Malware
Malware
Malware (a portmanteau of "malicious software") is software designed to infiltrate or damage a computer system, without the owner's consent. The term describes the intent of the creator, rather than any particular features. Malware is commonly taken to include computer viruses, Trojan horses, spyware and adware.
Malware should not be confused with defective software, that is, software which has a legitimate purpose but contains errors or bugs.
Many early infectious programs, including the Internet Worm and a number of MS-DOS viruses, were written as experiments or pranks -- generally intended to be harmless or merely annoying, rather than to cause serious damage. Young programmers, learning about the possibility of viruses and the techniques used to write them, might write one just to prove that they can do it, or to see how far it could spread.
A slightly more hostile intent can be found in programs designed to vandalize or cause data loss. Many DOS viruses were designed to destroy files on a hard disk, or to corrupt the filesystem by writing junk data. Network-borne worms such as the Code Red worm or Ramen worm fall into the same category. Designed to vandalize Web pages, these worms may seem like an online equivalent of graffiti tagging, with the author's name or affinity group appearing everywhere the worm goes.
Revenge is sometimes a motive to write malicious software. A programmer or system administrator about to be fired from a job may leave behind backdoors or software "time bombs" that will allow them to damage the former employer's systems or destroy their own earlier work.
However, since the rise of widespread broadband Internet access, a greater portion of malicious software has been focused strictly on a profit motive. For instance, since 2003, the majority of widespread viruses and worms have been designed to take control of users' computers for black-market exploitation. Infected "zombie computers" are used to send email spam, to host contraband data such as child pornography, or to engage in distributed denial-of-service attacks as a form of extortion.
Another strictly for-profit category of malware has emerged in spyware -- programs designed to monitor users' Web browsing, display unsolicited advertisements, and redirect affiliate marketing revenues to the spyware creator. Spyware programs don't spread like viruses; usually they are installed by exploiting browser security holes, or are installed like a Trojan horse when the user installs other software.
Definitions provided by Wikipedia - The Free Encyclopedia
Malware Related Products
The GB-250 and GB-250e Firewall UTM Appliances are GTA's entry level systems that provide big security for smaller business offices. Designed and priced to meet the needs of smaller organisations, the GB-250 and GB-250e include the same security and UTM features of our larger enterprise firewall UTM appliances, but scaled to fit the needs of offices with fewer than 50 employees.
More information
Lumension Patch and Remediation (formerly PatchLink Update) provides rapid, accurate and secure patch management, allowing you to proactively manage threats in the most complex environments by automating the collection, analysis and delivery of patches throughout your enterprise.
More information
The GB-3000 Gigabit Firewall UTM Appliance is Global Technology Associates' flagship appliance. It offers the highest throughput and most comprehensive feature set in GTA's product line. The GB-3000 provides powerful network security and strong performance by delivering world-class protection and gateway threat management capabilities in a single dedicated appliance.
More information
The RA510 Series of rack-mountable proxy appliances provides small to mid-sized sites with the power to extend remote access to employees, partners, and customers while delivering on demand endpoint security and information protection features.
More information
WebBlazer is a critical component of an effective defense-in-depth strategy, the solution combines the industry's most comprehensive security and compliance URL filtering offerings, one of the most trusted, scalable, and high performing web proxy and cache technologies, and robust outbound web traffic security on high performance dedicated network security hardware.
More information
Lumension Scan™ is a complete stand-alone, network-based scanning solution that performs a comprehensive external scan of all devices connected to your network, both managed and unmanaged. Once assets are identified, the powerful, yet easy-to-use Lumension Scan detects weaknesses on these devices before they can be exploited.
More information
The Blue Coat AV510 Series is a purpose-built solution designed for simple integration with Blue Coat SG810 and SG510 series solutions for medium enterprise or distributed environments providing scalable performance with a choice of antivirus engines.
More information
The RA8100 Series of rack-mountable proxy appliances provides large-sized sites with the power to extend remote access to employees, partners, and customers while delivering on demand endpoint security and information protection features.
More information
The Blue Coat AV810 Series represents the next generation in highend appliance platforms for enterprise Web AV. The AV810 series is a purpose-built appliance designed for scalable, enterprise performance, enterprise manageability, and factory-built integration with the Blue Coat SG
More information
The award-winning M86 Secure Web Gateway (M86 SWG) is a proactive, appliance-based solution that provides real-time Web security, increases productivity, ensures compliance and controls bandwidth. Using patented real-time malware detection technology, URL filtering and anti-virus scanning ,the M86 SWG protects organisations from crimeware, malware and other threats associated with Web 2.0 applications.
More information
Protect your desktops, laptops, servers, storage appliances, and smartphones - on and off the network - with an innovative blend of world-class anti-malware and in-the-cloud protection from Trend Micro Smart Protection Network. New File Reputation frees endpoint resources by moving pattern files into the cloud. And Web Reputation blocks access to malicious websites. A flexible plug-in architecture, new Device Control, HIPS functionality, virtualization, and extended platform support all help lower management costs and increase flexibility.
More information
Protect your Linux file servers from becoming unwitting hosts for viruses, trojans, bots and a full range of other malware. Trend Micro Server Protect for Linux offers real-time protection, high performance and low processing overhead, and supports all common Linux distributions. Server Protect for Linux adds another powerful solution to your enterprise's security and compliance strategy.
More information
Lumension Application Control (formerly Sanctuary) allows you to centrally manage, monitor, and control applications with a whitelist approach so that only authorised applications can run. This ensures no malware, spyware, keyloggers, Trojans, worms, viruses, zero-day threats and unwanted or unlicensed software will execute on your network and disrupt your business.
More information
The Juniper Networks SA series SSL VPN appliances ensure theat remote and mobile employees, customers and partners have anytime, anywhere access to corporate resources and applications.
More information
The Juniper Networks Integrated Security Gateways (ISG) are purpose-built, security solutions that leverage a fourth generation security ASIC, the GigaScreen3, along with high-speed microprocessors to deliver unmatched firewall and VPN performance.
More information
Websense Hosted Email Security (formerly SurfControl MailControl) provides protection at the internet level, eliminating spam and malware before they reach your network. The hosted deployment model provides centralized security with built-in redundancy, failover, and business continuity, while easing administration and optimizing network operating and capacity planning costs. Guaranteed by industry-leading SLAs, Hosted Email Security reduces business costs, eliminates the complexity and uncertainty of managing email threats, and provides the highest possible degree of protection.
More information
Websense Hosted Web Security (formerly SurfControl WebDefense) provides centralised web malware protection and granular web filtering. The hosted deployment model provides centralised policy management for any type of environment, including those with remote locations, home offices, and mobile laptops. Hosted Web Security provides is a complete solution or can be layered with existing on-premise security to provide additional layers of web malware protection. Guaranteed by industry-leading SLAs, Hosted Web Security eliminates the complexity and uncertainty of managing web-based threats, while simplifying policy administration for all users within the organisation.
More information
The Check Point Software Blade Architecture supports a complete and increasing selection of Software Blades, each delivering a modular security gateway or security management function. Because Software Blades are modular and moveable, Software Blades enable users to efficiently and quickly tailor Security Gateway and Management functionality to specific and changing security needs. New blades are quickly licensed as needed without the addition of new hardware.
More information
Historically, in order to enjoy the security benefits of an advanced device control solution, System Center customers would have to deploy a secondary infrastructure (server, console, agents) and incur the delays, disruption, and costs associated with implementing a solution from scratch. Now System Center customers can easily enforce device/port control and data encryption policies without requiring new infrastructure and without additional administration overhead.
More information
Protect your Internet gateway, mail and file servers, desktops, laptops, and mobile devices with this fully integrated, centrally managed security solution. Multilayered security provides maximum protection from viruses, spyware, spam and blended threats, including web-based attacks.
More information
Choose a single, integrated solution to protect mail servers, file servers, desktops, and laptops against viruses, spyware, spam, phishing, inappropriate content, and blended threats. Enterprise Security for Endpoints and Mail Servers minimises complexity and lowers your costs with centralised management, broad platform support, and flexible configuration options.
More information
Protect your desktops, laptops, servers, and smartphones - on and off the network - with an innovative blend of world-class anti-malware and in-the-cloud protection from Trend Micro Smart Protection Network. New File Reputation frees endpoint resources by moving pattern files into the cloud and Web Reputation blocks access to malicious websites. A flexible plug-in architecture, new Device Control, HIPS functionality, virtualization, and extended platform support all help lower management costs and increase flexibility and deliver industry-best protection from today's threats.
More information
Keep your data confidential and your employees safe while interacting with rich Internet content. Trend Micro Enterprise Security for Gateways integrates virtualized web and messaging gateway security - proven to maximise protection while minimising complexity and lowering total cost up to 40 percent.
More information
Trend Micro Mobile Security protects smartphones and PDAs from data loss, infections, and attacks from a central enterprise console that can also manage desktop protection. Encryption and authentication defends data integrity on lost or stolen devices. The anti-malware features block viruses, worms, Trojans, and SMS text message spam. Built-in firewall and IDS protects against hackers, intrusions, and denial-of-service attacks - potential threats to the increasing number of Wi-Fi-enabled mobile devices.
More information
Small to mid-sized businesses don't need to pay high prices for powerful email security. WatchGuard XCS 170, 370 and 570 Appliances are affordable, complete email security solutions that defend against inbound threats including viruses, spam, blended threats, phishing, spyware and network attacks. Block 98% of unwanted traffic at the perimeter and boost your email security and performance without breaking the bank.
More information
Quaresso's Protect On Q enables web sites to address the risks compromised PCs and browsers bring to their applications. With Protect On Q a web site can go beyond HTTP/S by temporarily securing the browsers connected to it. Using unique agent technology, Protect On Q enables web sites to instantly provide a hardened, ephemeral browser that protects and controls browser operations and behavior to ensure that the web session and its content are protected.
More information
Malware Related Industry News
Almost half of Kazaa downloads 'threaten security' Free software and files downloaded from P2P network Kazaa will pose one of the most significant threats to corporate security in 2004, according to research from risk management specialist TruSecure. Last year was reportedly the worst ever in terms of virus attacks, disruptive worms and security threats, but 2004 is likely to be even worse. TruSecure expects problems to arise from the sheer volume of both corporate and home users unknowingly dow......
[more] 'Clean up this Internet effluent now' Messagelabs CTO Mark Sunner claims that ISPs allowing unfiltered traffic to flow to customers is like a water authority pumping out raw sewage We are losing the malware war. Conventional antivirus and anti-spam countermeasures seem ineffective against an increasingly sophisticated enemy. The argument is that server- and client-side solutions draw the battle lines far too deeply inside their own territory, robbing computing, bandwidth and other resources. Wha......
[more] MyDoom Virus Continues to Double The number of MyDoom virus infections continues to double and appears to show no signs of slowing down, according to the latest report from mi2g Intelligence unit (mi2g.net), a digital risk firm.
The MyDoom virus, which first appeared on Monday and has spawned a second variant, disguises itself as a returned email and contains an executable attachment that is meant to look like a text-file attachment.
Mi2g said today that the millions of backdoors which......
[more] Adware ploy dupes IMers with bin Laden 'news' Beware of instant messages bearing news of Osama bin Laden's capture Several victims told CNET News.com on Wednesday that a new Trojan horse advertising program, called BuddyLinks, masquerades as a news Web site with a story on the al-Qaida leader's capture in an attempt to fool users of America Online's instant-messaging program into downloading software and receiving advertising.
Although the software has some of the properties of an Internet w......
[more] MyDoom dies today Ding dong the wicked worm is dead MyDoom-A is programmed to stop spreading today, marking the end of arguably the worst email-borne viral epidemic to date.
MessageLabs, the email filtering firm, blocked the virus 43,979,281 times in the two weeks since its first appearance in late January. At the height of the epidemic, one in 12 emails the firm scanned were viral.
At the height of the Sobig-F pandemic last August one in 17 emails scanned by MessageLabs were viral. Mes......
[more] At the Front in the Virus Wars When F-Secure's antivirus researcher Katrin Tocheva first spotted the MyDoom virus late in the evening of Jan. 27, she immediately reached out and smacked the monkey that sits near her desk. The monkey is a stuffed toy that screams when hit. F-Secure's antivirus team uses it as an alert signal; when the monkey starts screeching, the team knows there's a new virus or worm on the loose.
The monkey screamed an awful lot in January and February 2004, and there were......
[more] February Sees Record Virus Damages With more than a week remaining, February 2004 was the worst month ever for malware proliferation, breaking the record set last month, according to mi2g Intelligence Unit (mi2g.net), a digital risk firm.
The organization expects economic damage caused by malware this month will be between $43.8 billion and $53.6 billion worldwide. The unprecedented damage is the result of the MyDoom virus and its variants in addition to the Mimail, Dumaru, Sobig, Swen, Kle......
[more] New Worms Mean March Madness for IT Pros The latest "Bagle" worm is something corporate network users definitely didn't order this morning, but it's the return of the Netsky worm that has many security experts worried.
First appearing Friday afternoon, the five Bagle worms -- Bagle.A, Bagle.B, Bagle.C, Bagle.D, Bagle.E and Bagle.F -- wriggle into e-mail in-boxes via a password-protected .zip file, which many anti-virus software applications can't access.
"This is just one more method of......
[more] Automated kits fuel virus epidemic Virus creation kits blamed as new variants Netsky.D and Bagel.G appear The flood of variants of the Bagel and Netsky viruses shows that more and more people are learning more about viruses and how to tweak them.
Netsky.D and Bagel.G have been discovered today, and the rate of new variants shows no sign of slowing.
Netsky.D spreads via email as an executable attachment only. It scans both the local PC and network drives for email addresses to send itself to......
[more] Alleged WebTV 911 hacker charged with cyberterrorism FBI agents arrested a Louisiana man last week under the cyberterrorism provisions of the USA PATRIOT Act for allegedly tricking a handful of MSN TV users into running a malicious e-mail attachment that reprogrammed their set-top boxes to dial 9-1-1 emergency response.
According to prosecutors, David Jeansonne, 43, was targeting 18 specific MSN TV users in an online squabble when he crafted the script in July 2002, and sent it out disguise......
[more] Virus top 10: A Sobering return Social engineering and home users give virus writers a hand MyDoom, the virus that took down SCO's website and had a pop at Microsoft and the RIAA into the bargain, has lost its place at the top of the chart for most reported virus in February.
February's malware figures from antivirus firm Sophos show that young upstart MyDoom.A has lost out to old hand Sober.C, with 35.3 per cent of all virus reports in February, compared to 25.3 for MyDoom.A.
The Sober......
[more] Virus writers exchange coded insults The authors of the MyDoom, Bagle and Netsky worms have been insulting each other by inserting lines of text into their malware - while keeping one step ahead of antivirus companies Security researchers have discovered that the authors of MyDoom and Bagle are exchanging insults with the author of Netsky using text that is hidden inside the virus's code.
Since Friday, more than 10 variants of the Netsky, Bagle and MyDoom worms have been discovered. Mutants s......
[more] NetSky, we hardly knew ye The latest variant of the NetSky worm, which is the 11th in less than a month, will be the last, according to a coded message from the worm's author. NetSky.K was discovered on Monday, and security researchers found an unexpected message from the author within its code; although the authors of NetSky, Bagle and MyDoom have been engaged in a flame war for the past couple of weeks, this latest variant differs because it not only contains the usual insults to other virus......
[more] Trojans rise in the virus war Net users are facing a Trojan wave as hackers seek ways into victims' bank accounts.
The war of the worms may have averted attention to the NetSky's, Bagles and MyDooms, but make no mistake, a recent surge of Trojans has its collective eyes on your bank account and personal information.
'There's no doubt that we are seeing an increase in interest amongst the malware writing community
in Trojan horses and hacking into remote computers. It is more and more commo......
[more] Phatbot primed to steal your credit card details Trojan horse-type computer virus called Phatbot can steal credit card numbers and launch denial of service attacks on Web sites. The new virus made its debut on the Internet on Friday (18 March), clogging bandwidth, stealing personal data and initiating denial of service attacks.
Phatbot is a variant of a Agobot, a big family of IRC bots. It can steal personal information such as email addresses, credit card numbers, PayPay details and softwar......
[more] £55,000: The growing cost of virus clean-up But nearly two-thirds of you have got malware in check With a new malware variant seeming to hit the wild every few days, business is feeling downbeat about the virus situation, new research has revealed. But one sector is no doubt loving the virus boom – disaster recovery.
Research from ICSA Labs, an independent division of security firm TruSecure, reveals that almost nine out of 10 companies believe the situation is getting worse and nearly a......
[more] Witty sets a new worm record Report says malware beat patchers to the draw The Witty worm first hit computers known to be vulnerable and emerged so quickly that most companies had no time to apply a patch, according to an analysis of the program.
The worm started spreading around the internet last week, less than 48 hours after the first public description of the flaw was released. That's the fastest development to date of a worm from a vulnerability, according to a report published Thurs......
[more] Virus top 10: It's a Netsky/Bagle whitewash Others bow down before the all-conquering malware As most users' distended inboxes will testify, March was the month of malware - with new variants of Netsky and Bagle appearing with greater regularity than the output of a small child that's overdosed on prunes.
According to statistics on most-reported malware from antivirus company Sophos, nine out of 10 of the worst pieces of malware in March were new arrivals and all of them were either Netsky o......
[more] Does publishing virus source codes help security? Are Web sites that publish the source code of viruses and other exploits helping or hindering security efforts? Publishing the source codes of viruses and other exploits increases security by helping companies to prepare for the worst, according to the editor of one such site. But this view is strongly disputed by antivirus companies and security experts.
French Web site K-otik is infamous for posting source codes that could be used to exploit......
[more] The Deadly Duo: Spam and Viruses, March 2004 The volume of unwanted messages inched up another percentage point during March 2004, pushing the spam ratio to 63 percent. Of the 93 billion messages Brightmail's Probe Network filtered during the month, 58.6 billion were identified as spam. Unsolicited product-related messages continue to garner the largest piece of the spam pie, while scam messages experienced the biggest decrease.
Despite the mounting volume, consumers are becoming increasing......
[more] First Macintosh OS Virus Appears Security experts on Friday slammed security firm Intego for exaggerating the threat of what the company identified as the first Trojan for Mac OS X.
On Thursday, Intego issued a press release saying it had found OS X's first Trojan Horse, a piece of malware called MP3Concept or MP3Virus.Gen that appears to be an MP3 file. If double-clicked and launched in the Finder, the Trojan accesses certain system files, the company claimed.
While Intego said the Tro......
[more] Latest Netsky infects via Microsoft Flaw Antivirus experts recommend that Microsoft Windows users immediately apply security patches to protect their systems from the latest worm threat. Unlike its many predecessors, Netsky-V spreads without using e-mail attachments to infect users. Details on which flaws the worm exploits haven't been released.
"Virus writers know that large corporations are now blocking many different types of files at the gateway," said Bruce Hughes, director of maliciou......
[more] Virus top 10: Netsky wins out Bagle beaten, Sober shamed April's virus chart is in and the result sees Netsky taking seven out of the month's top 10 places.
Last month's virus chart had a more even spread, with the 'honours' split between the verbose virus writers.
This month, however, according to antivirus company Sophos' chart of the most reported viruses, there's no competition for Netsky.
The ever-inventive Netsky writer clearly has no plans to hang up his malware writing hat y......
[more] Don't let e-mail be your Achilles' heel Throwing money at a problem doesn't guarantee that it will go away. Sometimes the answer is to throw around a little common sense.
At the recent Enterprise Messaging Decisions 2004 conference, Kevin Beaver, founder and principal at Kennesaw, Ga.-based Principle Logic LLC, offered some plain-spoken advice to IT professionals on how to protect against messaging-system vulnerabilities without busting their budgets.
Beaver discussed common mistakes th......
[more] MS' anti-virus bounty success When Microsoft first announced its "bounty" program late last year, many security experts condemned the initiative as a mere publicity stunt: a marketing tactic designed to distract gullible users from the "real issue" with Microsoft products. With a No Honor Among Thieves mindset, I predicted that the program would yield positive results and that some unlucky malware author would be ratted out by bounty-seeking friends/family/peers, and held responsible for his or......
[more] Symantec Warns Of Flaw In Antivirus Program The flaw within Norton AntiVirus 2004 could let attackers take over a system and disable the application. Symantec Corp. is warning its customers about a security vulnerability within its antivirus application. The Internet security vendor ranks the flaw as "medium," while security research group Secunia pegged the flaw as "moderately critical."
The flaw, which resides within Symantec's Norton AntiVirus 2004 application, could let attackers run code......
[more] Hackers 'recycling code' to spread worms Although less new malicious code appears to be being written, viruses and worms are continuing to cause problems around the world, says Trend Micro Despite worms such as Sasser, Bobax and Wallon wreaking havoc throughout May, security vendor Trend Micro says it detected fewer examples of new malicious coding last month than it did in April.
Trend Micro said it identified around 1,050 new computer worms, viruses, Trojans and other examples of malware i......
[more] Virus writers deploy bulk mail software Hackers have used spamming software to distribute thousands of copies of a new Trojan. Email filtering firm MessageLabs alone has intercepted more than 4,000 copies of the Demonize-T Trojan over the last 24 hours.
Demonize-T is a multi-stage Trojan that uses an object data exploit in Internet Explorer (patch here) to download and execute an encoded visual basic script from a website. The Trojan then creates an executable file which appears to download......
[more] Small firms stung by spam costs Spam is costing small and medium businesses nearly as much as handling virus outbreaks Junk email and fax spam are eating away at SMEs' budgets -- almost as much as cleaning up the damage caused by a virus outbreak does.
Research from the Royal Bank of Scotland Corporate, which questioned 1,000 small businesses, found one in 10 small and medium-sized businesses believe they spend £10,000 a year dealing with spam. One in 50 businesses reported they'd spent the......
[more] Spammers start to use spyware Spammers have started to use hacking software that hides itself on your computer collecting information about you and what you do on the internet.
According to email security firm MessageLabs, ‘spyware’ is being installed to automatically send personal information about the PC’s owner back to the spammer.
Spammers then incorporate the personal information into spam emails to send back to the victim, who might be less suspicious of the emails because they ap......
[more] Spammers use your cat's name to sell you Viagra Spammers are using spyware to steal personal information -- such as a pet's name -- so they can send spam emails with personalised subject lines Spammers have started using spyware to steal personal information so they can customise the subject lines of unsolicited emails to increase their chances of being read.
Research by email security firm MessageLabs has revealed that spammers are targeting companies and individuals with unsolicited messag......
[more] Beastie Boys CD installs virus A new Beastie Boys' CD called "To the Five Boroughs" (Capitol Records), is raising hackles around the Web for reputedly infecting computers with a virus.
According to a recent thread at BugTraq, an executable file is automatically and silently installed on the user's machine when the CD is loaded. The file is said to be a driver that prevents users from ripping the CD (and perhaps others), and attacks both Windows boxen and Macs.
The infected CD is being d......
[more] Spammers use spyware to improve hit rates Latest technique deploys malware to gather information from PCs Spammers are using spyware to launch more sophisticated and targeted attacks, according to email security specialist MessageLabs.
The company claims to have discovered the new technique from analysis of the 50 million emails it scans every day.
Paul Wood, MessageLab's chief information analyst, told vnunet.com: "We began seeing patterns in the emails that seemed specifically targeted......
[more] Claim of spyware on Beastie Boys CD denied Suspicions that a new Beastie Boys CD automatically installs sinister software on a user's computer have been denied by music company EMI, which released the CD.
The suggestion, which started on an online message board, has caused a storm of controversy among fans of the US rap band and computer enthusiasts. Some of the CDs do carry copy protection software, which aims to reduce piracy.
A posting on the bugtraq message board on SecurityFocus.co......
[more] Spyware support costs run into millions Technical support lines buckling as users seek help Spyware is to blame for half of all PC crashes and is putting a strain on support helplines, according to industry analysts.
It is estimated that 90 per cent of all PCs are harbouring 30 or more pieces of spyware.
Microsoft told a US Federal Trade Commission workshop last month that this type of malware causes more than half of Windows operating systems failures reported to the company, but that use......
[more] iPods are security risk, warns analyst Mobile storage devices could give thieves and hackers a back door into corporate networks Companies should consider banning portable storage devices such as Apple's iPod from corporate networks as they can be used to introduce malware or steal corporate data, according to an analyst.
Small portable storage products can bypass perimeter defences like firewalls and antivirus at the mailserver, and introduce malware such as Trojans or viruses onto company n......
[more] Bagle author releases 'dangerous' assembler code Two new Bagle worm variants and the worm's original assembler source code were spreading around the Internet on Sunday - a dangerous development, according to security experts The author of Bagle started distributing two new variants and the mass-mailing worm's source code on Sunday, which could trigger another summer of misery for Windows users
The Bagle worm first appeared in January as an email attachment and within months there were more th......
[more] European firms expect virus attacks to double Most large European companies are expecting the number of virus attacks to double over the next ten years, according to a survey conducted by Messagelabs Email security firm MessageLabs on Monday said that almost 70 percent of European companies expect the number of email viruses to double over the next 10 years while 40 percent expect payloads to become more destructive.
This negative attitude comes despite software developers -- like Microsoft -......
[more] Password-stealing Trojan cut off at source A malicious program that tried to steal banking passwords has been stopped, says Symantec An attempt to pinch user information from banking sites using a malicious pop-up program has been nipped in the bud, says Symantec.
Last week, security experts uncovered a Trojan horse -- dubbed PWSteal.Refest by the security software maker -- which installs itself through a pop-up advertisement when users logged onto the Web sites of any one of nearly 50 targete......
[more] Reheated Bagle comes with side of source code The author of mass-mailing worm Bagle began distributing its source code and two new variants on Sunday, which could trigger another summer of misery for Windows users. The Bagle worm first appeared in January as an e-mail attachment. Within months, there were more than 25 variants.
Infected PCs download a Trojan that effectively enlists that computer into the worm author's army of zombie PCs, which can be used to distribute spam and other malwa......
[more] European firms expect virus attacks to double Most large European companies are expecting the number of virus attacks to double over the next 10 years, according to a survey conducted by MessageLabs Email security firm MessageLabs on Monday said that almost 70 percent of European companies expect the number of email viruses to double over the next 10 years while 40 percent expect payloads to become more destructive.
This negative attitude comes despite software developers -- like Microsoft -- c......
[more] Zombie PCs: Silent, Growing Threat Spam, worms spread malware to build a spam-bot army of unwitting recruits. The seemingly endless spate of worm infestations over the last year has left something even more troubling in its wake: armies of zombie PCs that can be used to send spam, attack Web sites, and generally wreak havoc over the Internet.
Worms such as Sobig, MyDoom, and Bagle have been identified as containing malicious code (malware) that allows remote attackers to take over infected mac......
[more] Schwarzenegger virus terminated Virus writers have moved on from using Osama bin Laden's "suicide" as a lure to trying the same trick with Arnold Schwarzenegger.
Last Friday VXers seeded multiple Usenet groups with messages saying Osama bin had killed himself, pointing users towards "photographs" illustrating the momentous news. In reality these images offered only the Hackarmy Trojan. The Trojan has been around for some months and the Usenet trick gives the aging malware a second lease of lif......
[more] One virus writer 'responsible for 70 percent of infections' Netsky and Sasser author Sven Jaschan, who was arrested in Germany earlier this year, is responsible for 70 percent of all virus infections so far this year, according to Sophos Sven Jaschan, self-confessed author of the Netsky and Sasser viruses, is responsible for 70 percent of virus infections in 2004, according to a six-month malware round-up published by antivirus firm Sophos on Wednesday.Jaschan was taken into custody in May by th......
[more] What's in a worm's name? It's not easy naming worms. Antivirus researchers originally identified a recent security attack as a variant of MyDoom - but now think it's actually related to a different piece of malware When security experts first detected a mass-mailing worm that uses Yahoo's People Search engine to harvest email addresses, they assumed it was a new variant of MyDoom, which a week earlier had attacked a number of search engines for the same purpose.
However, after a detailed inspec......
[more] Porn spam increases by 350 percent Pornographic e-mails have shot up by almost 350 percent in July over June, according to security solutions provider Clearswift's latest spam index. The company's June index revealed pornographic e-mails comprised only 4.8 percent of all spam for the month. However, pornographic e-mails made up 17.2 percent of all spam in July.
"Spammers are working overtime. In what appears to be an attempt to match supply with demand, healthcare spam (most of which was Viag......
[more] PC survival time down to 20 minutes Virgin PCs connected to the Internet won't even last long enough to download critical patches, says the SANS Institute The time that an unpatched PC can survive connected to the Internet has dropped to an average of 20 minutes, down from 40 minutes in 2003.
According to the latest data from the Internet Storm Center at the US-based SANS Institute, which provides research and education on security issues, the historical trend is continuing its downward journe......
[more] Can IT keep up with malware authors? Web users and technology professionals alike are both battling a flood of malicious software - and it increasingly looks like the 'bad guys' are winning Are malware authors now too far ahead of information security professionals for the latter to ever recover?
Indications are information security professionals -- and ordinary users of information and communication technology -- are increasingly on the back foot.
A new report from a United States-based rese......
[more] New Download.Ject Attack Hits IM Networks The Download.Ject malware attack has resurfaced, using the popular AIM and ICQ instant messaging networks to spread itself.
