying and to update their security product on a regular basis.

For more information on how to recognize a phishing fraud, take your time to read our dedicated page:
http://www.avira.com/en/threats/what_is_phishing.html

Remember that we are here to assist you against the malware threat. Get rid of your doubts when facing a suspect file: just send it to virus@avira.com and we will analyze it for you. Take a moment to see how to submit malware and then follow our instructions to send the suspicious file:http://www.avira.com/en/support/submit_suspicious_files.html

mamigo

Avira SmallBusiness Suite protects Microsoft SBS Server

Tettnang, 27 February 2007 – In time for the CeBIT fair, the German IT security provider Avira presents its tailor-made security solution for small and medium-sized businesses: the new Avira SmallBusiness Suite complies with the security requirements of professional IT environments of between 5 and 75 users and is primarily intended for companies who use the Microsoft SBS Server. The complete solution for Windows and Linux systems is now available from EUR 365 (plus sales tax) for five users and a license period of 1 year from Avira and its certified partners. The security package will be presented for the first time live at the CeBIT fair on the Avira stand in hall 7, B14.

In order to consistently implement and support IT security, particularly businesses with only little data processing capacity benefit Avira solution. With the SmallBusiness Suite, the software producer from Tettnang has developed an integrated complete solution that is fully oriented to the security and administration requirements of SMBs. With the Avira Security Management Center (SMC), the solution can be quickly and easily managed. It reliably protects workstations, file servers and Internet or mail gateways against viruses, worms, Trojans and other known malware types.

The SMC forms the core of the SmallBusiness Suite, which can be installed without the aid of specialist personnel. The IT landscape to be protected is centrally configured via the Avira SmallBusiness configuration assistant. This ensures that the programs and components are automatically installed on the target computers. Day-to-day administration, updating and monitoring is carried out by the SMC.

“Experience has shown that small businesses have a growing infrastructure, so that it is easy to lose track of the status of the software used”, says Tjark Auerbach, the founder and CEO of Avira. “Our new Suite relieves the burden on those responsible and handles the organisational tasks fully automatically. Time-consuming work and laborious installation of different license files is therefore unnecessary. User administration with assignment of passwords and general rights and subsequent addition or removal of individual computers or product installations is absolute child’s play”.

The Avira SmallBusiness Suite can also be relied on in day-to-day operation The software permanently checks the product and module status, so that any irregularities such as failed updates or inactive modules are reported immediately. The main gateway for malware is also almost hermetically sealed. Incoming and outgoing email traffic is continually monitored by the Avira SmallBusiness Suite. Further functions such as adware and spyware detection and the innovative heuristic detection of unknown malware ideally round off the protection package for small and medium-sized businesses.

The Avira SmallBusiness Suite consists of the modules:
Avira Security Management Center
Avira SmallBusiness Suite Configuration Assistant
Avira AntiVir Workstation (Windows)
Avira AntiVir Server (Windows)
Avira AntiVir UNIX MailGate
Avira AntiVir UNIX WebGate
Avira AntiVir Exchange plus Avira AntiSpam (Windows)
Avira Internet Update Manager

The license for the product includes all program components and also reliably protects a heterogeneous infrastructure. Via the SMC, which is installed on a Windows computer, all other PCs can be managed – regardless of whether they run on Linux or Windows. The Avira SmallBusiness Suite can be used on Windows 2000/Server, Windows XP Professional/x64 Edition, Windows 2003 Server/x64 Edition, Windows Vista and Windows Small Business Server. The workstation version can be run on Vista/XP x64 from April 10 with a free update via the SMC. In addition, free installation support from Avira security experts is available during the first 30 days.

Information for the press:
Avira is holding a press conference at the CeBIT fair on 16 March from 1 p.m. to 2 p.m. in CC room 108/109. In addition to current security trends and other new products, the Avira SmallBusiness Suite will also be demonstrated.

About Avira

Avira is a worldwide leading supplier of self-developed security solutions for professional and private use. With more than twenty years of experience, the company is one of the pioneers in this field.

The security expert has several locations in Germany and partnerships in Europe, Asia and America. At its headquarters in Tettnang near Lake Constance, Avira is one of the region’s largest employers with more than 180 employees. Worldwide more than 250 persons are employed and their work regularly wins awards. Avira AntiVir Personal, used by millions of private users, represents a significant contribution to security.

