Group items tagged

Malware writers seem to be targeting the Task Manager with increasing frequency. McAfee's Avert Labs wrote in its blog yesterday of the discovery of a new Trojan it dubbed QTaskMgr-1, which crawls into the registry and disables the Task Manager, Windows Update and Internet Explorer tool bars. Hitting Ctrl+Alt+Del will activate the Windows Security menu, but all functions including Change Password and Lock Computer are disabled.

In reviewing several security articles and blogs about malware characteristics and workarounds, I see a recurring piece of advice: Don't click on any popup or dialog window; instead use the Windows Task Manager to end offending processes. It's good advice, since malware writers-particularly those spreading scareware or bogus applications designed to trick computer users into buying useless security software-are gaming the dialog windows. Users are often presented with the typical option, such as "do you wish to proceed? Yes/No." Hitting either button or even the "X" window closing button will initiate a background process as if the user agreed. Using the Task Manager is the safe way of disabling these processes to allow the anti-virus software to scan and remove the offending code. Or so we think. Malware writers seem to be targeting the Task Manager with increasing frequency. McAfee's Avert Labs wrote in its blog yesterday of the discovery of a new Trojan it dubbed QTaskMgr-1, which crawls into the registry and disables the Task Manager, Windows Update and Internet Explorer tool bars. Hitting Ctrl+Alt+Del will activate the Windows Security menu, but all functions including Change Password and Lock Computer are disabled.

As such, I've frequently advised small business owners to avoid banking on Windows systems, since all of the malicious software currently being used by these criminals to steal e-banking credentials simply fails to run on anything other than Windows. What's more, the tools these crooks are using - mainly the Zeus Trojan - almost always outpace anti-virus detection at least by a few days, and by then it's usually too late.

[A]ddressing Stuxnet goes beyond using quality security controls, said Mark Weatherford, vice president and chief security officer at NERC. The industry, he said, needs to demand higher quality software that is free from defects. "This is not an indictment on [the] control system industry; it's an indictment on the IT business in general," Weatherford said. "We're still seeing products that come out that are susceptible to vulnerabilities that quite frankly have been in the wild for quite some time."