According to an alert from PivX Labs, the worm targets several known flaws in Microsoft's Internet Explorer (IE) browser to redirect compromised machines to Web sites displaying adult advertisement and referral links.
PivX Labs described the latest attack as a variant of the Download.Ject attack, which hijacked a large number of......
[more] Virus alert: Rbot sets your webcam to spy on you Password-stealing, DDoS-launching virus sends footage of your home to virus writer A new worm has been discovered in the wild that's not just settling for invading users' PCs - it wants to invade their homes too.
The Rbot-GR virus follows a fairly traditional malware route of exploiting Microsoft security vulnerabilities and installing a Trojan horse on infected machines. However, the worm also spies on users by taking control of their webcam and......
[more] USB--short for 'ultimate security breakdown'? For the average corporate or home PC user, the initialism "USB" refers to a computer port that makes it very easy to connect devices directly to a machine. With this connection, a person can transfer or copy information to and from a computer with little trouble. But for security administrators and corporate executives, USB--short for Universal Serial Bus--is taking on an entirely new meaning: ultimate security breakdown.
Most organizations don’t......
[more] JPEG exploit could beat antivirus, says expert Security experts say that a JPEG exploit could pass through antivirus software Anti-virus software looks as if it will struggle to protect corporate networks from the latest Windows vulnerability - innocent looking JPEG files that contain security attacks.
According to director of antivirus research for F-Secure Mikko Hypponen, antivirus software will strain to find JPEG malware because by default it only searches for .exe files.
"Normal antivirus......
[more] Janet Jackson's breast more popular than antivirus protection And malware less likely than lightning strikes, say US PC users Updating virus protection is less memorable than nudity and malware infections are less likely than lightning strikes, according to some US PC users.
A survey by the National Cyber Security Alliance (NCSA) found far more people remembered the name of the pop singer who accidentally flashed her breast during this year's Super Bowl half time break than when they last upda......
[more] Webroot: Spyware is Windows-only Spyware, those annoying programs that snoop on a user's actions, remain a Windows-only phenomenon. Prominent anti-spyware developer Webroot says it has yet to detect a single Apple or Linux spyware app. In comparison, Webroot's Spy Sweeper software protects against 15,000 Windows threats.
Although Apple and Linux server worms (such as Lion) have been detected, their population is dwarfed by the proliferation of Windows-specific worms, viruses and Trojans. The m......
[more] Virus alert: Bacros goes back to the future Remember all those hoaxes about viruses that wipe your hard drive? This one actually does... Like pixie boots and Bros, some things are better off left in the 1980s - viruses that spread via floppy discs and tried to wipe hard drives, for example. It seems no one told the virus writers that, though.
Finnish antivirus firm F-Secure has spotted a new virus, Bacros, doing the rounds. Unlike the average virus which spreads over email, IM or networks, Bacr......
[more] Virus writers undeterred by Microsoft bounty There's too much money to be made from malware say AV firms... Antivirus companies say malware writers are undeterred by Microsoft’s $250,000 bounty after discovering another variant of the mass-mailing worm MyDoom over the weekend.
Since the start of 2004, the people responsible for creating MyDoom and Netsky have released on average more than one new variant every week. The latest version includes a message warning antivirus researchers to expect m......
[more] Antivirus holes zipped up The antivirus firm Sophos claims to have closed a loophole in its software that was made public yesterday, and Symantec has hit back at Secunia's claims about Norton's flaws Sophos updated its antivirus engine on Wednesday to plug a security hole that allowed virus writers to manipulate compressed files and avoid detection by the antivirus software's scans.
The vulnerability was discovered by US-based security firm iDEFENSE and also affected products from McAfee, Compu......
[more] Apple Has a Virus? Congratulations! Hackers wouldn't bother writing malicious code to infect the Macintosh unless those computers actually mattered.Weird things are happening these days. The Red Sox win the World Series (in four games, yet!)—and a virus hits the Macintosh. It’s hard to say which is the stranger event. Weird things are happening these days. The Red Sox win the World Series (in four games, yet!)—and a virus hits the Macintosh. It’s hard to say which is the stranger event.
The Ap......
[more] Virus top 10: Can nothing stop Netsky? Pairs up with Zafi for double-headed virus dominance Zafi.B and Netsky.P have managed to notch up another month on top of the chart for the worst malware mischief-making.
According to infections reported to antivirus firm Sophos during October, Netksy.P - first sighted in March of this year - has taken the top spot with over 35 per cent of infections and Zafi-B - first spotted in June - follows up in second place with 28 per cent.
Both viruses have staye......
[more] Study: OS X World's Safest OS From Security Attacks The study showed that Linux is now the most breached online computing environment in terms of manual hacker attacks, at 65.64 percent, with 154,846 successfully compromised computers. The number of successful manual hacker attacks against Microsoft Windows based online computers has remained steady at 25.19 percent of all breaches recorded. A 12-month study by the security firm mi2g concludes that Mac OS X and Open Source BSD are the "world's s......
[more] Virus report points to profit-hungry hackers Malicious software cases rose 22 percent in October, with Trojan horses accounting for nearly half, according to a newly released report by security company Trend Micro's TrendLabs. Those results further validate a growing concern in the security industry that hackers are more interested in turning a profit than gaining fame. Trojan horses can be used to dupe computer users into running a bot program, which in turn can help launch denial of service a......
[more] The Internet worm comes of age The first Internet worm appeared on this day 16 years ago and online security has never been the same, say security professionals At around midnight on November 2, 1988 the Morris worm, which was written by a 23-year-old Cornell Universtiy student called Robert Tappan Morris, was released on the then-embryonic Internet.
Within hours the worm's 99 lines of code overloaded thousands of Unix-based VAX and Sun systems and forced administrators to disconnect their comp......
[more] Tasin worms ate my Windows files Newly intercepted mutants spreading rapidly Security experts have issued a warning over the newly intercepted A, B and C variants of the Tasin worm, which have begun to spread rapidly by email.
The malicious worms use social engineering tricks to distract users while they are sent out from infected computers before deleting a large number of system files.
Tasin.A was first detected a few days ago. It has not been the centre of any explosive propagation, but has......
[more] Virus names could be standardized For years one of the many complaints leveled at the antivirus industry is there is rarely a consensus on how to name viruses as they are found, but that looks set to change under a new industry initiative. US-CERT, the Computer Emergency Readiness Team within the US Department of Homeland Security, is coordinating a Common Malware Enumeration initiative among vendors, according to a letter sent to The SANS Institute.
The letter, signed by representatives of the......
[more] The strange death of the mass mailing virus Mass mailing viruses will go the way of macro viruses and become much rarer next year. Viruses such as Sober and MyDoom are simply not as effective as they used to be, Kevin Hogan, a Symantec Europe manager, notes. "People know it’s risky to double click on viruses. For virus writers there's no technical kudos. Also mass mailing viruses are noisy, bringing attention to themselves, and that goes against the trend of developing malware that hides its pr......
[more] Malware authors mixing a lethal cocktail Security vulnerabilities will very soon be exploited within hours of their discovery, experts fear Virus writers are combining their efforts with hackers and spammers to launch Swiss Army knife-like malware attacks on users, Kaspersky Labs warned this week.
According to Russian anti-virus company Kaspersky Labs, viruses are being used to infect PCs with Trojans, creating zombie networks that send out spam or participate in denial-of-service attacks.
"We......
[more] Desktop search tools a virus writers' best friend Companies should not deploy a desktop search tool without first considering the security implications because they could end up helping virus writers, say security experts. Desktop search tools, such as those recently announced by Google, Microsoft and Yahoo, are designed to make it easier for users to find information stored on their hard drives. However, security experts are warning that virus writers could use the new tools to make their malw......
[more] Are Security Vendors Tricking XP SP2? Windows Security Center may not know when your antivirus definitions are out of date. Microsoft says its Service Pack 2 update adds an additional layer of security to Windows XP-based PCs. However, recent PCW tests seem to show that at least two major security suites are crippling SP2's ability to offer users accurate security information.
SP2, which Microsoft rolled out in August, includes the new Windows Security Center. This feature alerts users when the......
[more] Google: We've fixed desktop search tool flaw Google says it has fixed a flaw that could have allowed hackers to search the contents of PCs running the company's desktop search tool. According to a statement issued Monday by the Web search company, it has rolled out a fix for the vulnerability. The flaw in the tool was discovered in late November by a Rice University computer scientist and two of his students. A Google representative said, "We were made aware of this vulnerability with the Google......
[more] Netsky Takes The Biggest Worm Of 2004 Award Although getting anti-virus vendors to agree is like getting Bill O'Reilly and Michael Moore to share a cab, it seems Netsky has the dubious honor of taking the top spot of most 2004 threat rankings.
According to Helsinki-based security firm F-Secure, Netsky.p, a variation that debuted in March 2004, was the most common piece of malicious code in the wild, accounting for nearly one in four (24.3 percent) viruses or worms. Four other Netsky variants m......
[more] Malware, spam prompts mass net turn off Both beginners and veterans are finding the Interweb experience so repellent that they're disconnecting in droves, blaming malware and spam. Despite an overall increase in numbers of humans connected to the internet, the mass turn-off is beginning to hit ecommerce in the United States.
"Instead of making life easier — the essential promise of technologies since the steam engine — the home PC of late has made some users feel stupid, endangered or just has......
[more] MS mulls charging for anti-spyware app Microsoft is leaving its options open on charging for full versions of anti-spyware and virus disinfection tools. Speaking in London yesterday, Detlef Eckert, chief security adviser for Microsoft EMEA, revealed there will be a second beta of Microsoft Windows AntiSpyware application. However, the company remains unsure how the product will evolve from then on. "It could evolve into a consumer or enterprise product. There could be a basic and plus version,"......
[more] Cost of malware soars to $166bn in 2004 Viruses, worms and Trojans taking their toll Malware, including viruses, worms and Trojans, cost global businesses between $169bn and $204bn last year, making it the worst year on record by a wide margin, newly published research has claimed.
According to digital risk management firm mi2g, malware in 2003 did not account for even half of the economic damage sustained in 2004.
The firm estimated that, with around 600 million Windows-based computers worldw......
[more] Spammers 'tricking ISPs' into sending junk mail A massive spam spike is predicted, and one expert says that 'it's the beginning of the email meltdown' Spam levels are about to skyrocket, according to experts who warned this week that spammers have developed a new way of delivering their wares.
According to SpamHaus -- an anti-spam organisation which compiles blacklists blocking eight billion messages a day -- a new piece of malware has been created that takes over a PC and then uses it to send......
[more] How will Bill Gates' antivirus cliffhanger play out? Will he or won't he? The suspense over whether Bill Gates will take the wraps off a Microsoft antivirus product at RSA's security conference this month is building to a crescendo.
All right, so it's mostly the media that are getting lathered up about this, but there are others with a keen interest in what Microsoft's co-founder has up his signature-sweater sleeve. Despite their practiced nonchalance about a giant entering their turf, AV ven......
[more] Virus disguised as Saddam Hussein death photographs, Sophos reports Anti-virus experts at Sophos have warned computer users that a worm is spreading posing as photographic evidence that Saddam Hussein has been killed following an attempted escape bid from custody.
The W32/Bobax-H worm is designed to create zombie networks of innocent third-party PCs for spammers to spread junk email from. The worm spreads both via email and using a Microsoft security vulnerability previously exploited by the i......
[more] Spammers' ISP attacks 'all hype and bluster' Industry hits back at zombie claims from SpamHaus Security vendors have accused anti-spam experts at Spamhaus of hyping a trick that allows spammers to take advantage of internet service providers' mail servers.
Earlier this week Steve Linford, director of Spamhaus, warned that email infrastructures were on the verge of collapse because a new worm is forcing zombie computers to relay spam via ISPs' mail servers. This, Linford said, is a huge problem......
[more] Trojan attacks Microsoft's anti-spyware Virus writers have created a malicious program that can disable Microsoft's new anti-spyware application, security experts warned on Wednesday. Antivirus experts, who are calling the Trojan "Bankash-A," say it is the first piece of malicious software to attack Windows AntiSpyware, which is still in beta.
"This appears to be the first attempt yet by any piece of malware to disable Microsoft AntiSpyware," Graham Cluley, a senior technology consultant at So......
[more] Virus writer says 'I love you' again Virus writers are using the old trick of flattery to lure people into opening dangerous email attachments Five years after the world fell victim to the ILOVEYOU email virus, a malware writer is trying the same trick on unsuspecting users.
Antivirus experts unearthed a mass-mailing worm on Tuesday, dubbed Assiral, that mimics the Love Bug virus which became famous for luring people into opening an email entitled "ILOVEYOU". The original Love Bug wrought havoc......
[more] Bagle virus fools corporate filters with a picture file The latest Bagle variant attempts to download malicious executable files that are disguised as photographs in order to fool corporate filtering applications. The latest Bagle variant, which was first spotted on Tuesday and dubbed BagleDl-L, attacks security applications and drops a Trojan horse on the infected system that attempts to connect with a number of Web sites. According to antivirus firm F-Secure, these Web sites currently contain......
[more] Policing the Virus Writers: Good News? More suspects are being caught, but that doesn't mean you can expect to see fewer viruses. A recent spate of high-profile arrests of malware writers is no cause for comfort, say computer crime experts.
While law enforcement authorities have recently arrested numerous virus writers and hackers, these arrests--and the stiff prison sentences that may follow--are likely to discourage only the most casual malware writers, say experts, and will probably have mi......
[more] SurfControl rides the spyware wave But warns time is running out for anybody favouring "buy" rather than "build" as an entry strategy... SurfControl last week signed a $6.8m deal for the intellectual property of threat management firm Apreo which hands the UK firm a market-ready spyware protection product. Today the company's EMEA president told silicon.com he believes SurfControl has stolen a march on its competitors.
The deal makes SurfControl the latest security vendor to add spyware protec......
[more] Alternative browser spyware infects IE Some useful citizen has created an installer that will nail IE with spyware, even if a surfer is using Firefox (or another alternative browser) or has blocked access to the malicious site in IE beforehand. The technique allows a raft of spyware to be served up to Windows users in spite of any security measures that might be in place.
Christopher Boyd, a security researchers at Vitalsecurity.org, said the malware installer was capable of working on a range......
[more] F-Secure gets to the root of the problem New tool to ward off latest computer threat The latest threat to computer users can be invisible to conventional anti-virus and anti-spyware solutions.
This was the stark warning from security company, F-Secure as it launched a free tool that will search out the menaces known as Rootkit attacks that the company said have the potential to become a major problem.
A Rootkit is 'stealth' software that can hide malicious programs, such as viruses, Trojans, s......
[more] The strange decline of computer worms Computer worms are becoming less commonplace as virus writers diversify their malware spreading tactics to create the maximum effect for the least possible effort. Email-borne worms, such as NetSky, Bagle and Sober, remain perennial favourites with malware authors but Slammer-style worms are becoming rarer, according to anti-virus firm F-Secure.
Mikko Hyppönen, director of anti-virus research at F-Secure, said that with the single exception of the Santy wo......
[more] Virus writers get stealthy Virus writers are turning to new tricks as the trend of big-hitting worms eases off in favour of malware that can slip in under the radar Security researchers have warned that sudden impact viruses, such as the Slammer worm, which cause immediate widespread damage to IT systems are being superseded by slow-burning worms where the focus is on avoiding detection.
According to F-Secure, virus writers are putting more time into making their viruses stealthy in an attempt......
[more] Next-gen viruses need next-gen responses Viruses are getting stealthier and smarter. Without an industry-wide response, the bad guys will win Evolution is a powerful idea. It predicts that as an environment changes, the organism that best adapts will be the most successful. This should be warning enough to malware security software writers to stay alert — and already, the next generation of hostile software is proving more intelligent than the last.
There have been no major Slammer-type global......
[more] Virus writing: It's a thieves' game The majority of today's malware is written to steal money, Symantec claimed on Monday More than half of all malware on the Internet is an attempt to steal money from unwitting victims, a study published on Monday has found.
According to Symantec's Internet Security Threat Report, 54 percent of the 50 most common worms and viruses sent between July and December last year were written to steal money and identities from people. This compares to 44 percent for th......
[more] Hackers target browsers to dodge firewalls Hackers are increasingly using attacks that exploit browsers rather than trying to batter through firewalls and other network protection devices, according to security firm Symantec.
Nearly half of the vulnerabilities reported by Symantec in its six-monthly Internet Security Threat Report covering July to December 2004 centre on web applications, and the numbers are rising quickly. Last year such threats accounted for barely a third of all vulnerabili......
[more] Brad Pitt virus targets Microsoft Virus writers' obsession with using celebrities as a hook to fool computer users into running malware continues Brad Pitt, Angelina Jolie and Britney Spears are subjects of a virus scam that is attempting to recruit computers for a denial-of-service attack on Microsoft.
Hackers have released a self-spreading worm, called Ahker-F, that promises pornographic movie clips of the celebrities. The emails contain text such as: "Watch Angelina Jolie and Brad Pitt coug......
[more] Hackers Write Spyware For Cash, Not Fame More than 70% of virus writers are now writing spyware under contract, one more piece of evidence that hacking has evolved from mischievous hobby to money-making criminal venture. More than 70 percent of virus writers are now writing spyware under contract, one more piece of evidence that hacking has evolved from mischievous hobby to money-making criminal venture, a security firm reported Monday.
Tel Aviv-based Aladdin Systems said its analysis showed t......
[more] PatchLink Showcases Patch & Vulnerability Management Best Practices at Infosecurity Europe 2005 PatchLink VP of Product Management Chris Andrew To Give Expert Advice During Business Practice & Strategy Sessions at Europe’s Leading IT Security Exhibition, 26 - 28 April 2005. PatchLink Corporation, the leading provider of security patch, vulnerability and compliancy management software, solutions, and services, will present on “Best Practices in Patch and Vulnerability Management” at Infosecurity......
[more] Two out of Three UK Company Networks Hit by Spyware A new survey of 500 UK IT departments by SurfControl plc has found 62% of networks are known to have been infected by spyware. More than one in eight of the IT directors, CIOs and managers that participated were unable to identify whether or not their network had been infected.
IT departments are using a range of tactics to protect networks against malware, including desktop anti-spyware software (59%), content filtering (47%) and prohibiting......
[more] MP3 zapping malware worms onto P2P network Vigilante virus writers have launched an offensive against file traders with the release of a worm that deletes MP3 files on infected PCs.
The Nopir-B worm, which appears to have originated in France, poses on P2P networks as a program to make copies of commercial DVDs. In reality the application offers no such function. Instead it attempts to delete MP3 music files on infected PCs. Nopir-B also attempts to disable various system utilities and wipe .C......
[more] Unpatched machines 'Net's biggest threat' Most Internet-connected computers don't have up-to-date software with the latest security holes patched, and this is fuelling a rise in cybercrime, according to McAfee Unpatched computers continue to represent the IT world's biggest security problem, keeping threats that target software vulnerabilities at the top of McAfee's latest industry analysis.
In its report covering security threats during the first quarter, McAfee's Anti-virus and Vulnerability......
[more] Car virus myth debunked Rumours that the Bluetooth systems of cars are at risk from infection from mobile phone viruses have been debunked.
Anti-virus firm F-Secure tested a Toyota Prius and failed, despite exhaustive attempts, to infect the car's systems with variants of the infamous Cabir worm, the most wide-spreading piece of mobile code malware to date.
F-Secure's experiment confirms Toyota's rebuttal of rumours that on-board computers of its Lexus cars were susceptible to infection by vi......
[more] Firefox loses its shine The Mozilla Foundation's Firefox web browser has made security a major part of its marketing, but a spate of vulnerabilities found over the last nine months had sullied that message.
In the latest incident, a 16-year-old security researcher - who asked only to be identified by his first name, Paul - found three vulnerabilities in the Firefox browser that together could be exploited to run arbitrary code. The incident is the latest black eye for the open-source software......
[more] Israeli Police Uncover Massive, Trojan Horse-Based Industrial Spy Ring Spyware aided theft of "tens of thousands" of major business documents from Israeli companies. Israeli police have uncovered a massive industrial spy ring that allegedly used Trojan horse software to snoop into some of the country's leading companies.
The case will have major implications for the business community in Israel--and possibly beyond--as all the companies accused of having used the software are themselves leading......
[more] Michael Jackson suicide spam leads to trojan horse, reports Sophos Experts at SophosLabs, Sophos's global network of virus and spam analysis centres, have warned of a spam campaign that claims that Michael Jackson has attempted suicide in an attempt to lure innocent computer users into being infected by a Trojan horse. The email claims that Michael Jackson has attempted to commit suicide. But clicking on the link will cause infection.
Sophos has identified hundreds of the spam messages being......
[more] New Symbian malware pretending to be F-Secure Anti-Virus F-Secure reported that they received a sample of new Symbian trojan Skulls.L that pretends to be a pirate copied version of F-Secure Mobile Anti-Virus. Skulls.L is a minor modification of Skulls.C trojan, about the only differences are that Skulls.L is named the same as F-Secure Mobile Anti-Virus installation package, and that the trojan shows dialog text "F-Secure Antivirus protect you against the virus. And don`t forget to update this!"......
[more] Britney Spears Ranked Top Virus Celebrity Edges Bill Gates as celebrity most associated with malicious software carried by e-mail. Pop singer Britney Spears has edged out Bill Gates as the celebrity most commonly associated with malicious software distributed via e-mail, according to data released today from security software company Panda Software.
Researchers combed through the seven years of virus-laden messages stored in Panda's malware database to determine which celebrities most often had......
[more] CyberGuard Raises the Bar for Web Filtering Security with Triple Anti-Virus Engines for its Webwasher Content Security Suite New Webwasher CSM 5.2 Version Includes One-Click Lockdown Feature to Keep Businesses Under Heavy Attack Running and Integrated Identity Theft Protection CyberGuard Corporation, a global provider of security solutions that protect the critical components of the largest and most complex information networks for Global 2000 enterprises and government organizations, today anno......
[more] Today's Hackers Code for Cash, Not Chaos As volunteer director of the SANS Institute's Internet Storm Center, Marcus Sachs has an eagle-eyed view of Internet security, tracking cyber-threats in real time and raising awareness when malicious hackers launch attacks.
Sachs also directs the Washington operations of the Cyber Security Research and Development Center, which is operated by SRI International's Computer Science Laboratory under a contract with the U.S. Department of Homeland Security.......
[more] Sophos picks up record malware haul Security software vendor Sophos says it has detected nearly 8,000 different pieces of malicious code so far this year - mainly coming from criminal gangs. The vendor reckons the dramatic rise in the number of viruses, worms and Trojan horses this year is down to more and more organised criminals turning to cybercrime.
It picked up almost 60 per cent more malware in the first six months of this year than the same time last year.
The biggest growth was in Tro......
[more] PCs Have 50-50 Shot At Infection In Just 12 Minutes The number of new viruses, worms, and Trojans are up nearly 60 percent in the first half of 2005, a security researcher says. The number of new viruses, worms, and Trojans are up nearly 60 percent in the first half of 2005, a U.K.-based security company said Wednesday, while the length of time an unprotected PC survives on the Internet has shrunk to a measly dozen minutes.
Sophos reported that it had pinpointed 7,944 new pieces of malicious so......
[more] Longhorn locked down to fight hackers Microsoft's forthcoming Longhorn operating system places great emphasis on locking down PCs to prevent unauthorised access to hardware and software, the software giant revealed today.
According to Detlef Echert, Microsoft's chief security advisor in Europe, there are several key elements designed to boost security in its next OS.
Hardware locking via a dedicated chip is combined with "hardening" of the OS to restrict how memory can be accessed.
Security......
[more] Longhorn following Unix on security? Microsoft's delayed Longhorn operating system appears to be taking a page from the Unix management book by curbing user's administration rights. Mike Nash, Microsoft's security business and technology unit corporate vice president, has said Longhorn would accord end-users certain rights and privileges apparently ending the concept that everyone using their PC is also the PC's administrator.
Speaking at Microsoft's Worldwide partner conference on Sunday, Nas......
[more] Could blogging spread computer worms? Could RSS feeds become a conduit for the transmission of computer worms? Security experts are at odds over the possibility. Those who play down the threat point to the fact that no virus has ever used the propagation technique while others say it's only when a network reaches critical mass (as in the case of instant message and file sharing networks) that malware threats show their ugly head.
Personal firewall firm Zone Labs describes RSS feeds (together w......
[more] Desktop port proliferation a security risk? Software maker Opera's decision to support BitTorrent has added to some security experts' worries that applications which require open connections through firewalls are becoming increasingly popular.
Last week, the Norwegian company revealed that its latest technical preview adds support for downloading BitTorrent files, or torrents. BitTorrent, a peer-to-peer protocol that speeds files sharing by allowing every client to serve up pieces of a large f......
[more] Microsoft plans to buy worlds largest spyware company It’s been a bad month for Microsoft’s efforts to promote their visions of trustworthiness and authentication in Internet commerce.
Just as the ground began to crumble beneath "Sender ID" email authentication proposal, it was discovered that the Redmond, Wa.-based software giant was considering acquiring Claria, one of the world’s most notorious adware and spyware companies.
Let’s look first at the email authentication wars. As I’ve discuss......
[more] Hasta la Vista, baby Virus writers have created proof of concept viruses targeting the scripting language behind prototype versions of Vista, the next version of Windows. An Austrian virus writer has published five simple viruses targeting Microsoft Command Shell (MSH), the command line interface and scripting language, in a virus writing magazine. None of these pieces of malware have been named as yet.
As MSH (codenamed 'Monad') is scheduled to ship as the default shell for Windows Vista (whi......
[more] Zotob worm highlights security failings The lesson of Zotob for UK businesses: keep the patching process up to date, consider upgrading some of your older software, look at intrusion-detection systems, and close port 445 It was the speed of the Zotob worm's attack that took businesses by surprise this week rather than any particular sophistication in the assault itself, experts said on Wednesday.
There were just a few days between Microsoft issuing a patch for a critical vulnerability in Windo......
[more] Most Spyware Born in The USA Spyware purveyors are developing and deploying new tactics to deliver infectious malware to corporate PC's faster than IT executives can enlist solutions to block them.
And most of the malicious code is coming from within United States, according to a study released today.
Spurred by the increasing potential for big profits, spyware developers are successfully pushing new tactics at rates that are overwhelming many businesses, according to the "State of Spyware"......
[more] Worm snaffles online gamers' passwords Players of one fantasy role-playing game Priston Tale1 have suffered a nasty attack of reality after virus writers created a worm programmed to steal their usernames, passwords and data.
The worm - dubbed PrsKey-A - waits for users to enter either Priston Tale or the Yahoo! email system before capturing keystrokes and sending data back to hackers. It is programmed to spread via network shares but other propagation mechanisms, such as tricking fans into do......
[more] F-Secure Adds Behavioral Analysis to Enterprise Antivirus Software "Antivirus vendors are helping customers to tackle unintentional employee errors by developing security lock-down and admission control features, such as Internet quarantine in F-Secure Anti-Virus Client Security 6.0," said Thomas Raschke, an analyst at research firm IDC. F-Secure has launched a new version of the company's antivirus software, called Anti-Virus Client Security, that integrates spyware and spam protection with po......
[more] Phishers and security firms in malware 'arms race' Conventional phishing attacks launched via spam messages are becoming eclipsed by sophisticated malware designed to steal identities, according to a study by Anti-Phishing Working Group (APWG). APWG's July 2005 phishing reports adds that fraudsters are developing approaches specially designed to neutralise counter-phishing technologies.
APWG researchers reported a "marked increase" in screenscraper technology by phishers, an approach designed......
[more] MSN blogs 'launch' spam, virus attacks Spammers have started using Microsoft's MSN blogging service to host malicious content used during spam and virus onslaughts, Internet security firm SurfControl said. MSN Spaces, which was launched at the end of last year, is a free content sharing and hosting service. Users are required to register for a Hotmail account, after which they can publish a blog and share files.
However, a relatively simple registration system means that spammers are exploiti......
[more] 'Islamic Trojan' disrupts smut surfing Virus writers have created a Trojan horse which tries to disrupt visits the pornographic websites by displaying messages from the Koran.
The low-risk Yusufali-A Trojan horse monitors the websites Windows users are visiting. If the malware sees one of a set of trigger words (such as "teen", "sex" or "penis") in the url it minimises the window so the user cannot see its content and displays a message from the Koran instead. The message, partly written in Ar......
[more] Katrina heralds wave of phishing fraud Spammers and phishers hoping to profit from hurricane Katrina have been waging a week-long email campaign. With depressing predictability, fake Red Cross and other charity donation sites have been set up to con users out of money and emails containing malware are being spammed under the guise of Katrina news.
"This is not the first time we have seen immoral opportunists take advantage of a natural disaster to fill their pockets with money meant for victim......
[more] MySpace banner ad infects millions of Windows users with spyware Millions of visitors to popular Myspace.com (as well as a number of other websites) may have been infected with spyware, according to security firm iDefense. iDefense claims that the spyware infects unpatched versions of Windows using a security flaw in the way the operating system and Microsoft Internet Explorer open Windows Metafile images. A banner for DeckOutYourDeck.com loads a Trojan horse program onto unpatched systems. The......
[more] Sophos: 'Don't rely on antivirus software' Because viruses are not the only serious threat... Security vendor Sophos has warned companies not to rely on antivirus software to protect their IT infrastructure and systems.
