New variant of mebroot detected as vendors criticised for failing to react to threat

3 June 2009 | SC Magazine UK by Dan Raywood

Security vendors have been criticised for failing to react to the MBR rootkit and offer protection against it. Prevx malware technology specialist Marco Giuliani claimed in his blog that in the two months since a new variant of the MBR rootkit was detected and isolated there has been hardly any response. Giuliani said: “Unfortunately only a couple of security vendors and independent researchers implemented a working detector for it. This is not good, especially if we are talking about the same threat that has infected tens of thousands of PC around the globe last year, stealing password, bank accounts and personal information. “Actually, as written in one of my previous posts, first version of MBR rootkit could have still been used with a large success by its creators. (Comments by Prevx)

Software crack site hides malware repository

2 June 2009 | SC Magazine by Chuck Miller

A website found by a security research organization serves malicious files to people who are looking for cracks to software applications. “The website supposedly offers a wide collection of cracks for different applications,” said Joseph Pacamarra, threats analyst for TrendLabs, in a blog post. “However, attempting to download any of these files will always lead to the same page.” When a user clicks on a program in the list of supposedly pirated software, they get a download link that in the background transfers a .zip file containing two files, both of which are malicious trojans. The .zip file is actually hosted on another domain, where more trouble awaits.

ITWEB: Cybercrooks target YouTube

3 June 2009 | IT Web

Up to 4 900 videos on YouTube contain links that point to a Web page designed to download malware, says Panda Security. Cyber criminals have latched onto YouTube to distribute malware by adding comments and a link in an attempt to lure unsuspecting users onto a malware-infected Web site.  “The comments are normally suggestive, claiming the link will take users to a legal Web page with pornographic content,” says Jeremy Matthews, head of Panda’s sub-Saharan operations. “However, when users click the link, they are taken to a page that spoofs the original and which is really designed to download malware. On this page, users will be prompted to download a file in order to be able to view the video. If they take the bait, users will really be downloading a copy of the Privacy Centre fake anti-virus.” (Comments by Panda)

Gumblar Attacks Dying Off

3 June 2009 | Security Watch

Several weeks ago Mary Landesman at ScanSafe began blogging about Gumblar, a series of attacks against web sites, inducing them to serve interesting malware to clients. Gumblar is apparently unrelated to the other recent reports of tens of thousands of compromised web sites. The client malware is not your average malware: it sits in the browser process and looks for Google searches, substituting malicious ones for the legit ones. It also looks for FTP credentials, which appears to be the way it compromises web sites. Nothing was wrong on Google’s end; the malicious activities all occurred on client PCs and 3rd party web servers. It was a nasty set of attacks, but it appears that the sites involved in it, including their nameservers, are being shut down. Landesman, who probably deserves some credit for this, reports that ScanSafe is seeing ever-diminishing traffic from these sources.

Scammers using search optimization on Twitter, Google

2 June 2009 | CNET by Elinor Mills

Online scammers are targeting people looking for popular topics on Twitter and Google to lure them to Web sites that display fake security warnings and try to sell them antivirus products, PandaLabs said on Wednesday. This technique isn’t new, but seems to be widening on Google and is particularly successful on Twitter where links are spread fast and furiously and people often don’t think before they click. In the Twitter scam, hundreds of fake accounts have been posting tweets that reference the band Phish, which has a cult-like following, according to a PandaLabs blog. There were so many of the tweets, which say “PhishTube Broadcast,” that the term showed up in the Trending Topics list. The tweets contain links that eventually lead to spoof porn pages that infect victims with the fake antivirus malware if they click anywhere on the page, PandaLabs said. (Comments by Panda)

Bank of America certificate scam propgating Waledac, Virut

2 June 2009 | SC Magazine US by Angela Moscaritolo

A new spam campaign disguised as a Bank of America email telling users they need to update their digital certificate is attempting to lure users into installing the Waledac worm. The messages, which first started being detected this past weekend, seemingly come from Bank of America, and tell users, “The digital certificate for your Bank of America direct online account has expired. You need to update the certificate using Bank of America direct digital certificate updating procedure” (see photo below). Recipients are then instructed to click on a link and follow the given instructions, Phil Hay, lead threat analyst at web and email security firm Marshal8e6 told SCMagazineUS.com in an email Monday. The spam originates from the Pushdo botnet, which has been active in similar malicious phishing attacks, Hay said.

Twitter Hit with Fake Security Software Scam

1 June 2009 | eWeek by Brian Prince

Twitter has been hit with a scam that tries to rope users into buying bogus security software. According to Kaspersky Lab, Twitter users who were tricked into clicking on a link in a tweet were taken to a site that attempted to download the scareware. Researchers at Kaspersky Lab have uncovered what may be the first attempt by attackers to use Twitter for scareware scams.  The attack begins with a tweet with the message “Best Video” laced with a malicious link. Those tricked into clicking the link find themselves on a rogue site with a YouTube video. Once on the site however, users are hit with a malicious PDF file via a hidden IFRAME. The PDF file hosts several different exploits targeting known bugs. If the user’s computer is vulnerable to any, the malware installs bogus security software.  (Kaspersky)

Plague of web bugs descend on British sites

1 June 2009 | The Register by Dan Goodin

It’s been a busy week for high-profile web vulnerabilities, with discoveries of careless bugs on the sites of three British companies. Online banking sites for HSBC and Barclays Group and the website for The Telegraph were caught with their pants down, as hackers published screenshots and other details that showed all three were susceptible to attacks that could compromise the security of people who visit the properties. The XSS, or cross-site scripting, errors on HSBC were still present on a variety of HSBC sites on Monday afternoon California time, some 48 hours after the XSSed blog first reported them. The bugs allowed attackers to inject java-script and content into HSBC websites simply by tricking a user into clicking on a specially manipulated web address.

Gumblar attacks worse than Conficker, experts warn

29 May 2009 | CNET News by Elinor Mills

The website compromise attack known as Gumblar has added new domain names that are downloading malware onto unsuspecting computers, stealing FTP credentials to compromise more sites, and tampering with web traffic, a security firm said on Thursday. The Gumblar attack started in March with websites being compromised and attack code hidden on them. Originally, the malware downloaded onto computers accessing those sites came from the gumblar.cn domain, a Chinese domain associated with Russian and Latvian IP addresses that were delivering code from servers in the UK, ScanSafe said last week. As website operators cleaned up their sites, the attackers replaced the original malicious code with dynamically generated and obfuscated java-script, making it difficult for security tools to identify. (Comments by ScanSafe)

PS-pwning infections hits 30 000 legit websites

30 May 2009 | The Register by Dan Goodin

A nasty infection that attempts to install a potent malware cocktail on the machines of end users has spread to about 30,000 websites run by businesses, government agencies and other organizations, researchers warned Friday. The infection sneaks malicious java-script onto the front page of websites, most likely by exploiting a common application that leads to a SQL injection, said Stephan Chenette, manager for security research at security firm Websense. The injected code is designed to look like a Google Analytics script, and it uses obfuscated java-script, so it is hard to spot. The malicious payload silently redirects visitors of infected sites to servers that analyze the end-user PC. Based on the results, it attempts to exploit one or more of about 10 different unpatched vulnerabilities on the visitor’s machine. If none exist, the webserver delivers a popup window that claims the PC is infected in an attempt to trick the person into installing rogue anti-virus software.

Katrina Kaif screensaver can bring virus in your computer: McAfee Report

31 May 2009 | Khabrein.Info

Katrina Kaif screensaver can bring virus in your computer: McAfee report. Be careful while uploading a free Katrina Kaif screensaver or any other hot star that you love and admire. A virus or Trojan may be waiting to attack your computer in the garb of the screensaver. A McAfee report says that virus and Trojans attack computer mostly with free thing that are available on the net. It may be a free misuc, free video or free screen saver. McAfee is an antivirus software and computer security company headquartered in Santa Clara, California. It markets McAfee VirusScan and related security products and services, including the IntruShield, Entercept, and Foundstone brands. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee.

FBI e-mail clobbered after virus

29 May 2009 | Computer World by Robert McMillan

A virus has reportedly disrupted Web-based e-mail services at the FBI. The FBI confirmed today that it had been forced to shut down its Internet-facing unclassified network, but disputed a report that the incident had left the agency unable to e-mail counterparts in other intelligence and law enforcement agencies. “The external, unclassified network was shut down by the FBI as a precautionary measure,” the FBI said in a statement. “Within 48 hours of identifying the issue and mitigating risks, e-mail traffic was largely restored to the external, unclassified network.” FBI agents can send e-mail on the agency’s more secure internal network or via BlackBerry, but many use this unclassified network to send messages via a Web-based e-mail system, said a source familiar with the situation.

