News of Doctor Web

Free Dr.Web scanner Light for Mac OS X available in the Mac App Store

Thu, 26 Jan 2012 00:00:00 GMT

January 26, 2012

Doctor Web—the Russian IT security software developer—unveils Dr.Web Light for Mac OS X. The anti-virus is distributed free of charge via Mac App Store and can be installed on user machines and servers running Mac OS X 10.6 (Snow Leopard) and Mac OS X 10.7 (Lion).

Unlike Dr.Web anti-virus for Mac OS X, Dr.Web Light for Mac OS X doesn't feature Dr.Web SpIDer Guard responsible for real time system protection. Yet the anti-virus is as reliable as any other Dr.Web product and can be used to scan and disinfect files on your hard disk and removable data-storage devices.

As many other applications under Mac OS X, Dr.Web Light for Mac OS X is installed in one click and can be removed as easily. The anti-virus is very user-friendly. For example, if you need to scan a certain file or folder, use the Finder context menu or simply move the object to the scanner window or drag it to the icon in the Dock or the Application area.

In addition, you may use the system menu to start any type of scanning: express, full and custom. The option to scan with administrator privileges which may be necessary to check system files is also available. A user can also create custom scanning rules, include and exclude selected files or folders from scanning and define actions that anti-virus should take upon detection of a threat: cure, delete, move to quarantine.

Dr.Web Light for Mac OS X consumes very little of system resources and can be run on all computers running Mac OS X if they support downloading and updating applications via the Mac App Store. In addition, Mac book users can set the anti-virus to suspend scanning automatically when their laptops start using the battery and thus extended battery life.

Virus definitions for Dr.Web Light for Mac OS X can be updated on schedule or on-demand and the program itself will be updated through the Mac App Store.

If you want to learn more about Dr.Web Light for Mac oS X, click here.

Dr.Web for Mac OS X providing enhanced protection is covered by Dr.Web anti-virus and Dr.Web Desktop Security Suite licenses. You can download the distribution file from the corresponding section of Doctor Web's site. Dr.Web for Mac OS X Server is available under the Dr.Web Server Security Suite licence.

Scanner for Dr.Web products 6.0 updated

Wed, 25 Jan 2012 01:00:00 GMT

January 25, 2012

Doctor Web announced an update for the GUI scanner incorporated into single-user products of the Dr.Web 6.0 series for Windows. The updated scanner is also included into Dr.Web CureIt! and Dr.Web CureNet! utilities.

The update resolves an issue that might cause abnormal termination of the scanner during preparation for scanning. The update will be downloaded and installed automatically.

With the update, Dr.Web CureIt! can be run in a system protected by avast! Free Antivirus. Incompatibility between the utility and other anti-viruses that wasn't caused by issues in the Dr.Web product was nonetheless resolved following numerous user requests.

To use the updated Dr.Web CureIt! you need to download the distribution file, Dr.Web CureNet! users need to run the update module.

Dr.Web LiveDemo with expanded features and improved usability

Wed, 25 Jan 2012 00:00:00 GMT

January 25, 2012

Doctor Web—the Russian anti-virus vendor—announces the new version of its online testing service Dr.Web LiveDemo that enables users to test Dr.Web software remotely. The list of products available for testing has been expanded and new features have been implemented.

Dr.Web LiveDemo is a versatile tool that helps system administrators get acquainted with Dr.Web products’ features before they buy them. With Dr.Web LIveDemo you can test Dr.Web products thoroughly without deploying them in your local network—only Doctor Web's resources will be utilized for testing while a user needs only an Internet connection. The service will also be useful for Doctor Web's partners willing to demonstrate Dr.Web products to their corporate clients.

The main improvement coming with the new version is increased flexibility. Now, the test launch date is determined in accordance with customer needs and can be assigned to any day convenient for the customer.

In addition, the new version of Dr.Web LiveDemo offers an expanded list of anti-virus solutions from Doctor Web for testing. For example, users can now try out Dr.Web for MS Exchange and Internet gateways Unix, and take advantage of corresponding check lists. So system administrators get an opportunity to test Dr.Web software in the environment very similar to the one where they will probably run them—in a local network connecting personal computers, various mail servers and an Internet gateway.