Avira’s national and international customers include renowned corporations listed on the stock exchange but also educational institutions and public authorities. In addition to protection of the virtual environment, Avira also provides for more protection and security in the real world by supporting the Auerbach Foundation. Established by the founder of the company, the Auerbach Foundation promotes charitable and social projects as well as the arts, culture and science.

Contact:

Adela Kohl
Avira GmbH
Lindauer Str. 21
D-88069 Tettnang
Germany
Telephone: +49 (0) 7542-500 284
Fax: +49 (0) 7542-525 10
Email: presse@avira.de

Contact for the press:

Jacklin Montag/Elisabeth Rothbart
Lewis Global PR
Baierbrunner Str. 15
D-81379 München
Germany
Telephone: +49 (0) 89 1730 19 19
Fax: +49 (0) 89 1730 19 99
Email: avira@lewispr.com

mamigo

Tettnang, 1 March 2007–Every six months: Avira has successfully defended its leading position in the AV-Comparatives Test, a renowned project for testing anti-virus software.

In the most recent test, 13 virus scanners of well-known producers were closely examined with regard to their detection rate in manual scans (on-demand). One of these was the Avira AntiVir PersonalEdition Premium, Version 7.03.01.34.

Over a million types of malware, including around 500,000 viruses, worms, Trojans, backdoors and over 220,000 dialers were let loose on the test candidates. Avira AntiVir impressed the testers with its detection rate of 98.85% and thus again took first place in the comparison of single scan engine products.

The AntiVir scan engine also achieved top grades in the detection of dialers, beating all single scan engine products tested to first place overall. Above all, the lead of Avira technology is achieved by Avira’s own innovative AHeAD technology (Advanced Heuristic Analysis and Detection).

mamigo

Tettnang, 7 March 2007 – A new wave of Trojans is currently in the Net with fake invoices to apply for a membership in the partner search platform single.de as well as the online shop of the catalog company Quelle.

If you open what seems to be a PDF file (pdf.exe), which is attached to the email, the Trojan will install malware on the computer. AntiVir can detect those two new Trojans as "TR/Dldr.iBill.Z" and "TR/Dldr.iBill.AA" with the current anti-virus update

mamigo

Real-time gateway protection with virus scanner and check sum analysis
   
Tettnang, 6 March 2007 – Avira is expanding its portfolio for Linux-based environments with another security solution: the Avira AntiVir MailGate Suite for Unix provides fully comprehensive protection against spam mails in addition to the classic detection of viruses and malware. The software scans the incoming and outgoing SMTP data traffic, including attachments, in real time and intercepts infected messages on the server. Additional security is provided by outbreak detection – a new security function which detects unknown digital malware at an early stage. Compared to purely signature-based virus and malware detection, businesses can thus gain a time advantage of up to 12 hours to defend themselves against attacks.

The electronic mail traffic on UNIX also represents a permanent source of danger: firstly, spam messages push up operating costs due to the load on network connections and memory as well as lost working time, and secondly they frequently serve as a means of transport for infected attachments that force their way into the company in this way and can also cause damage. The Avira AntiVir MailGate Suite effectively puts a stop to both sources of danger with the new anti-spam functionality.

The integrated anti-spam technology of the software for UNIX platforms is based on a new method and achieves a detection rate of over 98 per cent. Unwanted messages are now reliably put out of circulation based on their propagation features and not as up to now on an analysis of their contents. The software uses checksum algorithms that compare emails and their attachments with each other and classify them. With these checksums it can be clearly determined whether a message or an attachment has been sent en masse. Using so-called blacklists and whitelists, businesses can also individually control their digital communication: certain email addresses can therefore be put on a blacklist and are never let through. Conversely, contact addresses can be placed on the list of wanted mails. Messages from these senders are automatically classified as trustworthy and are excepted from scanning, so that they reach the recipients more quickly.

“Today it is efficient business communication practically impossible without trouble-free mail traffic”, explains Tjark Auerbach, founder and CEO of Avira. “This is exactly where the Avira AntiVir MailGate Suite comes in: it optimizes the data traffic in advance so that users can concentrate on the essentials, namely on their relevant and wanted emails.”

