is this true ?

[Surya W. Isjwara]

Hi all,

Trojan attacks Microsoft's AntiSpyware





Virus writers have created a malicious program that can disable Microsoft's
new anti-spyware application, CNET reports.

Antivirus experts say the Trojan Bankash.A is the first piece of malicious
software to attack Windows AntiSpyware, which is still in beta.

"As Microsoft's product creeps out of beta and is adopted more by the home
user market, we can expect to see more attempts by Trojan horses, viruses
and worms to undermine its effectiveness," said Graham Cluley from Internet
security firm Sophos.

Like many other Trojans, Bankash attempts to steal passwords and online
banking details from Windows users. The program targets users of U.K. online
banks such as Barclays, Cahoot, Halifax, HSBC, Lloyds TSB, Nationwide,
NatWest and Smile.

Click here to read the full story.


Is above article true ? My customer asking about it.



Warm regards

Surya W. Isjwara

 

[joelw135]

I think it only applies to banks in England, at least at this time.

 

[A McGuire]

This is really not a big threat. There are a lot of things that would have
to fall into place in order to propagate this exploit. Just do a Google
search if you want more specifics, but essentially you would have to click
on an email link, which would launch an application, which would then need
to modify your registry to disable the AS program. Not very probable.

 

[plun]

This is really not a big threat. There are a lot of things that would have
to fall into place in order to propagate this exploit. Just do a Google
search if you want more specifics, but essentially you would have to click
on an email link, which would launch an application, which would then need
to modify your registry to disable the AS program. Not very probable.

"Click-Launch-Modify", ive heard that before when talking
about malware.

Must be really challenging to do that against a MS security
applikation.............

http://news.com.com/Trojan+attacks+Microsofts+anti-spyware/2100-7349_3-5569429.html?tag=nefd.top

http://www.sophos.com/virusinfo/analyses/trojbankasha.html

--

 

[A McGuire]

It's not challenging at all, and there are tons of defenses that should be
in place to defend such simple-minded attacks. Not to mention the corporate
tools that are on most networks, you should be running XP SP2, AV
protection, multiple AS products (pretty much the norm), etc. This attack
was weak at best - changing registry settings? Heck, I can disable any
application by modifying the registry.

 

[Bill Sanderson]

Can you relay the kinds of questions your customers are asking?

What is of most concern to them?

 

[Bill Sanderson]

If you choose to run an attackers code on your machine, as an administrator,
it isn't your machine any longer.

I can imagine a number of ways of defending against this problem, and I'm
not a developer. However, I don't find it astonishing that a third-party
product, rebranded by Microsoft and released as a public beta approximately
3 weeks after acquiring the company that produced it, has some flaws and
vulnerabilities.

I don't find this either surprising or earthshaking. However, the FUD
surrounding it might well be harmful. I'm very pleased at the amount of
cleaning that this release is accomplishing. There seems to be some
irrationality going on around this issue, which Symantec rates as having
infected 0-2 sites and 0-49 computers. (and that's bad terminology on my
part--it implies infection as an active process. This one infects by choice
of the user who clicks on it.

 

[plun]

It's not challenging at all, and there are tons of defenses that should be
in place to defend such simple-minded attacks.

We are talking about home PCs, millions of PCs with no or
weak protection.
XP Home with no updates, no updated virusdefinition, no
firewall.

The big "Zombie army" used by Internets dark forces to do
whatever they want.

Not to mention the corporate
tools that are on most networks, you should be running XP SP2, AV
protection, multiple AS products (pretty much the norm), etc.

Ok, corporate network personal should have knowledge about
this............

This attackwas weak at best - changing registry settings? Heck, I can disable any
application by modifying the registry.

I can also do that.... but not combine that with stealing
bankaccount information, password etc.

--

 

[plun]

This one infects by choice of the user who clicks on it.

My kids klicks on everything. Malvare makers wants them do
"klick".

I have cleaned a lot of PC´s and most owners says, I
"klicked" on that
or went to that webadres with a "klick"............

klick-klick..........

--

 

[Bill Sanderson]

I know--I'm cleaning the machines they use!

However, this one isn't widely distributed, and all in all is likely to be a
very small blip except for the novelty. Viruses have been disabling Norton
antivirus for years.

 

[me]

-----Original Message-----
I think it only applies to banks in England, at least at

this time.

Well that's all right then!

(BTW, it's UK, not England)

 

[Bill Sanderson]

If you want to read some factual stuff about this trojan, here are some
links:

http://www.sophos.com/virusinfo/analyses/trojbankasha.html Sophos

http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bankash.a.html
(symantec)
http://www.viruslist.com/en/viruses/encyclopedia?virusid=73190
(Kaspersky--no information)
http://vil.nai.com/vil/content/v_131329.htm (McAfee - PWS-Banker.j)
http://vil.nai.com/vil/content/v_131716.htm (McAfee - PWS-Banker.j.dll)

 

[Ron Chamberlin]

Hi,

Is above article true ? My customer asking about it.

Yes, it's true. The circumstances have to be in a pretty good alignment for
it to happen tho.

I would suggest that there are worse critters out there to bother them at
htis time, and point them to prescriptive guidance at
http://www.microsoft.com/athome/security/default.mspx

Ron Chamberlin
MS-MVP

 

[A McGuire]

Bottom line - MS AntiSpyware isn't in the business of stopping AV attacks.
The only way for this thing to propagate was to click on an email with an
attachment that would launch an installer program - a virus on the other
hand. Most AV vendors had a signature out for this on February 10th.

 

[A McGuire]

You need to get some good AV protection if you are going to allow your kids
to "click on everything." Either that or deal with the results of careless
home PC policies - yes, every home user should be keeping themselves a bit
educated. There are tons of things you can do, to include parental
controls, that will keep your computer relatively safe.

 

[A McGuire]

PS.

http://www.microsoft.com/athome/security/default.mspx

I think you need to incorporate a lot of this stuff if you allow your kids
to click away on anything ;-)

 

[plun]

You need to get some good AV protection if you are going to allow your kids
to "click on everything." Either that or deal with the results of careless
home PC policies - yes, every home user should be keeping themselves a bit
educated. There are tons of things you can do, to include parental
controls, that will keep your computer relatively safe.

Well, if you read the whole thread this was a "joke" about
"klicking".

And about home policies, it is really interesting to check
the antiviruslog
after my kids MSN Messenger sessions, a real bombardment
with malware.

I dont believe in parental control program, of course
antivirus, firewall, windowsupdate
antispyware are basics.

--

 

[plun]

PS.

http://www.microsoft.com/athome/security/default.mspx

I think you need to incorporate a lot of this stuff if you allow your kids
to click away on anything ;-)

Hmmm ?

http://atom.smasher.org/pack/?l1=I+know&l2=that&l3=;-)&l4=

--

 

[A McGuire]

Some people have way too much time ;-)

 

[plun]

Some people have way too much time ;-)

"Klick" on unknown links .............

You have now "VX2.klick" on your PC.
Impossible to remove.