Dr.Web LiveDemo service is free. Fill out an application to get access to the service.

Personal Dr.Web 7.0 products for Windows updated

Tue, 24 Jan 2012 00:00:00 GMT

January 24, 2012

Doctor Web has upgraded the Dr.Web Anti-rootkit Service in the personal 7.0 products for Windows: Dr.Web anti-virus and Dr.Web Security Space.

The update for Dr.Web Anti-rootkit Service resolves an issue when abnormal system termination could occur upon launching the scanner.

The update will be downloaded and installed automatically.

Exposed: Illegally Obtained Revenue from Online “Paid Archive” Schemes

Mon, 23 Jan 2012 01:00:00 GMT

January 23, 2012

The number of so-called "paid archives" detected by Dr.Web anti-virus software as Trojan.SmsSend is steadily increasing each month. This comes as no surprise since attackers do not need to be skilled programmers to create that kind of malware. Many sites offer so-called "affiliate programs" that thoughtfully provide ready-made solutions — special "design templates" to help you build your own Trojan.SmsSend within a few minutes. The volume of this clandestine market is truly enormous: attackers earn tens of thousands of dollars per month on distributing paid archives. Doctor Web, a Russian information security vendor, is ready to share exclusive information with users on how this mechanism works and advise how to avoid financial losses from the attackers’ activities.

Trojan.SmsSend is normally an executable file that poses as an installer of a useful program. When you try to open such an archive, the computer screen displays the installation window of the corresponding application, and then the program requests that a paid SMS message be sent to a number specified by the attackers. Only then can the installation proceed. In some cases, allegedly in order to activate the program, the user is asked to enter the mobile phone number and then the code obtained in a reply SMS message. By doing this, the victim agrees to the terms of a subscription to a paid service, for which his or her account will be debited monthly. The trick is that such "paid archives" either do not contain the promised application, or the application can be easily downloaded for free from the official developer's website.

Despite the seeming simplicity and obviousness of this fraudulent scheme, the market for such "services" is truly vast. More and more unsophisticated users are responding to offers of web criminals by sending paid SMS for what they could be getting for free. Doctor Web specialists have managed to ascertain the volume of the revenue brought in by malware distributors. Thus, one partner program that is widely advertised in various underground forums and websites, from where it continually attracts new members, promises distributors of Trojan.SmsSend up to $200 a day for sending one-time paid messages to premium numbers. The leaders of this illegal market, occupying the top ten of the most active Trojan distributors, earn $850 to $7,740 a month, the average being $2,678.50.

Revenues obtained from online fraud victim subscriptions to paid services are significantly higher; they can range from $3,000 to $22,000 per attacker monthly, with an average of $8,295.50. One should understand that for online attackers who earn such sums by deceiving Internet users, this activity is their main source of income, and it occupies all their spare time. Moreover, they are well aware that what they are doing is a crime, the responsibility for which is outlined in Article 273 of the Criminal Code of the Russian Federation ("The creation, use and distribution of malicious computer programs").

Trojan.SmsSend viruses are also distributed in a variety of ways that include fake file-sharing websites, web pages specially created to mimic the interface of the Internet resources of official developers of various programmes, e-mail spam, specialist forums, or mass messaging over ICQ protocol. In addition, online fraudsters actively use adnets such as Yandex.Direct and Google AdSense, place contextual advertising in social networks, and are not afraid to send links to malware from previously hacked accounts.

Users can easily avoid such dangers and prevent themselves from falling prey to online scams, if they will just spend a little more time searching for the official site of the manufacturer of the program they are planning to download. In most cases, they will be able to get it absolutely free, and that way, they certainly won’t pay a dime for an archive that contains nothing useful. Well, and if you did fall victim to network attackers, nothing prevents you from submitting a corresponding statement to the police.

Doctor Web is planning a campaign against attackers who use short service numbers when distributing malware. Information on such numbers will be rapidly shared with mobile operators to assist their technical services in deciding whether to terminate individual numbers used in fraudulent schemes.

