May
31
2007
Sydney-based PC Tools, purveyors of the popular Spyware Doctor antispyware utility, today announced their acquisition of Novatix Corporation.
Novatix’s flagship product is Cyberhawk, a real-time behavior-based anti-malware program. According to PC Tools, “Cyberhawk’s patent-pending ActiveDefense technology offers unsurpassed protection against both known and unknown viruses, worms, trojans, rootkits, buffer overflows and other forms of malware and provides effective protection against zero-day attacks.”
Mike Kronenberg, chief executive of Novatix, will become chief technical officer of North American operations for PC Tools.
Spyware Doctor has long been a PC Magazine Editor’s Choice for spyware protection, though the latest revision, Version 5.0 – a total rewrite with antivirus protection added – had some new-version problems. In testing, Cyberhawk Pro 2.0 was very effective at preventing malware from installing on a clean system. It doesn’t remove found threats, just bottles them up so they can’t do any harm. It’s a good match for Spyware Doctor, which thoroughly cleans up the malware infestations it finds.
According to PC Tools chief executive Simon Claussen, “This new technology will help strengthen our zero-day coverage and improve our ability to detect emerging threats”.
Kronenberg agreed. “We see this acquisition as a great fit for Novatix,” he said. “PC Tools is a leader in the anti-spyware and anti-virus space. Our combined efforts will ensure that consumers get the best protection possible. PC Tools’ broad reach in the consumer marketplace ensures our highly effective technology will have an even greater impact.”
When asked when customers would reap the benefits of this acquisition, Michael Greene, PC Tools’ vice president of product strategy, said immediately. “Consumers will start to recognize benefits right away.” Greene said. “The information that comes in from the Cyberhawk community protection feature will feed into our ongoing analysis of new threats, and our Threat Expert technology will help speed up processing”.
Cyberhawk Pro and the free Cyberhawk Basic will be backed by the PC Tools name and fully supported by PC Tools, Greene added.
Greene also declined to give a timetable on when both products would be integrated. “We don’t have a hard date for integrating the technology into Spyware Doctor, but it is part of the long-term plan. Not only will we have signatures for the stuff we know about, we’ll have behavioral technology for threats we haven’t seen.”
May
18
2007
Spyware Doctor is a dedicated tool that can do precisely this. It begins scanning your PC’s contents as soon as you complete the installation and provides precise details of each of the items it determines are potential threats. SD scanned our 120GB test machine in less than 10 minutes and identified 34 problems.
Unlike some spyware and antivirus programs that simply warn you of the number of nasties lurking on or attempting to access your system, Spyware Doctor actually tells you what the threats are, one by one.
In addition, it explains the level of threat they pose and, on the right of the pane listing them, explains why cookies from known dodgy websites put you at risk. Threats are separated into low, medium, elevated and high levels, categorised by type such as advertising and tracking cookies.
It outlines why these are a risk and provides a history of how they’ve been known to exploit vulnerabilities. This way you know which threats you should immunise your system against.
The main Spyware Doctor window offers to scan or immunise your computer, and to switch on or off the OnGuard Protection utility. By clicking on the Tools menu you can select which particular types of threat you want the program to alert you to and to protect you against. These include keystroke loggers, adware, phishing tools and Trojans, plus items that make changes to your PC’s Registry.
A Smart Update setting ensures you stay up-to-date with alerts. You can schedule the program to run automatically. A handy tool will undo changes you’ve asked Spyware Doctor to make, such as removing items you then find you need.
Verdict:
Spyware Doctor impressed us greatly with its detailed reporting tools and the ability to specify exactly what you want it to be on guard for and what doesn’t concern you. It’s well priced and it’s refreshing to find a program that takes the time to explain each risk, helping you make an informed decision about whether to erase it.
May
10
2007
Aliases:
Email-Worm.Win32.NetSky.t (Kaspersky Lab) is also known as: I-Worm.NetSky.t (Kaspersky Lab), W32/Netsky.t@MM (McAfee),  W32.Netsky.T@mm (Symantec),  Win32.HLLM.Netsky.based (Doctor Web),  W32/Netsky-T (Sophos),  Win32/Netsky.T@mm (RAV),  WORM_NETSKY.T (Trend Micro),  Worm/NetSky.#1 (H+BEDV),  W32/Netsky.T@mm (FRISK),  Win32:Netsky-T (ALWIL),  I-Worm/Netsky.T (Grisoft),  Win32.NetSky.T@mm (SOFTWIN),  Worm.SomeFool.Gen-2 (ClamAV),  W32/Netsky.T.worm (Panda),  Win32/Netsky.T (Eset
Technical details:Â
This worm spreads via the Internet as an attachment to infected emails.
The worm itself is a Windows PE EXE file of approximately 18KB, packed using UPX and written in Microsoft Visual C++.
Infected messages:
Message header
Approved
Hello
Hi
Important
My details
Re: Approved
Re: Hello
Re: Hi
Re: Important
Re: My details
Re: Request
Re: Thanks you!
Re: Your details
Re: Your document
Re: Your information
Request
Thank you!
Your details
Your document
Your information
Message body (chosen at random from the texts below)
Approved, here is the document.
For more details see the attached document.
For more information see the attached document.
Hello!
Here is the “…”.
Here is the document.
Hi!
I have found the “…”.
I have sent the “…”.
I have spent much time for the “…”.
I have spent much time for your document.
My “…” is attached.
My “…”.
Note that I have attached your document.
Please have a look at the “…”.
Please have a look at the attached document.
Please notice the attached “…”.
Please notice the attached document.
Please read quickly.
Please read the “…”.
Please read the attached document.
Please see the “…”.
Please, “…”.
See the document for details.
Thank you
Thanks
The “…” is attached.
The “…”.
The requested “…” is attached!
Your “…” is attached.
Your “…”.
Your file is attached to this mail.
Yours sincerely
The worm inserts random characters from the list below between the quotation marks.
abuse list
account
answer
approved document
approved file
archive
bill
concept
contact list
corrected document
description
detailed document
details
developement
diggest
document
e-mail
excel document
file
final version
homepage
icq number
important document
improved document
improved file
info
information
instructions
letter
list
mail
message
movie document
new document
note
notice
number list
old document
order
personal message
phone number
photo document
picture document
postcard
powerpoint document
presentation document
release
report
requested document
sample
secound document
story
summary
text
textfile
user list
word document
Attachment:
A file with a .pif extension and a randomly generated name.
The worm is activated when the user opens the attached file.
Once launched, the worm installs inself to the system and starts propagating.
Installation:
When installating, the worm copies itself to the Windows directory under the name EastAV.exe and registers this file in the system registry auto-run key:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
 ”EastAV”=”%windir%\EastAV.exe”
Mass mailing
The worm searches for files with the extensions listed below:
adb
asp
cfg
cgi
dbx
dhtm
doc
eml
htm
html
jsp
mbx
 mdx
mht
mmf
msg
nch
ods
oft
php
pl
ppt
rtf
sht
 shtm
stm
tbb
txt
uin
vbs
wab
wsh
xls
xml
harvests email addresses and sends copies of itself to all addresses found.