Speaking at the Information Systems Security Association conference in London on Thursday, Vanja Svajcer, senior virus researcher for Sophos, said companies should also look to alternative technologies and procedures to ensure their IT assets are secure.
Svajcer said: "I always......
[more] Worm Redirects Google Searches For Profit A new worm modifies the infected PC so attempts to search using Google are directed to a spoofed site that looks like the real thing, but with different sponsored links to drive traffic to sites the hacker's designated, a security firm said Friday.
Panda Software's analysis of the P2Load.a worm showed that after compromising a PC, it modifies the Windows HOSTS file so all attempts to reach google.com -- and even mistyped addresses, such as "googel.com"......
[more] Microsoft gets hacker feedback on IE Version 7 Beta 2 It sought advice at the Hack in the Box Security Conference Microsoft Corp. showed off the preliminary work it has done on the second beta version of its popular Internet Explorer Version 7 at the Hack in the Box Security Conference in Kuala Lumpur, Malaysia, and came away with good feedback, company officials said today.
"It's the first time we've ever come out ahead of a product release to present and get feedback," said Tony Chor, group p......
[more] NetSky-P tops moribund malware chart September marked a quiet month on the malware front with virus levels at a yearly low and the long-running NetSky-P worm stuck at the top of virus nuisance charts.
Virus-laden email volumes dropped for the third consecutive month from 2.01 per cent in August, to 1.75 per cent in September to reach their lowest levels this year, according to email security firm BlackSpider Technologies. BlackSpider blocked over 2.8m virus contaminated emails during September......
[more] Microsoft in about-turn on hackers Microsoft has stepped into the lion's den and revealed some the work that's been done on Internet Explorer 7 to a group of hackers.
The company showed the beta at the Hack in the Box Security Conference in Kuala Lumpur, Malaysia and was pleased with the result.
"It's the first time we've ever come out ahead of a product release to present and get feedback," said Tony Chor, group program manager at Microsoft's Internet Explorer team.
Chor, and colleague Andr......
[more] Zombie bots clog internal networks A significant chunk (12 per cent) of all scanning attacks found on a broadband service provider's network are launched from the machines of its own subscribers. That's according to a study by traffic management firm Sandvine which says its findings dispel the idea the broadband security involves only policing the borders between external and internal networks. Subscribers need to be protected from each other as well as external malicious hosts, it concludes.......
[more] Are online firms doing secret deals with DDoS attackers? A security expert from IBM has controversially suggested a number of large companies are still "more often than not" paying off cyber criminals threatening them with distributed denial-of-service attacks.
The accusation comes despite claims from many major online businesses who say they do not negotiate with criminals.
Speaking at Virus Bulletin 2005 in Dublin, malware specialist at IBM, Martin Overton, said the DDoS scams, which typica......
[more] Sophos joins drive to cure virus-naming confusion Sophos has announced that it has joined the editorial board for the Common Malware Enumeration (CME) initiative, an industry group whose aim is to provide unique, common identifiers to new malware threats. Sophos has announced that it has joined the editorial board for the Common Malware Enumeration (CME) initiative, an industry group whose aim is to provide unique, common identifiers to new malware threats.
The CME initiative aims to mitigate c......
[more] Sober worm comeback poses as schoolfriend pic Virus writers have created a duo of email worms which pose as pictures of old schoolfriends. The Sober-O and Sober-P worms were bulk mailed to thousands of potential victims overnight in an attempt to seed infection.
Like earlier versions of the Sober worm, the bilingual virus can travel in both English and German language emails. Windows users duped into opening infected attachments will find their machines turned into zombie drones under the cont......
[more] F-Secure brings increased levels of protection and anti-virus support to Windows Mobile users F-Secure has announced it is to extend support for its F-Secure Mobile Anti-Virus to Microsoft’s Windows Mobile operating system. The solution brings new levels of protection for Windows Mobile users. Symbian Series 80 users will also get a new product called F-Secure Mobile Security, which contains a mobile firewall alongside anti-virus functionality.
With this latest release now in place, F-Secure M......
[more] Microsoft plugs critical Windows holes Microsoft today released eight security patches, three of which are rated 'critical', the firm's highest severity rating which indicates that a system can be remotely hacked without requiring any user interaction.
In addition to the critical flaws, the Redmond company unveiled four fixes rated 'important' and two rated 'moderate'. Except for one patch isued for both Exchange and Windows, all fixes affect the Windows operating system.
The critical patches......
[more] Worm spoofs Google on infected PCs Virus writers have developed a worm that spoofs the behaviour of internet search engine Google, varying the results displayed to suit the requirements of hackers.
P2Load-A modifies the HOSTS file on infected PCs by replacing the original with a file downloaded from a remote website under the control of hackers. When users run a search, the results are normally shown correctly - but sponsored links are different. For some searches, other links appear which hav......
[more] Spyware Overtakes all Internet Threats in 2005 Millions of dollars are being spent unnecessarily each month as North American businesses and consumers wrestle with what has become the biggest threat to security on the Internet. According to a study published last month, spyware issues now outnumber virus threats by more than 2 to 1. The same report said the average expenditure by large North American enterprises tops $130,000 USD per month.
"One of the reasons these users are spending so much......
[more] Hackers, Scammers Hide Malicious JavaScript On Web Sites Crooks are using a new technique, called "JS/Wonka," to obfuscate their code, and it's spreading fast. Hackers and scammers have suddenly turned to a new technique to hide malicious JavaScript on compromised or criminal sites, a security researcher said Thursday.
According to Dan Hubbard, the senior director of security and research at Websense, a family of obfuscation routines with the umbrella name of "JS/Wonka" has spread wildly in the......
[more] October breaks malware production records October saw the biggest increase in virus numbers since anti-virus firm Sophos began tracking outbreaks in 1988. The security vendor now identifies and protects against a total of 112,142 viruses, an increase of 1,685 on September.
Rather than creating new viral strains, the bad guys are churning out multiple new variants of popular backdoor programs such as Agobot, SdBOt, various Trojan downloaders and the like. Anti-virus firm F-Secure notes that man......
[more] October 2005 worst ever month for new viruses Security experts have reported that this October saw biggest ever recorded increase in new viruses. According to Sophos, last month's total of 1,685 newly discovered viruses marked the greatest month-on-month jump since the firm first began regular malware monitoring in the late 1980s. Netsky-P worm continued to head up the top ten chart twenty months after it was first detected, accounting for 17.2 percent of all infections. However, Mytob-GH, which......
[more] P2P Attacks Up; IM Hits Down IM security solutions provider Akonix Systems said its research team tracked 22 new attacks on Peer-to-Peer networks in October, a 19 percent increase over September.
The attacks on networks such as eDonkey and Kazaa came at the same time the Akonix Security Center tracked a decrease in attacks on Instant Messaging networks during the same time frame.
Don Montgomery, vice president of marketing at Akonix Systems, said October marked the first month that P2P attac......
[more] Microsoft's AntiSpyware Rebranded 'Windows Defender' Microsoft Corp.'s Windows AntiSpyware technology has been renamed "Windows Defender" and has been expanded to detect and remove rootkits, keystroke loggers and other forms of malware.
The revamped application will be bundled into the Windows Vista operating system, but users will be free to choose a competing spyware protection product from a redesigned Windows Security Center.
Jason Garms, group program manager for Microsoft's anti-malware......
[more] Mobile Trojan distributes pirate anti-virus software A Trojan horse discovered on Tuesday includes a fully working -- but pirate -- copy of an anti-virus application called ExoVirusStop by exoSyphen Studios. Mobile phone malware is often disguised as a security application in order to dupe the user into installing it. However, the latest version of Doomboot, which attacks the Symbian platform, is the first to contain a fully working copy of an anti-virus application, according to Jarno Niemela,......
[more] IM attacks rocket 1,500 percent The volume of security threats targeting instant messaging (IM) systems rocketed in October 2005 by more than 1,500 percent versus October 2004. The month's threat volume was also 30 percent higher than the previous month, new research has warned. According to the report from IMlogic Threat Center, as the number of threats grew, the payload carried by IM worms evolved to become more malicious. More than 60 percent of the worms identified in October delivered malw......
[more] Malware effects inconsistent throughout British business The impact of spam and viruses varies radically across different key vertical sectors of U.K. business, new research has shown According to the latest figures released by email management firm Email Systems, some vertical sectors are suffering much more than others from malware attacks and a clear "sector hierarchy" emerging.
Along with the IT industry, which is one of those worst hit, the leisure and entertainment sector, including sport......
[more] Latest Sober threatens e-mail gateways The latest Sober worm, first spotted over the weekend, has generated the vast majority of virus-laden e-mail traffic in the past 24 hours and could cause problems for corporate e-mail gateways, security companies said. This variant of Sober generates e-mails that purport to be from the CIA or FBI. These messages tell the recipient they have been looking at illegal Web sites and should answer some questions in the e-mail's attachment. If the attachment is o......
[more] Thanksgiving will bring a Sober hangover The largest virus outbreak this year will gain new momentum when the US comes back from its Thanksgiving break, say experts. IT managers should brace themselves The latest outbreak of the Sober worm will accelerate as US computer users turns the PCs back on after the Thanksgiving holiday, security firm MessageLabs warned on Friday.
Business users will return from the break and open mail that has been sitting in their inbox since the first hours of the a......
[more] Security firms warn of new Microsoft threats Two security firms Friday issued new warnings about two separate threats affecting Microsoft products.
Sophos reported evidence of new malware planted on Web sites that exploits a previously announced -- and as-yet-unpatched -- Internet Explorer security vulnerability. The Clunky-B Trojan horse allows hackers to install and run malicious software on users' machines when they visit sites containing the malware, said Graham Cluley, a senior technology......
[more] Rootkits storm malware chart The most common rootkit is a spyware application known as Apropos, according to data collected by security experts at F-Secure.
Apropos is a spyware application that collects data on a user's the browsing habits and system information and sends that back to the application's creators. It is also capable of recording keystrokes, launching a denial of service attack and can download and install additional software on an infected computer.
Rootkits have become a main......
[more] Microsoft ‘fuming’ after Dasher-B exploits old Windows flaw Microsoft has been “left fuming” after security experts warned of new malware that successfully exploits a Windows flaw that the Redmond firm first identified over two months ago, a security expert claimed. The Dasher-B worm exploits a vulnerability in Microsoft Windows Distributed Transaction Coordinator (MSDTC), first announced by the computer giant in October. The worm opens a backdoor on vulnerable computers and causes them to conne......
[more] EBay users hit by mass phishing attacks Fraudsters anticipate Christmas bonanza with concerted theft of accounts Popular online auction site eBay was the target for 96 per cent of all UK phishing attacks in December, according to security specialists Fortinet.
Fraudsters seem to have anticipated the Christmas rush to use eBay to buy presents - and sell unwanted ones - and are targeting eBay users in a widespread assault.
Guillaume Lovet, Threat Response team leader at Fortinet, said: "One of......
[more] Nazi worm author prepares Net meltdown A security headache is brewing as the payload of various Sober worms is activated tonight.
According to security experts that broke the worm's encrypted code, 5 January 2006 is the date set for it to download code from various Web addresses on the Net. As such, at the stroke of midnight, the worm's author may or may not choose to turn on various websites and causes widespread problems across the Internet.
The date coincides with the 87th anniversary of......
[more] Sober attack averted - for the moment The Sober worm has yet to launch its payload, despite it being several days since the worm was programmed to download unknown programs from a number of websites.
"There’s nothing going on with Sober," at the moment, said Joe Telafici, director of operations at McAfee's Anti-Virus Emergency Response Team (AVERT)
All of the websites that the last version of the Sober worm was programmed to reach out to and download malicious code from have already been disa......
[more] Nyxem virus set to bite next week Nyxem will erase important files from hundreds of thousands of infected PCs on 3 February and may also cause a traffic spike as it propagates itself Businesses have been warned to brace themselves for a possible traffic spike next week caused by the Nyxem virus.
The Nyxem virus was first reported on 16 January. It is thought to have infected more than half a million PCs, and security vendor Ironport warned on Thursday that these machines are now hard-coded to p......
[more] ForeScout selected as finalist by SC Magazine's 2006 Reader Trust Awards ForeScout Technologies, the leading provider of clientless Network Access Control (NAC) and policy enforcement solutions, today announced that CounterAct™, its network access control appliance, has been selected by SC Magazine as a finalist in the category of Best Endpoint Security Solution for 2006.
The 2006 SC Awards are granted through an extensive judging process where expert judges select notable companies in each o......
[more] Beware the rise of the bots The number of malicious bots appearing on the internet increased more than 175 per cent between 2004 and 2005, with more than 10,000 cases of the malware documented by security firm PandaLabs.
In all, bots represented more than 20 per cent of new malware detected in 2005. Bots are so called for their ability to infect and take up residence on the PC of an unknowing user where they await further commands.
But more worrying is PandaLabs' belief that this most recent......
[more] Sex assault spam duping college students Security analysts at Sophos have warned of a new trojan sent to colleges in North America and the United Kingdom disguised as a plea to help authorities locate an alleged campus rapist. The Troj/Sinx-N trojan spams emails with a subject line of "CCTV still of Rapist," "Do you recognize this person?" or "Campus Student Raped," Sophos said Friday.
Users who click on the attached files, which claim to be photographs of the suspect, will launch malware onto......
[more] Malware took a smaller bite in 2005 A year after reaching an all-time high, worldwide malware losses fell nearly 20 percent in 2005, an IT research and advisory firm said. Computer Economics, in a January summary of its "2005 Malware Report: The Impact of Malicious Code Attacks," said that, for the first time since 2002, the financial impact of virus attacks dropped from the previous year. Losses totaled an estimated $14.2 billion in 2005, compared to $17.5 billion the prior year.
The firm said......
[more] Hackers writing zero-day malware to order 2005 was watershed year for zero-day exploits, warns security firm Russian security company Kaspersky Lab has discovered a worrying phenomenon in the wake of Microsoft's security gaffe over the .wmf exploit at the end of last year, claiming that hackers are tailoring and selling zero-day malware for specific markets.
Kaspersky claims that exploits for the .wmf vulnerability that emerged over Christmas were being developed specifically for the Russian ma......
[more] Nyxem claimed up to 946,835 victims Researchers examine worm's spread pattern Although the Nyxem.e worm was found to have caused very little actual damage, researchers estimate that the worm in total infected between 469,507 and 946,835 systems between 15 January and 1 February.
Nyxem.e was designed to overwrite several document types including Word and Excel files on an infected system on the third day of every month, beginning last Friday. The worm spreads through spam email messages promisin......
[more] SurfControl addresses more than One Billion requests a day in growing demand for internet protection SurfControl, the world leading provider of Internet content protection, today announced it is managing one billion daily filtering requests from customers using the company's industry-leading content protection databases.
"Internet content protection is mission-critical functionality in a Web-enabled world," said Patricia Sueltz, SurfControl CEO. "Content protection is mainstream. You simply ca......
[more] Be aware of the growing threat of botnets Botnets are a rapidly increasing risk to Internet security. These groups of compromised Windows computers are the tools of the trade for all manners of extortion and spam relay on the Internet, and they are growing in numbers. In this edition of Internet Security Focus, Jonathan Yarden examines this growing threat and discusses what it means for Internet security. 2005 was not an exceptional year for Windows security—or Internet security in general, for......
[more] Kaspersky warns of major Trojan hike How many compromised PCs are poised to strike? The number of compromised computers at large on the internet has increased considerably over the past year with Trojan activity more than doubling, according to Kaspersky Labs.
The Russian antivirus company revealed a 124 per cent increase in Trojans intercepted between the first and the last month of 2005. Backdoor Trojans were the most common, accounting for 29 per cent of Trojan infections.
These forms of ma......
[more] Organized cyber criminals target Valentine’s Day surfers In the run-up to Valentine’s Day, security experts have warned that a recent jump in the number of online dating sites across the world can be at least partly attributed to the increase in malevolent websites used by cyber criminal as an opportune moment for phishing, spam and hacker attacks on unsuspecting victims. "Organized criminal units have in the past timed their attacks to coincide with popular celebration occasions in order to ach......
[more] More Mac headaches surface On the heels of last week's discovery of the first two worms designed to infect Mac OS X platforms, a new vulnerability surfaced today. Rated "extremely critical" by Secunia, the vulnerability is caused by an error in the processing of file association meta data in ZIP archives. Mac users can be tricked into executing a malicious shell script renamed to be a safe file stored in a ZIP archive.The vulnerability - broken on a German website - also automatically......
[more] Blue Coat enables organisations to control Skype BlueCoat ProxySG Appliances Protects Skype Users Against Information Leakage, Malware and Unauthorised Bandwidth UseCoat® Systems has announced that its ProxySGTM appliances have the ability to control Skype to protect against information leakage and unauthorised ‘back channel' communications as well as potential future malware. Using ProxySG appliances, organisations can allow or deny access to Skype in total or based on network user n......
[more] Netsky still top of the virus charts February a quieter month overall as more users update definitions A roundup of the February virus and spam statistics has shown that Netsky is still the most common virus on the internet, despite all major software vendors having a signature file available for over a year.Sophos, Fortinet and SoftScan all put Netsky at the top of their monthly chart, and the virus accounted for an average of 18 per cent of all virus detections.Mytob has also proved commonplac......
[more] Security standoff over PC-PDA malware code Code for a 'PC to mobile' virus that emerged last week has not been shared between some antivirus researchers and vendors, amid allegations of bullying and untrustworthiness Mobile antivirus researchers and antivirus companies are at loggerheads over access to code for a PC-to-mobile Trojan. The Mobile Antivirus Researchers Association (MARA) said last week that it had received proof-of-concept code last week for Crossover, which MARA claims is malware......
[more] Couple face jail for Trojan trickery A couple accused of corporate espionage using Trojan software have been indicted in a Tel Aviv court.Michael Haephrati, 44, and Ruth Brier-Haephrati, 28, were extradited from London in January, and are said to have confessed to most of the charges against them.According to the indictment, the couple managed a company known as Target-Eya. Michael Haephrati is accused of developing the malware, while Ruth Brier-Haephrati is accused of marketing the malware to......
[more] PatchLink Issues Patch Tuesday Preparation Guide PatchLink Corporation, the global leader for security patch and vulnerability management solutions, today issued comprehensive best practice guidelines to help organizations prepare for what has become a notoriously stressful IT day, Patch Tuesday. While Patch Tuesday is often the cause of many late nights testing and applying patches, organizations face a continuous onslaught of vulnerabilities and patches that can adversely affect IT infrastruc......
[more] IT managers want security costs to reduce IT managers are requesting simpler applications that can deal with a range of threats at a lower cost, said the top executive of security vendor Sophos."At the end of the day, the IT administrator does not care if it is spam or a virus," said Steve Munford, chief executive officer. "All they care is there is bad stuff coming off the Internet... and they want one vendor to protect them."Gateway e-mail filtering is evolving. IT manager......
[more] Financial firms suffer most Trojan attacks But are attacks evolving? Financial companies suffered more Trojan horse attacks last year than any other industry, research suggests.Almost 40 per cent of Trojan attacks and 30 per cent of hacker scans were focused on banks and financial firms, according to a report from security companies Counterpane and MessageLabs.A statement put out by the security companies said hackers are building Trojans to steal cash directly from bank accounts rather than sip......
[more] University of Wales Protects and Accelerates New Campus Wireless Network With Blue Coat Appliance Blue Coat Systems, the leader in secure content and application delivery, today announced that its ProxySG appliance with Blue Coat WebFilter has been chosen by a member institute of the University of Wales for its new on-campus wireless network. The Blue Coat appliance enforces appropriate Internet usage, combats malware and speeds student access to educational resources from their halls of reside......
[more] Milosevic murder trojan spreading rapidly An email purporting to contain proof that the recently deceased Yugoslav permier Slobodan Milosevic was murdered is being used to spread a malicious trojan, security watchers warned. According to on BlackSpider Technologies, recipients are invited to open the email - subject line: Slobodan Milosevic was killed - and click on an attached image of Milosovic. When the image is opened, a trojan is downloaded to the PC. The security firm estimated that more......
[more] More clever hackers emerging Cyber crime grew more sophisticated, targeted, and dangerous in 2005 according to a report released this week by Counterpane Internet Security and MessageLabs. The two companies teamed up to write about their security research in a report titled "2005 Attack Trends and Analysis." The report summarized key cyber attacks across 15 industry sectors and examines how the attacks affect organizations.Some of the key findings included the fact that......
[more] Trojan Redirector Ups the Ante in Online Banking Attacks Researchers at Websense Security Labs have stumbled upon a password-stealing Trojan that uses sophisticated DNS redirection techniques to dodge server shutdowns and hijack online banking data.The new phishing attack targets users of more than 100 financial institutions in the United States and Europe, including Bank of America, HSBC, Barclays Bank, Lloyds TSB.According to an alert from Websense, the Trojan silently modifies the contents o......
[more] Spyware evolving faster than viruses The evolution of spyware is outpacing that of viruses, with some software resetting itself hourly to evade detection, security experts warned today at Infosec Europe.Security firm Webroot recorded a dramatic rise in spyware in the past 12 months, almost all of it aimed at harvesting financial data that could be used by third parties.Experts have also warned that the next target for such malware will be VoIP applications such as Skype. "Voice is definite......
[more] New Firefox flaws enable DoS attacks Popular alternative web browser Mozilla Firefox contains a vulnerability that could allow an attacker to launch denial of service (DoS) attacks, security monitoring service Secunia said in an advisory today. Although rated "not critical" by Secunia, the bug "can be exploited to corrupt the memory (of Firefox) and cause a crash." The execution of abnormal JavaScript causes the flaw.The vulnerability has been confirmed in version 1.5.0.2, ye......
[more] Trojan Freezes Computer, Demands Ransom A new kind of malware circulating on the Internet freezes a computer and then asks for a ransom paid through the Western Union Holdings money transfer service.A sample of the Trojan horse virus was sent to Sophos, a security vendor, said Graham Cluley, senior technology consultant. The malware, which Sophos named Troj/Ransom-A, is one of only a few viruses so far that have asked for a ransom in exchange for releasing control of a computer, Cluley said.The......
[more] Viruses no longer top security threat Trojans and spyware taking over Early reports of malware distribution in April show that viruses are swiftly declining as a threat in comparison with other malicious software.Separate research from Fortinet and Sophos shows that the top viruses were mainly old timers, and that Trojans and spyware are coming to the fore in their place.Fortinet in particular reported that Adware/BetterInternet was its top threat last month, accounting for nearly one in eight a......
[more] Russian student convicted for running virus distribution websites Experts at SophosLabs, Sophos's global network of virus, spyware and spam analysis centers, have welcomed the sentencing of a man who not only created his own malware, but ran two websites distributing over 4000 different computer viruses. Sergey Kazachkov, a Russian science university student from Voronezh, was found guilty of making available thousands of pieces of malware via two virus exchange websites. He was also said to ha......
[more] New IM, email bot creates own p2p network Email and instant messenger users are being warned about a new bot in the wild that creates a peer-to-peer (p2p) network of infected host PCs. The "Nugache" worm is spreading as both an email attachment and on AOL an MSN instant messenger (IM) networks, according to a warning from Websense Security Labs. "The command and control channel that is used is unique, as the bot appears to connect to infected peers instead of a static list,"......
[more] Virus emails drop to record low The number of emails carrying viruses has plummeted to fewer than one per cent of all messages sent, according to the April virus trends report from BlackSpider Technologies. The total number of virus-laden emails fell by 56 per cent compared to March's figures, with infected mail now making up just 0.79 per cent of inbound emails. The record low figure comes just four months after a record high in December 2005, when BlackSpider clocked the number of v......
[more] Summer of Love Bug started six years ago today Today marks the sixth anniversary of the release of the so-called Love Bug, a mass email worm that spread to millions of PCs worldwide and was responsible for an estimated $10 billion in economic damage. But while May 4, 2000, seems a relatively short time ago, the computer threat landscape dramatically has changed since Filipino college student Onel de Guzman wrote the bug, which fooled computer users into clicking on an attachment that supposedly......
[more] Zombie hacker pleads guilty to hospital infection A U.S. man has pleaded guilty of creating a zombie network of 50,000 computers to launch a devastating attack against a Seattle hospital. Twenty-year-old Christopher Maxwell pleaded guilty to charges that he launched an attack in January 2005 which struck hard at Northwest Hospital and Medical Center in Seattle. The attack is said to have shut down computers in the facility's intensive care unit and prevented doctors' pagers from working properly......
[more] Two years after author's arrest, Netsky worm still tops virus chart Author of Sasser and Netsky worm arrested 24 months ago, but malware still spreads Two years ago today, on 8 May 2004, a German teenager was arrested in connection with the widespread Sasser and Netsky worm outbreaks. 18-year-old Sven Jaschan of Waffensen, North Germany, wrote a series of worms which hit tens of millions of computers around the world. Experts at SophosLabsTM, Sophos's global network of virus, spyware and spam an......
[more] US hacker gets five years in the slammer A US man has been sentenced to nearly five years in prison after he was found guilty of illegally controlling around 400,000 third party PCs for the purposes of launching malware attacks.Jeanson James Ancheta, 21, from California, rented out space on this zombie network of compromised machines for the sending of spam and malware, and also for launching denial of service attacks.Among the machines infected by Ancheta were computers at the US military test......
[more] Hacker's Work Plagues PCs Two Years After Arrest Named the worst worm of 2004 by some anti-virus firms, the Netsky worm is still the No. 1 reported virus in the world, according to Sophos. Its 18-year-old creator, meanwhile, got off lightly, with a suspended sentence and 30 hours of community service. Two years after the arrest of a noted hacker, his creation remains at the top of the virus charts, a security company said Wednesday, proving just how long an Internet affliction can last. May 8,......
[more] Vista's security features lack polish, but still an improvement Though Microsoft has made drastic security improvements within its upcoming Vista designs, there will be some usability hiccups within its new security features and there will still be plenty of room for security developers to sell aftermarket products, the Yankee Group said this week. The Yankee Group released the report on Monday detailing its security assessments of Microsoft's most recent Vista build and predicting the effect it......
[more] Spyware stages 'significant counterattack' Spyware made a significant comeback during the first quarter of 2006, new threat-monitoring research has revealed. According to the "State of Spyware" report issued today by Webroot Software, the first three months of this year saw a "dramatic rise" in the prevalence of adware combined with a significant increase in the most malicious types of trojans and system monitors.This malware epidemic resulted in the highest consumer infectio......
[more] New worm hoots at users Researchers at Sophos are warning PC users about the W32/Hoots-A worm, which sends a picture of an owl to attached network printers. The unusual malware is written in Visual Basic and spreads through network shares, according to a company advisory. Once installed on a network, the worm sends a picture of an owl with the words "O RLY?" to a number of print queues. Graham Cluley, senior technology consultant, said the malware is most likely the work of......
[more] Printer worm doesn't give a Hoot An odd worm is circulating through computer systems trying to print off images of a fake owl on network printers.Hoots-A is written in Visual Basic and spreads via network shares. Once it has infected a computer it attempts to send a graphical image of an owl with the legend 'O RLY?' to a number of predefined print queues. The worm is thought to be the work of a company employee who sought to jam up his own company's machines but failed to realise that the......
[more] Malware using search engines to spread Internet search engines are now one of the commonest means by which malware spreads, a new study has suggested. The study carried out by McAfee's spyware expert Ben Edelman using the company's SiteAdvisor tool, analysed common searches on all the Net's major search engines, Google, Yahoo, MSN, AOL and Ask. The results make sobering reading. Between January and April of this year all surveyed engines returned numerous sites that could be classified as "......
[more] Man jailed for using spyware to monitor US government A man has been sentenced to jail for using spyware to gain unauthorised access to US government computers.Kenneth Kwak, a 34-year-old system auditor who had been working on the computer security of the US Department of Education, admitted placing spyware software on his supervisor's PC.This software enabled him to access emails and other information. Kwak, of Chantilly, Virginia, then shared the information he gathered with others in his off......
[more] Killjoy Trojan deletes warez and smut Virus writers have created a Trojan that deletes illicit files from compromised Windows PCs in addition to harvesting data from infected machines.Erazer-A is spreading (albeit modestly) across P2P networks, where it poses as useful program files, or through chat programs.If executed, the malware scours folders used for P2P apps for AVI, MP3, MPEG, WMV, GIF, ZIP and other files. It then erases any porn, warez, music or any other matching file type found in P......
[more] Zombie king suspect alleged to have sent 18 million spams per day Experts at SophosLabs, Sophos's global network of virus, spyware and spam analysis center, have welcomed the news that the South Korean authorities have arrested a man suspected of running a 16,000-strong network of zombie computers. According to the state-backed Korea Information Security Agency (KISA), the man is believed to have sent 18 million spam emails to 133 countries every day from his network (or botnet) of compromised......
[more] Yahoo Messenger worm turns on IE Researchers have identified an "insidious" threat affecting Yahoo Messenger. A self-propagating worm, named yhoo32.explr, installs a piece of software called 'Safety Browser' and then hijacks the Internet Explorer homepage, leading users to a site that puts spyware on their PCs.Because Safety Browser uses the IE icon to identify itself, users can easily mistake it for the legitimate Internet Explorer. This is the first recorded incidence of malwar......