Dr.Web 6.0 for Windows workstations updated

Thu, 19 Jan 2012 14:11:48 GMT

January 19, 2012

Doctor Web has updated the Scanning Engine service in the sixth version of the Dr.Web for Windows workstations — Dr.Web Anti-Virus, Dr.Web Security Space, and Dr.Web Desktop Security Suite without the Control center.

The update fixes issues that caused the module to crash on some systems. Bugs which in some cases led to repeated scanning of the same file on the disk were also fixed.

The update will be automatically downloaded by the anti-viruses but applying the update will require a system reboot.

Dr.Web plugin for Microsoft ISA Server and Forefront TMG released

Wed, 18 Jan 2012 01:00:00 GMT

18 января 2012 года

Doctor Web, a Russian anti-virus vendor, releases Dr.Web plugin for Microsoft ISA Server and Forefront TMG Internet gateways.

The application protects corporate networks from viruses and spam. It detects and removes all types of malicious software in the data stream passing through Microsoft ISA Server and Forefront TMG via HTTP, FTP, SMTP and POP3. The plugin scans inbound mail traffic for viruses, paid dialers, adware, riskware, hack tools and jokers.

The application integrates with Microsoft ISA Server and Forefront TMG by incorporating their own data filters into Microsoft Firewall Service and Microsoft Forefront TMG Firewall services respectively. The plugin operates on the Dr.Web CMS (Dr.Web Central Management Service) platform that support centralized management of application settings, and its components with the option of remote administration through a web browser over HTTPS protocol. Dr.Web CMS has a built-in Dr.Web CMS Web Console web server with a client authentication, which provides access to the application management to authorized administrators only.

For more information on the plugin features and system requirements, as well as detailed installation guide, please refer to the release notes.

The Dr.Web for Microsoft ISA Server and Forefront TMG is part of a commercially available Dr.Web Gateway Security Suite. If you have purchased the latter, you receive a key file to activate the Dr.Web for Microsoft ISA Server and Forefront TMG, and Unix, Qbik WinGate, Kerio and MIMEsweeper Internet gateways. As an additional component to the basic Anti-virus license, you may choose an Anti-spam.

Dr.Web for Android Updated

Mon, 16 Jan 2012 00:00:00 GMT

January 16, 2012

Doctor Web has updated its software product Dr.Web for Android Anti-virus&Anti-spam.

Bugs that caused the #WIPE# command included in the anti-theft component to operate incorrectly have been fixed. (The #WIPE# command is used to restore factory settings and delete all SD card data.). This issue concerned devices running Android versions 2.2 and 2.3. Also fixed was a bug that caused multiple SMS reports to be sent upon entering #SIGNAL# (the action that remotely locks a phone with the Anti-theft feature and activates a special audio signal). In addition, users who have forgotten their Anti-theft passwords can now unlock their mobile devices using Device ID; this feature applies to devices with no IMEI codes.

Among other issues eliminated were the causes of the program crashes that sometimes occurred during blacklist editing.

In the version of Dr.Web for Android that is installed from the Doctor Web site, the Mode display in the anti-virus settings was fixed.

Also, several improvements were made to the updated program interface.

The update concernes users who have installed the anti-virus from the Doctor Web site and all alternative resources with the exception of Android Market. For users of Google Online Store, this update took place in December 2011.

In order to carry out an update via the Doctor Web site, download a new distribution file.

Dr.Web plugin for MS Outlook updated

Thu, 12 Jan 2012 00:00:00 GMT

January 12, 2012

Doctor Web announced an update for the MS Outlook plugin incorporated into single-user products of the Dr.Web 7.0 series for Windows.

The update fixed causes of incorrect message subject modification, where a message became marked as ***SPAM***.

The update will be downloaded and installed automatically.

Dr.Web for Windows File Servers Updated

Wed, 11 Jan 2012 00:00:00 GMT

January 11, 2012

Doctor Web has updated the Scanning Engine service in the sixth version of the Dr.Web for Windows file servers incorporated into Dr.Web Server Security Suite.

The update fixes issues that caused the module to crash on some systems. Bugs which in some cases led to repeated scanning of the same file on the disk were also fixed.

The update will be automatically downloaded by the anti-viruses but applying the update will require a system reboot.

