January 26, 2012

Doctor Web—the Russian IT security software developer—unveils Dr.Web Light for Mac OS X. The anti-virus is distributed free of charge via Mac App Store and can be installed on user machines and servers running Mac OS X 10.6 (Snow Leopard) and Mac OS X 10.7 (Lion).

Unlike Dr.Web anti-virus for Mac OS X, Dr.Web Light for Mac OS X doesn't feature Dr.Web SpIDer Guard responsible for real time system protection. Yet the anti-virus is as reliable as any other Dr.Web product and can be used to scan and disinfect files on your hard disk and removable data-storage devices.

As many other applications under Mac OS X, Dr.Web Light for Mac OS X is installed in one click and can be removed as easily. The anti-virus is very user-friendly. For example, if you need to scan a certain file or folder, use the Finder context menu or simply move the object to the scanner window or drag it to the icon in the Dock or the Application area.

In addition, you may use the system menu to start any type of scanning: express, full and custom. The option to scan with administrator privileges which may be necessary to check system files is also available. A user can also create custom scanning rules, include and exclude selected files or folders from scanning and define actions that anti-virus should take upon detection of a threat: cure, delete, move to quarantine.

Dr.Web Light for Mac OS X consumes very little of system resources and can be run on all computers running Mac OS X if they support downloading and updating applications via the Mac App Store. In addition, Mac book users can set the anti-virus to suspend scanning automatically when their laptops start using the battery and thus extended battery life.

Virus definitions for Dr.Web Light for Mac OS X can be updated on schedule or on-demand and the program itself will be updated through the Mac App Store.

If you want to learn more about Dr.Web Light for Mac oS X, click here.

Dr.Web for Mac OS X providing enhanced protection is covered by Dr.Web anti-virus and Dr.Web Desktop Security Suite licenses. You can download the distribution file from the corresponding section of Doctor Web's site. Dr.Web for Mac OS X Server is available under the Dr.Web Server Security Suite licence.

January 25, 2012

Doctor Web announced an update for the GUI scanner incorporated into single-user products of the Dr.Web 6.0 series for Windows. The updated scanner is also included into Dr.Web CureIt! and Dr.Web CureNet! utilities.

The update resolves an issue that might cause abnormal termination of the scanner during preparation for scanning. The update will be downloaded and installed automatically.

With the update, Dr.Web CureIt! can be run in a system protected by avast! Free Antivirus. Incompatibility between the utility and other anti-viruses that wasn't caused by issues in the Dr.Web product was nonetheless resolved following numerous user requests.

To use the updated Dr.Web CureIt! you need to download the distribution file, Dr.Web CureNet! users need to run the update module.

January 25, 2012

Doctor Web—the Russian anti-virus vendor—announces the new version of its online testing service Dr.Web LiveDemo that enables users to test Dr.Web software remotely. The list of products available for testing has been expanded and new features have been implemented.

Dr.Web LiveDemo is a versatile tool that helps system administrators get acquainted with Dr.Web products’ features before they buy them. With Dr.Web LIveDemo you can test Dr.Web products thoroughly without deploying them in your local network—only Doctor Web's resources will be utilized for testing while a user needs only an Internet connection. The service will also be useful for Doctor Web's partners willing to demonstrate Dr.Web products to their corporate clients.

The main improvement coming with the new version is increased flexibility. Now, the test launch date is determined in accordance with customer needs and can be assigned to any day convenient for the customer.

In addition, the new version of Dr.Web LiveDemo offers an expanded list of anti-virus solutions from Doctor Web for testing. For example, users can now try out Dr.Web for MS Exchange and Internet gateways Unix, and take advantage of corresponding check lists. So system administrators get an opportunity to test Dr.Web software in the environment very similar to the one where they will probably run them—in a local network connecting personal computers, various mail servers and an Internet gateway.

Dr.Web LiveDemo service is free. Fill out an application to get access to the service.

January 24, 2012

Doctor Web has upgraded the Dr.Web Anti-rootkit Service in the personal 7.0 products for Windows: Dr.Web anti-virus and Dr.Web Security Space.

The update for Dr.Web Anti-rootkit Service resolves an issue when abnormal system termination could occur upon launching the scanner.

The update will be downloaded and installed automatically.

January 23, 2012

The number of so-called "paid archives" detected by Dr.Web anti-virus software as Trojan.SmsSend is steadily increasing each month. This comes as no surprise since attackers do not need to be skilled programmers to create that kind of malware. Many sites offer so-called "affiliate programs" that thoughtfully provide ready-made solutions — special "design templates" to help you build your own Trojan.SmsSend within a few minutes. The volume of this clandestine market is truly enormous: attackers earn tens of thousands of dollars per month on distributing paid archives. Doctor Web, a Russian information security vendor, is ready to share exclusive information with users on how this mechanism works and advise how to avoid financial losses from the attackers’ activities.