The Avira malware research center ensures fast reactions to new definitions. As the virus definitions, search algorithms and repair functions are automatically updated, users are guaranteed a consistently high level of security without system crashes. The Avira AntiVir MailGate Suite can be managed by a user-friendly graphical user interface or via the AntiVir Security Management Center.

Avira is premiering the Avira AntiVir MailGate Suite at the CeBIT in hall 7, stand B14. The Suite will then be available from Avira and certified partners from 10 April. The solution can be ordered individually according to the number of users in the company with the flexible Avira license models. The basic package consists of ten user licenses and is available from a net price of EUR 568.80 Euro. All updates and upgrades are included in the price during the license period. In addition, free installation support from Avira security experts is available for the first 30 days. A test key can also be requested for this period. More: http://www.avira.com/de/downloads/avira_mailgate_suite.html

Information for the press:
Avira is holding a press conference at the CeBIT fair on 16 March from 1 p.m. to 2 p.m. in CC room 108/109. In addition to current security trends and other new products, the Avira AntiVir MailGate Suite will also be demonstrated.


About Avira

Avira is a worldwide leading supplier of self-developed security solutions for professional and private use. With more than twenty years of experience, the company is one of the pioneers in this field.

The security expert has several locations in Germany and partnerships in Europe, Asia and America. At its headquarters in Tettnang near Lake Constance, Avira is one of the region’s largest employers with more than 180 employees. Worldwide more than 250 persons are employed and their work regularly wins awards. Avira AntiVir
Personal, used by millions of private users, represents a significant contribution to security.

Avira’s national and international customers include renowned corporations listed on the stock exchange but also educational institutions and public authorities. In addition to protection of the virtual environment, Avira also provides for more protection and security in the real world by supporting the Auerbach Foundation. Established
by the founder of the company, the Auerbach Foundation promotes charitable and social projects as well as the arts, culture and science.


Contact:

Adela Kohl
Avira GmbH
Lindauer Str. 21
D-88069 Tettnang
Germany
Telephone: +49 (0) 7542-500 284
Fax: +49 (0) 7542-525 10
Email: presse@avira.de


Contact for the press:

Jacklin Montag/Elisabeth Rothbart
Lewis Global PR
Baierbrunner Str. 15
D-81379 München
Germany
Telephone: +49 (0) 89 1730 19 19
Fax: +49 (0) 89 1730 19 99
Email: avira@lewispr.com

mamigo

A quiet period on the malware front

Tettnang, 26 March 2007 - Avira, one of the leading providers of IT-security software solutions, presents today a malware report including the top ten viruses and phishing attacks as they were discovered by our virus researchers during the month of February 2007.

At a first glance it may seem that the February Top 10 Viruses is identical to the previous one. It seems like the virus writers began their spring break: the same viruses have been in the top ten charts for at least two months.

February was a surprisingly quiet period, as the malware ranking shows an interesting situation: the first four places remained the same as the last month. Overall, the changes to the top ten are more or less symbolic. Some viruses had moved up or down a couple of places and the Worm/KillAV.GR disappeared and it was replaced by Netsky.D.Dam.

In comparison to January, when the difference between the first two positions (Netsy.P - 23.4 % and TR/Dldr.Stration.Gen - 22.1 %) was almost insignificant - 1.3 %, the only notable thing in February is the fact that now TR/Dldr.Stration.Gen dropped 12.2 % and made NetSky.P to move forward with force. The distance between the pole position and the rest of the Top Ten is now 17.1 %.

TR/Dldr.Stration.Gen, which was almost on a level with Netsky.P in January and together with its siblings made up more than half of all viruses registered in the Top Ten of November, it is now a shooting star. It will probably continue to drop and even disappear completely like Sober.Y did exactly one year ago.

Also this month the malware front was dominated by the same old and still dangerous worms. The Mytobs represent again the most prevalent malware family of our February Virus Top 10.

On 1st of February the Avira virus researchers warned computer users that were circulating on the Internet some fake BKA emails. Pretending to be sent by the Federal Criminal Investigation Agency (BKA) which informs the receiver about a preliminary investigation, the alleged emails contained a Trojan in the fake report attached.  Avira detected the malware in advance as HEUR/Crypted and as TR/Dldr.iBill.I and protected its users of being infected.