Dr.Web AV-Desk 6.0 Upgraded

Wed, 11 Jan 2012 15:18:59 GMT

January 11, 2012

Doctor Web announced an update for the GUI scanner and language resources incorporated into the Dr.Web AV-Desk 6.0 Internet service.

The updated GUI scanner should properly handle paths containing non-Latin characters. Also, possible causes of OS crashes when scanning have been eliminated.

The update will be downloaded and installed automatically.

Dr.Web CureNet! updated

Tue, 27 Dec 2011 00:00:00 GMT

December 27, 2011

Doctor Web has updated its Dr.Web CureNet!. solution for centralized anti-virus scanning for personal computers and file servers.

The utility's got the new Dr.Web Virus-Finding Engine 7.0. It will boost scan speed, ensure the flexible use of computing resources, and increase the reliability of protection against new threats. Please, note that that the engine 7.0 was released for single-user Dr.Web products for Windows on December 12.

Additionally,a scanner issue that might cause abnormal system termination while scanning has been resolved.

To use an updated version of Dr.Web CureNet!, download the utility from .drweb-curenet.com.

Android.Arspam.1 distributes political spam

Mon, 26 Dec 2011 00:00:00 GMT

December 26, 2011

Doctor Web—a Russian developer of IT security software—warns users of a new threat to mobile devices running the operating system Google Android. The malicious program discovered earlier by another anti-virus vendor has been added into the Dr.Web virus databases as Android.Arspam.1. The Trojan horse is designed to perform unauthorised massive SMS sending.

Android.Arspam.1 is embedded into the legitimate application AlSalah that works as a compass and helps Muslims determine the distance and direction to Ka'ba. The application also displays the current date and calculates salah timings. It should be noted that the application available in the Android Market does not carry any malicious payload, while a similar program distributed via Arab-speaking forums, as a rule, contains the Trojan horse. In other words, intruders added malicious features to AlSalah to perform their malicious tasks.

When launched on an infected device, Android.Arspam.1 creates and registers the com.awake.alArabiyyah service which will start with the operating system. Then the Trojan horse collects contact information found on the device and sends short messages containing links to forum posts, devoted to widely publicized events in the Middle East, particularly, to the Tunisian revolution, at each contact number. The posts contain photos of Mohamed Bouazizi who set himself on fire on December 17 2010—the event that triggered uprisings in many Arab countries. The list of links is contained in the Trojan horse code. In addition, if the SIM card is registered in Bahrain, the Trojan horse downloads a PDF-document containing Bahrain Independent Commission report on human rights violations in this country.

Android.Arspam.1 is the first known to date Trojan horse for mobile devices that sends out short messages related to politics. Despite its fairly primitive implementation, we should note a very sound approach to the choice of an application to make sure that messages sent by the Trojan horse will reach their target audience. Besides, since Android.Arspam.1 already can download files from remote hosts, in the nearest future we may expect new, more sophisticated modifications capable of retrieving configuration files or link lists that will be used to send short messages. The program may also evolve into a spam bot that will be used to create botnets. However, this may or may not happen in the future: to date, Dr.Web for Android Anti-virus+Anti-spam and Dr.Web for Android Light users are well protected against this threat.

Upgraded Dr.Web CureIt! supports enhanced and automatic scanning

Mon, 26 Dec 2011 00:00:00 GMT

December 26, 2011

Doctor Web—a Russian developer of IT security software—has updated free and commercial versions of its Dr.Web CureIt! utility. The updated utility collects and sends non-identifying statistics to Doctor Web's analytical laboratory. Also, users no longer need to fill out an application before downloading the utility.

Now all people running Dr.Web CureIt! can participate in collecting useful statistics and help Doctor Web analyse overall anti-virus security situation and improve Dr.Web detection and curing algorithms even more promptly. It should be noted that data collected by Doctor Web's analytical laboratory doesn't include information that may in any way help identify the user. The utility only sends scanning statistics and information about the current system configuration to the laboratory. This feature is always enabled in the free Dr.Web CureIt!, but won't work for certain locales. If available and used, a corresponding warning is displayed to the user. With the commercial version you may choose to send statistics to Doctor Web.