Trojan.SmsSend is normally an executable file that poses as an installer of a useful program. When you try to open such an archive, the computer screen displays the installation window of the corresponding application, and then the program requests that a paid SMS message be sent to a number specified by the attackers. Only then can the installation proceed. In some cases, allegedly in order to activate the program, the user is asked to enter the mobile phone number and then the code obtained in a reply SMS message. By doing this, the victim agrees to the terms of a subscription to a paid service, for which his or her account will be debited monthly. The trick is that such "paid archives" either do not contain the promised application, or the application can be easily downloaded for free from the official developer's website.

Despite the seeming simplicity and obviousness of this fraudulent scheme, the market for such "services" is truly vast. More and more unsophisticated users are responding to offers of web criminals by sending paid SMS for what they could be getting for free. Doctor Web specialists have managed to ascertain the volume of the revenue brought in by malware distributors. Thus, one partner program that is widely advertised in various underground forums and websites, from where it continually attracts new members, promises distributors of Trojan.SmsSend up to $200 a day for sending one-time paid messages to premium numbers. The leaders of this illegal market, occupying the top ten of the most active Trojan distributors, earn $850 to $7,740 a month, the average being $2,678.50.

Revenues obtained from online fraud victim subscriptions to paid services are significantly higher; they can range from $3,000 to $22,000 per attacker monthly, with an average of $8,295.50. One should understand that for online attackers who earn such sums by deceiving Internet users, this activity is their main source of income, and it occupies all their spare time. Moreover, they are well aware that what they are doing is a crime, the responsibility for which is outlined in Article 273 of the Criminal Code of the Russian Federation ("The creation, use and distribution of malicious computer programs").

Trojan.SmsSend viruses are also distributed in a variety of ways that include fake file-sharing websites, web pages specially created to mimic the interface of the Internet resources of official developers of various programmes, e-mail spam, specialist forums, or mass messaging over ICQ protocol. In addition, online fraudsters actively use adnets such as Yandex.Direct and Google AdSense, place contextual advertising in social networks, and are not afraid to send links to malware from previously hacked accounts.

Users can easily avoid such dangers and prevent themselves from falling prey to online scams, if they will just spend a little more time searching for the official site of the manufacturer of the program they are planning to download. In most cases, they will be able to get it absolutely free, and that way, they certainly won’t pay a dime for an archive that contains nothing useful. Well, and if you did fall victim to network attackers, nothing prevents you from submitting a corresponding statement to the police.

Doctor Web is planning a campaign against attackers who use short service numbers when distributing malware. Information on such numbers will be rapidly shared with mobile operators to assist their technical services in deciding whether to terminate individual numbers used in fraudulent schemes.

January 19, 2012

Doctor Web has updated the Scanning Engine service in the sixth version of the Dr.Web for Windows workstations — Dr.Web Anti-Virus, Dr.Web Security Space, and Dr.Web Desktop Security Suite without the Control center.

The update fixes issues that caused the module to crash on some systems. Bugs which in some cases led to repeated scanning of the same file on the disk were also fixed.

The update will be automatically downloaded by the anti-viruses but applying the update will require a system reboot.

18 января 2012 года

Doctor Web, a Russian anti-virus vendor, releases Dr.Web plugin for Microsoft ISA Server and Forefront TMG Internet gateways.

The application protects corporate networks from viruses and spam. It detects and removes all types of malicious software in the data stream passing through Microsoft ISA Server and Forefront TMG via HTTP, FTP, SMTP and POP3. The plugin scans inbound mail traffic for viruses, paid dialers, adware, riskware, hack tools and jokers.

The application integrates with Microsoft ISA Server and Forefront TMG by incorporating their own data filters into Microsoft Firewall Service and Microsoft Forefront TMG Firewall services respectively. The plugin operates on the Dr.Web CMS (Dr.Web Central Management Service) platform that support centralized management of application settings, and its components with the option of remote administration through a web browser over HTTPS protocol. Dr.Web CMS has a built-in Dr.Web CMS Web Console web server with a client authentication, which provides access to the application management to authorized administrators only.

For more information on the plugin features and system requirements, as well as detailed installation guide, please refer to the release notes.

The Dr.Web for Microsoft ISA Server and Forefront TMG is part of a commercially available Dr.Web Gateway Security Suite. If you have purchased the latter, you receive a key file to activate the Dr.Web for Microsoft ISA Server and Forefront TMG, and Unix, Qbik WinGate, Kerio and MIMEsweeper Internet gateways. As an additional component to the basic Anti-virus license, you may choose an Anti-spam.

