Again UPS Invoice Spam is clogging the Email inboxes. As usual, these Emails don’t stem from UPS; instead, they carry a virus as attachment. The Email tries to look misdirected to the current receiver and claims that the intended receiver has tried to track a package and requested that attached invoice.zip.

According to the Internet Storm Center (ISC) the detection of the trojan by antivirus products is bad. At least Avira detects it without an update as TR/Crypt.FKM.Gen and could protect its users. Users should not open files they receive as Email attachment that they didn’t ask for. When in doubt, contact the sender by phone and ask if the attachment was really sent by her/him.

Dirk Knop
Technical Editor

The test laboratory av-comparatives.org has published the results of their August roundup of antivirus solutions. Avira clearly leads in the field of malware detection. The testers thus rated Avira AntiVir with Advanced+, their highest certification level. The combined score for detection of 2.3 million malware samples was 99.6 percent, which is a clear first place, as well as the 99.2 percent in the Test Set B, which consists of more than 1 million malware samples from the past 9 months. The few false positives are subject to our ongoing development and will be ironed out soon, too.

This test proves once more that Avira products deliver the best available protection on the market. And that at a scanning speed that av-comparatives rates with “fast”! We are very proud to be rated Advanced+!

Dirk Knop
Technical Editor

As we blogged earlier, Microsoft released Patches for critical security vulnerabilities for example in the Media Encoder ActiveX module on the September Black Tuesday. In the meantime there are proof-of-concept exploits for that particular vulnerability available in the wild. It won’t take long until we see real world websites exploiting those holes to infect users with malware. If you haven’t installed the Updates yet, now would be the right time to do so!

Dirk Knop
Technical Editor

Today we will roll out an engine update that not only fixes some false positives, but also adds and refines a whole lot of heuristic detections. The detection routines for following malware families were added or refined:

GAME/Casino.Gen
BDS/Backdoor.Gen
BDS/Bifrose.Gen
DIAL/Dialer.Gen
DR/Delphi.Gen
DR/MicroJoiner.Gen
TR/ATRAPS.Gen
TR/BHO.Gen
TR/Crypt.CFI.Gen
TR/Crypt.FKM.Gen
TR/Crypt.FSPM.Gen
TR/Crypt.PEPM.Gen
TR/Crypt.TPM.Gen
TR/Crypt.ULPM.Gen
TR/Crypt.XDR.Gen
TR/Crypt.XPACK.Gen
TR/Dldr.Delphi.Gen
TR/Dldr.Swizzor.Gen
TR/Dldr.Zlob.Gen
TR/Downloader.Gen
TR/Dropper.Gen
TR/Hijacker.Gen
TR/Rootkit.Gen
TR/Spy.Banker.Gen
TR/Spy.Gen
TR/Vundo.Gen
WORM/Bagle.Gen
WORM/Zhelatin.Gen

The new detection routines for Casino games can help companies to keep their employees desktops clean of distracting software. You have to activate the class “Games” in the client configuration. This Update significantly improves the customer protection.

P.S.: We had to delay the update due to further fixes to some detections.

Dirk Knop
Technical Editor

It’s this time of the month again… Microsoft had its Patch-Tuesday and published a few patches for critical security vulnerabilities. Four Patches are closing holes that attackers can abuse to foist malware on the computers of users. Affected are Windows operating systems, where the graphics library GDI+ can execute injected code while rendering certain graphic formats. Also Windows Media Player and Windows Media Encoder are vulnerable: An ActiveX control installed with the Media Encoder can execute injected code in Internet Explorer and thus gets blacklisted by Microsoft.

An interesting error resides within Media Player 11 – the visualization of certain frequencies can lead to code execution. Another flaw affects Microsoft Office products which install a file handler for the onenote://-URI. Microsoft advises all users to install the patches as soon as possible; we can only support that suggestion.

Source: Microsoft Security Bulletin Summary for September 2008

Dirk Knop
Technical Editor

Avira is supporting the IPv6 protocol with 9 of the 10 download servers for Avira AntiVir Personal – Free Antivirus effective from now on. We are prepared for the future of the Internet now. Since the IPv4 address space will run out of addresses in the not too distant future, this step was logical and necessary in our opinion.

Plenty of products already support IPv6, mostly server-side products. We wanted to add our products and updates to the IPv6 topology to simplify the migration to IPv6 for our customers and to support the ever-growing IPv6-community. The one server that doesn’t support IPv6 is meant as fallback server should something go wrong with a IPv6 client.

Dirk Knop
Technical Editor