Traditional Antivirus fails to protect 40 percent of users!

Conventional antivirus solutions are failing to protect users from attacks according to a  Malwarebytes report.

The study is based on real-world clean up scans performed by Malwarebytes. Nearly 40 percent (39.18percent) of all malware attacks cleaned on endpoints with an AV installed occurred on endpoints that had two or more traditional AV solutions registered.

In addition 39.16 percent of attacks on endpoints with a non-OS bundled AV installed occurred on an endpoint running one of the four leading traditional AV solutions.

"The results of these scans clearly indicate the ineffectiveness of today's traditional AV solutions and, more importantly, the unknown risks to users that depend only on these AV platforms to stay safe," says Marcin Kleczynski, CEO of Malwarebytes. "Antiquated AV technology is no longer enough to protect from sophisticated cyberthreats. It's crucial that consumers and businesses understand this now before they become a victim of the next attack."

The findings also show the top ransomware types detected on compromised machines are Hidden Tear (41.65 percent) and Cerber (18.26 percent). Botnets most often detected include IRCBot (61.56 percent) and Kelihos (26.95 percent). The most prevalent Trojan types bypassing traditional AV detections are Fileless (17.76 percent) and DNSChangermalware (17.51 percent).

Of ransomware attacks 48.59 percent of Hidden Tear and 26.78 percent of Cerber events were found on a compromised endpoint that had at least one of the four leading traditional AV brands installed.

To show how widespread the problem is, Malwarebytes has produced a real-time heatmap that shows each time Malwarebytes remediates instances of malware on endpoints that have a traditional AV registered. It also shows the numbers of attacks missed by leading antivirus programs.

Source: betanews.com

Sony hit again with two hacks

Japanese ISP subsidiary is broken into, while phishers use Sony server in Thailand

An intruder has apparently broken into So-net, an internet service provider subsidiary of Sony, and stolen about $1,200 worth of virtual tokens.

So-net disclosed the compromise in an alert (written in Japanese) on its homepage on Thursday.

Meanwhile, security firm F-Secure today disclosed that it has also discovered a phishing site that's hosted on a Sony server in Thailand.

"Basically this means that Sony has been hacked, again," Mikko Hypponen, F-Secure's chief research officer, noted in the blog post. "Although in this case the server is probably not very important," he added.

News of the latest breaches come barely a month after Sony disclosed intrusions at its PlayStation Network and Sony Entertainment Online sites that compromised data on close to 100 million account holders.

A So-net spokesman told the Wall Street Journal, which broke the story, that the breach of the ISP is unlikely connected to the previous compromises.

The Sony-owned So-net ISP lets consumers accumulate reward points that can be redeemed for Sony merchandize and services. The intruders illegally redeemed points belonging to about 130 consumers. Another 73 accounts were compromised, but their points were not redeemed, the Journal noted.

In addition, about 90 email accounts are also believed to have been compromised in the breach

According to the Journal, an intruder using one IP address, tried to access So-net's point service close to 10,000 times before finally gaining access. So-net itself appears to believe that the intruder had usernames of account holders and used an automated program to generate possible passwords, the Journal said.

It's not immediately clear why the company apparently doesn't have a mechanism for flagging multiple failed attempts to access its systems.

The intrusions are believed to have taken place on May 16 and May 17. So-net discovered the breach on May 18, after receiving consumer complaints. So-net stopped the point redemption service following the discovery of the breach.

he latest breaches are relatively minor in scale compared to the massive breach at PSN and Sony Entertainment Online. Even so, it only adds to the company's embarrassment.

The earlier intrusions forced Sony to take its PSN service offline for several weeks while it struggled to identify the scope of the problems and how to fix them.

The company started re-launching the service this week but isn struggling to keep it running smoothly.

For instance, earlier this week Sony was forced to once again take a portion of its PlayStation network offline because of a programming error that could provide hackers a way to break into its networks.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com.

       

How to spot an Email Hoax

Spotting the latest email hoaxes may be easier than you think!

There are thousands of email hoaxes moving around the Internet at any given time. Some may be the latest email hoaxes around. Others may be mutated versions of hoax messages that have travelled the Internet for years. These email hoaxes cover a range of subject matter, including:

• Supposedly free giveaways in exchange for forwarding emails.
• Bogus virus alerts.
• False appeals to help sick children.
• Pointless petitions that lead nowhere and accomplish nothing.
• Dire, and completely fictional, warnings about products, companies, government policies or coming events.

The good news is that, with a little bit of foreknowledge, email hoaxes are easy to detect. Hidden within the colourful prose of your average email hoax often lurk telling indicators of the email's veracity.

Probably the most obvious of these indicators is a line such as "Send this email to everyone in your address book". Hoax writers want their material to spread as far and as fast as possible, so almost every hoax email will in some way exhort you to send it to other people. Some email hoaxes take a more targeted approach and suggest that you send the email to a specified number of people in order to collect a prize or realize a benefit.

Another indicator is that hoaxes tend not to provide checkable references to back up their spurious claims. Genuine competitions, promotions, giveaways or charity drives will usually provide a link to a company website or publication. Real virus warnings are likely to include a link to a reputable virus information website. Emails containing Government or company policy information are likely to include references to checkable sources such as news articles, websites or other publications.

A third indicator is often the actual language used. Email hoax writers have a tendency to use an emotive, "over-the-top" style of writing peppered with words and phrases such as "Urgent", "Danger", "worst ever virus!!", "sign now before it's too late" and so on, often rendered in ALL CAPITAL LETTERS for added emphasis. Paragraphs dripping with pathos speak of dying children; others "shout" with almost rabid excitement about free air travel or mobile phones. As well, some email hoaxes try to add credibility by using highly technical language.

Before forwarding an email, ask yourself these questions:

1. Does the email ask you to send it to a lot of other people?
2. Does the email fail to provide confirmation sources?
3. Is the language used overly emotive or highly technical?

A "yes" answer to one or more of the above questions, should start some alarm bells ringing. These indicators do not offer conclusive evidence that the email is a hoax but they are certainly enough to warrant further investigation before you hit the "Forward" Button.

Source: www.hoax-slayer.com