Hacks and Website Attacks

Hacked version of Windows 7 in circulation 31 May 2009 | Earth Times

Hackers exploit unpatched Windows bug 29 May 2009 | Computer World by Gregg Keizer

40 000 sites hit by PC pwning hack attack 2 June 2009 | The Register by Dan Goodin

Beladen Loads Hacked Web Sites with Badness 2 June 2009 | Washington Post by Brian Krebs

Hacker disrupts economy of annoying Twitter-based game 3 June 2009 | The Register by John Leyden

Anti-U.S Hackers Infiltrate Army Servers 28 May 2009 | Information Week by Paul McDouggall

Phishing Scams

CommBank cops sustained online fraud attack

2 June 209 | The Age by Asher Moses

Commonwealth Bank customers are being inundated with phishing attacks, some at a rate of several scam emails a day, sent by cyber criminals seeking to steal passwords and credit card details. The scammers, who are specifically targeting the bank in a sustained assault, are bombarding customers with several clever variations of the email ruse – such as using bogus call centres – in an attempt to hook even tech-savvy web users. The emails have largely managed to evade spam filters using methods such as images instead of text. Commonwealth Bank spokesman Steve Batten said the bank was working closely with the Australian Federal Police’s Australian High Tech Crime Centre to track down the scammers. However, the bank appears to be losing the war.

Fake Outlook config scam aims to harvest logins

3 June 2009 | The Register by John Leyden

Cybercrooks have come up with a new way to trick prospective marks into handing over login credentials or installing fake security (scareware) packages. The first of two similar batches of scam emails doing the rounds claim that users have a new message in Microsoft Outlook – which can supposedly only be seen after users reconfigure their settings. This might sound technically tricky but the dubious emails come complete with a handy link, which serves only to hand over email settings to internet hackers. Graham Cluley, senior technology consultant at Sophos, explained that earlier versions of the scam emails appeared to be geared towards harvesting email login credentials. (Sophos) Related News: New Phish Attempt Asks you for Your Server (2 June 2009 | PC Magazine by Larry Seltzer)

Industry News

Obama’s Cybersecurity Initiative Wins Praise

30 May 2009 | IDG News Services by Grant Gross

U.S. President Barack Obama’s announcement Friday of a new cybersecurity push by the U.S. government won widespread praise from the technology industry, with many people saying his attention to the issue is a major step toward better securing the nation’s computer networks. Obama’s announcement and an accompanying cybersecurity report largely contained ideas long called for by various cybersecurity experts, but the largest benefit of Friday’s announcement was that Obama lent his name to the fight against cybercrime, said Larry Clinton, president of the Internet Security Alliance, a trade group focused on cybersecurity. “A lot of the things that were discussed this morning have been said before, but it is a very big deal when the president says them,” Clinton said. Related News: Cybersecurity is broader than critical infrastructure (30 May 2009 | David Lacey’s IT Security Blog) PROMISES, PROMISES: Battle cyber turf wars (29 May 2009 | AP by Lolita C Baldor) Fed Video on Cybersecurity States the Obvious (31 May 2009 | Channel Insider by Lawrence Walsh) Obama creates top job for guarding online security (29 May 2009 | CNN) Obama: Hackers accessed campaign files in 2008 (28 May 2009 | CNET News by Stephanie Condon) Contractors Vie for Plum Work, Hacking for the United States (30 May 2009 | New York Times by Christopher Drew and John Markoff) Pentagon Plans New Arm to Wage Cyberspace Wars (28 May 2009 | NY Times by David E Sanger & Thom Shanker) Is the hacking Threat to National Security Overblown? (3 June 2009 | Wire.com by Ryan Single) WH cybersecurity plan needs private sector guidance (2 June 2009 | searchsecurity by Eric Ogren) What Obama’s Cybersecurity Plans Mean for Businesses (2 June 2009 | Dark Reading by Kelly Higgins) US cyber-security made ‘shovel ready’ (1 June 2009 | Techworld by John E Dunn) UK chases Obama on cybersecurity (1 June 2009 | The Register by Chris Williams)

Google rates Gumblar distribution URL as top malware site

4 June 2009 | SC Magazine US by Angela Moscaritolo

The URL hosting the Gumblar attack, which has compromised thousands of legitimate websites with code that silently redirects users to a single Chinese domain, heads its list of Top 10 malware sites, according to Google.  Google sorted its rankings based on the number of compromised sites that reference some 4,000 different domains used by cybercriminals to ultimately distribute malware, according to a post on the Google Online Security Blog Wednesday.  Of those 4,000 domains, Gumblar.cn came out on top, with approximately 60,000 infected sites referencing as of Tuesday, Niels Provos, an engineer on Google’s security team, told SCMagazineUS.com in an email Thursday. That URL was followed by Martuz.cn, which has been referenced by about 35,000 sites. Google said that of the 4,000 domains, about 1,400 were hosted in the .cn top-level domain.

Microsoft plans 10 security updates, fixing IE, Word, Excel vulnerabilities

4 June 2009 | Search Security by Robert Westerfelt

Microsoft plans to release 10 security bulletins as part of its Patch Tuesday update cycle next week, including critical updates affecting Internet Explorer, Word, Excel and Office. On Thursday in a June advance notification on Microsoft’s TechNet site, the software giant said six of the 10 security bulletins are rated critical. The Patch Tuesday release will not include a Microsoft security fix addressing a DirectShow vulnerability being actively targeted in the wild. Microsoft said it would release a fix either next month or in an out of band release. “Our security teams are working hard on a security update that addresses this issue to protect customers, but we do not yet have an update that has reached the appropriate level of quality for broad distribution,” Christopher Budd, Microsoft security response communications lead said in a statement.

Stolen FTP credentials likely in massive website attacks

3 June 2009 | SearchSecurity by Robert Westerfelt

Stolen FTP credentials are suspected as the root cause of a massive attack compromising over 40,000 websites. Attackers have targeted legitimate websites in the latest wave, and so far researchers at security vendor Websense Inc. say it isn’t likely that SQL injection, cross-site scripting or other website vulnerabilities are to blame. Instead, the attackers are easily injecting malicious java-script code into sites by logging in with stolen usernames and passwords. “Across the board, none of the sites that we’ve seen compromised are running some common piece of vulnerable software,” said Stephen Chenette, manager of security research at Websense. It’s the second time in less than a month that attackers used stolen FTP credentials to successfully pull off a large scale attack. (Symantec. Comments by Websense)

Twitter Trends exploited to promote scareware *

4 June 2009 | The Register by John Leyden

Hackers are manipulating a hot topics feature of Twitter to promote malware-infected websites. The gaming of the Twitter Trends feature recalls the manipulation of Google search results using black-hat search engine optimisation techniques. In the case of the Twitter attack, cyber-criminals created hundreds of accounts and posted multiple messages under the topic “PhishTube Broadcast”, a reference to the US rock band Phish, but containing links to a spoof pornographic Web page. The topic appeared in the Trending Topic list, achieving greater visibility and therefore more user traffic to comments made under that category. Users intrigued enough to visit the supposed websites promoted through the Twitter social-engineering ruse risk exposure to the PrivacyCenter fake antivirus (scareware) package. Related News: Hackers tweet, infect Twitter users with scareware (1 June 2009 | Computer World by Gregg Keizer)

Brit’s Facebook & amp, Twitter use dwarfed by US
3 June 2009 | PC Advisor by Carrie Ann Skinner

Brits spend less time social networking than their US counterparts, says OfficeMetrics. According to the research company, on average, Brits spent 44 minutes a week on sites such as Facebook, MySpace and Twitter in April 2009, compared to Americans who spent over two hours and 20 minutes on the sites. That’s three times more than UK-based social networkers. “Only a small percentage of users are spending excessive time social networking in the office,” said Jon Mulligan, managing director of OfficeMetrics. “Blocking these sites in the workplace is certainly not the answer as this can result in a further lowering of morale and can impede collaboration and creativity and can reduce productivity.”

Malware allows criminals to control cash machines

4 June 2009 | IT PRO by Asavin Wattanajantra

Malware found installed on cash machines can allow an attacker to take full control, according to a security vendor. Trustwave SpiderLabs analysed malware found on compromised ATMs running Windows XP in Eastern Europe. The malware allowed an attacker to takeover the ATM through a customised user interface, accessible by inserting controller cards into its card reader. This allowed an attacker to capture the magnetic stripe data and PIN codes necessary for fraud from the private memory space of transaction-processing applications. Although the researchers didn’t find networking functionality that could send the data to remote locations using the web, it did allow card data to be recorded using the receipt printer or a storage device.