Last month we were talking about the Storm Worm. This month we detected a new version of it: TR/Dldr.iBill.M. The Trojan is contained in the attachment “Postcard.exe”. However, the malware is only activated when the email recipient opens this attachment. The Trojan has rootkit functions that make it difficult to find and eliminate. But also this time the Avira AntiVir computers were protected.

Another threat discovered this month was the Trojan called TR/Dldr.iBill.T which claimed to be an invoice from IKEA.

Due to the fact that these emails, distribution channels and also the malware sample itself are very similar we suspect that the author is the same for all these versions. It seemed to be effective to search for popular targets and send malicious files in their names.

February's top ten is dominated by old viruses but in contrast to the drop in new viruses, the overall level of malware continues to rise. The spam emails are now the more favored methods of attack for cyber criminals. 85.08 % of all samples detected by our trap system in February 2007 were classified as spam emails while only 3.97 % were viruses and 10.95 % were represented by phishing attacks.

Here is a shot of our February Virus Top 10:

Worm/NetSky.P        27.0 %
TR/Dldr.Stration.Gen        9.9 %
TR/Bagle.GD        9.3 %
Worm/Mytob.MR        4.4 %
Worm/Mytob.HA        4.3 %
Worm/Mytob.AT        2.5 %
Worm/Womble.D        2.2  %
Worm/Mytob.T.6        1.6 %
Worm/Mytob.J        1.5 %
Worm/Netsky.D.Dam        1.4 %
Others        37.3 %
For technical information on any of these worms, please see the detailed descriptions on the Avira website. Also, please keep in mind that all Avira users are perfectly protected against these threats.

Make sure you update your Avira product on a regular basis in order to detect the latest threats.

The second part of our monthly malware report, the phishing chart for February, is like the Virus Top 10 almost the same as it was in the last months. The phishing hierarchy has a newcomer: Postbank with 7 % of all phishing attacks.

PayPal        30.23 %
Ebay        16.36 %
Postbank        7.88 %
Bank of America        7.65 %
Volksbank        7.27 %
New phishing-emails        0.50 %
Others        30.12 %
For more information on how to recognize a phishing fraud, take your time to read our dedicated page










The new targets of phishing attacks identified this month were: Bank of Dwight, Nevada State Bank, BB&T, Co-op Services Credit Union, M&T Bank, West Suburban Bank, California Bank & Trust, FirstBank and Tyndall Federal Credit Union.

Avira strongly recommends all users to be careful with suspicious emails and unexpected attachments, no matter what interesting subjects they might claim to be carrying and to update their security product on a regular basis.

For more information on how to recognize a phishing fraud, take your time to read our dedicated page:
http://www.avira.com/en/threats/what_is_phishing.html

Remember that we are here to assist you against the malware threat. Get rid of your doubts when facing a suspect file: just send it to virus@avira.com and we will analyze it for you. Take a moment to see how to submit malware and then follow our instructions to send the suspicious file:
http://www.avira.com/en/support/submit_suspicious_files.html

mamigo

Exploit for "Zero-Day" Vulnerability Detected

Tettnang, 31 March 2007 - Avira warns about the spreading of modified .ani files. These files started to circulate yesterday and exploit a vulnerability in "Windows Animated Cursor Handling". Microsoft has published an Advisory, but no patch is available yet.
Apart from Microsoft Windows XP SP 2, the new operating system Windows Vista is also affected. The danger consists in the fact that the vulnerability is exploited in the background, without the user's knowledge. It usually downloads further malware from the Internet, in order to gain control on the computer.
On Thursday, March 29th, the first attempt for proof of concept was spotted. The next day, Avira Lab has obtained the first URLs hosting the modified .ani files. Up to this moment, more than 44 different files were detected on over a dozen servers.
The exploit code reminds us of an old vulnerability from January 2005: MSO05-002. The updated engine version 7.03.01.47 detects as EXP/MS05-002.Ani.A the .ani files containing the new exploit code.
The possible ways of infection are modified websites or emails. Avira recommends that you temporarily deactivate the preview of emails in HTML mode. Additionally, we advise administrators to block the following domains, because they were identified as hosting one or more modified files:
h t t p://1.520sb.cn
h t t p://220.71.76.189
h t t p://222.73.220.45
h t t p://55880.cn
h t t p://81.177.26.26
h t t p://85.255.113.4
h t t p://a.2007ip.com
h t t p://bc0.cn
h t t p://count12.51yes.com
h t t p://count3.51yes.com
h t t p://d.77276.com
h t t p://fdghewrtewrtyrew.biz
h t t p://i5460.net
h t t p://jdnx.movie721.cn
h t t p://macr.microfsot.com
h t t p://newasp.com.cn
h t t p://ppp.aaa.jtdns.com
h t t p://s103.cnzz.com
h t t p://s113.cnzz.com
h t t p://stattrader.biz
h t t p://ttr.vod3369.cn
h t t p://uniq-soft.com
h t t p://web73304914.web.128web.com
h t t p://wsfgfdgrtyhgfd.net
h t t p://www.04080.com
h t t p://www.33577.cn
h t t p://www.h3210.com
h t t p://www.hackings.cn
h t t p://www.i5460.net
h t t p://www.jonnyasp.com
h t t p://www.khgames.co.kr
h t t p://www.koreacms.co.kr
h t t p://www.macrcmedia.com
h t t p://www.macrcmedia.net
h t t p://www.ncph.net
h t t p://www.xxx.cn
h t t p://ym52099.512j.com