January 16, 2012

Doctor Web has updated its software product Dr.Web for Android Anti-virus&Anti-spam.

Bugs that caused the #WIPE# command included in the anti-theft component to operate incorrectly have been fixed. (The #WIPE# command is used to restore factory settings and delete all SD card data.). This issue concerned devices running Android versions 2.2 and 2.3. Also fixed was a bug that caused multiple SMS reports to be sent upon entering #SIGNAL# (the action that remotely locks a phone with the Anti-theft feature and activates a special audio signal). In addition, users who have forgotten their Anti-theft passwords can now unlock their mobile devices using Device ID; this feature applies to devices with no IMEI codes.

Among other issues eliminated were the causes of the program crashes that sometimes occurred during blacklist editing.

In the version of Dr.Web for Android that is installed from the Doctor Web site, the Mode display in the anti-virus settings was fixed.

Also, several improvements were made to the updated program interface.

The update concernes users who have installed the anti-virus from the Doctor Web site and all alternative resources with the exception of Android Market. For users of Google Online Store, this update took place in December 2011.

In order to carry out an update via the Doctor Web site, download a new distribution file.

January 12, 2012

Doctor Web announced an update for the MS Outlook plugin incorporated into single-user products of the Dr.Web 7.0 series for Windows.

The update fixed causes of incorrect message subject modification, where a message became marked as ***SPAM***.

The update will be downloaded and installed automatically.

January 11, 2012

Doctor Web announced an update for the GUI scanner and language resources incorporated into the Dr.Web AV-Desk 6.0 Internet service.

The updated GUI scanner should properly handle paths containing non-Latin characters. Also, possible causes of OS crashes when scanning have been eliminated.

The update will be downloaded and installed automatically.

January 11, 2012

Doctor Web has updated the Scanning Engine service in the sixth version of the Dr.Web for Windows file servers incorporated into Dr.Web Server Security Suite.

The update fixes issues that caused the module to crash on some systems. Bugs which in some cases led to repeated scanning of the same file on the disk were also fixed.

The update will be automatically downloaded by the anti-viruses but applying the update will require a system reboot.

December 27, 2011

Doctor Web has updated its Dr.Web CureNet!. solution for centralized anti-virus scanning for personal computers and file servers.

The utility's got the new Dr.Web Virus-Finding Engine 7.0. It will boost scan speed, ensure the flexible use of computing resources, and increase the reliability of protection against new threats. Please, note that that the engine 7.0 was released for single-user Dr.Web products for Windows on December 12.

Additionally,a scanner issue that might cause abnormal system termination while scanning has been resolved.

To use an updated version of Dr.Web CureNet!, download the utility from .drweb-curenet.com.

December 26, 2011

Doctor Web—a Russian developer of IT security software—warns users of a new threat to mobile devices running the operating system Google Android. The malicious program discovered earlier by another anti-virus vendor has been added into the Dr.Web virus databases as Android.Arspam.1. The Trojan horse is designed to perform unauthorised massive SMS sending.

Android.Arspam.1 is embedded into the legitimate application AlSalah that works as a compass and helps Muslims determine the distance and direction to Ka'ba. The application also displays the current date and calculates salah timings. It should be noted that the application available in the Android Market does not carry any malicious payload, while a similar program distributed via Arab-speaking forums, as a rule, contains the Trojan horse. In other words, intruders added malicious features to AlSalah to perform their malicious tasks.

When launched on an infected device, Android.Arspam.1 creates and registers the com.awake.alArabiyyah service which will start with the operating system. Then the Trojan horse collects contact information found on the device and sends short messages containing links to forum posts, devoted to widely publicized events in the Middle East, particularly, to the Tunisian revolution, at each contact number. The posts contain photos of Mohamed Bouazizi who set himself on fire on December 17 2010—the event that triggered uprisings in many Arab countries. The list of links is contained in the Trojan horse code. In addition, if the SIM card is registered in Bahrain, the Trojan horse downloads a PDF-document containing Bahrain Independent Commission report on human rights violations in this country.

Android.Arspam.1 is the first known to date Trojan horse for mobile devices that sends out short messages related to politics. Despite its fairly primitive implementation, we should note a very sound approach to the choice of an application to make sure that messages sent by the Trojan horse will reach their target audience. Besides, since Android.Arspam.1 already can download files from remote hosts, in the nearest future we may expect new, more sophisticated modifications capable of retrieving configuration files or link lists that will be used to send short messages. The program may also evolve into a spam bot that will be used to create botnets. However, this may or may not happen in the future: to date, Dr.Web for Android Anti-virus+Anti-spam and Dr.Web for Android Light users are well protected against this threat.