Insurance giant coughs at malware-related data breach

3 June 2009 | The Register by John Leyden

The US arm of insurance giant Aviva has blamed a computer virus infection for the potential disclosure of sensitive personal information. Aviva (Norwich Union, before a recent rebranding) admitted the breach in a letter to the Attorney General of New Hampshire, one of several states that maintain strict information security breach disclosure laws. Data potentially leaked included names, addresses and social security numbers. Approximately 550 records were involved. Aviva said it had removed the affected hardware from service. Workers whose login details were potentially disclosed by the breach have been issued with new credentials.

Cambridge hospital cleans up after mystery malware infection

3 June 2009 | The Register by John Leyden

An unnamed computer virus infection forced a UK hospital to temporarily shut down part of its network earlier this week An unspecified number of computers at Addenbrooke’s Hospital, Cambridge were hit by the malware. A spokesman explained that the hospital continued to operate normally while IT staff grappled with the infection. He stressed that patients were not affected by the incident, which was resolved in a matter of hours. Malware infections at hospitals in the UK are by no means unprecedented. Back in November, for example, computers at the three hospitals that are part of Barts and the London NHS Trust were taken offline following infection by the MyTob worm.

Examining Conficker: When a worm becomes a botnet

2 June 2009 | Search Security by Brian Sears

I recently read an article where two experts expressed different ideas of what Conficker represented. One expert argued that Conficker was clearly not a botnet, as it lacked some of the basic abilities typically found in botnets. While the other expert said Conficker indeed was a botnet, In the end they both agreed Conficker represented a significant threat. So what is Conficker? Well in the case of our two experts, they were both right and wrong. In my opinion, Conficker appears as a package or a mesh of several different threats, each one with its own purpose For example, the attacker has to find a way to deliver Conficker to its target. Delivery is performed via phishing emails, email attachments, spam and enticing websites. This represents the first component in the complete package. The second component is the delivery device; for Conficker it is in the form of a worm (W32.Downadup).

US company invents ‘Turning test’ to beat bots

3 June 2009 | IDG News Services by Jeremy Kirk

A US security company has come up with a technology it says can block automated programs responsible for perpetuating nuisances such as spam, fake email registrations and click fraud. The software, HumanPresent, essentially ferrets out, for example, whether a human is filling out a web-based form and stopping those actions that appear to come from automated programs, said Sanjay Sehgal, CEO of Pramana. Next month, Pramana expects to fully launch both a SaaS (software-as-a-service) offering and an appliance that monitor web applications for intrusions by bots, Sehgal said. Pramana’s software can be applied to web-based forms, whether they be email registrations, e-commerce transactions or detecting click fraud related to banner advertising.

Email service provider: ‘Hack into our CEO’s email, win $10k’

2 June 2009 | Zero Day by Dancho Danchev

A newly launched startup called StrongWebMail is aiming to add a new layer of secure authentication for its customers – phone verification prior to logging in and alert services for potential email compromises. The company is in fact so confident in its approach that it’s currently offering $10,000 reward to the person who breaks into the CEO’s email. To make things even easier, they have in fact provided his user name and password (CEO at StrongWebmail.com; Mustang85). The catch? Aspired participants would have to figure out a way to intercept the 3 digit PIN send over SMS/phone call required for logging in : “StrongWebmail.com is offering $10,000 to the first person that breaks into our CEO’s email account’

Australia in top 10 for phishing attacks *

2 June 2009 | Dynamic Business by Jessica Stanic

RSA’s Online Fraud Report for March/April 09 has revealed Australia is in the top 10 for hosted phishing attacks by country. The report found the total number of phishing attacks globally increased by 18 percent in February, representing an increase of 1,500 attacks. The number of hosted phishing attacks in Australia jumped up, placing us in the top 10 for country hosted attacks. The United States topped the list, hosting 43 percent of the world’s phishing attacks, while the United Kingdom ranked 2nd, hosting 17 percent of the world’s total attacks. Online fraud has evolved quite dramatically over the past couple of years, with hackers employing more sophisticated techniques to steal people’s information and infiltrate systems.

Once Crude, Phishing Attacks Grow More Sophisticated and Dangerous

3 June 2009 | CU Times by Marc Rapport

Untold numbers of computer users, perhaps in the millions, are sitting there right now sending out spam and participating in phishing attacks. And they don’t even know it. That’s because phishers and other fraudsters are once again taking a technology that can do so much good and twisting it for criminal use. In this case, it’s the computer-sharing technology that space scientists used to recruit thousands of people willing to donate their computers’ idle processing time to enormous calculations needed to understand the universe. They’re called botnets, and they’re planted by Trojans and other malware in personal computers around the world, turning them into spam-spewing zombies and helping to host attacks aimed at gathering account numbers and other information that can be used to drain banking accounts.

The 10 faces of computer malware

2 June 2009 | ZDNet Asia by Michael Kassner

The complexity of today’s IT environment makes it easy for computer malware to exist, even flourish. Being informed about what’s out there is a good first step to avoid problems. With all the different terms, definitions, and terminology, trying to figure out what’s what when it comes to computer malware can be difficult. To start things off, let’s define some key terms that will be used throughout the article: Malware: malicious software that’s specifically developed to infiltrate or cause damage to computer systems without the owners knowing or their permission. Malcode: malicious programming code that’s introduced during the development stage of a software application and is commonly referred to as the malware’s payload.

Security group calls for ‘report abuse’ button on web sites

1 June 2009 | VNUNet by David Neal

Web sites aimed at consumers should feature a ‘report abuse’ button as standard to alert firms to security problems on their own sites, according to the Information Security Awareness Forum (ISAF). The ISAF said that, while some web sites do feature a button which lets users offer feedback when they encounter a security issue, many do not. At the very least, sites should have a mechanism to report security issues, and links to external sites that provide targeted security advice. The ISAF today said that such an option should be included on all sites visited by consumers, including social networking, gaming and e-commerce sites. “The simplest routine might be to use a button or click entry which leads to a semi-standard ‘Security Advice’ page”

7m Brits illegally download *

1 June 2009 | PC Advisor by Carrie Ann Skinner

Around 7m Brits are using a file-sharing network once a week to illegally download music files, says the Strategic Advisory Board for Intellectual Property (SABIP). The board estimated that these downloads are costing the economy £12bn (US$19.4 billion) a year but said many of the downloaders were unsure that their actions were actually illegal. “This report gives us some baseline evidence from which we can develop a clear research strategy to support policy development in this fast moving area,” said Dame Lynne Brindley, a member of the SABIP. The SABIP’s report also recommended that consumers should be educated rather than prosecuted.

Spam Finds New Paths Into Corporate Nets *

1 June 2009 | Computer World by Robert McMillan

Unsolicited e-mail accounted for 90.4% of all messages received on corporate networks during April, an increase of 5.1% from a month earlier, according to a report released May 26 by Symantec Corp.’s MessageLabs Intelligence unit. The monthly MessageLabs report on threat trends also found that nearly 58% of all spam can be traced to botnets. Adam O’Donnell, a researcher at Cloudmark Inc., a provider of antispam tools, noted that in addition to using botnets, spammers in recent months have been experimenting with a new way to sneak unwanted email past corporate filters. Often, he said, a spammer will rent legitimate network services, often in an Eastern European country, and then blast a large amount of spam at the network of a specific ISP.

