Jump to content


Photo

AntiVirus Pro


  • This topic is locked This topic is locked
1 reply to this topic

#1 LoneRegister

LoneRegister
  • Members
  • 17 posts

Posted 18 January 2010 - 01:10 PM

We're getting hit by AntiVirus pro, which is a known malware/spyware package that get's delivered via websites.We'd like information on this malware/spyware so that we can properly block it via the Barracuda 310 web filter.There is a video on Youtube - amoungst many - that describes what I am talking about effectively.http://www.youtube.com/watch?v=7EHGdG_vggIThank you,Kevin

#2 Dave Michmerhuizen

Dave Michmerhuizen
  • Barracuda Team Members
  • 11 posts

Posted 18 January 2010 - 07:51 PM

We found this particular threat was being delivered via a so-far unknown website named upmostly.com which was likely reached by way of malicious email or advertisement. This website presented the browser with a set of activex and pdf exploits which, in our test environments, ultimately resulted in an infection by windows-antivirus.net. These malicious domains are constantly created and we have a number of methods for detecting them and blocking them as soon as possible. Unfortunately our customers sometimes get to them before we do. We've added these to our block rules and are examining the registrants for affiliated domains. I strongly suggest making the upgrading of Adobe products within your organization a high priority. We see more and more attacks targeting their software. http://get.adobe.com/reader/ http://get.adobe.com/flashplayer/In addition, if possible we recommend you disable Adobe Javascript support within Adobe Reader. Open Adobe Reader, click: Edit -> preferences -> JavaScript and uncheck Enable Acrobat JavaScript