[more] Microsoft working on Word vulnerability fix Microsoft’s security experts are working on an update for the new zero-day vulnerability for Microsoft Word. First reported last week, the unspecified flaw in Word could be used to execute remote code onto a PC, according to vulnerability monitoring firm Secunia. So far, the preferred form of delivery for the malware has been email, according to Stephen Toulouse, head of the Microsoft Security Response Center (MSRC). "First off on the vulnerabilit......
[more] Settlement ends Sony rootkit case Music fans who bought CDs with Sony's controversial XCP copy control software are set to get refunds. A US federal judge gave final approval to a class action lawsuit that was brought against the entertainment company after Sony included a pair of invasive and potentially dangerous copy protection programs on an estimated 15 million music CDs. The agreement ends one chapter in a public relations disaster for the entertainment company, which must still contend w......
[more] Intel Macs vulnerable to 'chip-level' threats Chip-level attacks target a vulnerability in the processor rather than the software Researchers have claimed that "chip-level threats" pose a potential problem for Intel-powered Mac systems.A chip-level attack targets a feature or vulnerability in the processor rather than attacking software as is the case with nearly all today's security threats.Examples of chip-level attacks are rare. The last known serious outbreak dates back to 1998, wh......
[more] StopBadware.org names and shames malware Anti-spyware organisation StopBadware.org today added four software programs to its Badware Watch List, which aims to name and shame applications that contain embedded malware.The reports are the most recent in a series released by Harvard Law School's Berkman Center for Internet & Society and Oxford University's Oxford Internet Institute as part of an ongoing effort to battle malicious spyware programs."Today we are identifying four more applic......
[more] Fake Microsoft flaw notification trojan in the wild Think you’re lucky enough to have been notified of a new Microsoft Windows flaw seemingly before anyone else? Think again. Researchers are warning PC users not to fall for an email scheme that pretends to be a warning and patch for a newly discovered flaw in Microsoft WinLogon Service. The email tells users the flaw can allow malicious users to access a PC, then redirects them a malicious link that downloads a trojan. The scam should be famili......
[more] Akonix: Highest Number of Spim and Malware Filter Updates Issued This Year Akonix Systems, the provider of the most deployed instant messaging (IM) security and compliance products in the world, today announced its Security Center team tracked 31 attacks against IM networks in May, the largest number of threats this year. New worms identified in May include Browaf, Kassbot, Nugache and Propmsn. The most common attack was Tilebot, which had five variants of the original virus. Overall, Akonix se......
[more] Spam deluge eclipses email virus threat May witnessed an all-time low for virus-laden emails and a record high for spam, according to stats from email filtering firm BlackSpider Technologies. Emails containing malware made up just 0.73 percent of all emails scanned by BlackSpider last month while junk emails represented 87.74 per cent. By comparison, the number of virus-infected emails reached 3.93 per cent of all emails in December 2005, a record high. The drop since then is reckoned to be dow......
[more] Little action from Kama Sutra Worm To the delight of mouse-clickers around the globe, the so-called Kama Sutra Worm scored high marks on foreplay – but failed to deliver the knockout blow many security experts feared it would. Considerably fewer-than-expected cases of the file-destroying worm, which induces PC email recipients through promises of pornographic pictures and videos, have been reported since Friday's activation date, computer security experts said. Hundreds of thousands of machines......
[more] Vista plays hide-and-seek with hackers Microsoft is starting a game of hide-and-seek with malicious code writers. Windows Vista Beta 2, released last week, includes a new security feature designed to protect against buffer overrun exploits. Called Address Space Layout Randomization (ASLR), the feature loads key system files in different memory locations each time the PC starts, making it harder for malicious code to run, according to Microsoft. "It is not a panacea, it is not a replacement......
[more] Sophos issues World Cup virus warning Consumers and businesses need to be extra vigilant against virus threats from hackers taking advantage of World Cup fever, according to a security warning from Sophos."In the past we've seen viruses exploiting the popularity of celebrities like Anna Kournikova. David Beckham or Wayne Rooney could be next," Graham Cluley, senior technology consultant at Sophos, told vnunet.com. "Businesses need to ensure that staff are not downloading unknown......
[more] Microsoft and criminals hold the future of antivirus The future of the antivirus industry will be determined by Microsoft and the online criminal fraternity, according to Kaspersky Lab. "Microsoft's plan to introduce antivirus products for home PCs, workstations and MS Exchange will shake up the market," said Eugene Kaspersky, head of antivirus research at Kaspersky Lab.Kaspersky said that Microsoft would not make the same mistakes as when it launched an antivirus product 12 year......
[more] Attack code comes on heels of Microsoft patches Just a day after Microsoft released patches for vulnerabilities in some of its software, code designed to take advantage of those weaknesses appeared on the Internet. Most of the patches that Microsoft issued were for flaws that were widely known. But at least two flaws were made public for the first time on Tuesday as part of the company's monthly security update. Security firms reported finding the code in Wednesday. The exploit code for previou......
[more] Fewer e-mails bear malware The proportion of e-mail messages that contain malware has fallen for the first six months this year compared to the same period last year, Sophos PLC said on Wednesday. Statistics released by Sophos show that about one in 91 e-mail messages contained a virus or other types of bad software, far less than the 1-in-35 figure of a year ago, said Graham Cluley, senior technology consultant. Sophos provides enterprise-level antivirus, spam, adware and malware protection pr......
[more] Fewer viruses in email, says Sophos The proportion of email messages that contain malware has fallen for the first six months this year compared to the same period last year, Sophos said yesterday. Statistics released by Sophos show that about one in 91 email messages contained a virus or other types of bad software, far less than the one-in-35 figure of a year ago, said Graham Cluley, senior technology consultant. Sophos provides enterprise-level antivirus, spam, adware and malware protection......
[more] Worm lures victims with 'Naked World Cup' IT professionals, on the other hand, may want to be a little more vigilant, as a new e-mail worm is on the loose that preys on the intense worldwide interest in the international sporting event. Called Sixem-A, the worm began circulating earlier this week, and has just recently been blocked by anti-virus vendors. So far, the worm has been detected at only a handful of companies, but it is the first World Cup 2004 malware to target an English-speaking au......
[more] Nasty, Next-Gen Trojans Are Upon Us Banking Trojans are perhaps the most malicious form of malware today, with the express purpose of taking your money directly from your own bank account. Regardless of how much damage they may have done in the past, a new generation of banking Trojans is beginning to appear, and they're game for even more pilfering, according to at least one security researcher. Joe Stewart, senior security researcher at managed security firm LURHQ, detailed the evolution of t......
[more] Hackers keep hacking because they can I had yet another computer journalist call me to ask if Vendor X's security solution was THE security product to solve all our security problems. I get a call or e-mail like this about once every two weeks. Usually they've read the vendor's own PR, another newspaper article, or even my own column touting a particular product. The typical conversation goes something like this: Journalist: "Hey, do you think Product A from Vendor X will solve all our sec......
[more] UK cyber criminals arrested Police have arrested three British men suspected of being part of an international gang of cyber criminals.The Metropolitan Police's Computer Crime Unit worked on a joint operation with the Finnish National Bureau of Investigation and the Finnish Pori Police Department, to arrest three suspected members of the virus writing gang 'Moop'. The men - a 63-year-old from Suffolk, a 28-year-old and a 19-year-old both from Scotland, have been detained in connection with a co......
[more] Word attack spammed out as malicious email attachment Experts at SophosLabs, Sophos's global network of virus, spyware and spam analysis centers, have warned of a Trojan horse that has been spammed out in large quantities to email users around the world. The WM97/Kukudro-A Trojan horse has been spammed out in email messages, which can have a variety of subject lines including "worth to see", "prices", "Hi", and "Hello". The body of the message reads as fo......
[more] Will Microsoft corrupt the security sector? With the wreckage of Netscape, Lotus and Borland in its rear-view mirror, Microsoft now seems to have another group of software vendors in its sights, ready to run them down: antivirus vendors. That at least is the accusation made by Alex Eckelberry, chief executive of Sunbelt Software, which makes antispyware products. "It's bad enough that Microsoft is getting in to all aspects of security. But now they are going to kill their competition throu......
[more] Worm appears as Microsoft antipiracy program Security analysts have detected a new piece of malware that appears to run as a Microsoft program used to detect unlicensed versions of its operating system. The malware has been classified as a worm and spreads through AOL's Instant Messenger program, said Graham Cluley, senior technology consultant for Sophos, a security vendor. Sophos is calling it W32.Cuebot-K, a new variation in the Cuebot family of malware. The worm has a range of mal......
[more] Volume of email viruses falls in June The percentage of emails containing viruses remained at just 0.36 per cent during June, despite an attack launched by the Bagle virus.The percentage of spam, however, was marginally higher month on month at 85.11 per cent, according to figures from anti-spam and antivirus firm SoftScan. SoftScan considers this change to be the result of less business related email as the holiday season begins, rather than an overall increase in spam. The company reported th......
[more] New PoC virus can infect both Windows and Linux Kaspersky Lab today reported a new proof of concept (PoC) cross-platform virus that creates malicious code to infect both Linux and Microsoft Windows operating systems. Kaspersky researchers gave the crossover virus a double name, Virus.Linux.Bi.a/Virus.Win32.Bi.a. The virus is interesting, said analysts on Kaspesky's Viruslist website, because it is capable of infecting ELF, the file format used for Linux systems, and PE, Windows' file format. It......
[more] AOL instant messenger worm poses as Microsoft's Windows Genuine Advantage AOL Instant messenger (IM) users were warned this week of a new worm that poses as Microsoft’s controversial Windows Genuine Advantage (WGA) program. Researchers at Sophos said the WGA worm, known as Cuebot-K, spreads by AOL Instant Messenger and registers itself as a new system driver service named wgavn. The malware uses Windows Genuine Advantage Validation Notification as a display name and runs during system startup, a......
[more] Spam zombies give UK ISPs the fear The potential disruption of service and risk posed by compromised, zombie PCs spewing spam is putting fear in UK ISPs, according to a survey conducted by security firm StreamShield Networks.A massive 96 per cent of 50 ISP respondents cited the proliferation of botnets - networks of virus-infected PCs under the control of hackers - as a key business issue.According to industry analyst firm Gartner, seven in 10 items of spam originate from infected PCs.Other ite......
[more] Macs 'inherently more secure', say Mac users Mac users have reacted angrily to yesterday's leader article on silicon.com which questioned whether the Mac operating system is perceived as being more secure simply because Macs are less popular, and therefore represent a less attractive target for hackers and virus writers.Not so, argue Mac fans who were quick to point out that, in their opinion, Macs are perceived as being more secure because they are inherently more secure by design. End of argu......
[more] Microsoft shuts down Windows 98 Microsoft is urging an estimated 70 million users of Windows 98 to upgrade as it ends support for the software. From 11 July, Microsoft will no longer help users over the phone with any problems they have with the ageing operating system. The firm will also stop providing security updates for Windows 98 from the same date. Support for the software was originally due to end in 2003, but was extended following customer protests. Shutting downProducts affected by cl......
[more] Adware targets Myspace users Users of the popular social networking website Myspace.com were warned against downloading videos from friends after it was revealed that the videos led to adware being installed on computers. According to Chris Boyd, director of malware research for security vendor FaceTime who blogs under the pseudonym "Paperghost," users are being tricked into downloading the adware through embedded video links on friend's profiles."Well, I was rattling around Myspa......
[more] Sophos to reduce IT security overheads by 25% at DaimlerChrysler DaimlerChrysler UK, which is responsible for the distribution, sales and marketing for Mercedes-Benz, Chrysler, smart, Mitsubishi Canter, Jeep and Dodge in the UK, has successfully protected the email traffic at its nationwide dealerships, using Sophos's new email security appliance and industry-leading anti-virus and anti-spam software. This move is set to substantially reduce administrator and network overheads - saving th......
[more] Websense finds malware with Google Research from Websense Security Labs has found that thousands of pieces of malicious binaries are available on the web.Websense searched Google with Google's own application programming interface to find malicious executables indexed by the search engine.A Google query for 'Signature: 00004550' results in numerous links to executable files. The reason this search works is because when Google indexes the executable file, it passes the PE file format of the......
[more] Trojans account for over half of malware Over 54 percent of the new malware in the second quarter of 2006 were trojans, according to new data. The research from anti-virus firm Panda Software showed an increase compared to the previous quarter, when they accounted for 47 percent of malware detected. At the same time, the number of worms continued to fall, marking less than 5 percent of the total. The company said the figures confirmed that trojans are being used by criminals for financial gain.&......
[more] Trojan downloader uses Zidane lure Nefarious virus writers are using continued interest in Zinedine Zidane's infamous headbut in the World Cup final in order to distribute malware via a malicious website that poses as an official FIFA World Cup 2006 website.Surfers straying on the site are exposed to a Trojan horse downloader, which uses Windows exploits in a bid to install malware on vulnerable PCs. If successful, additional malware payloads are downloaded on to victimised machines.According t......
[more] Are virus writers the new entrepreneurs? "I can't help but look at these virus trends and think of it in terms of a start-up..." Modern virus writers and the criminal operations which pay for their skills are looking ever more like real businesses according to one security expert, who even likened them to dot-com start-ups.Greg Day, security analyst at McAfee, said these operations are showing alarming levels of professionalism and while the idea that malware distribution has been governed by a......
[more] McAfee launches its own security publication Called Sage, the publication features news stories, opinion pieces and comprehensive technical articles, all written by members of McAfee Avert Labs, the vendor's security research division. "A lot of other journals talk about what's easily counted," said David Marcus, security research and communications manager for Avert Labs. "We wanted the journal to take sides...We wanted to take a position and not just give out data and statistic......
[more] Political hacking hits MySpace everal bloggers are reporting today a MySpace hacking scheme in which malware writers embed Flash-based malicious code in profiles and redirect victims to an online tirade concerning the Sept. 11, 2001 terrorist attacks. When logged-in users of the popular social networking site visit one of these "hacked" profiles, they are redirected to a blog containing conspiracy theories that the U.S. government orchestrated the attacks, according to security blog Ch......
[more] Hackers shut out by World Cup security Security around the computer system used in the recent World Cup tournament held up well enough to prevent any significant problems. Avaya said Wednesday the network it designed recorded 5 million "unique firewall events" each day of the seven-week event, and while 128,000 breached the firewalls, there were no security-related or application outages recorded. "From a security standpoint, we never lost bandwidth or network resources due to re......
[more] Sophos podcasts debate latest IT security issues Sophos, today announced that it will record regular podcasts in which its experts will discuss and debate the latest malware threats, industry developments and long term security issues. The podcasts will provide valuable insight into the changing threat environment as well as the steps that businesses must take to protect themselves. In the first podcast, released on Sophos's website today, Carole Theriault interviews Graham Cluley, senior techn......
[more] Ransomware getting harder to decrypt Ransomware is becoming more complex and anti-virus companies are worried they may not be able to decrypt ransomed files, according to a new report. The report, Malware Evolution: April - June 2006, Hidden Wars by anti-virus company Kaspersky Labs, warned that ransomware authors are creating more sophisticated encryption algorithms in a bid to out-fox security companies and blackmail users and companies.Ransomware involves the use of malicious code to hijack u......
[more] Spammers dust off their botnet passports Criminals who remotely infect PCs for the purpose of using them to relay spam messages are targeting new countries and regions in order to increase the number of machines they can enlist.UK and US internet service providers have seen their networks riddled with infected PCs in the last few years and those PCs have been used to relay vast spam campaigns. But as these networks - called botnets - get cleaned up, so they must be replaced.Now it seems the bot......
[more] F-Secure grows steadily and profitably Total revenue increased by 35% to a record level of 19.8m F-Secure continues its successful growth strategy as the total revenue of the second quarter rose by 35% to a record 19.8 million euro. The operating profit increased by 88% to 2.8 million euro.The company is the clear global leader in offering the Security as a Service concept through Internet Service Providers. F-Secure has a 36% share of the European broadband ISP market and a 25% share of the Eur......
[more] Viral email traffic falls but threat remains Clandestine threats are on the rise, despite a dramatic reduction in virus traffic The proportion of infected email has dropped to a new low of just one in 222 (0.45 per cent), according to a security report by Sophos.This compares to the first six months of 2006 when, on average, one in 91 emails (1.1 per cent) carried malicious attachments.Sophos identified 3,715 new threats in July. The majority of the new threats (87 per cent) were Trojan horses,......
[more] KaZaa users warned of p2p worm Researchers are warning peer-to-peer (p2p) application users of a new proof-of-concept virus that acts similarly to the W97M/Melissa malware. The virus, MSH/Cibyz, which is based on Windows PowerShell, was released by members of the RRLF virus group, according to an advisory from McAfee. PowerShell is a command line shell and scripting language that runs on Microsoft XP, Windows Server 2003, Vista and Longhorn operating systems. The malware is a low risk to home an......
[more] Hackers try to crack Windows PowerShell Virus writers in Austria have reportedly developed malicious code that targets Windows PowerShell, the command line interface shell and scripting language product being developed by Microsoft. Security company McAfee warned this week that it had detected the worm, called MSH/Cibyz. MSH/Cibyz is designed to spread using the Kazaa file-sharing network, and the worm runs in PowerShell, which is due to ship in the second half of this year. PowerShell, formerl......
[more] Microsoft Takes Vista to Hacker Confab The annual Black Hat conference in Las Vegas plays host to the world's top hackers and security professionals, who come together to discuss the industry and delve into code. Microsoft is playing a major role at this year's event, inviting attendees to find holes in Windows Vista.A Vista beta build was handed out to about 3,000 experts on Thursday in hopes they will uncover flaws before the operating system is completed later this year. Microsoft's director......
[more] Aladdin eSafe Increases Security Through New IM File Transfer Blocking Aladdin eSafe now offers enhanced AppliFilter technology that blocks potentially harmful file transfers while still allowing legitimate IM messaging. Aladdin Knowledge Systems, the leader in Software DRM, identity management, and content security solutions, today announced its Aladdin eSafe gateway-based content security solution now offers enhanced AppliFilter features that allow organizations to block file sharing in Instan......
[more] Akonix A-Series offers complex, best-of-breed IM security The Akonix A-Series IM security appliances give enterprises control of instant messaging, a runaway app that can leave a yawning network security hole, and peer-to-peer traffic, a serious bandwidth hog and malware vector plaguing corporate networks. The A6000 we tested (the A1000 is aimed at SMBs) is enterprise-class hardware, with multiple network interface cards for clustering and a redundant hard drive. The A-Series runs AkOS, a propr......
[more] Google diverts traffic away from malware sites Google has started to alert users who are clicking on search results pointing to potentially dangerous websites.The users who click on a link that leads to a site containing malware will be diverted to a special Google page stating: "Warning - the site you are about to visit may harm your computer!"The page currently offers a link to the StopBadware.org website as well as the actual website the user was trying to visit. Over time the warn......
[more] Employees Using Instant Messaging Put Companies at Risk According to a recent survey by Akonix Systems Inc., a provider of instant messaging (IM) security solutions, employees are unknowingly putting companies at risk for major security, legal and compliance issues by using instant messaging (IM) as a medium to share corporate information and communicate with external parties including customers and suppliers.The company said that nearly 60% of respondents to a July 2006 poll stated they use IM......
[more] Trojan data-stealer hijacks ICMP traffic A Trojan has been discovered that attempts to evade detection by sending stolen data back to its criminal creators using the ICMP (Internet Control Message Protocol) back channel. Detected by security company Websense, the unnamed Trojan is a relatively conventional data-stealer up to the point it communicates back to its host. Once a PC has become infected, the Trojan installs itself as an Internet Explorer browser helper object (BHO), and then waits qu......
[more] Social networks riddled with malware One in 600 profile pages on social networks host some form of malware, a new study has found.Research by security firm ScanSafe analysed over five billion web requests in July.Traffic to social networking sites - such as MySpace and Bebo - thought to be popular with teens, accounted for one per cent of all web use in the workplace, the company found."Social networking sites have been newsworthy because of the concern over our children's safety," sa......
[more] Worms exploit critical MS06-040 Microsoft security vulnerability Experts at SophosLabs, Sophos's global network of virus, spyware and spam analysis centers, have warned computer users of malware that is exploiting a critical security vulnerability in Microsoft software. The W32/Cuebot-L and W32/Cuebot-M worms spread via AOL instant messenger, exploiting the vulnerability described in Microsoft's MS06-040 security bulletin. "Microsoft only issued a patch against the security hole used by th......
[more] Iran president's weblog spews malware - false Reports that the new website of the President of Iran is trying to install malicious scripts on the PCs of visiting infidels are almost certainly the result of a false alarm by security packages rather than a hostile attack.The new weblog of Iranian President Mahmoud Ahmadinejad made a splash in Western media when it launched earlier this week.In the first posting on the site, the bricklayer-look-alike-turned-Persian-President talks about his early......
[more] Group slammed for creating 'test' viruses A consumer magazine has been condemned for possibly adding to the virus problem by creating a series of 'test' viruses just to review antivirus scanners. In an act that has long been considered technical taboo, US consumer affairs organisation, ConsumerReports.org, decided to generate 5,500 'test' viruses to run, under lab conditions, against 12 leading antivirus software products. The organisation's own website describes the methodology used: "To......
[more] Security firms develop anti-rootkit tools Antivirus firms Trend Micro and Sophos have developed new tools to discover rootkit infections but both are attacking the problem from a slightly different angle. Rootkits are powerful programs that alter the kernel of an operating system, which allows them to hide certain files or applications from the underlying OS. In April, antivirus firm McAfee said the number of rootkits found by its emergency response team in the first quarter of 2006 had increase......
[more] Electronic tagging for teenager who admitted email bombing 19-year-old bombarded former employer with five million emails Sophos, a world leader in protecting businesses against viruses, spyware and spam, has reminded young people of the importance of behaving appropriately online following the news that a teenager has been sentenced for bombarding a former employer with email. David Lennon, a 19-year-old Briton living in Bedworth, Warwickshire, pleaded guilty today under section 3 of the Comput......
[more] McAfee warns of 'SMiShing' attacks Cell phone users should watch out for text messages containing a Web site link which, when visited, could download a Trojan horse, security experts have warned. In a blog posting Friday, McAfee Inc. dubbed the new development "SMiShing," referring to a phishing attack sent via SMS (Short Message Service). Some cell phone users have started receiving an SMS that reads: "We're confirming you've signed up for our dating service. You will be ch......
[more] Windows patch and iPod exploited in e-mail scams Fake Windows security patches and rogue iPod invoices have been making the rounds this week as spammers continue trying to fool people into installing Trojans on their PC. Internet threat monitoring firm Websense issued an advisory on Wednesday about a fake e-mail that encourages recipients to install a patch to fix a Windows vulnerability described in Microsoft security bulletin MS05-039.According to Websense country manager Joel Camissar the e-m......
[more] Malicious image spam entices users with soft porn Hackers are taking advantage of image spam techniques and lusty minds to spread a new Trojan horse, experts at SophosLabs warned today. A new spate of email messages are being sent to Australian users claiming to be from a woman visiting the country looking for a sex partner. Similar to most run-of-the-mill image spams the message contains no text, with the message completely embedded within an image. The missive embedded within the image entices......
[more] Vicky's sex partner graphic email points to malicious Trojan horse Experts at SophosLabsTM have warned that hackers are stealing the tricks used by image spammers to infect computer users with malicious code. Experts based in Sydney, one of Sophos's global network of virus, spyware and spam analysis centers, have discovered email messages are being sent to Australian computer users claiming to come from a young woman visiting the country. Unusually, the malicious emails contain no text, but an......
[more] Trojans: worse than a virus When some of the most prolific viruses, such as Sobig and Lovebug, infected the world's computers, it was international news. The rise of the potentially more serious threat from trojans has been stealthier. Even though the number of trojans being created outnumber new viruses by four to one, many computer users are unaware of the threat. Computer security experts say the authors of trojans are ruthlessly exploiting this ignorance. A trojan could be installed wh......
[more] Symbian-to-PC worm on the loose A worm that can move from a Symbian phone to a PC has been reported by security experts F-Secure.The Mobler worm doesn't have an automatic cross-platform spreading mechanism, but could be loaded by unwary users. It attempts to copy itself to all available media including USB drives and memory cards. On a Symbian device, it creates a Windows-executable installation package on the memory card. This can be seen by Windows Explorer when the device is connected t......
[more] Man admits blackmailing schoolgirls via webcam spyware Experts at SophosLabs have warned of hackers exploiting webcams to spy on children as a man pleads guilty to blackmailing schoolgirls.Adrian Ringland, from the British town of Ilkeston, Derbyshire, has admitted forcing schoolgirls to send him explicit pictures after he infected their computers with a Trojan horse. 36-year-old Ringland posed as a teenager called "Ant Jones" in a chatroom, in order to plant the malware onto girls' P......
[more] Nearly 2,000 Malware Threats and Hoaxes Discovered in August Sophos released August's top ten global malware threats and hoaxes, and released further proof that rootkits continue to infiltrate innocent computer users. Sophos identified 1,998 new threats in August, bringing the total number of malware protected against to 186,665. The majority of the new threats (71.8 percent) were Trojan horses, which, in most cases, are specifically targeted at particular groups of people and do not spread on......
[more] IM boom brings security concerns By 2007, it will be considered strange if a company is not using some form of instant messaging (IM) technology. That's a far cry from a few years back, when IM was still somewhat mysterious and many enterprises did not allow its use for fear of plummeting productivity and information leaks. But as 2006 marks the year IM breaks into the workplace, network managers have new security concerns, such as worms, viruses and leaks of sensitive information. Many product......
[more] Samsung Web site hosts password stealing trojan Samsung's US Web site is hosting a Trojan horse that logs keystrokes, disables antivirus applications and steals online banking access codes, according to Internet security firm Websense. Visitors to the Web site are not affected by the malware and Websense believes Samsung's Web server has most likely been compromised in order to serve malware to users that receive spam messages or malicious IM messages.Joel Camissar, Australian country manag......
[more] Celebs bigger than sex in adware war Adware and spyware has risen by 1,000 per cent since 2003 Celebrities are a bigger lure than sex when it comes to getting users to download adware or spyware, according to research by an antivirus vendor.The common view that adult and pornography websites are the most prolific distributors of malware has been challenged by stats collected by McAfee SiteAdvisor. McAfee said that its research proved that adware and spyware distributors are abusing the affi......
[more] Botnet operator taps into Google Analytics A botnet operator is using Google Analytics to collect additional details about his network of zombie computers.Google Analytics offers free site visitor statistics, tracking the number individuals that visit a website and their geographic location. The service uses special HTML code embedded into a website that alerts the Google server to visitors.In this case, however, a botnet operator has embedded the code into a variant of the Opanki virus, accord......
[more] IE Vulnerability Spreads To Email The VML exploit found earlier this week could prove to be a severe problem because it can take initiative without requiring any action on the part of the user. But so far Microsoft does not appear to be a big rush to fix the problem. Microsoft has acknowledged reports from antivirus and anti-spyware vendors of the vulnerability in the Vector Markup Language (VML) used in Windows. For now, Microsoft has published a Security Advisory, which provides steps cu......
[more] Worm burrows to heart of Windows Live The latest worm to infect instant-messaging networks is aptly named Heartworm. The worm, actually called W32.heartworm.a, affects users of Microsoft's Windows Live Messenger service (formerly MSN Messenger), presenting users with a link to a Web site that tells them a virtual greeting card is waiting for them, according to FaceTime Security Labs, a division of IM management and security company FaceTime Communications. That link brings unsuspecting users to......
[more] Malware lurks behind safety seal Sites handed the TRUSTe seal of approval are twice as likely to host malware or engage in spamming as those not endorsed by any security certificate, according to a study by spyware researcher Ben Edelman.Edelman reached this conclusion after cross-referencing a sample of 500,000 top websites, as reported by a major ISP, that are endorsed by a TRUSTe certificate with data on untrustworthy sites, as listed by McAfee's SiteAdvisor service.Of the sites certified by......
[more] PowerPoint exploit adds to Microsoft's busy week Another exploit for a popular Microsoft program has been found in the wild during an already hectic week for the software giant. Experts from McAfee's Avert Labs said on a company blog this week that they found a new exploit for Microsoft PowerPoint in the wild. Microsoft Office 2000, XP and 2003 are affected by the exploit, virus researcher Craig Schmugar said on Avert Labs' blog. News of the new exploit came during a week when Redmond had alread......
[more] Sophos announces new proactive anti-malware technology Security software vendor Sophos has announced the availability of its Host Intrusion Prevention System (HIPS), which proactively identifies and blocks programs that behave suspiciously before they execute. Sophos's Behavioral Genotype protection technology, which has been fully integrated into all of Sophos's anti-virus solutions, can detect unknown spyware and malware without a false positive problem and without the need to install any add......
[more] Top ten malware threats and hoaxes reported to Sophos in September 2006 The battle for the top position between Mytob.c and Nyxem.e continues for the third month in a row. After losing considerable ground in August, in September Nyxem improved its position by almost two percentage points, while Mytob.c dropped by six percentage points. As a result, the current difference between the two malicious programs at the top of the rating is only about 4%.Still, the outcome of this confrontation is pred......
[more] Top security priorities revealed Some 'same old, same old' but a few new worries too IT managers are being warned of the threats that are likely to keep them awake nights in 2007, with laptop security, VoIP and the contentious issue of mobile phone viruses all featuring on one organisation's 'hit-list'.The Sans Institute says the greatest concern for businesses should be the security of their laptops as more companies replace desktops with notebooks. The mix of sensitive data being taken out of......