A guide to practicing safe clicks

30 May 2009 | Edmonton Journal

More money is spent by the aver-age consumer annually on computer antivirus software than on the PC’s operating system. If you are not one of them, you should be. Viruses, bots and sophisticated phishing scams online–plus unknowingly opening your PC to serious threats by even clicking on someone’s social network site–makes running an unprotected computer a high-risk affair. Deciding which security software to buy is a challenge. Many computer buyers end up staying with the security software their PC comes with after the free trial ends. That doesn’t have to be so.Simply uninstalling that software takes it off your PC, allowing you to choose what you want. A recent visit to local computer stores showed up to a dozen different security programs ranging from $29 to $79. All bragged about how good they were compared to the competition. (Symantec, McAfee, BitDefender, Kaspersky, Trend Micro and Panda Security)

The top 10 most dangerous internet search terms

29 May 2009 | Telegraph by Claudine Beaumont

Users surfing the web for song lyrics, free music tracks and screen savers are most at risk of accidentally downloading malicious software, a study has found. Many of the websites purporting to contain this content also harbour virus, Trojans and other malware, the computer security experts at McAfee found. As a result, many web users are unwittingly exposing themselves to dangerous content that could compromise their machine and even lead to hackers and cybercriminals gaining access to their personal information or banking login details. Among the most dangerous search terms were “free music downloads”, which carried a 20.7 per cent risk of exposing web users to malicious software, “game cheats”, which carried a 16.7 per cent risk, “word unscrambler”, which carried a 16.1 per cent risk, and “lyrics”, which carried a 14.8 per cent risk. (McAfee)

Microsoft to patch DirectX hole

29 May 2009 | CNET News by Elinor Mills

Microsoft on Thursday said it is working on a security patch for a vulnerability in its DirectX streaming media technology in Windows. The flaw could allow someone to take complete control of a computer using a maliciously crafted QuickTime file. The remote-code execution vulnerability exists in the way Microsoft DirectShow, audio and video sourcing and rendering software handles supported QuickTime format files, the company said. “Microsoft is aware of limited, active attacks that use this exploit code,” Microsoft’s security advisory said. “If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

U.S. cyber-spy report leaves czar role open

30 May 2009 | iTnews Australian by Susan Bartz

The White House report on cyber-spying to be released on Friday is business-friendly and privacy-conscious but leaves the tech community waiting anxiously for a hint of how powerful a new “cyberczar” may be, a cybersecurity expert who has read the draft said. The draft calls for a series of actions to be taken soon to secure Internet traffic, a critical part of the U.S. economy, said James Lewis, who is with the Center for Strategic and International Studies think tank. But a second source and Lewis said the draft does not say whether the lead agency in securing the Internet should be the National Security Agency (NSA), which does cyber-spying, or the Department of Homeland Security. Related News: ‘Czar’ to thwart cyber spies, hackers (30 May 2009 | Reuters by Stephen Collinson)

VMware fixes security bugs

29 May 2009 | SC Magazine US by Chuck Miller

VMware has released fixes for multiple vulnerabilities in several of its products, including VMware Workstation, Player, ACE, Server, Fusion, ESX and ESXi. One of the vulnerabilities was caused by an error in the VMware Descheduled Time Accounting driver, which could open a way for hackers to launch a denial-of-service attack in Windows-based virtual machines. Another vulnerability identified by VMware could have enabled an attacker to execute arbitrary code. — CAM

Gotcha!

FTC Shuts Down Notorious Rogue Internet Service Provider, 3FN Service Specialises in Hosting Spam-Spewing Botnets, Phishing Web Sites, Child Pornography and Other Illegal, Malicious Content

4 June 2009 | Federal Trade Commission

A rogue Internet Service Provider that recruits, knowingly hosts, and actively participates in the distribution of spam, child pornography, and other harmful electronic content has been shut down by a district court judge at the request of the Federal Trade Commission. The ISP’s upstream providers and data centers have disconnected its servers from the Internet. According to the FTC, the defendant, Pricewert LLC, which does business under a variety of names including 3FN and APS Telecom, actively recruits and colludes with criminals seeking to distribute illegal, malicious, and harmful electronic content including child pornography, spyware, viruses, trojan horses, phishing, botnet command and control servers, and pornography featuring violence, bestiality, and incest. The FTC alleges that the defendant advertised its services in the darkest corners of the Internet, including a forum established to facilitate communication between criminals.

Feds quiz former worker over Texas power plant hack

1 June 2009 | The Register by John Leyden

A former employee at a Texas power utility was arrested late last week over accusations he crippled its energy forecast system after launching a hacking attack. FBI agents made the arrest on Thursday after raiding the home of Dong Chul Shin, a former worker at Energy Future Holdings. EFH owns three Texas electricity generating outfits that run facilities including the Comanche Peak nuclear power plant. Dong was dismissed back in March over allegations he failed to pull his weight at work. Hours after the no-notice sacking, Dong’s VPN access account (which was left active) was allegedly used to log into the corporate intranet before modifying and deleting files. Proprietary company information was also transferred to a personal webmail account linked to Dong, investigators further allege.

Identity theft ring busted in New York

28 May 2009 | SC Magazine US by Chuck Miller

Using financial information purchased from crooked bank insiders, a ring of thieves compromised the checking accounts of nearly 350 New York-based corporations, religious institutions, hospitals and schools, as well as city and state government agencies, to steal millions of dollars, prosecutors said this week. In an indictment unsealed Wednesday, the District Attorney’s office charged 18 people, including alleged ringleaders Jasper Grayson, 25, and James Malloy, 26.  All were said to have been involved in operating an identity theft and bank fraud scheme that cashed more than a thousand counterfeit payroll checks, which were created to look exactly like those for the accounts of the victims, Manhattan District Attorney Robert Morgenthau said.

PC Tools Blogs

Software for youtubeview Moves to a New House at 65.110.50.141

3 June 2009 | ThreatFire Research Blog

We posted a couple of weeks ago on the continued success of a group in distributing FakeAv/Rogueware/Scareware. Please note that their downloaders have been moved to a new home at 65.110.50.141. There are multiple domains currently resolving to that ip managed by “Sago Networks”. One we know of currently serving softwarefortubeview.40019.exe executables is wile-exe.com. The move appears to have happened on June 1st. Avoid executables from that domain for now. The downloads appear to be committing some sort of click fraud, although they have been known to pop fake alerts to move FakeAv software, see here, here and here.

Undetected Autorun/Injector Variant on the Loose

2 June 2009 | ThreatFire Research Blog

A new variant of an Autorun worm is on the loose, probably created by another childish and angry ex-lover. The little multithreaded beast injects into windows explorer, and attempts to communicate with one of several Irc servers at June.IRCdevils.net, June.helldark.biz, and June.a7aneek.net with a “VirUS/Virus” user/pass and a “VirUS-randstring” nick. We noticed it this morning on multiple machines, and it seems to be spreading. The worm injects itself into the Windows explorer shell, and from there attempts to update multiple locations in the registry and removable drives like usb sticks with SETUP\DATA\June.exe.

Cyberspace Policy Review

29 May 2009 | ThreatFire Research Blog

If you’re looking for the 60-page cybersecurity policy review that President Barack Obama discussed this morning, you can find it here. Considering that AlephOne’s article on “Smashing the Stack for Fun and Profit” was released in 1996, Iloveyou in 2000, CodeRed in 2001, the Slammer worm in 2003, the Witty worm event in 2004, the thousands of system intrusions and compromises since (reported and unreported), and the list goes on, the review seems around fifteen years late on delivery. But better late than never. It addresses badly needed subjects and planning in thoughtful and creative ways. Some of the document is predictably clumsy.

Tags: Computer Secutiry, Computer Secutiry News, Spyware, Spyware News

Pdf Reader Oday Published

Another Acrobat Reader 0day PoC has been posted, this time targeting a boundary condition error (longhand for buffer overflow here) in the vulnerable 'getAnnots()' java-script function. We haven't seen any ITW malcode targeting Windows versions of Reader, but based on past experience, ThreatFire will prevent exploits targeting this vulnerability when they arrive within a week or so.

Swine Flu and Canadian Pharmacies

Not surprisingly, spammers are taking advantage of the current swine flu news topic to link to the very same Waledac-style Canadian pharmacy sites that we have presented in previous posts. This news event campaigning is reminscent of the Storm-cum-Waledac groups' efforts over the past couple of years. Nothing new, nothing ancient here. We have not seen any client side exploit sites set up for this event just yet and speculate that the Waledac group's botnet has reached an economy of scale.

LuckySpoilt Links Sent over Gaming Collaboration Clients

Bruce Schneier on Conficker

At the RSA Conference in San Francisco, Bruce Schneier opined on the media sensation that Conficker became. According to Iain Thompson, Schneier said that "it was a classic example of how the mainstream news media misunderstood the threat from malware and used it to make news to the detriment of security…such cases may have helped vendors sell more security products but in some ways they made the situation worse, since people became inured to virus stories and this might lead them to ignore future warnings." Here is a case where the old excuse "if it raises awareness, it must be a good thing" is wearing thin.