In addition, the free version of Dr.Web CureIt! can now be launched only under an administrator account. The commercial version may be run under other accounts.

Also, the commercial version supports the automatic scanning mode: When launched from the command line with the /go option, the scanner immediately starts checking the system without any further user actions. Additionally, the commercial version features the enhanced scanning mode for neutralization of Windows blockers. This scanning mode has been tested in the free version of the utility earlier.

Both Dr.Web CureIt! versions are available on Doctor Web's site.

Updating module with fixed errors for Dr.Web 7.0 for Windows released

Mon, 26 Dec 2011 00:00:00 GMT

December 26, 2011

Doctor Web has upgraded Dr.Web Updater in the personal 7.0 products for Windows: Dr.Web anti-virus and Dr.Web Security Space.

The update resolves an issue related to automatic license renewal.

The update will be downloaded and installed automatically.

Dr.Web Anti-rootkit Service in single-user Dr.Web 7.0 products for Windows updated

Thu, 22 Dec 2011 00:00:00 GMT

December 22, 2011

Doctor Web has upgraded the Dr.Web Anti-rootkit Service in the personal 7.0 products for Windows: Dr.Web anti-virus and Dr.Web Security Space.

The updates resolves the issue that might result in abnormal termination of Windows.

The update will be downloaded and installed automatically.

Long-awaited Dr.Web for Microsoft ISA Server and Forefront TMG beta

Wed, 21 Dec 2011 01:00:00 GMT

December 21, 2011

Doctor Web—a Russian anti-virus vendor—launches beta-testing of its Dr.Web for Microsoft ISA Server and Forefront TMG.

The application protects corporate networks from viruses and spam. It detects and removes all types of malicious software in the data stream passing through Microsoft ISA Server and Forefront TMG via HTTP, FTP, SMTP and POP3. The Dr.Web Anti-virus operates on the Dr.Web CMS platform (Dr.Web Central Management Service), which supports the central configuration of application settings and components.

Doctor Web welcomes all users willing to participate in Dr.Web for Microsoft ISA Server and Forefront TMG beta-testing.

Scanner for single-user Dr.Web products 6.0 for Windows updated

Wed, 21 Dec 2011 00:00:00 GMT

December 21, 2011

Doctor Web has updated the GUI-controlled Scanner in single-user Dr.Web products series 6.0 for Windows.

The updates resolves the issue that might result in abnormal termination of Windows.

The update will be downloaded and installed automatically.

The updated scanner has also been incorporated into Dr.Web CureIt! and Dr.Web CureNet!. To use the updated Dr.Web CureIt!, download the new distribution, to update Dr.Web CureNet!, launch the updater.

Anti-virus engine in Dr.Web for Unix updated

Thu, 15 Dec 2011 01:00:00 GMT

December 15, 2011

Doctor Web—a Russian developer of IT security software—announced that the new Dr.Web Virus-Finding Engine and virus databases have been incorporated into Dr.Web for Unix and Dr.Web for Mac OS X. The engine 7.0 will dramatically increase the scanning speed, provide a flexible use of computer resources and increase the reliability of protection against new threats in HTML, JavaScript and PDF.

Note that on December 12, the new engine was released for single-user Dr.Web for Windows products. From now own it is available to everyone running Dr.Web under Linux, FreeBSD and Solaris.

The engine update has affected a number of software products: Dr.Web anti-virus for Linux, Dr.Web for mail servers and Internet gateways Unix, Dr.Web for Unix file servers (Samba) and Novell Storage Services, Dr.Web for Mac OS X, Dr.Web for Mac OS X Server, Dr.Web for Kerio mail servers (Linux-version), Dr.Web for IBM Lotus Domino (Linux-version), as well as Dr.Web LiveCD and Dr.Web LiveUSB.

The update will be downloaded and installed automatically.

Updating module in single-user Dr.Web products for Windows upgraded

Thu, 15 Dec 2011 00:00:00 GMT

December 15, 2011

Doctor Web has upgraded Dr.Web Updater in the personal 7.0 products for Windows: Dr.Web anti-virus and Dr.Web Security Space.

An issue that in certain situations damaqged the configuration file has been resolved.

The update will be downloaded and installed automatically.