[more] Microsoft and McAfee accuse each other of being driven by commercial factors There's a war of words between Microsoft and McAfee over security products, with both sides accusing each other of being motivated by commercial factors and not security concerns. McAfee decided to take out a full page ad in the Financial Times stating that Microsoft's aim was to see "a world in which one giant company not only controls the systems that drive most computers around the world but also the security t......
[more] Secure Computing teams with Workshare on compliance appliance Secure Computing announced Wednesday a new version of its IronMail messaging security appliance that works with Workshare's compliance technology. Called Workshare Network Protect for IronMail and available now, the appliance is designed to keep sensitive information - such as intellectual property, human resources and financial data, and customer information - from leaving the corporate network without authorization, according to co......
[more] GFI Warns One Anti-virus Engine Is Not Enough To Protect Your Business Although 99% of large British companies use anti-virus products, 43% were still infected by viruses (UK ISBS Survey 2006) GFI, a leading provider of network security, content security and messaging software has today issued a stark warning to businesses across Europe about the dangers of deploying a single anti-virus engine. GFI's new White Paper, "Why one virus engine is not enough", reveals that organisations rely......
[more] Sophos implements behaviour blocking Sophos has equipped its products with their so-called Behavioral Genotype Protection enhancement. This is aimed at identifying applications which exhibit suspicious behaviour, such as adding autostart keys to the registry and opening a port in listening mode. In contrast to competitor products, the code is not executed - the behavioural blocking is purely an enhancement to the scan engine and is essentially signature-based in its function. According to Senio......
[more] Study: IT pros worried about disabled or misconfigured security safeguards Nearly nine of 10 IT professionals are worried that hackers and malware will cause their security safeguards to be disabled or misconfigured, a new study shows. Meanwhile, 83 percent of IT managers are concerned that system and application patches might disrupt security controls and 82 percent are worried fellow employees will be responsible for a disruption, according to a joint study released Thursday from Symantec and......
[more] Celeb sites now best way to get malware The quickest way to become infected with malware could be to visit a fake celebrity website and not, as is commonly assumed, one dedicated to porn.This is according to a recent report on malware trends published by McAfee that confirms an October 2005 University Of Washington study that suggested celebrity websites had overtaken porn as the favoured means of malware distribution. In fact, the company concurs that porn is now probably only in third place i......
[more] Increasing Security Needs of Enterprises to Fuel Growth in the World Content Filtering Market The content filtering landscape is witnessing several changes. Traditionally, the Web, e-mail and instant messaging (IM) filtering markets have evolved separately. The uptake of solutions, especially in the e-mail filtering market, has been successful. As a result, the content filtering market is maturing and existing vendors are expanding and diversifying their product and service portfolios.Although......
[more] Microsoft enters the anti-virus bear-pit Microsoft is setting the cat among the pigeons at this year's Virus Bulletin conference, the big chinwag for the security software industry. Ordinarily, blame for the lamentable state of awareness of internet security has fallen on Redmond, alongside clueless end-users and over-sensationalist journalists. Lately, though, Microsoft has tried to shake off the fall-guy role, and reinvent itself as security industry participant. In May it launched its own se......
[more] Sophos launches new suite of it security solutions for small businesses Sophos announced the availability of its new integrated security solution for small- to medium-sized enterprises (SMEs). The launch of the product coincides with research discovering that most small businesses are failing to adequately protect themselves from malicious attack.Sophos Security Suite provides an all-in-one defence against threats on Windows and Mac computers, laptops and servers. The software has been designed......
[more] Haxdoor Trojan claims thousands of UK victims Metropolitan Police have revealed that the Trojan responsible for infecting thousands of users is Haxdoor, a particularly 'nasty' piece of malware. The FBI is working with the Met to catch the offenders The Metropolitan Police have revealed that cybercriminals used a particularly malicious piece of malware called the Haxdoor Trojan to steal data from thousands of UK users. Over 2,300 people have been infected with a variant of Haxdoor, which installs......
[more] Windows CE wide open to attack Windows CE is at an especially high risk of attack according to a new analysis of malware threats.Kaspersky Lab researcher Alexander Gostev has produced the report, it which it is noted that the mobile version of Windows remains wide open to software exploits compared to desktop versions, and allows easy programming access to core operating system functions. Gostev refers to the growing number of vulnerabilities that have affected the platform, starting with the D......
[more] Security still a top priority for organizations The threat picture is much more complicated today compared to a few years ago," says Partik Runald, Senior Security Specialist, F-Secure Corporation Aiming to be 'Mr Reliable' in the security services arena, F-Secure Corporation provides solutions for workstations, gateways, servers and mobile phones that include anti-virus and desktop firewall with intrusion prevention, anti-spam and anti-spyware solutions, as well as network control solutions for......
[more] Microsoft opens Vista for security Microsoft has suddenly announced that it's new Windows Vista operating system will be open to third-party security software - such as McAfee and Norton - to help protect users against malware threats.This comes as a surprise as previously Microsoft had insisted that Microsoft alone would have root access to Vista, essentially locking out security vendors.This would have meant that Microsoft alone would have been reponsible for keeping PC's protected against ma......
[more] iPod Windows virus not correctly named says Sophos Security vendor Sophos claims that presently Apple is not displaying the correct name for the recently discovered iPod Windows virus listed on its website, instead referring to it by the name of a file commonly used in malware called RavMonE.exe. The virus, which was been shipped on a relatively small number of Video iPods sold in stores from mid-September, does not affect Apple Macs but propagates through storage devices connected to Windows ma......
[more] Hackers' project disguises security-busting code Secret not-a-toy surprise designed to evade AV software Hackers are developing new software that will help hide browser attack code from some types of security software. The software, called VoMM (eVade o' Matic Module), uses a variety of techniques to mix up known exploit code so as to make it unrecognizable to some types of antivirus software.Using these techniques, VoMM "can create an endless number of variants of an exploit," said Av......
[more] Spam Trojan Installs Own Anti-Virus Scanner Veteran malware researcher Joe Stewart was fairly sure he'd seen it all until he started poking at the SpamThru Trojan-a piece of malware designed to send spam from an infected computer.The Trojan, which uses peer-to-peer technology to send commands to hijacked computers, has been fitted with its own anti-virus scanner-a level of complexity and sophistication that rivals some commercial software."This the first time I've seen this done. [It] gets......
[more] Tricky new malware challenges vendors Worm propagates via e-mail, can then download new versions of itself every 30 minutes A tricky malicious program has become more prevalent in spam, but experts don't know what its creators plan to do with it.Many vendors are rating the malware -- called "Warezov," "Stration" and "Stratio" -- as a low risk. But they also say that it is tricky to deal with. The malware is a mass-mailing worm that affects machines running Microsoft......
[more] Home users still a soft target for malware Common threats meeting with little resistance despite government campaign Well-known malware threats and hoaxes continue to head the list of the most reported online problems, despite a government campaign designed to educate users.Antivirus firm Sophos said that the list of threats for October contained the usual suspects, and that home users are still failing to heed the advice of the Get Safe Online campaign. "On the one-year anniversary of......
[more] Macarena Mac OS X malware - no need to panic Experts at SophosLabs, Sophos's global network of virus, spyware and spam analysis centers, have advised Mac OS X users not to panic following the discovery of a new proof-of-concept virus. The worm, dubbed OSX/Macarena, has caused headlines in the press because new Macintosh malware is so rarely encountered compared to malicious code designed for Windows PCs. At the time of writing Sophos has received no reports of any customers who have encountered......
[more] Time to simplify security software Complex security software that people need to buy in a store or online, then install and manage, should be replaced with a simple shield delivered nearly invisibly with an Internet access account, argues Siilasmaa, the chief executive of F-Secure.The small Finnish security company - it recorded €61.8m in revenue last year - specialises in security as a service. In Europe, it leads the market and provides security software to just over a third of all broad......
[more] F-Secure Internet Security available to Royal Mail staff Royal Mail Group PLC is now offering F-Secure's PC security product, F-Secure Internet Security 2007, to all staff throughout the group. This includes around 270,000 existing employees, as well as retired staff. This offer enables all employees past and present to purchase a one-year pre-paid license for just £27.95, a substantial reduction on the recommended retail price.F-Secure Internet Security provides protection against the la......
[more] Google Accidentally Sends Out Kama Sutra Worm Google accidentally sent out e-mail containing a mass mailing worm to about 50,000 members of an e-mail discussion list focused on its Google Video Blog, the company said Tuesday."On Tuesday evening, three posts were made to the Google Video Blog-group that should not have been posted," Google said in a statement, posted late Tuesday night."Some of these posts may have contained a virus called W32/Kapser.A@mm-- a mass mailing worm. If......
[more] Google apologizes for hosting Kama Sutra worm Google apologized to users of its video group this week for unintentionally hosting a version of the infamous Kama Sutra Worm. Three posts to the Google Video Blog group contained a the w32/Kasper.A@mm worm, also known as the Kama Sutra Worm, according to a post from the Google Video Team. Google offered a free download of Symantec's Norton AntiVirus software from the Google pack to users who thought their PCs could be infected. Mark Sunner, MessageL......
[more] Vernier Networks Ships Edgewall 8800 to Meet Rising Demand for Network Access Control Solutions Offering the Industry’s Lowest Cost Per Endpoint, Latest Edgewall Appliance Operates at Wire Speed While Employing Continuous In-Line Network Traffic Inspection Representing the latest addition to its award-winning EdgeWall portfolio of network-security products, the EdgeWall 8800 is purpose-built for the most demanding enterprise-network environments.It is the first NAC product to deliver all of the......
[more] Paedophile hacker jailed for 10 years A paedophile who used internet chat rooms to hack into the computers of schoolgirls and blackmail them into sending explicit pictures of themselves was jailed for ten years yesterday. Adrian Ringland, 36, from Ilkeston, Derbyshire, used a spyware Trojan horse to infect and control the girls' PCs. He admitted posing as a teenage boy in internet chat rooms in order to plant the malware onto the user's computers. The victims believed they were opening a picture......
[more] Sophos raises awareness of security threats at Gitex in Dubai Sophos, a world leader in IT security, will be showcasing a range of products new to the Middle East region at the forthcoming Gitex event, held in Dubai later this month. Sophos can be found at stand U9-3 with local partner SAF Information Systems.Gitex is an important international IT exhibition, and the show is considered by many to be the main gateway to the Middle East market. Sophos will exhibit a range of its products includin......
[more] Malicious email - containing trojan keylogger - uses Adobe reader as bait A spoofed email message targeting Adobe users - which claims to have the latest version of the company's PDF reader, but actually contains a malicious trojan keylogger - has been spotted in the wild, according to researchers at SurfControl. Researchers from the Scotts Valley, Calif. company said in an alert published this week that the malware asks users to download the latest version of Adobe Reader 7.0.8. Once downloaded......
[more] Four cuffed over webcam Trojan scam Four people have been arrested in Spain over their suspected involvement in linked credit card theft and virus writing offences.Two 17-year-olds were arrested in Alicante on Wednesday and charged with writing a Trojan horse that allowed them to control the webcams of compromised machines at a local college. The duo allegedly used potentially embarrassing footage obtained through the ruse to blackmail victims.As part of the same inquiry (codenamed Operation Pr......
[more] Webwasher 6.0 Delivers Industry's Most Advanced, Proactive IT Security Web Gateway Security Solution Integrates TrustedSource Global Reputation System; Introduces Proactive Anti-Malware Protection Secure Computing Corporation, a leading enterprise gateway security company, today announced Webwasher 6.0, a new and enhanced version of its award-winning Web Security Gateway, protecting enterprises from inbound and outbound security threats. Webwasher 6.0 marks the initial integration of CipherTrus......
[more] Malware goes to the movies Online attackers have started to experiment with embedding malicious code or links to such code in different video formats. On Tuesday, anti-virus firm McAfee warned Windows users that the company had discovered a worm, dubbed W32/Realor, actively infecting Real Media files. The infected video files do not contain an exploit for the RealOne or Real players, but a hyperlink that points to a malicious website. When infected files are opened, the victim is referred to the......
[more] UK toughens law against DoS, tools The UK 'Police and Justice Bill 2006', introduced into UK law this month, has drawn some approval for its efforts to refine the definitions of computer abuse to ensure Denial of Service attacks are covered, and for upping the potential penalty for hacking attacks from five to ten years. However, law watchers have warned that other clauses in the law could impinge on the development and use of tools useful to security testers and researchers as well as hackers.......
[more] Chinese malware targets online gaming Over half of all malware originating in China last month was designed to steal usernames and passwords, new analysis shows. The malicious code was created to give cyber criminals easier access to personal and sensitive data. The research also found that 45 per cent of Chinese malware in October - written in a simplified version of Chinese - was intended to steal online gaming login details. Moreover, 8 per cent of the malicious code aimed to give hackers the......
[more] McAfee announces top 2007 security threats Experts with McAfee Avert Labs predicted today that the top security threats in 2007 will revolve around the increased production of malware by organized criminals in search of monetary gains. In a teleconference today, McAfee executives said that it believes users and administrators will see increased use of sophisticated techniques such as rootkits, polymorphism, parasitic infectors and automated systems with cycling encryption to release new builds i......
[more] Three of the top ten malware threats run on Microsoft Vista, Sophos tests show Sophos, a world leader in IT security, has revealed the most prevalent malware threats and hoaxes causing problems for computer users around the world during November 2006.The figures, compiled from Sophos's global network of monitoring stations, show that the W32/Stratio-Zip worm has overtaken W32/Netsky-P as the most widely circulated piece of malware, accounting for one third of the total number of reports.Sophos......
[more] Vista launch: New OS vulnerable to common threats Microsoft Vista is susceptible to common malware attacks that have been in the wild for more than two years, experts at Sophos warned this week. The antivirus company explained that without additional security protection, Vista is unable to stop variants of Stratio, Netsky and MyDoom from infecting systems loaded with the new OS. All three pieces of malware are well-known problems among security professionals, and Netsky and MyDoom have been infe......
[more] Microsoft denies flaw in Vista Microsoft has confirmed that Vista can be affected by malware from 2004, but argues this is not a flaw in the operating system. Security vendor Sophos reported on Thursday that Microsoft's Vista is vulnerable to at least three pieces of widespread malware, two of which date back to 2004. At least three well-known internet worms - labelled Stratio-Zip, Netsky-D and MyDoom-O by Sophos - are able to execute on the operating system, according to Sophos.However, because......
[more] Malware wars: Are hackers on top? The money made from malware is eclipsing the revenue of anti-virus vendors, a leading net security vendor claims. Raimund Genes, CTO of anti-malware at Trend Micro, cites FBI figures that IT security problems cost the economy $62bn last year against IDC estimates that the anti-malware market was worth $26bn in 2005.The FBI figures include the cost of clean-up operations, not just the profits accrued by the bad guys. Even taking this into account Genes reckons c......
[more] MySpace worm goes phishing A malicious video on MySpace.com pages changes people's profiles when played, embedding itself and adding links to fraudulent websites, experts have warned.The video is a rigged QuickTime file that exploits a MySpace vulnerability and support for JavaScript in Apple's embedded media player, web security company Websense said in an alert posted last week.When played by a MySpace user, the video adds itself to the user's MySpace page and replaces the links on the user's......
[more] Malware gangs using 'KGB-tactics' to recruit tech grads Organised crime is "grooming" a new generation of would-be cybercriminals using tactics which echo those used by the KGB to recruit operatives at the height of the cold war, according to a new blockbuster study by net security firm McAfee.McAfee's second annual Virtual Criminology report sensationally claims that crime gangs are targeting academic high-fliers in much the way Soviet intelligence agencies recruited spies such as no......
[more] Vista flaws are greatly exaggerated Despite some unfavourable reports, Windows Vista may turn out to be more secure than XP with SP2 In an analysis of a network of Trojan-infested PCs used for sending spam, security researcher Joe Stewart at SecureWorks in Atlanta found last month that 99.95 percent of the "bot-net" machines were running Windows, nearly half of which were Windows XP with Service Pack 2. This service pack was released in 2004 to address security issues but appears to ha......
[more] Websense to get into threat analysis and IP leakage Websense Inc's chief executive Gene Hodges has said the company is set to diversify next year with a new product for web threat analysis and another that will take it into the nascent segment for information leakage detection and prevention systems. The web filtering software vendor is best known for its content filtering software that blocks employees from accessing websites by category or keyword, or restricts surfing to particular parts of t......
[more] New Year's, Christmas malware targeting inboxes Email users are again getting the electronic age's version of coal in a stocking - holiday-season spam and malware. Researchers from F-Secure have warned of a handful of just-discovered malicious files posing as Christmas and New Year's Day greetings. One New Year's scam is part of a new spam run distributing the Warezov worm. Using a fake "Happy New Year" greeting, the scam emails contain a malicious attachment, postcard.zip, and urge re......
[more] Top ten malware threats and hoaxes reported to Sophos in December 2006 Sophos, a world leader in IT security, has revealed the most prevalent malware threats and email hoaxes causing problems for computer users around the world during December 2006. The figures, compiled from Sophos's global network of monitoring stations, show that the long-established Dref malware has made an unexpected return to the top of the threat chart, thanks to two new variants currently causing problems for computer u......
[more] How to crash a Windows mobile using MMS Security researchers have released proof-of-concept code that exploits vulnerabilities in MMS implementations in mobile phones running mobile versions of Windows.The vulnerability was discovered six months ago by security researcher Collin Mulliner, who published the exploit at the Chaos Communication Congress in Berlin last week in a bid to force manufacturers to deal with the issue.The flaw involves buffer overflow vulnerabilities in the SMIL (Synchroni......
[more] Unpatched bug bites QuickTime Security researchers have uncovered a buffer overflow flaw in Apple's QuickTime media player software that creates a means for hackers to load malware onto vulnerable systems.The vulnerability - which affects both Windows and Mac OS X PCs - is the first to be published as part of the "Month of Apple Bugs" project, which involves a plan to release details of previously undisclosed Mac OS X or Apple application security bugs every day in January.The as-yet-......
[more] Trojans posing as rare Saddam Hussein execution videos Keeping with their practice of tailoring malware-toting email for current events, malicious users are mass mailing what they claim is a rarely-seen video of the execution of Saddam Hussein. Researchers at F-Secure have found three Hussein-related malware embedded in the emails, named video_sadan.exe, saddam.morto.scr and sadan.exe. The three files are actually the viruses W32/Banload.BSW, W32/Banload.BSX and Trojan-Downloader.Win32.Delf.ACC,......
[more] Scam contract killer email blackmails recipients with death threat Experts at SophosLabs, Sophos's global network of virus, spyware and spam analysis centers, have warned of a spammed-out email that pretends to come from a professional hitman, hired to kill the recipient, but are really interested in stealing money. The emails claim that the recipient has been stalked by a hired assassin for 10 days, but that the hitman is prepared to drop the contract if he is paid a total of $80,000. Upon rec......
[more] Gator adware tops 2006 spyware chart Gator, a type of adware that offers free use of an application if users agree to view a series of pop-up messages tops the list of spyware most frequently detected by PandaLabs in 2006.Some versions of this spyware replace banners on web pages visited with those created by the malicious code itself.Second and third place in the top 10 are occupied by Wupd and Ncase respectively. Both offer free use of an application in exchange for displaying advertising mes......
[more] Sophos: Reports of 'devastating' China-based worm greatly exaggerated Asian news outlets reported this week that a "devastating cyberworm" affected "several million" users in China, but today some Western security experts questioned the accuracy of those reports. The Shanghai Daily newspaper wrote that the malware in question, which it referred to as "worm.whboy," attacks Chinese-language Windows systems through infected websites. A telltale sign of infection is the replacement of .exe......
[more] Sophos:Infected attachments replaced by malicious links While the percentage of infected emails declined significantly, the diminished risk was undone by an even more significant rise in Web-related threats, reported the experts at Sophos this week. Sophos released its Security Threat Report 2007 on Monday. Key to the findings was the fact that malicious attackers are using different means to attack individual users and corporations, said Ron O'Brien, senior security analyst for the company.&quo......
[more] Australia winning the security war Australian companies are successfully winning the war against security threats according to a threat report released today by security vendor, Sophos. The report titled ‘Security Threat Report 2007' ranked Australia as the 43rd ‘web-based malware hosting country' in the world, seven places lower than its nearest neighbour, New Zealand.According to Paul Ducklin, head of technology at Sophos, a higher position like 29th or 8th would have been worrying......
[more] Hackers will target mobile banking, study warns 2007 could be the year of smart-phone security attacks, a research group has warned. The Tower Group has predicted a sharp rise in hacker attacks on Internet-enabled phones as a number of new banking and payment services appear. The research and advisory company, which focuses on the financial services industry, believes that many emerging mobile purchasing services "lack a reasonable and justifiable focus" on security. Among the new mob......
[more] U.S. still world's spam leader While the percentage of infected emails declined significantly last year, web-related threats rose significantly, reported researchers at Sophos this week. Sophos also reported this week in its Security Threat Report 2007 that the United States continues to lead the world in spam production. Ron O'Brien, senior security analyst at Sophos, told SCMagazine.com today that attackers are switching methods. "There was a significant reduction in viral emails in 2006,......
[more] MSN password stealer released as torrent Malware designed to steal users' Windows Live Messenger password has been released onto the net. The password stealer was released for download via BitTorrent earlier this week by a hacker using the handle "Our Godfather".The malware comes in the form of an IMB download confirmed by anti-virus firm Sophos as containing a password-stealing Trojan horse. Victims would need to be tricked into downloading and executing the malware, which might be r......
[more] UK firms naive to USB stick dangers Half of UK companies are prepared to put their network security at risk by inserting a USB stick posing as a party invitation, according to research published this week.IT consultancy NCC targeted finance directors from 500 listed firms in a range of sectors in a security awareness campaign, with USB sticks forming part of an anonymous invitation saying ‘For Your Chance to Attend the Party of a Lifetime'.More than 47 per cent of finance directors and so......
[more] Malware hosting surprise for Dutch A recent report on sources of malware from Sophos puts the usual suspects at the top of the list; between them, the top three, the US, China and the Russian Federation, are home to over 70% of viruses, trojans and other nasties hosted online. Fourth place however goes to an unlikely candidate - the Netherlands, recently singled out for praise in a report on spam reduction by the European Commission. The Dutch anti-spam agency OPTA has had considerable success......
[more] Win Defender ineffective against Vista Users who rely on Vista's new security features and Microsoft's Windows Defender anti-spyware product may still find themselves unprotected. That's according to a study by Webroot, an anti-spyware vendor and Microsoft competitor. The company released the results of what it claimed was a two-week study of Windows Defender that showed the product missed 84 percent of a sample set of 25 spyware and malicious code samples. The programs that slipped by were a m......
[more] Silence and 'scareware' epidemic at MySpace MySpace's immense popularity appears to have handed the social networking site an unwanted role as a clearinghouse for Web 2.0 naughties. The Register has uncovered a third dose of "Myscareware" trying to make its way onto users' machines for file infection. Beyond freaking out plenty of teenagers and excitable men, the software cruft has pushed MySpace one step closer to inheriting the security laggard crown from Microsoft. Earlier this wee......
[more] Vista security claim challenged Security experts have thrown doubt on Bill Gates' claim that Vista is "more secure" than other operating systems. It may be more secure than other versions of Windows, they said, but there are older operating systems that are still safer. Others said that its security rested on how people use the new system rather than on any individual technology. There is also evidence that malicious hackers are refining attacks to cope with the changes Vista makes. Old iron Mr......
[more] IE ripe for attack, despite Microsoft claims Windows Vista may be "dramatically more secure" than Windows XP but Internet Explorer is destined to remain Windows' Achilles' heel.Attacks on browsers will continue their inexorable ascent during the next 12 months, despite changes designed to lock out hackers and thwart remote attacks.A new security report from IBM Internet Security Systems (ISS) blames the increase on the "exploit as a service industry" where material is being......
[more] Microsoft OneCare fails virus test Microsoft's OneCare security in a test failed to detect or stop 37 malicious programmes on Windows Vista.The independent security certification body Virus Bulletin tested 15 security suites on Windows Vista against a set of malware that is listed in the WildList database."The tests conducted in our secure labs were against the most significant viruses and worms affecting real-world users. In these days of hourly updates, it's always a surprise and a......
[more] Akonix Enhances Instant Messaging Security Gateway to Facilitate Corporate Risk Management Akonix Systems, Inc., provider of the most deployed instant messaging (IM) security and compliance products in the world, today introduced Akonix L7 Enterprise v6.0, a risk management platform designed to enforce corporate compliance, security and prevent liability issues associated with IM communications. Employees have quickly learned to replace email with IM correspondence to get around corporate secur......
[more] AppGate Network Security secures and filters web traffic from smartphones With the increasing adoption of smartphones, more and more users now have the opportunity to surf the Internet using their phones. Companies, on the other hand, want access via mobile phone to be as secure as it is for all other devices. AppGate Network Security has developed a way to secure and filter web traffic from smartphones by routing traffic through the AppGate server. This way a company can control and secur......
[more] Microsoft takes security teams global Microsoft has announced plans to open new security research centres in Europe and Asia, the first time such teams have been located outside the US. The company plans to use the centres to monitor emerging security threats round the clock regardless of time zone limitations, and to bolster parts of its emerging security threat business such as the much criticised Windows Live OneCare. "We will develop sites to cover the Americas, EMEA and Asia, for us t......
[more] Dangerous web browsers Web-browsers. They're all around you, on every PC across the length and breadth of the planet, yet you probably don't stop to think about them too much. Why would you? They're just there, and that's all that matters, like the mouse or the keyboard - a tool you just plug in to do something else, without worrying about what they happen to be doing internally. Your gateway to the online world, we have a voracious appetite for the latest hot new browser, the Firefox killer, t......
[more] Mobile malware on the rise, operators report The number of security attacks reported by mobile phone operators in 2006 jumped fivefold over the year before, a McAfee study has said. According to data gleaned from more than 200 mobile operators worldwide, an overwhelming majority - 83 percent - said that their subscribers have been hit by some kind of mobile device infection. "This research clearly demonstrates that mobile security is moving quickly up the industry agenda, with the number o......
[more] Microsoft delivers a dozen patches for Valentine's Day Just in time for Valentine's Day, Microsoft is planning to release a big gift for IT administrators on Patch Tuesday - a dozen security bulletins with nine classified as critical and three judged as important. Five of the critical bulletins address Microsoft Windows, two affect Microsoft Office, one affects Data Access Components Technology and one affects Microsoft's new malware solution, Windows Live OneCare.According to security patch and......
[more] Valentine's day virus is spreading fast A virus posing as a Valentines message has been spammed to email recipients in a global campaign, it was reported today. The Dref-AB worm attaches itself to emails with subject lines, including "Be My Valentine" and "Happy Valentine's Day", in an attempt to entice users into clicking on a malicious attachment, which activates the virus.Once activated, the worm is designed to download further malicious code onto the user's computer, whic......
[more] First Vista bug found and fixed A critical vulnerability in Windows Vista has been found and fixed, a Microsoft security manager admitted on Wednesday. However, he argues that the flaw in the company's malware scanning engine isn't in the operating system's core code. Microsoft has repeatedly touted Vista as its most secure version of Windows ever, so watchers are eagerly awaiting the first vulnerability to be spotted and fixed. On Tuesday, Microsoft released 12 security updates to fix 20 vulne......
[more] Australian PM's heart attack faked by hackers Experts at SophosLabs, Sophos's global network of virus, spyware and spam analysis centers, have reminded computer users to be wary of unsolicited emails posing as breaking news reports, following the widespread distribution in Australia of a malicious message which claims that Prime Minister John Howard is fighting for his life after a heart attack. The emails pretend to be a link to a news story from The Australian, a daily newspaper, and start as......
[more] Malicious Ikea spam knocks flat German email users Experts at SophosLabs, Sophos's global network of virus, spyware and spam analysis centers, have warned German computer users to be on their guard against a malicious email which claims to come from home furniture giant Ikea.The emails, which have been widely spammed out, pose as a communication from Ikea Deutschland, but opening the attached file launches the Troj/Clagger-AZ Trojan horse. "Users may be so surprised to receive an unexpecte......
[more] Cisco routers at risk from 'drive-by pharming' Cisco has warned its customers that many of its routers are vulnerable to a new malware tactic. Drive-by pharming, a technique identified by researchers from Symantec and Indiana University, involves luring users to malicious sites where a device's default password is used to redirect them to bogus sites. Once they are at those sites, their identities could be stolen or malware could be force-fed to their computers. In an advisory, Cisco listed 77......
[more] Kernel-level malware on the rise Online criminals are increasingly turning to kernel-level malware to attack systems, according to security researchers at F-Secure. Kernel-level malware acts inside the operating system's kernel, the component that links the system to the computer's hardware. Traditional malware acts like a regular application that runs on top of the operating system.Kimmo Kasslin, a security researcher at F-Secure, said in a study that this type of malware is "a scar......
[more] Man pleads guilty to spreading Trojan via IRC A Washington-state man pleaded guilty to one felony count of computer fraud relating to charges he spread malware to users of an internet relay chat (IRC) channel. He faces up five years in prison and a $250,000 fine when he is sentenced in early May.Using the user ID Fyle, Richard C. Honour infected IRC users with a program known as WindowsMedia.exe, according to a plea agreement on file with the federal court in St Louis, Missouri, where servers f......