New security woe hits Adobe

Reports are emerging that Adobe's PDF Reader contains a critical vulnerability, and the company has confirmed it is investigating. According to SecurityFocus, the most up-to-date versions, Reader 9.1 and Reader 8.1.4, are vulnerable. The Linux versions definitely have the bug, and other platforms – Adobe also provides Reader for Windows and the Mac – may be at risk as well. For its part, Adobe's acknowledgement was brief. Related News: Adobe users imperiled by critical Reader flaw (28 April 2009 | The Register by Dan Goodin)

Scammers, Spammers Embrace Swine Flu News

There's something vaguely diabolical about a form of unwanted communication named after a brand of canned, chopped pork that piggybacks on a public health scare involving a flu strain derived from swine. Yes, you guessed it: Spammers have seized upon public awareness around the Swine Flu epidemic to hawk knockoff prescription drugs. And we're not talking about flu vaccines, either. (Comments by McAfee, F-Secure) Related News: Spammers jump on swine flu bandwagon (27 April 2009 | Web User) Spammers size on swine flu to pitch bogus meds (27 April 2009 | Computer World by Gregg Keizer) Swine Flu Scam Site May Evolve Into Malware (27 April 2009 | PC Magazine by Larry Seltzer) Phishing with Swine Flu as bait (28 April 2009 | CNET News by Elinor Mills) Spammers capitalise on Swine flu crisis (28 April 2009 | PC Advisor by Carrie Ann Skinner) Spam- now with added swine flu! (30 April 2009 | PC Authority)

Infosecurity 2009: Flaw in https blows hole in ecommerce security

New CAPTCHA worm breaking Google’s defences

A new worm has been discovered, which a security company claims can break Google’s CAPTCHA to create Gmail accounts for spamming. Vietnamese company Bach Koa Internetwork Security (BKIS) has called the worm ‘W.32.Gaptcha.Worm’ and says it is able to break Google’s CAPTCHA defences. CAPTCHA (Completely Automated Public Turing Test to tell Computers and Humans Apart) is a defence used by email providers, which tries to ensure that computers are not automatically signing up for email accounts. Related News: Worm solves Gmaiil’s CAPTCHA, creates fake accounts (24 April 2009 | IDG News Services by Jeremy Kirk)

Fresh Waledac Variant Promoting SMS Spying Software

Conficker worm slowly begins its attack

Conficker is slowly being activated, quietly creating a botnet out of infected computers to send spam and install spyware, security experts have claimed, weeks after a 1 April countdown in the worm worried millions. The worm started spreading late last year, infecting millions of computers and turning them into "slaves" that respond to commands sent from a remote server. Its unidentified creators started using those machines for criminal purposes in recent weeks by loading more malicious software onto a small percentage of computers under their control. (Comments by Symantec, Trend Micro) Related News: Conficker activates, starts sending spam (25 April 2009 | Yahoo! Tech by Christopher Null)

Researchers Warn of Nasty Trojan

Atlus.com Hacked, Embedded with Trojan

Blunkett warns of cyber terrorist threat

Hack Against ISP Hijacks Bank, Google Adsense

Hackers hijacked a major Brazilian ISP this month in a sophisticated attack that silently served up malicious software and phishing scams to more than a million customers. According to Brazilian news outlet Globo.com, unknown attackers hijacked the domain name system (DNS) records for NET Virtua, a broadband provider that serves at least 1.4 million customers in the region. NET Virtua's DNS records reportedly were hijacked on April 11, so that customers who visited any site that ran Google Adsense content were redirected to a site.

Windows 7 RC Torrents May Hide Malware

The release candidate of Windows 7 is out. You can see out hands-on evaluation here. Of course, every time a major release like this comes out it gets leaked on to BitTorrent, the open peer-to-peer network, and that has happened with Windows 7 as well. But downloading and installing these copies of it is inadvisable if you believe the Neowin report that these torrents have been infected with a trojan horse. They show an Avast generic detection of a trojan. "Oh yeah, sure it's infected, they just want to trick us into not using it" you may be saying to yourself.

Salma Hayek’s email hacked

Cybercriminals have managed to hack into the email account of actress Salma Hayek.
Hayek, star of films such as From Dusk Till Dawn, had details of her communications leaked after hackers managed to reset the password on her MobileMe account.  They were able to reset the password by guessing the answer to her 'secret question' used to protect the account, according to reports.

Hacker: I Broke Into Twitter

For the second time this year, a hacker claims to have gained administrative access to a Twitter employee's account. On Wednesday, an anonymous hacker going by the name of Hacker Croll posted 13 screenshots to a French online discussion forum, apparently captured while logged into the Twitter account of Jason Goldman, a director of product management with Twitter According to the screenshots, Hacker Croll was able to access account information belonging to high-profile Twitter users such as Britney Spears and Ashton Kutcher.

Rigged Word docs exploit 2008 bug, says researchers

Attackers, probably based in China, are exploiting a December bug in Microsoft Word to hijack Windows PCs, Vietnamese security researchers warned today. According to Nguyen Minh Duc, manager of Hanoi-based Bach Khoa Internetwork Security's (BKIS) application security department, rigged Word documents have begun to circulate as e-mail attachments. The malformed .doc files exploit one of the eight Word flaws fixed by Microsoft in December 2008 as part of the company's biggest patch batch in five years.

Malware Compelled Franklin Savings Bank to Shutdown Website

Phishers hit Facebook with scam messages 29 April 2009 | Computer World by Robert McMillan

Facebook users were hit today with a phishing attack that tried to steal names and passwords from users of the popular social network. In the attack, people are sent phony e-mail messages, appearing to come from Facebook Inc., that try to send them to a malicious Web site, Fbaction.net, which looks like a Facebook log-in page. The Fbaction.net Web site was live this afternoon, but Facebook is working to blacklist the domain and hopes to have the site shut down, according to a Facebook spokesman. Related News: Facebook hit by phishing attacks for a second day (30 April 2009 | CNET News by Elinor Mills) Facebook Among Top Phished Websites (29 April 2009 | Washington Post by Brian Krebs)

‘Phishing’ using Bresnan latest scam 24 April 2009 | Fort Morgan Times by Dan Barker

Beware “Kmart Payments Department” Phishing Scam 30 April 2009 | Security Watch

Windows AutoRun gets a makeover to combat malware

In direct response to Conficker and an increased wave of malware attacks targeting the dangerous Windows AutoRun mechanism, Microsoft today announced significant changes to the way the operating system operates when USB drives are used. The changes, detailed on Redmond’s Security Research & Defense blog, have been built into Windows 7 will be back-ported to Windows Vista and Windows XP in the near future. Related News: Microsoft boosts Windows 7 security for USB drives (29 April 2009 | ZDNet by Elinor Mills and Ina Fried) Microsoft cuts UAC prompts in Windows 7 (27 April 2009 | Computer World by Gregg Keizer) Windows 7 hack opens OS to attackers (24 April 2009 | PC Advisor by Sumner Lemon)

Are security issues delaying adoption of cloud computing?

"Yes, security is one of the concerns about cloud computing that is delaying its adoption," says Eric Mandel, CEO of managed hosting services provider BlackMesh in Herndon, Va. "One of the biggest security concerns about cloud computing is that when you move your information into the cloud, you lose control of it. The cloud gives you access to the data, but you have no way of ensuring no one else has access to the data. How can you protect yourself from a security breach somewhere else in the cloud?" Related News: IT chiefs: Security is biggest threat to cloud computing (28 April 2009 | Computer Weekly by Warwick Ashford)

Security researchers fret over Adobe PDF flaw

Adobe has warned that its Reader and Acrobat PDF software is vulnerable to an unpatched vulnerability. A pair of flaws in the java-script functions of the PDF reading application are behind the problem, prompting Adobe to advise surfers to disable java-script as a workaround, pending the availability of a patch. Even after a patch becomes available, the problem may hang around for months. The vulnerability is a cross-platform flaw that effects Windows, Macs and Linux machines running Adobe's software. (Sophos, F-Secure)

MacBook Mini- does the Apple netbook already exist?

The Kilo-Day threat and mundane security

In the security business we spend a lot of time worrying about the "zero-day" threat that appears out of nowhere and immediately starts attacking a hereto unknown vulnerability. We imagine genius hackers probing software to discover new and unique ways of attacking our systems. We worry about the yet-undiscovered bugs that lie dormant in our operating systems. We worry so much that we overlook the vulnerabilities we already know about. The ones that have been hanging around on our systems, known but unaddressed, unpatched and wide open.