h t t p://61.153.247.75
h t t p://61.153.247.76
h t t p://e.attrezzi.biz
h t t p://pc.uz3z.com

h t t p://if.iloveck.comPlease note that the blank spaces were inserted for security reasons.

mamigo

Avira presents technology for the detection and removal of rootkits
   
Tettnang, 28. March 2007 - Rootkits work in a similar way to Trojans and usually contain software to capture data from terminals, network connections and keyboards. The new Avira technology for the detection and removal of rootkits is able to detect, display and remove the hidden malware programs in a PC system. With the release change in April 2007, the Avira AntiVir PersonalEdition products Classic and Premium, the Avira Premium Security Suite and the Avira Windows Workstation will be available with this rootkit detection and removal.

If a rootkit penetrates a computer system, it knows how to cleverly hide itself by frequently disguising itself as resources such as registry entries, files or processes. This is an ideal way of concealing the presence of an attacker on the infected computer optimal and the hacker can access the system at any time. Such actions are often carried out without the user noticing – even if up-to-date virus protection is installed on the PC. The problem is that conventional virus and malware detection programs cannot detect rootkits. For this reason, malware writers are increasingly relying on this method to achieve their criminal aims. Avira is taking action against the spread of this malware by integrating the rootkit technology into the complete product range.

“Especially because rootkits implant themselves so inconspicuously in systems and usually remain undetected, they are a danger to be taken very seriously. There are very real threats for infected computers”, explains Tjark Auerbach, the founder and CEO of Avira. “By monitoring the keyboard, it is very easy to spy out all passwords. It is also conceivable that computers are misused for spam attacks or denial of service attacks. To prevent such scenarios, comprehensive virus protection should also be able to detect, analyze and where necessary remove hidden files, processes and registry entries.”

About Avira

Avira is a worldwide leading supplier of self-developed security solutionsfor professional and private use. With more than twenty years of experience, the company is one of the pioneers in this field.

The security expert has several locations in Germany and partnerships in Europe, Asia and America. At its headquarters in Tettnang near Lake Constance, Avira is one of the region’s largest employerswith more than 180 employees. Worldwide more than 250 persons are employed and their work regularly wins
awards. Avira AntiVir Personal, used by millions of private users, represents a significant contribution to security.

Avira’s national and international customers include renowned corporations listed on the stock exchange but also educational institutions and public authorities. In addition to protection of the virtual environment, Avira also provides for more protection and security in the real world by supporting the Auerbach Foundation. Established by the founder of the company, the Auerbach Foundation promotes charitable and social projects as well as the arts, culture and science.

Contact:

Adela Kohl
Avira GmbH
Lindauer Str. 21
D-88069 Tettnang
Germany
Telephone: +49 (0) 7542-500 284
Fax: +49 (0) 7542-525 10
Email: presse@avira.de


Contact for the press:

Jacklin Montag/Elisabeth Rothbart
Lewis Global PR
Baierbrunner Str. 15
D-81379 München
Germany
Telephone: +49 (0) 89 1730 19 19
Fax: +49 (0) 89 1730 19 99
Email: avira@lewispr.com