[more] Browser vulnerabilities and attacks will continue to mount Even as software makers add more sophisticated security features to their browsers and rush to patch documented flaws more quickly, experts maintain that holes in the programs will continue to allow for widespread malware attacks Window Snyder, chief security officer at open source browser maker Mozilla, is caught in the crosshairs of the raging browser vulnerability battle. On one hand, her company launched an upgrade to its Firefox br......
[more] Worm attacks Sun Solaris flaw A worm has been spotted attacking a zero-day vulnerability found in Sun Microsystems' Solaris operating system (OS) earlier this month. The flaw, which could allow a malicious user access to a Solaris host, exists in versions 10 and 11, according to researchers at the SANS Internet Storm Center.The organisation advised network administrators to turn off telnet access.The flaw is caused by an error in in.telnetd when invoking the login program, according to a Secunia......
[more] Webmaster pays $3,300 to settle malware charges A webmaster is to surrender $3,300 in ill-gotten gains and refrain from making misleading claims, to settle federal charges he deceived consumers into installing spyware, dialer programs and other types of malware.Nicholas C. Albert lured unwitting computer users into installing the payload by promising a file that allowed bloggers to stream free songs on their websites, according to a complaint (PDF) filed in late 2005 by the Federal Trade Commis......
[more] Spam levels rise again For the fifth consecutive month spam levels have increased with 77.8 per cent of all emails sent in February being junk mail.The increase has been linked to the predictable focus on Valentine's Day-related messages. February also saw a hike in seasonal hijacking threats, including the 'For My Valentine' malware with attachments such as 'Greetings Card.exe', according to vendor MessageLabs.'While it is routine to see the bad guys use seasonal tactics to exploit unsusp......
[more] New attack blends rootkits with HTML-injections to phish users An organised crime network is distributing new malware that takes advantage of rootkits and a state-of-the-art HTML injection to phish consumers on the fly as they browse the Web, a new report from VeriSign's iDefense warned on Wednesday. The malicious code sample analysed by iDefense was a Small downloader Trojan horse variant that installs two rootkit-protected files, collects and transfers e-mail addresses to a remote website and......
[more] Storm Worm refuses to die Phishing threats remained at the top of the danger list of reported malware in February, Fortinet has reported.The security firm warned that the most notorious threat remains the Tibs worm, otherwise known as Storm Worm, accounting for 3.91 per cent of all detections.Fortinet added that, according to its monitoring, no fewer than 36 variants of the Storm Worm have been active this month, although one variant accounted for nearly 60 per cent of related detections.Storm......
[more] Solaris worm blasts its way through telnet flaw Experts at SophosLabs, Sophos's global network of virus, spyware and spam analysis centers, have warned of an internet worm that is exploting a recently announced vulnerability on Sun Solaris servers. The Unix/Froot-A worm (also known as Wanuk) exploits a vulnerability in both x86 and SPARC versions of version 10 of Sun's operating system, attempting to open a backdoor which could allow hackers to gain remote access to computers. Under certain con......
[more] Windows OneCare deletes emails Microsoft has acknowledged that a bug in its Windows Live OneCare security suite has been causing users' email to vanish from Outlook and Outlook Express. A fix will be pushed to users next week, for the bug which was first reported by users writing on a OneCare support message thread six weeks ago, said Microsoft. The bug seemed to be deleting Outlook and Outlook Express data - .pst and .dbx files, respectively - after a malware scan. "The program did a sche......
[more] Staying safe without anti-virus? For a long time anti-virus software has been in the front line when it comes to stopping malicious programs infecting PCs. But as the creators of viruses and other malicious programs adapt their methods to exploit the weaknesses of anti-virus software, some are looking to other methods to help them stay safe. One such is Brent Rickels, the one-man IT department for the First National Bank of Bosque County in Texas, who has thrown out his anti-virus software and......
[more] Spam hits records levels in February Spam continued at record levels in February 2007, making up 93 per cent of all email traffic monitored by internet security firm Postini. The continued surge is primarily down to the increase in botnets, millions of hijacked PCs infected with malware designed to steal personal information and distribute spam and viruses.Total spam levels have risen 222 per cent since November 2005, and 125 per cent of this increase has been recorded in the past six months.Ma......
[more] MSN Messenger is the most targeted IM platform ScanSafe, in its latest monthly Global Threat Report, reported it blocked 24 new IM threats in February, 54 percent of which affected MSN Messenger compared to 21 percent that affected Yahoo! and 17 percent that affected AOL Instant Messenger (AIM). Over the past 12 months, MSN Messenger has consistently ranked #1 as the most targeted IM platform. Fifty-three percent of all the IM-based threats blocked by ScanSafe in the past year have affected MSN......
[more] Macs are not immune from viruses Apple is undermining efforts to raise awareness of security issues by implying Macs are immune from viruses, according to managed security services company, Network Box. The current advertisement, featuring the Peep Show protagonists, David Mitchell and Robert Webb, suggests that Mac users, unlike their PC-using counterparts, do not need to worry about viruses - despite evidence that malware aimed specifically at Macs is on the increase. Every day in January thi......
[more] Microsoft partner: Vista less secure than XP Security company Kaspersky claims that Vista's User Account Control (UAC), the system of user privileges that can be used to restrict users' administrative rights, will be so annoying that users will disable it. Natalya Kaspersky, the company's chief executive, said that without UAC, Vista will be less secure than Windows XP SP2. "Windows Vista with UAC disabled will be less secure than XP SP2," said Kaspersky, speaking to ZDNet UK at the Ce......
[more] Microsoft: OneCare should not have been rolled out Microsoft has said that its OneCare security suite has "a problem" with the underlying antivirus code, and admitted that security is just "a little part of Microsoft". Speaking to ZDNet UK exclusively at the CeBIT show in Hanover, a senior manager for the software giant said that its consumer security product is far from perfect and that pieces are actually "missing".OneCare has been dogged by controversy since......
[more] Don't blame China - malware is a US problem US servers host most of the world's malicious code - despite the claims of China, Russia or eastern European countries. That's according to security vendor Finjan after analysis of more than 10 million URLs. The data was collected from live end-user traffic in the UK using Finjan's content inspection engines, said Yuval Ben-Itzhak, CTO of Finjan. Unlike some other studies, which look at domain names to make assumptions on where a server is based, Finj......
[more] Instant messaging attacks up 200 percent in a year The growing adoption of instant messaging (IM) platforms in corporate environments has made the technology more attractive to hackers, who have, in turn, attacked IM 200 percent more often than this time last year. Researchers at Akonix's IM Security Center reported today that they've seen 31 new malicious code attacks on messaging platforms this month, including worms such as IMspam, QQpass and TrigXF. Of all IM-based malware, Maniccum and Hotm......
[more] Grum worm poses as Internet Explorer beta download Beware email which claims to come from Microsoft Sophos, a world leader in IT security and control, has warned email users of a widespread malicious attack that poses as an invitation from Microsoft to download a beta version of Internet Explorer 7.0. The emails, which claim to come from admin@microsoft.com, display an image which invites users to download beta 2 of Internet Explorer 7. However, users who click on the image will download a file......
[more] Netsky still spam malware king Although protection has been available for more than three years, the Netsky family of worms still accounted for almost a third of all malware detected during the month of March, 2007. According to Sophos, the Netsky family had the biggest impact on computer users last month. Interestingly, just 0.18 percent - or one in 555 of all email - was infected in March, yet Sophos detected 8,835 new threats, bringing the total to 231,548. Sophos senior security consultant,......
[more] ABN Amro compensates customers for phishing loss Dutch bank ABN Amro has paid compensation to four of its customers following a phishing attack that stole money from their accounts. The phishers sent an email to the bank's clients along with a malicious attachment, which once opened installed malware on to the user's computer, according to reports.The malicious software modified the customer's browser settings and directed them to a spoofed website whenever they tried to access their accounts on......
[more] Three Critical Fixes For Windows What a difference a month makes. Last month, Microsoft said it had no security fixes. This month, it's releasing five security bulletins, four of which are rated as "critical." Notably absent from today's fixes was anything for Office, even though there is at least one outstanding Word vulnerability, CVE-2007-0870, which has been around since February. And late Tuesday afternoon McAfee's Avert Labs reported it had found a new zero-day exploit affe......
[more] World War III spam dupes users Hackers have tried to infect users' PCs with malware by pretending World War III had broken out. A weekend spam run tried to dupe recipients into downloading the infamous "Storm Trojan" by attaching files that posed as videos of a missile strike by the US against Iran. The email arrives with provocative subject lines that include "Missle [sic] Strike: The USA kills more then [sic] 20000 Iranian citizens," "USA Declares War on Iran," a......
[more] McAfee warns 'malware is growing up' Malware and adware are increasingly becoming professional services that are distributed and run at a level that would rival some enterprise applications, security vendor McAfee warns in the latest edition of its Sage security report.Dabblings in adware and spyware by legitimate advertising companies and an established, lucrative market for malware and security exploits have driven the growth of both fields, said McAfee's security research and communicat......
[more] Microsoft hackers promise nude Paris Hilton pictures Hackers are attempting to exploit the newly discovered bug affecting Microsoft Windows' handling of animated cursors (ANI files) by sending out emails promising compromising pictures of Paris Hilton and hardcore actress Jenna Jameson.The spammed email messages have subject lines such as "Hot pictures of paris hilton nude" and contain an embedded image, not of the celebrity hotel heiress but of pornographic actress Jenna Jameson.When......
[more] Linux malware for iPods poses little risk Virus hunters have discovered what's described as the first malware designed to infect iPod portable media players.Podloso is a proof of concept program which poses no immediate threat beyond illustrating the point that VXers are always on the hunt for new platforms to infect.The "malware" is a file which can be launched and run on an iPod, providing (and only if) Linux has been installed. Podloso cannot be launched automatically without user......
[more] Variants of Rinbot worm attack Windows Server DNS flaw Variants of the Rinbot worm are exploiting the Windows Server DNS Service vulnerability, researchers said today. The worm exploits the flaw by sending a specially crafted Remote Procedure Call (RPC) packet to targeted PCs, analysts said.Ron O'Brien, senior security analyst at Sophos, told SCMagazine.com today that the worm has made the vulnerability much more than just a DNS-related headache for administrators because it can also use ot......
[more] Attackers improve on JavaScript trickery As JavaScript becomes an increasingly key component of online attacks, attackers are investing more energy in obfuscation and other techniques to make defenders' attempts at reverse engineering more difficult, a security researcher told attendees at the annual CanSecWest conference on Wednesday. Attackers have adopted the same techniques used to hide the purpose of other types of malicious code, such as splitting up the code into many components a......
[more] Hackers exploit university massacre to spread malware Hackers are exploiting the recent Virginia Tech University massacre to spread malware and infect computers, security experts have warned. Email messages were spammed to users claiming to include camera phone footage of the shootings at the US campus where 31 people were slaughtered on Monday. The messages contained an image of the killer, Cho Seung-Hui, with a link to a Brazilian website claiming to host video clips of the murders.However, cl......
[more] Data theft replaces malware as top security concern Theft of information and regulatory compliance are beginning to replace malware infestation and hacking as the top security concerns, according to a poll of enterprise IT security chiefs.The second annual Cisco-sponsored poll of 100 infosec pros in large UK enterprises found that 38 per cent of respondents place theft of information as their number one concern, while 33 per cent fret about regulatory compliance. Viruses, the prime concern of 5......
[more] Blogs now infested with offensive content The Internet's blog sites have become overgrown with a variety of unpleasant content, including porn, offensive language, hate posting, and malware, a new threat analysis has suggested. According to Scansafe's Monthly Global Threat Report for March 2007, a surprisingly high percentage of the Internet's blog sites - up to 80 percent - contain "offensive" content, with six percent hosting active malware. To be added to the list of those deemed p......
[more] Governments making moves to combat cybercrime With profits from fraud using privileged personal data stolen via phishing or spyware rocketing and making the development of malware an ever more lucrative business, governments worldwide are beginning to take more concerted action to combat the problem. In the US, the 'SPY ACT' anti-spyware legislation put forward in 2004 continues its slow crawl through the approval process, and is already picking up criticism for loopholes and a lack for compreh......
[more] Malware hijacking genuine websites, claims vendor Up to seventy percent of the 5,000 websites found every day to be spreading malware turn out to be legitimate, security software vendor Sophos has said. The company's latest quarterly survey reveals the extent to which cyber-criminals use the web. "We're seeing less malware in email these days," said Graham Cluley, senior technology consultant for Sophos, "but criminals have turned to the web instead. Some days we see as many as 2......
[more] Poor e-mail practices pose security risk Cybercriminals are still using e-mail as a means to launch malware attacks on enterprises, according to a senior executive at Cisco Systems. "E-mail is still the vehicle by which they can infect corporations," said John Stewart, Cisco's chief security officer, in a teleconference Tuesday with journalists and analysts. Referring to a Cisco study conducted last year, Stewart said that regardless of country, over 10 percent of respondents will sti......
[more] Malware authors cut out attachments Malware authors are shifting attack vectors from emails containing infected attachments to web pages embedded with malicious code, according to experts at Infosecurity Europe 2007.Security firm Sophos is reporting that the traditional method of sending malware via attachment is now falling out of favour and that the authors can now bury the code in web pages and just send out links to that page."We are seeing an average of 5,000 infected web pa......
[more] Hackers debut malware loaded USB ruse Malware purveyors deliberately left USB sticks loaded with a Trojan in a London car park in a bid to trick users into getting infected.The attack was designed to propagate Trojan banking software that swiped users' login credentials from compromised machines.Check Point regional director Nick Lowe mentioned the ruse during a presentation at the Infosec trade show on Tuesday, but declined to go into further details, citing the need for confidentiality to pro......
[more] Network access control NAC explained Cybercrime continues to rise, with the primary aim to steal company information or anything that will make a profit for the perpetrators. To avoid the unwelcome headlines provoked by IT security failures, securing the corporate network is more important today than ever before. It's also tougher to achieve, as today's business world means giving partners instant access to the information they need while meeting external regulatory compliance standards. With m......
[more] Microsoft adds brains to security drive Microsoft announced this week that it is setting up security response and research operations in Ireland and Japan and launched a preview of a new online Malware Protection Center. The efforts are meant to make Microsoft, a security industry newcomer, more competitive.Mark Miller, Microsoft's director of communications for security response, said on Wednesday: "This is significant. It is part of the globalisation of our research and response effort.&......
[more] Taking botnets down For many years, malware authors have been using the web to assemble infected computers into botnets (networks of malware compromised machines), and security professionals and law enforcement systematically work to take these botnets down. Malware authors have clear objectives: stealing personal information, sending spam, conducting distributed denial of service (DDoS) attacks and other such criminal activity for profit. Increasing success in disabling botnets by security pro......
[more] McAfee Wins the Most Awards at SC Magazine Event McAfee, Inc. today announced that it has won the most awards of any vendor at the 2007 SC Magazine's European Annual Award. McAfee won "Best Anti-Malware Solution" for McAfee Secure Internet Gateway, "Best Anti-Malware Solution" for McAfee Policy Enforcer and "Best SME Security Solution" for McAfee Total Protection for Small Business. "We are delighted to win the awards in three categories," said Mike......
[more] Document shell code attacks loom large Targeted attacks that utilize vulnerabilities in popular document file formats and execute via hard-to-find shell code are becoming an increasingly popular menace, according to researchers at IBM's Internet Security Systems division. Experts working with the ISS X-Force group said that they've seen a rapid increase in the volume and variety of shell-code execution attacks leveled at their customers over the last 12 months. Among the types of files most fre......
[more] United States of Spamerica Over 60 percent of all e-mails sent to Irish inboxes during April were unsolicited, according to new figures released on Thursday. Web hosting and monitoring firm IE Internet, which intercepts thousands of e-mails everyday, said 61.94 percent of e-mails during the month contained spam, down by more than 2 percent on the preceding month. IE Internet's statistics are based on monitoring over 35,000 Irish businesses. "Our latest figures show that the United States an......
[more] Danger USB! Worm targets removable memory sticks to infiltrate business Sophos, a world leader in IT security and control, has warned companies of a family of worms that spreads by copying itself onto removable drives such as USB memory sticks, and then automatically runs when the device is next connected to a computer.The W32/SillyFD-AA worm hunts for removable drives such as floppy disks and USB memory sticks, and then creates a hidden file called autorun.inf to ensure a copy of the worm is r......
[more] Microsoft delivers seven patches including DNS fix Microsoft today released seven patches - all critical - addressing 19 vulnerabilities, including a promised fix for the well-publicised but sparsely exploited zero-day DNS server flaw. While that bug drew the majority of headlines over recent weeks, researchers today said the most significant patch appears to be MS-0726, which provides a fix for a critical Microsoft Exchange vulnerability that could result in remote code execution should a user......
[more] Phishing moves into more new areas The latest social-engineering methods being put to use by phishers show no let up in the evolution of online scams, with several new twists on old ideas being sent via mass mail in the hopes of hooking yet more gullible victims. Banks and financial institutions are among the biggest targets for phishing, with online banking login details becoming as useful as credit card details. Mal-Aware.org has released details of a new scam targeting Bank of America custom......
[more] UK's 2nd Largest Clothing Retailer Selects Secure Computing to Provide Digital Defense Arcadia Chooses Webwasher to Provide Web Gateway Security to Protect Against Internet-based Exposure and Risk Secure Computing, a leading enterprise gateway security company, today announced that Arcadia Group, Britain's largest clothing retailer, operating more than 2,500 high-fashion outlets and expanding into the United States this year, has selected Secure Computing's Webwasher solution. The web security a......
[more] Google searches web's dark side One in 10 web pages scrutinised by search giant Google contained malicious code that could infect a user's PC. Researchers from the firm surveyed billions of sites, subjecting 4.5 million pages to "in-depth analysis". About 450,000 were capable of launching so-called "drive-by downloads", sites that install malicious code, such as spyware, without a user's knowledge. A further 700,000 pages were thought to contain code that could compromise a......
[more] Spyware hunter probes larger market flaws Ben Edelman earned his reputation battling adware vendors such as 180 Solutions and Claria. Now he's looking to the future and the goal of unbreakable markets that are immune to scams Ben Edelman made a name for himself while still a graduate student by digging into the shady dealings that spawned what most people considered an innocuous problem: pop-up Web advertising. From his dorm room at Harvard University, Edelman investigated everything from the s......
[more] Phishers go round the world to hook Aussie victims Researchers from Sophos have traced the route of a phishing attack that targeted Australian banking customers - the fraudsters used numerous compromised servers in Korea, the US and Malaysia. According to Sophos, the campaign kicked off when an attacker posing as a security company called "antifraud" e-mailed Australian account holders to warn them that their online banking services were to be suspended."Please note that from May......
[more] Trusted" Web sites can no longer be trusted Restricting your Web surfing to "trusted" sites is no longer enough to keep your machine safe from malware, according to security experts. Malware was once restricted to sites offering free MP3s or porn but today it's increasingly being served up by some of the most popular sites on the Web.The results of a new study by Google, show that one in 10 Web sites could be potential launch pads for "drive-by-download" malware attacks.The search gian......
[more] Shiver me timbers! It's a pirate Trojan Hackers exploit interest in the movie Pirates of the Caribbean 3 Computer security researchers at SophosLabs are warning computer users about a widely-spammed out email teaser promising a trailer of the film "Pirates of the Caribbean 3" - and the chance of free tickets if you are in North America or Europe. Rather than a trailer for the blockbuster movie starring Johnny Depp, Keira Knightley and Orlando Bloom, however, the Troj/Yar-A Trojan horse......
[more] Google Buys Antivirus, Anti-Spam Company Is the security software that protects against malware and spyware by quarantining Internet sessions from the rest of the system destined for Google's toolbar? Google is adding an antivirus and anti-spam solution to its arsenal with the acquisition of GreenBorder Technologies Inc. Google did not return press inquiries by deadline but GreenBorder, a Mountain View, Calif.-based security company, posted a statement on its Web site, telling users that it has......
[more] Attackers get chatty on VoIP The hacker attacks happening via Skype will become more severe and sophisticated as businesses start adopting VoIP technologies, analysts say The recent spate of malware attacks propagating throughout the user base of the Skype Internet calling system illustrates a broader trend toward cyber-criminals moving to take advantage of VoIP platforms as they become increasingly popular. Security researchers tracking the latest pack of worm viruses to wriggle their way thro......
[more] Web forums hijacked to spread child porn Online forums on legitimate web pages are increasingly been taken over by cyber-criminals to promote child pornography, experts warned. Security firm Sophos said that the majority of hijacked forums are on legitimate websites, and one is even on a site designed for children. All the posts contain offensive words and hidden links to pornography sites."What is most worrying about these posts is that they are happening on legitimate sites. Any website c......
[more] Beware of slow and quick viruses When the Internet had only barely begun, the only way of spreading viruses was via floppy disks. This is a very slow means of propagation, particularly in comparison to the speed at which viruses spread nowadays. To get an idea, the infamous ‘Friday 13' virus (whose name originates from the day in which it deleted all .exe files on computers) took a long time to spread, and was infecting computers for several years.In the past, when virus creators planned......
[more] Hackers Launching Attacks Against Yahoo Messenger Bugs Websense researchers report 40 to 50 malicious sites are taking advantage of critical vulnerabilities in the instant messenger. Malware writers have latched on to the exploit code for the critical bugs in Yahoo Messenger, setting up 40 to 50 malicious Web sites to attack unsuspecting, and unpatched, users. "This threat is critical," said Stephan Chenette, manager of Websense Security Labs, in an interview. "The use of [the ex......
[more] New type of image spam hides in e-mail wallpaper Pump-and-dump scammers behind innovation; malware attacks could be on the way A new type of image spam found this week is able to bypass many filters by presenting a message as wallpaper within an e-mail, according to the vendor Secure Computing. Image spam uses text embedded in an image to foil traditional spam filters that catch spam by scanning messages for key words and by using other text-based techniques. Normal image spam is delivered as an......
[more] F-Secure Releases Data Security Summary Report for H1 2007 Security Threats Cross Technology Borders Towards a New Malicious Economy; Social Engineering, Bank Scams, Cyber War and Clever Mobile Intruders F-Secure today released a summary report of data security threats and trends during the first half of 2007. The world-renowned F-Secure Labs saw a steady flow of data security threats -- the underlying trend to note is the spread of malicious activity across various forms of technology and appl......
[more] 'Direct' impact of malware down again, but overall costs rise Although the "direct" costs of worldwide malware attacks have declined for three years in a row, "indirect" costs have continued to rise, a new report from market research firm Computer Economics indicates. Last year's direct damage attributed to malware totaled $13.3 billion globally, down from $14.2 billion in 2005 and $17.5 in 2004, according to the report, "The Economic Impact of Viruses, Spyware, Adware, Botnets, and Ot......
[more] PatchLink, SecureWave announce merger PatchLink Corp. on Monday said it would acquire endpoint security vendor SecureWave in an all-stock merger.Scottsdale, Ariz.-based PatchLink said it plans to merge SecureWave technology into a platform to secure enterprise servers and endpoints. SecureWave, based in Luxembourg, has more than 1,700 customers worldwide. The merger transaction is subject to the approval of SecureWave's shareholders and is expected to be closed in the coming weeks. SecureWave's......
[more] 'Italian job' Web attack hits more than 10,000 sites The attack, which is primarily hitting Italian sites, has turned the pages into malware distributors Online criminals have launched a widespread Web attack that has turned tens of thousands of legitimate Web sites into weapons, security vendors said Monday. The attack began late last week, and by Monday morning, more than 10,000 Web sites had been compromised, according to security firms Trend Micro and Websense.Although attackers have hit tar......
[more] Cyber crooks hijack 10,000 websites More than 10,000 websites have been infected by a sophisticated and fast-acting Trojan downloader that attempts to install malware on visiting PCs. At least one security firm, Trend Micro, is working with the FBI to contain the damage and track down the perpetrators.The attack is noteworthy for the number of sites it has managed to infect in a relatively short period of time. Between Friday and Sunday night, the number jumped from 1,100 to about 2,500. By Mon......
[more] Hackers target 'legitimate' sites More than 10,000 websites have become unwitting hosts of malicious software, say security experts. Those visiting the hijacked pages risk having keylogging software installed on their PC if it is not protected with the latest patches. The webpages compromised are all legitimate sites devoted to subjects such as tax, jobs, tourism and cars. The sites are thought to have been booby-trapped using a malware kit, called MPack, sold commercially online. Hacked host T......
[more] USB flash drive worm spreads information about AIDS LiarVB-A worm infects removable memory sticks Sophos, a world leader in IT security and control, has discovered a worm which spreads by copying itself onto removable drives such as USB flash drives, in an attempt to spread information about AIDS and HIV. The W32/LiarVB-A worm hunts for removable drives such as floppy disks and USB memory sticks (as well as spreading via network shares), and then creates a hidden file called autorun.inf to ensur......
[more] UK sets the pace when it comes to cyber crime Identity theft, phishing and Trojan attacks are on the rise, and virtual worlds are being targeted by fraudsters, said a global online security firm. UK is a popular target because it was the pioneer for fast online payments, and consumers are used to easy and instant payment transfers, said Uriel Maimon, senior research scientist, RSA consumer solutions. Financial firms continue to face new and emerging threats, and are challenges to increase confi......
[more] YouTube 'riddled with 40-plus security vulnerabilities' Google researchers have at last responded to a hacker who says he's uncovered more than 40 YouTube flaws that put users at risk.Christian Matthies, says he's been trying to get the attention of Google bug squashers for the past several months, but was unsuccessful in getting a single reply to his emails warning of the vulnerabilities. That changed this week, a few days after he posted an ultimatum effectively vowing to disclose the bugs pu......
[more] Attackers persuade users to infect themselves The Sans Institute has uncovered more evidence that internet attackers don't necessarily need any clever technical tricks to plant malicious software on users' systems - an understanding of psychology will do just as well. In a bulletin on Friday, Sans' Internet Storm Center (ISC) described a website that led to several users mysteriously becoming infected with malware. Part of the mystery, according to ISC handler Bojan Zdrnja, was that the site di......
[more] Fake flash player site used to spread malware Hackers have developed a new ruse that attempts to trick users into downloading malware from a fake Adobe Shockwave Player download site.Prospective marks who stray onto lure sites - such as a game site related to RuneScape - are presented with broken icons in an attempt to convince them that their copy of Shockwave (if already installed) isn't working properly.Links from the site all point to another site which "diagnoses the problem" as......
[more] Sophos awarded ITPro Editor's Choice, outperforming McAfee and Symantec Sophos Anti-Virus Small Business Edition 2.0 declared "outright winner" Sophos Anti-Virus SBE 2.0, Sophos's integrated protection solution for small businesses, has won the prestigious "Editor's Choice" award in a comparative test conducted by ITPro. ITPro tested McAfee Active VirusScan SMB Edition, Symantec AntiVirus 10.2, F-Secure Anti-Virus Small Business Suite and Sophos Sophos Anti-Virus Small Business Edition......
[more] 'Italian Job' trojan could lead to future localised attacks The recent MPACK-aided trojan attack is a sign that future mass-attacks may become increasingly localised, according to security researchers. The MPACK delivery device for malware was used to propagate trojan attacks this month, mostly affecting users in Italy.Dave Cole, director of Symantec Security Response, told SCMagazine.com today that MPACK-related attacks are unique both for their use of existing websites and regional nature.&quo......
[more] Safari for Windows gets more patches The recently-launched Apple browser, Safari for Windows, has received its second lot of patches since its debut earlier this month. Apple has posted the latest version of the beta software, 3.0.2, on its website, containing security fixes as well as other tweaks.The browser was first released by chief executive Steve Jobs at the company's Worldwide Developers Conference earlier this month. Within days, security vulnerabilities had been unearthed by researcher......
[more] Websense: Google Pages hosting phishing attacks Researchers are warning internet users to be on the lookout for website scams appearing on Google Pages. This month, experts at Websense reported a spike in the user-created sites hosting phishing schemes, such as one for eBay, Dan Hubbard, vice president of security research at San Diego-based Websense, told SCMagazine.com today.Attackers are drawn to the Google Pages, which are hosted on Google servers, because they may evade web filters. The sit......
[more] The decline of antivirus and the rise of whitelisting The recent acquisition of SecureWave by PatchLink was not so much an acquisition as a merger, with PatchLink being the senior partner. With 3400 customers it had about twice the customer base as SecureWave and it also had about twice the staff.The merger probably sent a shock wave or two through the declining AntiVirus industry, because it has created a bigger and more powerful whitelisting vendor. As far as SecureWave is concerned, it will......
[more] Fake Windows security alert loads a Trojan Messages insisting that users install a just-released Microsoft security update are bogus and actually lead to a site that plants malicious code on PCs, several security companies have warned. The spam, which touts "Microsoft Security Bulletin MS07-0065 -- Critical Update" as its subject and appears to come from "update@microsoft.com," claims users should download a June 18 security patch and provides a link to a URL that looks legi......
[more] Sophos: Thousands infected with video disguised malware A Trojan that disguises its malicious content by playing a humorous animation is spreading across the internet, according to security experts. The Agent-FWO trojan plays the popular "Yes & No" Shockwave video created by Italian animator Bruno Bozzetto, but only after embedding itself on users' computers and downloading further malicious code from the internet. Hundreds of thousands of people are believed to have watched the fi......