US military’s cyberwar rules ‘ill-informed’, says panel

The United States government has yet to form a coherent policy for engaging in warfare that involves attacks on a country's electrical power grids and other critical infrastructure, according to a non-profit group of scientists and policy advisors. They called on policy makers to actively forge rules for how and when the military goes about mounting offensive and defensive acts of cyber warfare. "Today's policy and legal framework for guiding and regulating the US use of cyberattack is ill-formed, undeveloped, and highly uncertain," the report, published by the National Academy of Sciences, states. Related News: New cybersecurity bill for electric grid readied (29 April 2009 | Computer World by Jaikumar Vijayan) SANS Tells Congress: Feds ’Checkbook Is Cyberdefense ‘Weapon’ (28 April 2009 | Dark Reading by Kelly Jackson Higgins) Cyberwar’s first causality: Your privacy (27 April 2009 | Computer World by Preston Gralla) Internet warfare: Are we focusing on the wrong things? (27 April 2009 | Computer World by Jaikumar Vijayan); The new ground zero in Internet warfare (27 April 2009 | Computer World by Julia King); The eternal battlefield in unending cyberwars (27 April 2009 | Computer World by Gary Anthes) Should the US Go Offensive in Cyberwarfare? (28 April 2009 | Slashdot by K Dawson)

International experts launch anti-cybercrime plan

An international group of security experts has launched an action plan against cyberthreats. The roadmap, launched on Wednesday at Infosecurity 2009 in London, was formulated by security specialists from organisations including the US Department of Homeland Security and the UK Ministry of Defence, and is designed to promote secure systems design. The Cyber Security Knowledge Transfer Network (KTN), a UK government-funded organisation that liaises between agencies around the world, co-ordinated the formulation of the roadmap. Related News: Security must be built in from the start (30 April 2009 | iTnews Australia by Phil Muncaster)

Sensitive Company Data Ends Up on Facebook

Mozilla re-patches Firefox after regression bug pops up

Infosec opens in new venue

Infosec, the annual IT security trade show, kicked off in a new venue on Tuesday with 310 firms competing for attention and security spending. The conference has moved from Olympia, its location for over a decade, to Earls Court. The new venue should at least allow easier access than Olympia, although problems on the Piccadilly line are causing trouble for some showgoers. This year, Infosec follows directly after the RSA Conference in San Francisco and Black Hat Europe for the first time. Related News: InfoSecurity 2009 : Welcome to the online fraud business (28 April 2009 | Computer Weekly by Cliff Saran)

15 easy fixes for Mac security risks

One of the commonly touted advantages to using a Mac is that it's more secure and less prone to malware than a PC running Windows. It's easy to see where this attitude comes from: The prevalence of viruses and network attacks against Windows machines is greater by several orders of magnitude. In fact, a recent Trojan horse virus hidden in a pirated copy of iWork '09 that circulated on peer-to-peer file-sharing sites was big news because it was the first Macintosh virus to be widely circulated on the Internet,

BitLocker, TPM won’t defend all PCs against VBootkit 2.0

Trusted Platform Modules and BitLocker Drive Encryption can protect Windows 7 computers against a bootkit attack unveiled last week but these technologies won't be available on a large portion of computers, leaving millions of users unprotected when Microsoft releases its next version of Windows. VBootkit 2.0 is proof-of-concept code that was unveiled by security researchers Vipin Kumar and Nitin Kumar, of NVLabs, at the Hack In The Box (HITB) security conference held in Dubai last week.

‘Hackers Wanted’ Ad Fed Security Misconception

I should never be surprised at things related to government security efforts, but I did think the concept of hiring hackers was pretty much dead in government circles. Then comes the recent headline, " U.S. Looks to Hackers to Protect Cyber Networks." Frankly, I think it set the security profession back at least three years. The story, widely quoted throughout the U.S. and the world, makes people think that hackers are superior to the best security professionals.

How Anonymous Hackers Triumphed Over Time

Anonymous, a motley crew of online troublemakers known for hacking Sarah Palin and inducing seizures in epileptics, pulled off an historic coup this week when it successfully rigged Time magazine’s online poll for the “Top 100 most influential people. The loose confederation of trolls managed to outwit the techies at Time to arrange the voting results so that the first letters in the top 21 entries spell out the inside joke: Marblecake Also The Game.

The UK needs to take the ‘e’ out of e-crime’

There is a real lack of understanding from politicians, police and the public about cyber crime, which is in danger of being treated less seriously than ‘traditional’ crime. That's the conclusion made today at the Infosecurity 2009 show by a select panel of figures from the political, policing and security worlds who gathered together to discuss the British response to e-crime. Shadow Crime Reduction Minister James Brokenshire said that there were very few politicians focused on the threat of e-crime. Related News: US and UK experts launch anti-cybercrime plan (30 April 2009 | ZDNet Asia by Tom Espiner)

How an FBI agent transformed Microsoft security

Edward Gibson, Microsoft’s chief security advisor in the UK, is more qualified than most to talk about the computer threats that we face today. Having held special positions as a FBI Special Agent for 20 years, he was also at one time assigned to the US embassy in London, in charge of the FBI’s hi-tech cyber terrorism work in the UK. Between 2000 and 2005, he was responsible for establishing strategic intelligence alliances between the FBI, UK police agencies, security services and private sector companies.

Europe funds secure operating system research

A Dutch university has landed a European Research Council grant to continue work on a Unix-type operating system that aims to be more reliable and secure than Linux or Microsoft Windows. The EUR2.5 million (US$3.3 million) grant will fund three researchers and two programmers, said Andrew S. Tanenbaum, a computer science professor at Vrije Universiteit in the Netherlands. Tanenbaum developed Minix, an operating system based somewhat on Unix that has a small code base and implements strong security controls.

IE: Its Security is Worth the Download

Estonia announces EU cyber-wargame plan

The European Union will soon stage a simulated cyber-attack to test its online defences, Estonian Economy Minister Juhan Parts told an EU ministerial conference in the Estonian capital, Tallinn, on Tuesday. Speaking on the second day of a two-day gathering dedicated to Critical Information Infrastructure Protection (CIIP), Parts said the meeting would mark "a beginning of much needed common action at EU level in the area of CIIP policy. "Member states' representatives supported the idea of organizing a common cyber-security exercise in the near future," Parts said, adding that it would likely take place by 2010 at the latest.

Online share trader CommSec vulnerable to hackers

UK outlines Facebook monitoring plans

Is Twitter finally taking security too seriously?

Now that Oprah’s all a twitter, it looks like everyone’s favorite micro-blogging tool is finally taking a hard look at security. According to a job listing posted online, Twitter is searching for software engineers to focus specifically on application and infrastructure security. The search for security personnel follows several high-profile worm attacks that exploited security vulnerabilities on Twitter’s Web site and public complaints that the company did not think about securing its service until it was too late.

A short history of hacks, worms and cyberterror

1964 AT&T begins crackdown on "phreakers," who use tone generators to make free phone calls. By 1970, it has achieved 200 convictions. 1978 Engineers at Xerox Palo Alto Research Center design a computer worm, a short program that searches a network for underused processors. Though built to improve computer efficiency, it is the genesis of the destructive, modern worm. The FBI busts young hackers known as the 414s, who use an Apple II+ and a modem to break into 60 computer systems, including one at Los Alamos National Laboratory.

How scared should you be about security statistics?

Did you know the number of crimeware-spreading Web sites infecting PCs with password-stealing crimeware reached an all-time high of 31,173 in December, according to the APWG (formerly Anti-Phishing Working Group) coalition? Or that data breach costs rose to $6.6 million per breach last year, up from $6.3 million in 2007, according to the Ponemon Institute. Or that 3% to 5% of enterprise desktops and servers, mainly Windows, are apt to be infected with botnet code, according to security firm Damballa, based on an analysis of its customers' network traffic?

Seven burning security questions

There's no shortage of burning questions about IT security these days, some sparked by nasty threats, others by economic concerns and some by growing use of social networking and cloud computing. We spoke to about two dozen experts – IT customers, analysts and vendors – to nail down some answers. What follows is a summary of the questions we addressed. Click on the hyperlinked questions to read more on each topic. The insider threat has always existed, but in an era of economic upheaval and uncertainty, the problem is only magnified.

The legal risks of ethical hacking

Call for European Mr Security guard Internet

Europe needs a "Mister cyber security" to take control in the event of an attack on Internet infrastructure, according to the EU's telecommunications commissioner. Viviane Reding also accused European Union member states of being "negligent" for failing to take adequate precautions against the sort of attacks seen in Estonia, Lithuania and Georgia in recent years. She estimated there is a 10 percent to 20 percent chance of a similar such attack occurring in the EU over the next 10 years. Related New: Reding demands Cyber Cop for Europe (27 April 2009 | The Register by Chris Mellor)

New York State raises the bar for end user security training

Microsoft eliminates 23 vulnerabilities in Windows and Office

Microsoft has eliminated 23 vulnerabilities in its Windows and Office products. Users of those programs should install the corresponding security updates as soon as possible, the German Federal Agency for Security in Information Technology (BSI) in Bonn, central Germany, is advising. This can be handled by activating automatic updates in the Windows Security Centre or visiting Microsoft's update site at http://update.microsoft.com/microsoftupdate.

