Wednesday, September 26, 2012

PHPMyAdmin Distributed By One Mirror Site With A Backdoor Installed

To any web developer who recently set up a new server or upgraded phpMyAdmin on an existing server:

If you downloaded  from SourceForge between Sept 22, 2012 and Sept 25, 2012 you should disable it on any serrver running it and re-download it. One official mirror site based in Korea served a copy of this file that had been tampered with and had a backdoor installed.

Read more here:

Thursday, September 20, 2012

Sophos False Positive for Shh/Updater-B

I have been talking about Sophos a lot lately, so I feel kind of responsible if someone started using it because of me and woke up this morning to a startling "outbreak" of Shh/Updater-B.

This is a false positive that accidentally disabled the Sophos updater. It somehow made it past Sophos QA and caused a lot of people headaches last night.

The IDE that is responsible is agen-xuv.ide

This is a quick little script that stops the Sophos Antivirus service, deletes that IDE and restarts the service. You can run this on the update servers and any workstations that give you problems afterward via PStools.

net stop savservice

  rem 32 bit
del "c:\Program Files\Sophos\Sophos Anti-Virus\agen-xuv.ide"
) else (
  rem 64 bit
del "c:\Program Files (x86)\Sophos\Sophos Anti-Virus\agen-xuv.ide"

net start savservice

After running this Acknowledge alerts in the Enterprise console.
I hope this helps a few of you.

If you need to empty quarantines on individual machines try this, but be careful not to empty a quarantine that contains a real virus, this releases the lock on quarantined files if you are using the recommended setting of deny access instead of move or delete.

net stop savservice
del "%ALLUSERSPROFILE%\Sophos\Sophos Anti-Virus\Config\Quarantine.xml"
net start savservice

Thanks to The folks at Sophos who published this last night and tweeted it out to the world.

Friday, September 14, 2012

Sophos Mac Antivirus Home Edition

Did you know that while Sophos doesn't have a home edition of their PC antivirus they do have a FREE home edition for Mac?

It supports OSX 10.4 (both Intel and PPC) all the way up to 10.8 Mountain Lion.

What's that you say? Macs don't need Antivirus? are we still arguing that old point? Well then, yes they do!

At the SecTor security conference at the beginning of October, Seth Hardy will be talking about a new development in Mac malware attacks. Targeted attacks:
APT ALL THE THINGS: are Mac users no longer safe? - Seth Hardy

A new development of 2012, targeted attacks (APTs) against human rights now often include malware specifically designed to compromise Macs. Mac users have long thought they're safe, for a variety of reasons including: "nobody ever targets us" (not anymore!), "Macs are based on Unix so have additional security" (not if new vulnerabilities are found, or you choose to run the program), and "we're not using Internet Explorer or Outlook so most threats don't work" (other software can be just as buggy).

One region in particular has started using malware "bundles" that detect the target's operating system and serve up the appropriate program to compromise computers within NGOs and other human rights organizations. This is a relatively new development, with names starting to become more familiar: e.g. SabPab (related to the known LuckyCat campaign), Lamadai, and MacControl. This also coincided with the rise of the Flashback botnet - a Mac-specific botnet believed to at one point be over 600,000 strong. In this talk we'll look at targeted Mac malware, observe similarities and differences to "conventional" targeted attacks, and go over some end-of-year thoughts as to where Mac malware may be going next.

For home users on PC, you can get Sophos' virus removal tool  for free, but if you want the real deal, you have to buy at least 6 licenses of the coprorate product.  While it is good, I'd recommend most home users on PC look at another product.

Thursday, September 06, 2012

Amazon Releases Another Set Of New Kindles

Today Amazon announced it's newest line-up of Kindle devices.

The big news on the LCD tablet side was the Kindle Fire HD with a high definition screen and more processing power than last year's fire, it comes in 7" and 8.9" versions, and the 8.9" has an LTE cellular option. Various storage capacities are available.


The Kindle PaperWhite was released on the e-ink e-book reader side of the kindle lineup, with a crisper, whiter screen, a front light and enough battery to last you 8 weeks even when using the light! It comes in WiFi only and WiFi/3G versions.