[more] Net predictions revisited INTERNET security firm McAfee has revisited its top 10 predictions for threats this year and found that, as expected, data-thieving phishing web sites are on the rise. McAfee Asia Pacific director Michael Sentonas says: "Professional and organised criminals continue to drive much of the malicious net activity the net. We were surprised mobile malware and image spam has tapered off." In reviewing its predictions, McAfee found that password-stealing web sites ar......
[more] Rival malware gangs wage turf war Security researchers have uncovered evidence of a turf war between rival criminal enterprises connected to two of the most sophisticated malware toolkits in current use.Like competing gangs in the Mafia - for those who followed the HBO series The Sopranos, think the New York-based Lupertazzi crime family and its sometimes enemy the DiMeo crime family, which Tony Soprano ran from New Jersey - the malware groups are fighting for turf and control.But rather than c......
[more] Spammers exploit iPhone hype Spammers have used the media hype surrounding the launch of Apple's iPhone to trick email users into visiting a malware hosting website, a security software company has warned. Secure Computing has advised users to be wary of messages claiming that the recipient has won an Apple iPhone. The message urges the user to visit a website to receive their prize. But the site hosts 10 forms of malicious code that attempts to install on to the user's computer via the web brow......
[more] Nearly 30,000 Malicious Web Sites Appear Each Day While researchers are simply getting better at finding the malicious sites, Sophos reports that hackers are increasingly turning to Web-borne malware -- in great numbers. The number of malicious Web sites has skyrocketed over the past few months, going from 5,000 new ones a day in April to nearly 30,000 a day now. "This certainly is a huge increase," said Carole Theriault, a senior security consultant with Sophos, in an e-mail to Infor......
[more] Portable storage media increasingly a focus of attack for malware writers ESET has announced that for a third consecutive month, Trojan Ani.Gen with nearly 4% of detections, remains the number one threat during June, as observed by ESET's ThreatSense.Net statistical reporting. But the rise of other threats such as Rjump.A into third place and INF/Autorun into fifth, both of which exploit the wide use of portable storage media, shows that this is increasingly a focus of attack for malware writer......
[more] F-Secure gets graphical to fight next-gen malware Antivirus firm F-Secure has developed a graphical tool for analysing the behaviour of malicious code. At a press briefing in Sydney this week, Patrik Runald, senior security specialist at the Finnish firm, said the tool -- called FS-CSI -- graphically displays the behaviour of software.Runald explained that the tool first takes a snapshot of a clean system, then the malware is added, and then another snapshot is taken. He said the system is far m......
[more] Microsoft patches 11 bugs Microsoft has issued patches for 11 security vulnerabilities, five of them critical, in Windows, Office and the .Net Framework. The most serious of the batch is MS07-039, said security analysts who, unlike last month, had no trouble naming that critical hole as the one which should be patched first. "By far, this is the top of the list this month," said Andrew Storms, director of security operations at nCircle Network Security. MS07-039 patches a pair of bugs......
[more] Facebook found pimping crudware Facebook has become the latest website to be found pushing services that deliver highly deceptive security warnings designed to trick users into buying software.Purveyors of this scam are making use of Facebook Flyers, small ads that get posted on Facebook pages associated with a specific region. At 5,000 impressions for just $10, it's a bargain.We spotted a Flyer targeted at Facebook users in the San Francisco region that purportedly advertised a dating service.......
[more] Mac virus threat still "insignificant" Apple has plugged around 100 vulnerabilities in OS X so far this year but the malware threat to Mac customers is insignificant compared to users of Microsoft Windows.So far this year, Apple users have been exposed to the kind of vulnerabilities that are more commonly associated with Windows. The Mac maker has plugged security flaws that could have resulted in OS X customers being "owned" by basic actions such as visiting a malicious website, watc......
[more] Computer virus turns 25 The computer virus turns 25 this month. Long-suffering computer users would be forgiven for thinking that the first computer virus appeared in the mid-1980s, but the first virus actually predates the arrival of the first IBM-compatible PC.Elk Cloner, which spread between Apple II computers via infected floppy disks, has the dubious distinction of the first computer virus1 to spread in the wild. The malware is thought to be the work of Rich Skrenta, a 15-year-old high sch......
[more] Hackers lure victims to fake iPhone website New attack combines virus, phishing and adware in order to relieve would-be iPhone buyers of financial information. Hackers are targeting prospective iPhone users with a fake website that steals personal information from unsuspecting victims, according to experts.Researchers at anti-virus company Panda Software discovered that cybercriminals have developed a trojan, called Aifone.A, that takes control of a user's computer and then directs the victim to......
[more] DNS is a hacker's playground Many companies remain vulnerable to attacks against domain name system servers, despite efforts to secure them, according to a new study. More than half the respondents to a Mazerov Research and Consulting study reported having fallen victim to some form of malware attack. More than one-third had been hit by a denial-of-service (DoS) attack, and more than 44 percent had experienced a pharming or cache-poisoning attack. External and internal DNS servers were equally......
[more] Mac worm author receives death threats Fracas over anonymous researcher, Mac malware gets personal (and psychotic) The beef over news of a worm targeting Macs, and the identity of the researcher who claimed to have created the malware, took an even stranger turn Wednesday as death threats were allegedly posted to his or her blog, which was then reportedly hacked. In return, the researcher leveled charges at a security expert known for taking on Apple Inc. The hubbub started earlier this week, wh......
[more] Malware has increased by 25,000 percent in the past seven years The amount of new malware created every year has increased 25,818 percent over the last seven years, according to a report by PandaLabs. The type of malware most frequently used by cyber-crooks has also changed over the years. Whereas in 2000, viruses accounted for 81 percent of all new malware detected by PandaLabs, in 2006 this figure barely reached 1 percent. The flipside of this however is that Trojans have increased from 14 to......
[more] Net criminals shun virus attacks Hi-tech criminals have found novel ways to carry out web-based attacks that are much harder to spot and stop, warn security experts. Some cyber criminals have exploited file-sharing networks and popular webpages to attack targets. The malicious hackers have turned to these methods instead of going to the trouble of hijacking home PCs. Using these methods the hi-tech criminals have staged some of the biggest attacks security experts have ever seen. Attack pa......
[more] DIY Trojan tool discovered for sale A new kit for building and customising Trojan malware has been discovered for sale on the Internet. With the appropriate name ‘Pinch,' the tool lets criminals with little technical knowledge specify a number of parameters such as which type of password to steal from infected machines. Alternatively, the tabbed-based interface can be made to turn the program into a straightforward key-logger set to capture all keystrokes, take screenshots, or steal speci......
[more] Businesses fail to cope with image-spam Half of all medium to large organisations in the UK are failing to cope with the growing problem of image-based spam, new figures show. While 97 per cent of respondents have anti-spam solutions in place, 50 per cent are not managing to deal with image-based junk messages, according to the latest research by email security firm PineApp.The survey also found that 48 per cent of those businesses surveyed said the burden on bandwidth caused by image spam is a......
[more] Sobering Realities of Enforcing NAC: Top 5 Challenges that Solutions Need to Address Network Access Control (NAC, a.k.a. Network Admission Control), has generated a lot of enthusiasm, and correspondingly, a large number of corporate initiatives to address a rapidly evolving network security challenge. NAC was developed to ensure the security of endpoints connecting to the corporate network, which has become an increasingly important issue given the large number of external users, mobile systems......
[more] Spammers move onto spreadsheets The first case of a new type of spam which uses Excel spreadsheets to circulate was discovered over the weekend.Security firm Sophos said that the emails come with an Excel spreadsheet file labelled 'invoice.xls'. It then uses an embedded image to deliver the spam.While it is possible to write malware that exploits Excel, no malware has been included in the emails so far. Sophos believes that this could be a sign that "we're winning the war against spam"......
[more] McAfee offers free solution to rootkit attacks McAfee is to release Rootkit Detective, software for blocking and removing rootkit attacks. The software also funnels intelligence into the company's ongoing research operations. Following in the footsteps of SiteAdvisor - the free web site security program acquired by McAfee in April 2006 - the new tool will be free for download, with benefits for both end users and its researchers. Rootkits are self-cloaking malware attacks that install themselve......
[more] Web threats leapfrog email attacks Web-based threats have now overtaken email attacks reaching record numbers, according to the latest report by Sophos. In June alone, a record number of infected web pages were detected, approximately 29,700 each day. That figure has soared by a whopping 500 per cent since earlier in the year when just 5,000 were detected daily.The research shows that about one in five infected websites is malicious by design. This means that 80 per cent of all web-based malware......
[more] Warning over 30,000 newly infected websites Security firm Sophos says the number of infected web pages has soared nearly six-fold since the start of the year. The spike shows just how widespread web attacks have become, Sophos said. In June, it detected an average of almost 30,000 newly infected pages each day. Earlier in the year, the tally was as low as only 5,000 new pages daily. The vast majority of pages serving up malicious content are hosted on legitimate websites, Sophos added. About 80......
[more] IM attacks up nearly 80 percent, Akonix says - and P2P is worse Loose lips sink ships, and flying fingers scuttle computers Malicious code attacks over instant messaging networks are up almost 80 percent over last year, according to a new study from vendor Akonix. In July, the company, which develops IM hygiene and compliance appliances and services, said it uncovered 20 malicious code attacks over IM in July. The total number of threats for 2007 so far is 226, the company said. That number is a......
[more] Well-wrought e-mail scams target deep-pocketed victims It's the moment we've all feared: The phishers have learned decent business English A wave of sophisticated, ongoing attacks disguised as bills from supposed business partners, complaints from the Better Business Bureau, and investigations by the Internal Revenue Service is snaring high-value business victims with malware-carrying e-mail messages that don't bear the usual telltale signs of phishing. "When you get one of these things,&qu......
[more] Storm worm gets smarter Newer variants of the widespread Storm worm have introduced a new technique for evading security experts - detecting when they are running in a virtual environment and changing their behaviour if they are. The innovation is an indication of how common virtualisation is becoming, and also shows how sophisticated the developers of malware such as Storm have become, according to Bojan Zdrnja, a handler with the Sans Institute's Internet Storm Center (ISC). He said Storm is......
[more] Virus plays on Nintendo Mario game nostalgia IT security and control firm Sophos is warning of a new mass-mailing worm that is capitalising on users' enthusiasm for Nintendo's iconic character, Mario. Once they open the email, recipients are requested to click on an attachment that promises to run one of the classic Super Mario Bros games. Emails sent by the worm use the following text in the message body: Hi There, Do You Like Mario Bross ? Test it, and you'll like it ;] ! Attached to the emai......
[more] IT managers acting fast on security, survey finds IT managers are reacting increasingly quickly to security issues, a survey has revealed. Seven in 10 managers now deploy critical updates within eight hours, which is almost twice as many as last year. And 29% implement patches in only two hours - more than double the number that achieved that response time in 2006. The results come from a survey of 250 chief information officers, chief security officers, IT managers and network administrators a......
[more] Zero-day attacks top list of IT concerns Zero-day attack concern may be out of lack of understanding on available protection Threats posed by zero-day vulnerabilities were ranked by global IT decision-makers as their topmost security concern, according to a recent survey by security firm PatchLink Corp.Fifty-three percent of respondents put zero-day vulnerabilities as the No. 1 security concern, followed by hackers, cited by 35%, and malware and spyware, with 34%. PatchLink surveyed 250 of its c......
[more] IT professionals responding to increased security threats, say PatchLink A global survey of IT professionals shows they have redoubled their efforts to immediately neutralise exposed vulnerabilities. This firefighting activity takes precedence even over such security threats as hackers, spyware and malware. Security firm PatchLink interviewed 250 CIOs, CSOs, IT managers and network administrators across Europe, Asia Pacific and the US. They were questioned about attitudes to security and vulnera......
[more] Businesses having second thoughts about Vista Fewer businesses are now planning to move to Windows Vista than seven months ago, according to a survey by patch management vendor PatchLink Corp., while more said they will either stick with the Windows they have, or turn to Linux or Mac OS X. In a just-released poll of more than 250 of its clients, PatchLink noted that only 2% said they are already running Vista, while another 9% said they planned to roll out Vista in the next three months. A land......
[more] Huge Russian malware attack imminent Trend Micro says a large-scale security attack could be about to launch on the web after its researchers spotted a Russian server loaded with more than 400 different pieces of malware. Chenghuai Lu, a senior threat analyst at Trend Micro, has uncovered a site with several hundred malicious programs and traced the site's server to a Russian IP address. Among the harboured malware were examples of three Trojan families: Dropper.cko, Clicker.qu and Polycrypt.g.......
[more] Spammers trick users with sexy celebrity pics Spammers are tricking users into opening malicious email attachments by promising them salacious pictures of female celebrities, security experts have warned. The messages allegedly hold lewd images of the Hollywood actresses Angelina Jolie, Nicole Kidman, Milla Jovovich and Natalie Portman.But, in fact this is intended to entice the recipient into clicking on a malicious attachment, which opens a zip file and infects the user's computer. Once the pr......
[more] Aladdin's eSafe upgraded to halt proxy menace Security vendor Aladdin Knowledge Systems has added an element to its eSafe secure web gateway that it claims can block the operation of 'anonymous' proxies. Anonymous proxies (or anonymisers) are websites that allow users to connect to the Internet through an external website, thereby allowing users to bypass local network security restrictions. This bypass mechanism was originally designed for safe, anonymous Web surfing (for example to access MyS......
[more] Man loses $1.5 million in Nigerian email scam - six people arrested Sophos, a world leader in IT security and control, has reminded computer users of the danger of internet scams following the arrest of six men alleged to have defrauded their victim out of AU $1.76 million (US $1.5 million) through email. According to media reports, Dutch police have arrested six men in connection with extorting money from a 49-year-old Australian man after offering, via email, a business contract worth US $90......
[more] Mobile malware to pose significant threat Increased adoption of mobile devices will lead to increased mobile malware sophistication Although concerns regarding handheld data security still trump fears of mobile viruses, security software vendors and researchers contend that greater numbers of attacks are on the horizon. Thus far, most malware programs targeting wireless devices have been proof-of-concept threats or have required large amounts of end-user interaction to deliver their payloads, bu......
[more] Monster.com waited days before informing users of breach The employment website Monster.com, which suffered a huge malware attack this week, waited five days before informing its users that their personal data had been hacked, an executive at the company has revealed. Patrick Manzo, vice president of compliance and fraud prevention at the New York-based firm, told the Reuters news agency yesterday that the company first learned of the hacking attack on 17 August, when security experts at Symante......
[more] Fake Gates Foundation malware spreads A malicious spam is in circulation which pretends to be from the Bill and Melinda Gates Foundation. It has the subject line 'Life for Life' and leads with the recent news that the Northern Territory Library has received the 2007 Access to Learning Award from the Bill and Melinda Gates Foundation. This information is true but the link inviting you to read more about the award takes you off to an infected Web site in Korea, according to Paul Ducklin, Asia-Pac......
[more] Old threats coming back to haunt antivirus systems The "long tail" of the internet may be a plus in some fields, but where it comes to internet security it means that old threats never die - something that could ultimately render signature-based security obsolete, according to a new white paper from IBM Internet Security Systems (IBM ISS). Threats such as Slammer, which originated in January 2003, are still going strong - in fact it is still the threat most commonly encountered by IBM......
[more] Road warriors are security risk Most IT managers believe mobile workers increase the risk of malware and other threats, according to a new survey. The survey of 450 IT managers found they are still at risk despite having anti-virus products installed on endpoints and using systems management tools to patch computers. The survey, commissioned by management software maker BigFix and conducted by GatePoint Research, also found that in some cases IT managers think their systems management tools hav......
[more] United Nations hit by keylogger and trojan attack The United Nations (UN) has been hit by a string of hacking attacks aimed at identity and credit card theft, and the building of botnets. The attack on the UN Asia Pacific website is believed to originate from the same group responsible for attacks on the US-based Biotechnology Information Organization and the prominent Indian Syndicate Bank. The financially-motivated incursions, launched from the same remote location, infected a server common t......
[more] SME surfers under threat Employees within SMEs freely surf the web for an average of two and a half hours a week, however less than half of SME IT managers admit to using web filtering software and security.According to research from vendor Websense, 66 per cent of SME employees trust their company has the correct security measures in place, without inquiring about them. Thirty one per cent of employees have used online credit card details, at work without having questioned the IT managers abou......
[more] Aladdin eSafe Secure Web Gateway Blocks 100 percent of Anonymous Proxies Anonymous proxies, or anonymizers, are Web sites that allow Internet users to connect to the Web through an external Web site, thereby bypassing any restrictions typically enforced on the local network. This bypass mechanism, though originally designed for safe, anonymous Web surfing, proves extremely dangerous for businesses, schools and other organizations. It opens any computer to all malware that is usually filtered ou......
[more] Beyonce, Rihanna, Kelly Clarkson video emails spread ecard Trojan horse Sophos, a world leader in IT security and control, has warned internet users about the latest disguise being used by malware authors in their attempt to infect people's PCs: an email claiming to point to music videos of popstars like Beyonce Knowles, Kelly Clarkson and Rihanna. Experts at SophosLabs have proactively protected customers against the latest wave of malicious emails which pretend to be links to new music videos......
[more] Instant messaging attacks double in August Instant-messaging threats are on the up, with security firm Akonix claiming there have been 38 malicious-code attacks on IM networks so far this month, twice the number experienced in July. Akonix said IM worms with such bizarre names as Delf, Mimbot, MSNHorm and MSNPoopy have emerged this month, proving that IM networks are becoming a popular vehicle for hackers to attempt to break into corporate networks. Instant-messaging threats work much like emai......
[more] Bank of India site hacked, serves up 22 exploits The Bank of India Web site was hacked sometime Wednesday night (U.S. time) and seeded with a wide, wild array of malware that infected any users running unpatched browsers, security researchers said today. Although the bank's site had been scoured of all malware by Friday morning, it's currently offline. "This site is under temporary maintenance and will be available after 09:00 IST on 1.09.07," a prominent message currently reads. Rese......
[more] Security experts warn of Sony 'hidden files' Security specialists are warning that Sony's MicroVault USB, which is a biometric USB storage device, cloaks driver software in a Windows directory that could be used by malware to avoid detection from security applications. The manner of installing and hiding software on users' PCs is reminiscent of Sony BMG's attempt two years ago to protect music copyright by installing rootkit software.The fingerprint-recognition software packaged with Sony's Micr......
[more] Second attack on Monster website discovered Investigations into data breach uncover second attack on job website. The attack on job website Monster.com has left more than 1.3 million users of the site open to identity theft. Monster's chief executive admitted that a second hack of the site went unnoticed.Sal Iannuzzi said that further investigations by the company unearthed the second hit and said that the company had no idea how much information had been taken during the cyber onslaught or how......
[more] Malware authors change tack Malware in the form of email attachments has dropped heavily in the last month, according to security software specialist Sophos.In August there was an average of one infected message in every 1,000 emails, compared with one in 322 during the first six months of 2007.Criminals are finding other, more effective ways of spreading malware, such as spam campaigns directing people to infected webpages, said Sophos senior security consultant Carole Theriault.'Most malware......
[more] Germany floats Trojan for terror suspects German politicians have defended plans to email Trojan horse software to terror suspects in the hopes of monitoring their conversations. The measures have sparked a fierce civil liberties debate. The dubious efficacy of the wheeze is yet to come under serious consideration.Interior Minister Wolfgang Schaeuble is seeking police powers to harness malware in upcoming federal security laws. AP reports that snoopware would be developed by the German governme......
[more] Sony to exorcise 'rootkit' from USB drives Sony is prepping an update to remove rootkit-like technology that shipped with a range of USB storage devices featuring fingerprint authentication.The Sony MicroVault USM-F fingerprint reader software that comes bundled with the USB stick installs a hidden directory under Windows. Files in the directory might be hidden from some antivirus scanners, potentially creating a hiding place for malware that virus authors could seek to exploit.The tactic, a mi......
[more] eBay users targeted by ID-stealing botnet Online auction site eBay has been targeted by identity thieves, who are wielding a botnet that uses brute force to uncover valid account log-in information, according to security company Aladdin Knowledge Systems. The attacks against eBay may have started as long ago as early August, said Ofer Elzam. He said that he and other researchers at the Tel Aviv-based security company have not been successful in notifying eBay of their weekend findings. Accordin......
[more] Storm worm still raging New report finds that the Storm worm tempest has failed to die down. The Storm trojan is still causing havoc and has changed tactics over the last month in order to infect computers, according to the latest Messagelabs report.The company's research team had observed a large increase in emails with links to virtual postcards and YouTube videos. The team noted a significant outburst on 15 August of 600,000 emails over that day. It estimated that the StormWorm botnet now com......
[more] Spam up, PDF spam down Spam rates were up in August, despite the fact that PDF spam appears to have peaked. Junk email reached nearly 70% of all messages sent last month. According to Symantec's spam report for August, unwanted email accounted for 69% of all mail sent, up 3% from July. Spam volumes are creeping up toward the levels reached last October when image spam inflated junk mail to 73% of all messages sent. In August, image spam had little impact, accounting for less than 10% of all spa......
[more] Yahoo feeds Trojan-laced ads to MySpace and PhotoBucket users A Yahoo-owned advertising network became the unwitting ally of cyber crooks after it spewed millions of Trojan-laced banner ads on MySpace, PhotoBucket and other websites.The banner ads, which were brokered by Right Media, were served an estimated 12 million times over a three-week period starting in early August, according to ScanSafe, a managed security provider. Earlier this year, Yahoo paid $650m to acquire the 80 percent of the......
[more] Skype worm leaves Sophos users unfazed Sophos, a world leader in IT security and control, says that a recent worm outbreak on the Skype network highlights the importance of proactive virus protection. The worm, which has been seen spreading via Skype's instant messaging system, has not managed to infect Sophos users who were proactively protected against the threat without requiring an update. The W32/Pykse-C worm (also known as Ramex, Skipi or Pykspa) spreads via Skype's chat system in a varie......
[more] Intrusion detection in the age of compliance While intrusion detection technologies are clearly not a "hot new thing" anymore, they are still the subject of active industry debate. Since the infamous "IDS is Dead" piece was published by Gartner in 2003, the discussion about IDS relevance to today's world of commercial malware and web exploits rages on. Further, the IDS relationship to newer technologies such as intrusion prevention systems (IPS) and network-behavior anomaly......
[more] Malware becoming more sophisticated, warns IBM IBM has reported an increase in malware volume and sophistication as part of its security statistics report for the first half of the year. So far this year, its X-Force research and development team has identified and analysed more than 210,000 new malware samples, which is more than the total number of malware samples observed over the entirety of last year. According to IBM, the "exploits as a service" industry continues to thriv, with......
[more] Build malware protection into operating systems Malware protection needs to be built into operating systems rather than bolted on as an afterthought if the industry stands any chance of dealing with the evolving threat of targeted attacks, according to a senior security researcher.Joanna Rutkowska, chief exec of Invisible Things Lab, who is best known for her research on rootkits and Vista security, told delegates to the Gartner security conference in London on Monday that user stupidity was on......
[more] IT managers fret over mobile workers IT managers are struggling to cope with the security threats posed by mobile workers, according to a report by security vendor BigFix. The US-focused study shows that nearly a third of IT managers believe mobile workers leave their company network open to malware attacks.What's more, 45 per cent were dissatisfied with their security configuration management (SCM) software and believe it is failing to tackle the problem. "Clearly, securing the mobil......
[more] Panda worm author gets four years The 25-year-old programmer who unleashed the Panda worm almost a year ago in China was sentenced Monday to four years in prison, a news service reported from Beijing. Li Jun, arrested in February and charged last month with making approximately £6,700 selling the worm - dubbed both "Fujacks" and "Panda Burning Joss Sticks" - was given a four-year jail term by a court in Xiantao, China. Three other men - all in their 20s, according to t......
[more] British PCs contain the least malware PCs in Great Britain and Northern Ireland have lower levels of malware infection than their counterparts in the rest of Europe. Nanoscan is an online malware-measuring tool, which can be downloaded as a plug-in from Panda Software. Nanoscan placed the UK bottom of the malware table last week, with only 8.1 percent of those PCs scanned showing active malware. Using a separate measure, that of 'latent' or inactive malware, however, the UK fared less well, rea......
[more] Number of malicious e-mails bearing bad links balloons tenfold The percentage of threats arriving in e-mails that rely on links to malicious sites -- rather than arriving as file attachments -- has ballooned tenfold since the first quarter of the year, a security company said today. In a report published today, U.K.-based MessageLabs Ltd. said that 35% of the e-mail threats it now detects use embedded links to infect computers instead of the more traditional file attachments. In the March-June......
[more] GSS warns that hackers can now destroy hardware Global Secure Systems, the specialist IT security consultants and system integrators, has warned that hackers can now destroy hardware systems, as well as software. David Hobson,Managing Director at GSS, said that a US government video of a power station generator, released to the media earlier this week, clearly shows what can happen when hackers take over control of a turbine system. "The Department of Homeland Security video shows a mock-u......
[more] Keep your IM-using employees on a need-to-know basis As long as people have competed against others, whether commercially, militarily or athletically, their organizations have possessed information or practices that need to be kept secret. Naturally, competitors have always wanted to learn those secrets, and history is filled with stories of spies, patents, secret codes and inadvertent disclosure of confidential information. Everyone knows that Coca-Cola guards the secret formula for their elix......
[more] Web 2.0 is 'security risk', warns analyst Criminals are taking increasing advantage of "Web 2.0" and social networking to attack companies, according to analyst Christian Christiansen, vice president for security products and services at IDC. The web isn't the benign information resource that once people saw it as, said Christiansen, speaking at Kaspersky Lab's Surviving CyberCrime Event in Massachusetts yesterday. "One of the things that's happened that's disconcerting, and it's......
[more] Sacked worker blames porn on malware A US district judge has upheld a motion to dismiss in the case of hospital respiratory therapist David Farr, who filed a lawsuit against his former employer for unlawful termination after losing his job in August 2005. Farr blamed malicious software for bookmarking pornographic websites on his work computer, an argument that was supported by a computer forensics specialist. Yet US district judge Sarah Evans Barker ruled on 26 September.Employed at St Francis......
[more] Storm builds the world's biggest botnet Storm may not be the most creative or malicious piece of malware ever written, but it's on track to become the most productive; threat researchers' recent estimates put the number of PCs it has infected at more than 1 million. First showing up on researchers' radars about a year ago, Storm is defined by some as a worm, others as a Trojan Horse. Though it has gone by many names, Storm - referring to the spam blasts it has been behind that mention storms -......
[more] Linux is new phishing threat to eBay eBay says online criminals are getting more organised and branching out from the Windows operating system to use the open-source Linux platform. eBay recently did an in-depth analysis of its threat situation, and while the company is not releasing the results of this analysis it did uncover a huge number of hacked, botnet computers, said Dave Cullinane, eBay's chief information and security officer, speaking at a Microsoft-sponsored security symposium at San......
[more] Warning on web 'super worm' Security specialists have warned that internet users could be facing a major worm outbreak spread via weaknesses in current browser technology.A 'creative hacker' organisation known as GNU Citizen has published details of cross-site scripting (XSS) flaws that could be used to inject malware into computers via a web browser.The worm could scan IP addresses for vulnerable pages and then spread quickly across the internet.These flaws are have been gathered in an online......
[more] Angelina Jolie 'nudes' fuel malware spike One in every 833 emails in September were infected with malicious attachments compared to one in every 1,000 during August, new research reveals.The jump in malware attachments was primarily due to a coordinated campaign by hackers to spam out the Pushdo Trojan during the second half of September, according to security firms. The emails, which offered naked pictures of Hollywood actresses such as Angelina Jolie and Holly [sic] Berry, carry a malicious p......
[more] The top 10 reasons Web sites get hacked Experts say the people who actually build Web applications aren't paying much attention to security; a non-profit group is trying to solve that Web security is at the top of customers' minds after many well-publicized personal data breaches, but the people who actually build Web applications aren't paying much attention to security, experts say. "They're totally ignoring it," says IT consultant Joel Snyder. "When you go to your Web site des......
[more] IE, Outlook and Word get critical patches Microsoft has issued six security patches for critical vulnerabilities in Word, Outlook Express, Internet Explorer (IE) and the Kodak image viewer that ships with Windows. The updates fix nine bugs in Microsoft's products. In addition to the four critical updates, Microsoft also released "important" fixes for SharePoint and in Windows remote procedure call (RPC). Nine updates is one less than expected. Last Thursday, Microsoft said it was plan......
[more] Could businesses lose face over Facebook? Social networking sites like Facebook have exploded in use in Ireland recently, but IT experts are warning of privacy concerns. It's a familiar routine. No sooner does a development on the internet become commonplace than a security threat follows swiftly behind. In this case, Facebook is the latest to fall victim, so to speak. The social networking site is one of the most popular destinations on the internet, with an estimated 100,000 people signing up......
[more] Webwasher Achieves 99.86 Percent Success in Anti-Malware Detection Study Secure Computing Corporation, a leading enterprise gateway security company, today announced that in an independent test conducted by AV Test Labs, Secure Computing's Webwasher anti-malware engine achieved 99.86% detection success, surpassing all of the leading vendors and scoring higher than 27 other companies. Secure Computing's reputation-based Web gateway solution, Webwasher, correctly identified the majority of 874,82......