Turning hackers into helpers

I heard an interesting story from the guys at WildPackets, a provider of network and application performance monitoring, analysis, and troubleshooting that's faced with an unexpected dilemma. More than 100,000 unique visitors a month–a large percentage of them, ne'er-do-well hackers–are downloading WildPackets' free drivers for reasons other than their intended purpose, capturing wireless network traffic for monitoring and analyzing network and application performance.

FBI Spyware Could Look Like Your Average Trojan

For years the FBI has been using a Trojan horse program to spy on suspects' computers.In response to a Freedom of Information Act request, the FBI has released some details and history of a spyware program it has used over the years to gather details on suspects' computers, according to a recent article in Wired. Information on the CIPAV, or "Computer and Internet Protocol Address Verifier," first came out in 2007. The documents recently released by the FBI discuss the cases in which the software was used and how it was introduced.

Security: the ugly business

Security is an ugly business because when you have a problem there's rarely an elegant, straightforward solution. What you usually wind up with is a solution that's just "good enough." I recently learned of a great example that nicely illustrates this point. A friend sent me a link to an amazing report titled "ATM Card Skimming and PIN capturing Awareness Guide". This document was authored by a gentleman with the job title "protective security advisor" and was published by Commonwealth Bank, a large Australian financial services provider.

News of Mac Botnets Doesn’t Mean an Increased Threat (Yet)

Writing in the latest issue of Virus Bulletin (registration required), two Symantec researchers report what they believe is the first evidence of a major botnet consisting of compromised Macs. However other experts aren't so sure of the increased threat to Mac users.

Researchers Mario Ballano Barcena and Alfredo Pesoli found that Mac users who downloaded pirated copies of iWork 09 and Adobe Creative Suite 4 from P2P sites got more than the programs they intended. Added to the binaries were two malware variants–OSX.Iservice and OSX.Iservice.B. The malware executes a PHP script, running as root, that launches distributed denial of service (DDoS) attacks against sites. (Comments by ESET)

Cybersecurity Balancing Act

Most federal agencies get passing marks for meeting the Federal Information Security Management Act, the primary regulation dictating cybersecurity practices in the federal government. Even so, the ground rules for cybersecurity keep changing, and federal systems are anything but bulletproof. The Office of Management and Budget's FISMA implementation report for fiscal 2008 gave 92% of major agencies satisfactory or better grades for the quality of their certification and accreditation processes. It noted high percentages of inventoried systems and systems with tested contingency plans and security controls, and said 84% of major agencies had "effective" cybersecurity plans.

Google Lets Web Users Create Facebook-Like Pages with Google Profiles

Doubt cast over ContactPoint security assurances

Windows Bugs Never Truly Squashed

Hackers can successfully attack Windows PCs months — even years — after Microsoft Corp. fixes a flaw, a security expert said, because there's always a pool of unpatched systems. According to data that Qualys Inc. culled from scans of more than 80 million machines, between 5% and 20% of all systems are never patched for any vulnerabilities, including those disclosed by Microsoft in its monthly security updates.

Security maven sics ‘special ops’ on botnet gangs

For security’s sake! Send your kid to hacker camp

Google tackles severe Chrome security flaw

Google released a new version of its Chrome browser Thursday to fix a high-severity security problem. The problem affects Google's mainstream stable version of Chrome and is fixed in the new version 1.0.154.59. Google has built Chrome so it updates itself automatically with no user intervention, though the software must be restarted for the new version to run. The security problem, reported on 8 April by Roi Saltzman of the IBM Rational Application Security Research Group, allowed cross-site scripting attacks.

Opting Out Increases Spam?

Security experts rate the world’s most dangerous exploits

Up to 20% of PCs never install security patches

Hackers are exploiting software vulnerabilities months after they have been patched because not all PC users install the security updates, says Qualys. Hackers are exploiting software vulnerabilities months after they have been patched because not all PC users install the security updates, says Qualys. Qualys tracked four vulnerability bulletins issued by Microsoft in 2008 and in each case found that a sizable fraction of the PCs it scanned had not been patched, even though in some cases more than a year had passed since Microsoft issued fixes.

Beware Olympic cybercrime chaos, urges former UK politician

Firefox finds more pesky bugs

Everyone Gets Windows Security Updates

ElcomSoft posters provokes PGP apoplexy

Hacker behind P2P botnet gets no jail time 29 April 2009 | The Register by Dan Goodin

China arrests Web site attack who extorted money 29 April 2009 | IDG News Services by Owen Fletcher

eBay scammer gets four years in slammer 28 April 2009 | The Register by Dan Goodin

Ex-federal IT worker charged in alleged ID theft scam 27 April 2009 | IDG News Services by Robert McMillan

How criminals unleash Internet worms

22 April 2009 | USA Today

It's become the new front in cybercrime: scams and identity-theft programs that attack e-mail accounts and users of social-networking sites such as Facebook and MySpace. To carry out many of these automated attacks, cybercriminals first must overcome "captchas," the distorted letters and characters that users of an e-mail or social-networking account are required to type to complete certain online forms. For years, captchas have helped to stop or bog down automated programs aimed at creating, among other things, e-mail accounts that promote scams such as fake computer virus protection. Related News: Cybergangs infiltrate social network sites (23 April 2009 | UPI.com)

Cybergangs infiltrate social network sites (23 April 2009 | MarketWatch) Cybergangs infiltrate social network sites (23 April 2009 | Breitbart.com) Cybergangs infiltrate social network sites (23 April 2009 | WebIndia123.com) Cybergangs infiltrate social network sites – United Press International (23 April 2009 | Uptown Websites)

Google’s CAPTCHA experiment and the human factor

21 April 2009 | ZDNet by Dancho Danchev

Koobface is eating every social network’s internal CAPTCHA barrier for breakfast not because the Koobface gang is taking advantage of CAPTCHA recognition algorithm, but because it’s relying on CAPTCHA solving services. Sergei Shevchenko at ThreatExpert demonstrated the process in December, 2008, and pointed out that :

Zango goes titsup

21 April 2009 | The Register by John Leyden

Security researchers Ben Edelman, an assistant professor at the Harvard Business School, and Chris Boyd, of Facetime Security, continued to document evidence of malpractice. Zango consistently denied any wrongdoing. Security firms routinely labeled Zango's software as adware, or at least potentially unwanted. Zango's separate attempts to sue Kaspersky Lab and PC Tools over such listings both failed in 2007. Related News: Loathed spyware vendor Zango disappears (21 April 2009 | Computer World by Gregg Keizer)

Personal Tech: Gadget News and Reviews

17 April 2009 | Washington Post by Rob Pegoraro

Then today I received an email from a company (PC Tools) talking about Mac Malware. I did more research and found an article in the Guardian about how there are a couple of trojans out there specifically for Macs. So now I'm thinking its time to do more research and be prepared but I have no idea where to start. Am I worrying for nothing?

Conficker Now Bundled With Spyware Protect 2009

17 April 2009 | Shawn’s Technology Corner

I highly recommend that you make sure your computer is protected with some sort of Internet Security Package. Spyware Doctor is a great example as it offers both spyware removal & real time protection. The real time protection engine will not only protect you from getting spyware, but it also gives you the option to block ads that are known to distribute spyware. You can download Spyware Doctor by clicking here.

Mac Threat Alert

19 April 2009 | macwereld.nl

First and foremost make sure that you and your fellow Mac users, exercise caution, have Mac specific security software installed and that your existing version of iAntiVirus is up to date – there's a free version or you can purchase a version with full functionality and support for only $29.95. It's also vital that you enable and install the latest Mac security updates. Regards PC Tools Team

Vundo Evolves Into A Worm

23 April 2009 | PC Mag

I's not one of the sexy attention-grabbing trojans out there, but Vundo is a major problem in the real world of malware. Vundo is perhaps most infamous for being especially resistant to removal, but now Microsoft is reporting that recent variants are employing worm behavior. They have added a new detection for Worm:Win32/Vundo.A. The new behavior consists of copying itself to mapped drives on the infected machine, either to a random file name in the root of the share or with the same name it has originally to a random directory it creates on the share.

Security researchers uncover massive, fast-growing botnet

22 April 2009 | Computer Weekly by Warwick Ashford

Security researchers have uncovered a fast-growing worldwide botnet of 1.9 million government, corporate and private computers, it was revealed today. The botnet has been in use since February and is hosted in the Ukraine, according to a report by security firm Finjan. They have tied the botnet to a six-member cybergang that was selling control of batches of 1,000 compromised computers for as little as £30 to £70. Related News: Finjan finds botnet of 1.9 million infected computers (21 April 2009 | CNET News by Elinor Mills)

Twitter riddled with worms and scams (again)

20 April 2009 | The Register by John Leyden

Multiple new versions of the Mikeyy cross-site scripting worm spread across the Twitter micro-blogging network over the weekend. The first in the latest batch of worms berated Twitter for poor security. Mikeyy Mooney, the VXer who got a job in security days after creating the first Twitter XSS worm over the Easter holiday weekend, has confessed to creating this worm too.  (Comments by Sophos). Related News: Phishing Scam Plagues Twitter via E-Cards (20 April 2009 | PC Magazine by Chloe Albanesius)

New Twitter Worm targets celebrities

19 April 2009 | IDG News Services by Agam Shah

A worm referencing celebrities such as Ashton Kutcher and Oprah Winfrey is rapidly spreading across microblogging site Twitter, security firm Sophos said on Friday. The worm hacks into Twitter profiles and automatically sends unauthorized Twitter status updates to contacts from the hacked accounts. Users who look at infected profiles are then automatically infected, and unauthorized posts are automatically sent to their contacts.

Mac malware turns into botnet

17 April 2009 | iTnews Australia by Shaun Nichols

A rash of malware for MacOS X systems is now being used to run a botnet, according to researchers. First spotted in January, the Trojan had been bundled into copies of pirated MacOS software. At the time of discovery, researchers noted that the malware payload included tools which could allow an attacker to remotely take control of an infected system. Now, it appears as if those components are being put to use.
(Comments by Symantec, McAfee) Related News: iWork Trojan may be turning Macs into zombies (17 April 2009 | Macworld by Dan Moren) Mac attack: Bot herders going after Apple computers (17 April 2009 | SC Magazine US by Greg Masters); Mac hacked to Form Botnet (17 April 2009 | PC Mag by Larry Seltzer);  The First Mac Botnet…Or Is it? (17 April 2009 | Security Watch by Larry Seltzer)

Mac Exploit Enters System Through VMWare

19 April 2009 | Computer World by Gregg Keizer

A bug in VMware's Fusion virtualization software could be used to run malicious code on a Mac by exploiting Windows in a virtual machine, a security researcher said last week. VMware has released Fusion 2.0.4 to plug the hole. According to Kostya Kortchinsky, an exploit researcher at Immunity Inc., a critical vulnerability in VMware's virtual machine display function can be used to read and write memory on the "host" operating system — the OS running the physical hardware.

SSH server attacks resurface

20 April 2009 | CRN Australia by Shaun Nichols

Security researchers are warning administrators to secure their servers in the wake of new Secure Shell (SSH) attacks. Researchers at security firm SANS warned that so-called 'brute force' attacks were occurring on a "daily" basis. The attacks attempt to guess usernames and passwords in an attempt to compromise the server.

Hackers hijack DNS records of high profile New Zealand sites

21 April 2009 | ZDNet by Dancho Danchev

Remember the DNS hijackings of such high profile sites such as Comcast, Photobucket, and ICANN/IANA domains that were taking place last year? Similar incidents are still happening. Today, a web site defacement group known as “The Peace Crew” has successfully hijacked the DNS records for high profile New Zealand web sites, through what Zone-H claims to be a SQL injection at New Zealand’s based registrar Domainz.net, in order to redirect the visitors to a defaced page featuring the infamous Bill Gates pieing photo, as well as anti-war messages. Related News: Turns hijack Kiwi MSN via DNS cracks (22 April 2009 | The Register by Dan Goodin); Hackers put cream pie on Bill Gates in New Zealand (22 April 2009 | Earth Times)

Rogues besmirch F-Secure with dodgy ad campaign

17 April 2009 | The Register by John Leyden

Miscreants have attempted to trick users interested in finding out more about Finnish security firm F-secure into buying a rogue utility. Searching for "F-Secure" on Thursday lead to the rogue products, not through the usual method of black-hat Search Engine Optimization but through malicious Google ads. The dodgy ads pointed to update-xp.com, a utility that claimed to fix problems with F-Secure's software. In reality the utility reports a plethora of non-existent problems in a bid to scare marks into handing over $34.95 for a full version of the ErrorRepair tool. Related News: Rogue product ads on F-Secure, McAfee, Trend Micro searches (17 April 2009 | SC Magazine US by Angela Moscaritolo)

Vendors get cold feet about revealing software flaw

17 April 2009 | IDG News Services by Jeremy Kirk

Researchers have pulled out of a presentation which was expected to reveal details of a major security vulnerability, citing concerns that hackers could exploit the flaw. The last minute cancellation of a press conference at the Black Hat security event was because the flaw was so sensitive that even revealing the vendor affected could potentially cause hackers to start poking around with applications or operating systems to try to figure it out, said Jeff Moss, Black Hat's CEO.

Criminals offer huge sum for flawed mobile

 20 April 2009 | IDG News Services by Jeremy Kirk

Criminals are willing to pay thousands of euros for a discontinued Nokia mobile phone with a software problem that can be exploited to hack into online bank accounts, according to a fraud investigator in the Netherlands. About 10 days ago, investigators observed someone transfer €25,000 (£22,200 or $32,413 US) for a Nokia 1100 phone, said Frank Engelsman of Ultrascan Advanced Global Investigations.

Researcher releases tool to hide malware

17 April 2009 | IDG News Services by Jeremy Kirk

A computer security researcher has released a tool that can simplify the placement of difficult-to-detect malicious software in Microsoft's .Net framework on Windows computers. The tool, called .Net-Sploit 1.0, allows for modification of .Net, a piece of software installed on most Windows machines that allows the computers to execute certain types of applications.

Concern as Microsoft fails to patch PowerPoint flaw

22 April 2009 | iTnews Australia by Iain Thompson

Security experts are expressing concern at Microsoft's failure to patch a flaw in PowerPoint that is already being exploited by malware writers. The flaw is being used in attacks at the moment and many were expecting a patch at the last Patch Tuesday but to date there has been no sign of the fix. (Comments by Sophos)

Cyberspies hack into U.S fighter project

21 April 2009 | Reuters by Peter Cooney

Computer spies have repeatedly breached the Pentagon's costliest weapons program, the $300 billion Joint Strike Fighter project, The Wall Street Journal reported on Tuesday. The newspaper quoted current and former government officials familiar with the matter as saying the intruders were able to copy and siphon data related to design and electronics systems, making it potentially easier to defend against the plane. Related News: Secret US fighter project hit by mystery hack (21 April 2009 | IDG News Services by Sumner Lemon)

Hackers stuff ballot box for Time Magazine’s top 100 poll

17 April 2009 | The Register by Dan Goodin

Time Magazine's poll of the 100 most influential people has been hacked by a motley band of online troublemakers who have managed to manipulate the top 21 names so their first letters spell "marblecake, also the game." According to an inside account detailed by blogger Paul Lamere, members of the 4chan website exploited weaknesses in the web application that Time used to record reader votes.

Phishing Scams Surround PayPal Account Holders – 21 April 2009 | SPAMfighter

National Australia Bank Issues Warning Against Phishing 18 April 2009 | SPAMfighter

Phishing E-mails Target MSU Students’ Webmail Account 17 April 2009 | SPAMfighter

Wal-Mart scam sweeps the web 21 April 2009 | 14wfie

Apple netbooks manufactured by Foxconn rumoured

21 April 2009 | PC Authority by Sylvie Barak

We've picked up on some Chinese whispering which would have us believe Apple could be about to release its very own netbook, with Foxconn Electronics chosen as the fruity toymaker's main manufacturing partner. Digitimes and a plethora of Russian hardware sites are quoting Chinese-language site Commercial Times, which in turn is quoting sources from the component supply chain.

Chinese Hackers Targetting NYPD Computers

23 April 2009 | Slashdot

"A network of hackers, most based in China, have been making up to 70,000 attempts a day to break into the NYPD's computer system, the city's Commissioner, Raymond Kelly, revealed Wednesday. Kelly suggested that 'perhaps it is because of the NYPD's reach into the international arena' that they are being targeted for computer hacking 'in much the way the Pentagon has been. Related News: Lockheed fends off Chinese hack attack (23 April 2009 | Australian IT by Mark Dodd)

Conficker’s estimated economic cost? $9.1 billion