[more] Trojan horse dupes Skype users, steals usernames and passwords Skype Ltd. again warned users of its software that malicious code targeting the voice-over-IP (VoIP) and instant messaging service was on the prowl, the second such alert in the past five weeks. A Trojan horse posing as a Skype add-on is stealing log-on credentials, the company\'s online spokesman, Villu Arak, said yesterday in a blog posting. Calling itself Skype Defender, the malware installs if users download and run the executab......
[more] Details of hijacked 24/7 ad server emerge Compromised server seeds legit sites with ads that invisibly steer users to exploit Hackers have hijacked a server operated by Internet advertising company 24/7 Real Media and are using it to seed legitimate Web sites with ads carrying attack code, Symantec Corp. said Friday. Windows users who visited sites with the attacking ads were infected if they browsed with Microsoft Corp.'s Internet Explorer and had RealNetworks' popular RealPlayer media player p......
[more] SMEs vulnerable to growing web threats Seven out of 10 SMEs worldwide have fallen victim to spyware and virus infections, but have underestimated the potential security consequences, according to new research.The latest State of Internet Security Report from Webroot Software highlights a number of problems concerning internet security threats at small firms."Unlike larger corporations, SMEs often lack the monetary resources and IT expertise to install and maintain the type of protection ne......
[more] Study puts average value of laptop data at £160,000 Most travellers carry little or no business information on their laptops, but the ones who do store an average of $525,000 worth of sensitive data, according to a survey contracted by iBahn, a provider of secure broadband services to 2,100 hotels and conference centres in 22 countries. According to the research: The average value of personal information on travelers' laptop computers is $330,000 (£161,000)Forty percent of respondents acc......
[more] Russians behind attack PDFs, security researcher says An infamous hacker gang is sending malicious PDF docs, stealing financial data A notorious Russian hacker gang is responsible for ongoing attacks using malicious PDF documents, a researcher said today. Users can thank the Russian Business Network (RBN), a well-known collective of cybercriminals, for the malware-armed PDF attachments that began appearing in in-boxes yesterday, said Ken Dunham, director of response for iSight Partners Inc. If t......
[more] How to Fight The Onslaught of Security Threats With a constantly evolving threat landscape attacking IT infrastructures, the impulse for many enterprises is just to throw more technology at the problem. According to Forrester Research Analyst Paul Stamp, that may not necessarily be the right approach. Speaking on a panel at the Interop conference, Stamp said IT needs to address risks from the top down, first identifying the top five scenarios of how someone could "mess you up." Only a......
[more] Microsoft desperately seeks fix for 'massive' Russian PDF attack Microsoft said it is working around the clock on a patch for a Windows flaw that is partly responsible for an ongoing attack wave of infected PDFs. The company has updated a security advisory to reflect the fact that exploit code is in the wild, but it may be too late for many. Security researchers said hackers have ramped up attacks using malicious PDF files that target the vulnerability. F-Secure called the surge in spam carryin......
[more] PC stripper helps spam to spread A virtual stripper is helping to defeat anti-spam security checks. Spammers have created a Windows game which shows a woman in a state of undress when people correctly type in text shown in an accompanying image. The scrambled text images come from sites which use them to stop computers automatically signing up for accounts that can be put to illegal use. By getting people to type in the text the spammers can take over the accounts and use them to send junk mail......
[more] Six new bugs found in RealPlayer For the second time in eight days, new critical vulnerabilities that could be used to hijack machines have been fingered in the RealPlayer media player. The patched editions released last Friday for Windows, however, are not vulnerable to the half-dozen bugs, RealNetworks said. Hard on the heels of the revelation that RealPlayer sported a major flaw and that the bug had been exploited by hackers who had compromised an ad server owned by 24/7 Real Media to spread......
[more] 'We're not scared' of Storm, say researchers Reports that security researchers are running scared from hackers responsible for the Storm trojan are overblown, say some of the people who have dug into the complex malware. Last week Josh Corman of IBM's Internet Security Systems said that Storm, a multifaceted Trojan Horse that has been used to gather a substantial army of bots (or compromised computers), strikes back using distributed denial-of-service (DDoS) attacks when it senses probes of its......
[more] Storm Trojan dupes users with Halloween jig The latest holiday-inspired spam by the botnet-building malware in progress The Storm Trojan is flooding e-mail in-boxes with a Halloween spam blitz, security companies said this morning. This is just the latest example of the bot-building malware's knack of capitalizing on current events to dupe people into infecting their PCs. The newest campaign arrives in messages with subject heads such as "Dancing Bones" and "The most amazing danci......
[more] Macs seized by porn Trojan Miscreants have released a sophisticated Trojan into the wild that targets Mac users, according to Intego, a company that markets security software that runs on OS X.The malicious Trojan, dubbed OSX.RSPlug.A, is making the rounds on several porn websites. When Mac users try to view some videos, the site feeds them a page that says QuickTime is unable to play the file unless a special codec is installed first. If the user proceeds, a form of DNSChanger is installed tha......
[more] Hackers field malware from fake US election sites Hackers have taken advantage of mounting interest in next year's US presidential elections to create fake websites that serve up exploits.Anti-spyware firm Webroot said that it has tracked hundreds of fake sites that lure visitors into downloading malicious files. Surfers may encounter these fraudulent websites after unknowingly selecting a dodgy URL from a list returned from a search or (more likely) after mistyping the name of a legitimate sit......
[more] One in six UK PCs infected with malware One in six PCs have active spyware or malware infections, according to research. A study performed by UK security vendor Prevx looked at 300,000 PCs. The study showed that 15.6% of those PCs had at least one active spyware or malware program installed. These programs, which include keyboard loggers that record keystrokes, information stealers and fake antispyware, are emerging at rates of 5,000 to 10,000 per day, company officials say. Of these 300,000 PC......
[more] Warning from GSS as first serious Apple Mac Trojan hits Apple Mac users are no longer immune to Trojan attacks, after a Texas-based Mac security firm, reported the first serious Trojan to affect the Apple Mac platform. Users may be forced to contact their IT suppliers to protect themselves.The Trojan targets a computer's DNS server and adds a malicious entry that intercepts and re-routes web requests to malware-ridden and/or porn sites. Preparing a defence against this malware will be difficult......
[more] Thousands snared by malware warning from big-name websites Thousands of PC users have been duped into surrendering sensitive information and installing malicious software after falling victim to a complex scam that continues to plague well-known websites, a researcher warns. The scam is the latest to piggyback on banner ads that are fed to high-traffic destinations. Malicious code hardwired into the ads prompts a pop-up that warns of a bogus security threat on the visitor's machine. It offers to......
[more] Salesforce.com gone phishing Salesforce.com has been caught with its pants down after phishers persuaded an employee to hand over customer contact details.In a letter to customers yesterday the, er, customer relationship management (CRM) software vendor admitted that it had been hit by a number of dodgy phishing and malware attacks.Salesforce said that one of its employees had been taken in by a phishing scam that led to a customer contact list being copied after the worker naively handed over......
[more] Enterprises struggle with social network bans Enterprises are having difficulty coping with the rise of social networking sites such as MySpace and Facebook. Around 70 per cent of all enterprises block access to some specific internet domains, according to a recent study by analyst firm Gartner. Half of the companies who use web filtering equipment from Barracuda Networks block access to MySpace and/or Facebook, the two most popular online social networks. Barracuda based the findings on a samp......
[more] Hacker pleads guilty to creating botnets A hacker has pleaded guilty to infecting hundreds of thousands of computers with malware in order to steal money from Paypal accounts. A hacker has pleaded guilty to infecting hundreds of thousands of computers with malware in order to steal money from Paypal accounts. He could spend 60 years in prison and face a US$1.75 million (£870,000) fine. John Schiefer, 26, could spend 60 years in prison and face a US$1.75 million (£870,000) fine. He a......
[more] Russian hackers go offline but not out of business The Russian Business Network (RBN), a notorious hacker and malware hosting organisation that operates out of St. Petersburg, has gone off the air, security researchers said Wednesday. According to a pair of Trend Micro researchers, RBN went dark around 10 p.m. on Tuesday. "The routing information for their IP addresses has been withdrawn," said Paul Ferguson, a network architect at Trend Micro. "That's significant because while R......
[more] IndiaTimes website 'attacks visitors' Visitors to the IndiaTimes website are being bombarded by malware, some of which appear to target previously unknown vulnerabilities in Windows, a security researcher warns.In all, the English-language Indian news site is directly or indirectly serving up at least 434 malicious files, many of which are not detected by antivirus software, according to Mary Landesman, a senior security researcher at ScanSafe. She said at least 18 different IP addresses are in......
[more] Microsoft not happy with it's AV software Microsoft is still experiencing growing pains as it brings its consumer and enterprise security products and service up to speed. Microsoft released Windows Live OneCare for consumers in May 2006 and its Forefront Client Security for enterprises earlier this year. Both products entered a saturated security market populated by experienced security-specialist companies such as Symantec, McAfee and Trend Micro. When Microsoft began investing in the securit......
[more] F-Secure safeguards US General Motors Dealer Equipment customers from Internet security threats GM dealerships rely on the Internet for day-to-day business operations. In order to ensure that business can continue without interruption, the dealerships must protect their desktop computers and networks from the devastating effects of malicious viruses, spam and other malware threats. However, individual dealerships do not always have the IT resources needed to maintain a high level of security.F-......
[more] DoubleClick caught supplying malware-tainted ads DoubleClick, the massive internet advertising network that recently agreed to be bought by Google, has been caught serving rogue ads designed to trick users into buying unneeded software, according to an article on eWeek.DoubleClick acted as a go-between between a German-based outfit known as AdTraff.com, where the maliciously crafted ads originated, and scores of legitimate websites, including CNN, The Economist, The Huffington Post and the offi......
[more] Microsoft exec calls XP hack 'frightening' A Microsoft executive calls the ease with which two British e-crime specialists managed to hack into a Windows XP computer as both "enlightening and frightening." The demonstration took place Monday at an event sponsored by Get Safe Online--a joint initiative of the U.K. government and industry. At the event, which was aimed at heightening security awareness among small businesses, two members of the U.K. government intelligence group Serious Organized......
[more] GSS reveals perils of social networking sites Global Secure Systems (GSS) a leading IT security consultancy firm claims to have saved thousands of pounds a year by practising what they preach by blocking access to Facebook and other social networking sites on its company network with Internet filtering software. "Our Internet bandwidth requirements recently came up for review and it was suggested we would need an upgrade, costing a few thousand pounds more a year," said David Hobson,......
[more] Times of India website cleaned of malware The website of a heavily trafficked Indian newspaper is clean of malware, just days after hackers launched a nearly impossible-to-detect cross-site scripting attack that infected users' machines with a variety of malware. The Times of India's website was hammered with a Web 2.0-style attack in which the malware writers compromised several pages with malicious scripts. The scripts pointed to a remote site containing IFRAMEs, which pointed to two other mal......
[more] Storm botnet sweeps thorugh Yahoo GeoCities The Storm Trojan is using Yahoo's GeoCities service as an attack vector to infect PCs, according to security researchers.Long-time clients of the Russian Business Network (RBN), a notorious hacker network that mysteriously vanished last week after moving from St Petersburg to Shanghai are involved, said Paul Ferguson, network architect at Trend Micro. Trend watched as bots controlled by Storm were seeded with new spam templates that included links to......
[more] DNS servers still vulnerable Poor configuration is leaving DNS servers open to attack, but overall the system is growing and modernising, according to a new survey. DNS servers are increasing and modernising, but many are still vulnerable to attacks, according to a new study. The third annual survey conducted by Infoblox and the Measurement Factory looked at the state of Domain Name System (DNS) servers across the public internet by surveying 80 million named servers. DNS servers map domain name......
[more] Reports show October spam increase October was a scary month for IT administrators in charge of filtering spam, according to a pair of reports from messaging security firms. Research from St. Bernard Software showed a 33 percent hike in spam and virus activity compared to September. The San Diego-based company, citing its October Threat Center results, attributed the rise to the beginning of the school year and an increase in the victimization of college students' computers. The report also note......
[more] New Trojan scans for virtual machines A Trojan appeared at the weekend that uses MSN Messenger to grow a botnet, but more worryingly the malware also tries to scan for virtual machines in order to increase the botnet’s number of connections. In an eWeek.com article, the eSafe CSRT (Content Security Response Team) at security vendor Aladdin, warned that it had detected the new threat propagating around noon EST on Sunday. At 18:00 UTC (Coordinated Universal Time), eSafe had apparently detected......
[more] New emails address you by name, then try to hose your PC Beware of emails that mention you and your company by name and claim to be official communications from the US Department of Justice. They're phony and will attempt to install malware on your machine. The emails, which claim to reference a complaint recently filed by a business associate, invite the recipient to click on an attachment that contains a nasty Trojan, two separate security firms, MessageLabs and Websense, are reporting.The pra......
[more] Wireless 'piggy-backing' prompts authentication concerns With growing numbers of Britons putting themselves at risk from fraud through their policy of using other people's unsecured Wi-Fi networks, businesses have been advised to ensure that they have effective data authentication systems in place. According to a recent survey carried out by the security group Sophos, some 54 per cent of internet users take advantage of unsecured networks to get online, despite the fact that this puts them at ri......
[more] GSS Warns of Upcoming Black Friday Hackerfest Global Secure Systems (GSS), a leading IT security consultancy firm, has warned companies to review their IT security procedures in the light of the upcoming Thanksgiving weekend in the US. "Thanksgiving, a traditional North American holiday to give thanks at the end of the harvest season, is celebrated on the fourth Thursday of November in the US, and that is Thursday of this week," said David Hobson, GSS managing director."The bad ne......
[more] Exploit turns iPhone into a spy tool A US security consultant has used a security-testing tool to crack the iPhone. The exploit allows a hacker to control an iPhone remotely. Farrow demonstrated how he used HD Moore's Metasploit tool to gain root access to the iPhone and install an application that can record conversations on and near the iPhone, transforming the device into a spy tool. It also allowed him to remotely access recently modified files, locally stored emails and view the iPhone's we......
[more] Trojan spreads using PI wiretapping scare Miscreants are trying to convince email users that their telephone conversations are being recorded in a ruse designed to scare prospective marks into buying bogus security software. Emails promoting the campaign are laced with a new Trojan horse malware. The Dorf-AH Trojan horse appears as an attachment in emails claiming that the sender is a private detective listening into a recipient's phone calls. This "detective" claims he's prepared to s......
[more] YouTube Dragged Into Spam Runs Again! The most popular name in online video sharing, YouTube, is again being used by phishers. Spammed e-mail messages contain an obscure thumbnail of what looks like intertwining limbs, with the video description, 'A touching tale of how two lovers found their heart'. Trend Micro, a secure content and threat management company, has detected YouTube Spoof Site Serving Malware and advised users to be wary of such spam messages. Should users fall for the social engi......
[more] Malware found on LaoAirlines.com, travellers beware of other sites Sophos has warned Australian travellers looking to book flights to South East Asia to make certain their anti-virus software is up to date before going online after yesterday intercepting malware on Lao Airlines.com. According to Sophos, the malware is embedded at the bottom of the Laoairlines.com web page in invisible java script code.Users who simply embark on the site will automatically be redirected to another site in China w......
[more] F-Secure warns of increased Banking Detail Thefts and Man in the Browser incidents Security firm F-Secure has issued a warning to computer users all over world regarding an increase in attacks that target user data on banking Web sites. These attacks use a new generation of malicious codes and a technique known as “Man in the Browser”. From time immemorial, cyber criminals have been seeking ways to steal the personal and banking details of Web users. Now, as time has gone by, and security soluti......
[more] Web 2.0 threat looms: So what can organisations do about it? The web is already the main target for security attacks. Now the functionality of dynamic web 2.0 applications is providing new ways to compromise machines. Anthony Plewes looks at the vulnerabilities and the possible fixes. Most analysts agree careless use of web 2.0 applications poses a serious threat to computer users. The Yankee Group, for example, last month said web 2.0 is heading for a slow-motion security train wreck.The analys......
[more] Quicktime bug hits Windows Security researchers have warned that an unpatched bug in Apple's QuickTime software could leave Windows users vulnerable to attack. As of yesterday, there was no confirmation as to whether the Mac OS X versions of the media player are also vulnerable. The critical bug in QuickTime 7.2 and 7.3 is in the player's handling of the Real Time Streaming Protocol (RTSP), an audio/video streaming standard. According to alerts posted by Symantec and the US Computer Emergency Re......
[more] An inconvenient hack: Al Gore's Web site hit A blog set up to promote former U.S. Vice President Al Gore's film, "An Inconvenient Truth," has been hacked and is hosting links to Web sites hawking online pharmaceuticals. The links appear to have been created as part of a scheme to boost the Web traffic for sites that promote the drugs, security experts said Monday. They contain titles such as "Xanax On Line," "Viagra," and "Buy Valium Online." Cyber scammers have be......
[more] Subverted search sites lead to massive malware attack in progress Trojans, rootkits, password stealers hit users who click on a bad link after a search. A large-scale, coordinated campaign to steer users toward malware- spewing Web sites from Google and other Internet search engines is under way, security researchers said Tuesday. Users searching Google, Yahoo, Microsoft Live Search and other engines with any of hundreds of legitimate phrases -- from the technical "how to cisco router vpn......
[more] 20bn spam buckling inboxes Internet users in Britain get 20billion spam e-mails every day – double the amount of junk mail sent a year ago. Up to 120billion spam messages are sent daily worldwide - that's 20 for each person on the planet - and 49 out of 50 e-mails are junk. Next year, social networking websites such as Facebook and MySpace will become prime sources of personal data for spam gangs, a report claims today. '2007 marked a turning point for threats,' said Jason Steer of IronPort Sys......
[more] Revolutionary AV testing guidelines planned Consumers should have more accurate information with which to compare security software suites under a new set of software testing guidelines to be finalised early next year. Last week, security vendors and software testing organisations agreed during a conference in Seoul to form the Anti-Malware Testing Working Group, which will determine how best to conduct behavioural tests of security software, said Andreas Marx, who works for AV-Test.org, a Germ......
[more] Malware grew by 100% in 2007 According to F-Secure’s annual Data Security Wrap-up, 2007 saw a steep increase in the amount of new malware. In fact the amount of cumulative malware detections doubled during the year, reaching the amount of half a million, indicating that network criminals are producing new malware variants in bulk. F-Secure's virus labs noticed the following in 2007:New variants of existing malware and Storm Worm botnet was adapted for much greater effectiveness. High prof......
[more] Glory hunter hacks MySpace pages of Timberlake, Hilary Duff Several celebrity MySpace.com sites were defaced Wednesday by someone hoping to impress a hacker crew, a security researcher said today, a motivation of yore that harks back to when hackers sought notoriety rather than credit card numbers. A hacker identified only as "Tesla" broke into the MySpace pages of model/singer Tila Tequila, singer Justin Timberlake and actress/singer Hilary Duff, said Chris Boyd, the director of malw......
[more] Oops! Skype forgets to tell users of bug or patch job Skype Ltd. today blamed an "unintentional communication oversight" for not notifying users a month ago that it had patched the Windows version of its voice-over-IP client software against a critical bug. Company spokesman Villu Arak apologized for the blunder. "We strive to inform the public of vulnerabilities and malware that may affect Skype software," said Arak on the company's security blog today. "While this particular vu......
[more] Intel adds encryption to vPro Embedded security features, code-named Danbury, make application encryption easier, add new layer of hard drive protection The addition of the Danbury tools represents only the latest in a string of security and management technologies embedded directly into the vPro lineup by Intel, including the company's Active Management Technology (AMT), which is aimed at making it easier for administrators to do remote updates on corporate machines, such as for installing ant......
[more] Malicious software: what 2008 has in store When malware writers targeted adverts on some of the web's most trusted sites, they gave a glimpse of the future of cybercrime Last month, scores of popular websites were hit with a nasty surprise. Visitors to sites run by The Economist, Major League Baseball and Canada.com, to name a few, were greeted by adverts pushing antivirus software. The software, of course, was a hoax. What customers were clicking on (and it was hard to avoid) was a type of Tro......
[more] Sophisticated Trojan loots business bank accounts A German hacker crew is looting commercial bank accounts in four countries using a custom-built Trojan put in place by expertly crafted and extremely focused phishing attacks, a security researcher said today. The malware's most distinguishing feature, said Don Jackson, a senior security researcher with SecureWorks Inc., is its ability to mimic the steps the human account owner would take to move money. A variant of the Prg Banking malware, the......
[more] Apple fixes more QuickTime media flaws Apple Inc. patched several bugs in QuickTime on Thursday, including a three-week-old streaming media vulnerability for which exploit code has been in circulation since the end of November. At least one security researcher took Apple to task for its slow response and lack of information before today. "In classic Apple style, security researchers have been shouting the warning about this, and Apple has sat quietly, leaving many people wondering when an......
[more] French embassy site for Libya 'serving malware' The French embassy website for Libya has been compromised and is serving up malware to visitors, according to McAfee. McAfee researcher Francois Paget found the site to be compromised last week and McAfee has reported its findings to the French government. The site has been attacked using an iFrame exploit that inserts an invisible frame in the page in order to re-direct some web browser connections to another location, which serves up a "dow......
[more] Apple fixes 18 flaws in Tiger's Java Apple has updated Java for Mac OS X 10.4, also known as Tiger, to patch 18 different vulnerabilities, including some fixed as long ago as May by Java's maker, Sun Microsystems. Apple's newest operating system, dubbed Leopard, does not need to be patched because it includes the updated Java components. According to the accompanying advisory, Tiger's Java, Java 1.4 and Java 2 Standard Edition 5.0 contain flaws that in some cases could lead to what Apple called......
[more] Security vendors team up for better product testing Antivirus specialists hope to devise a new methodology to help users compare their software A group of leading IT security vendors have teamed up to devise a new standard for testing the effectiveness of their products.Panda, AV-Test, Symantec, Kaspersky and F-Secure have formed the Anti-malware Testing Taskforce to help users of their software to better compare one system with another.The new methodology will be based on behavioural analysis,......
[more] Google 'powerless' to stop AdSense theft Google's AdSense earnings are threatened by a Trojan that replaces the search giant's paid-for adverts with its own, in order to hijack advertising revenue. Launched in 2005, Google AdSense allows third-party websites or publishers to generate revenue from Google's text advertisers.AdSense acts as a middleman between an advertiser and a publisher. By crawling the content of publishers' web pages, AdSense determines the relevance of a text ad to page cont......
[more] Five security truths to protect your critical systems Anyone who tells you that your IT network is “100% secure” is either a fool, or greatly mistaken. Security is a moving target, and unfortunately, this target is being manipulated by the bad guys. With 2007 almost behind us, I reflect on the struggle enterprises and governments face in cyber security. This is not a holiday wish list, or resolutions for 2008, but read through these 5 notions and I can guarantee: you will wonder if you are doin......
[more] 'Bricking' bug threatens most HP, Compaq laptops The hacker who posted an exploit last week that threatened a large swath of Hewlett-Packard Co.'s laptop lineup followed up yesterday with new attack code that can "brick" nearly every HP laptop. In a post to the milw0rm.com Web site Wednesday, a Polish security researcher who used the alias "porkythepig" spelled out a pair of vulnerabilities in an ActiveX control used by HP's Software Update, the patch management program bundled with v......
[more] Malware honeypots wait for '08 The Web Application Security Consortium's Distributed Open Proxy Honeypot Project to track malware distributors will be relaunched in January An innovative malware honeypot project backed by a leading consortium of IT security experts is preparing to re-launch its global sensor network after Jan. 1 in an effort to dupe more cyber-criminals into handing over information about their latest attack methods. The Web Application Security Consortium's Distributed Open Pr......
[more] Hackers quickly move to exploit Bhutto assassination Within hours of yesterday's assassination of former Pakistani Prime Minister Benazir Bhutto, malware makers exploited the breaking news to dupe users into downloading attack code, security researchers said Friday. Searches for news about Bhutto's killing and the ensuing chaos in Pakistan listed sites pimping a bogus video coder/decoder (codec), said analysts at McAfee Inc., Symantec Corp. and WebSense Inc. For instance, WebSense found such a......
[more] 'Ransomware' extorts payment with phone call New "ransomware" that locks up a person's PC and demands $35 to return control to its user is on the prowl, a security researcher said this week. The extortionists tell victims of the Delf.ctk Trojan horse to dial a 900 number, said Alex Eckelberry, CEO of Sunbelt Software Distribution Inc., a Clearwater, Fla.-based security developer. That number can be traced to "passwordtwoenter.com," a payment processor also used by hardcore pornography......
[more] Boom times for hi-tech criminals Starting a career as a cyber criminal got much easier in 2007. So say security experts looking back on 12 months in which hi-tech gangs took control of the net's underground. The economy supporting these groups has matured so much that now everything from virus-writing kits to spam-spewing zombies are available for rent or hire. This has helped to fuel, say security professionals, rapid growth in the methods criminals use to catch out PC users and steal saleable......
[more] 'Diehard' virus variants flexing muscle New Windows-based "downloader" malware known as Trojan-Downloader.Win32.Diehard has surged to the top of Kaspersky Lab's "Virus Top Twenty" list for December because of its "explosive propagation," the security firm said Wednesday. A downloader is a type of malware, which loaded onto a victim's machine, can enable the attacker to download many other types of malicious code to exploit and control it for activities ranging from spam to information theft. Th......
[more] Facebook hack fuels Web 2.0 concerns Researchers at security gateway vendor Fortinet have uncovered an adware-distribution scheme being carried out on the Facebook social networking site considered to be the first attack propagated on the wildly popular online portal. Disguised as a legitimate "Secret Crush" request on the site designed to inform Facebook users about other members who find them attractive, the application instead attempts to secretly install an adware program made by......
[more] Users Fret Over Office 2003's Abandoned Formats Although the update shipped months ago, Microsoft has been feeling some recent heat over its decision to block all access to a slew of older file formats in its Service Pack 3 (SP3) for Office 2003. Microsoft maintains that the SP3 changes, ">released in September, came about for security reasons. However, users argue that they could make companies' archived files difficult, or impossible, to access in the future. "Because these are,......
[more] 'First' iPhone Trojan rolls into town Hackers have created Trojan horse malware targeted at Apple's much-hyped iPhone device. The package - more of a prank than a threat - poses as an "important system" upgrade supposedly needed prior to upgrading to version 1.1.3 of Apple's firmware. The "iPhone firmware 1.1.3 prep" seems to lack malicious purpose. Problems kick in when users try to uninstall the package.The bogus firmware reportedly affects components of other applications......
[more] Media player offered with worm A batch of digital media players sold by a Dutch importer over the holidays appear to have been infected with a nasty stocking stuffer: a worm. One user reportedly discovered the worm, Worm.Win32.Fujack.aa, after opening the Victory LT-200, a 512 MB USB media player sold by Victory Nederland, wrote Roel Schouwenberg, a senior research engineer, for Kaspersky on a company blog. At least one other variant of the Fujack worm has been observed to spread other programs......
[more] Nugache worm kicking up a botnet Storm Although the infamous Storm worm enters 2008 with a reputation as the world's most dangerous botnet, security experts say there's an up-and-comer called Nugache that could give it a run for its money. Nugache was first sighted about two years ago as a worm designed to work with chat protocols, says Paul Henry, vice president of technology evangelism at Secure Computing. As such, it did not propagate virulently. But last month, hackers believed to be ti......
[more] BETT: Brunel tackles harrassment with anti-spam Violent, threatening emails are now quarantined and trackable at Brunel University, letting the IT team prevent online harrasment and track those guilty to help protect their students. In a six-figure investment, the West London university signed up for Secure Computing's IronMail system just over three years ago in order to help them manage the deluge of incoming email, but it was quickly put to a more specific use when one of their 13,000 studen......
[more] Mass web infection leaves researcher scratching her head Security maven Mary Landesman is in the midst of piecing together a who-done-it involving the infection of hundreds of websites that are generating an enormous amount of traffic. Or maybe it's a how-done-it. Either way, she's mostly drawing blanks. Landesman is a researcher for ScanSafe, a company that monitors the web surfing of employees at large companies and provides them with real-time intelligence about what sites are spreading malw......
[more] Trojan 2.0 era about to begin: Finjan Cyberattackers are on the verge of creating trojans that take advantage of social networking websites and Web 2.0 technologies, according to researchers at Finjan. Calling the new genre of malware "Trojan 2.0," the San Jose, Calif.-based company predicted that attackers will capitalize on end-users' trust of social networking sites -- and the legitimate web services they offer -- to launch corporate espionage, spam and phishing attacks this year.......
[more] Crime hubs 'can be downed by publicity' One of the best ways to fight the criminal malware networks that now populate the Internet might actually be the simplest - publicise their existence. That is one conclusion that to be drawn from a new white paper published by a volunteer group, the Shadowserver Foundation, which assesses the activities of the Russian Business Network (RBN), a major crimeware hub which abruptly disappeared from the Internet in November, after its existence received worldw......
[more] Unpatched PCs open to latest web hack A sophisticated hacking scheme seen early last year is affecting an increasing number of web servers, including one owned by a major online advertising company, Finjan Software has said. It appears that a single gang is behind the attacks, since the malicious software it spreads is storing login and password details on one server in Spain, said Yuval Ben-Itzhak. Finjan is trying to get the ISP to shut it down, he said. A web server of an online adverti......
[more] Mac lambs line up for slaughter The unveiling of Apple's super-thin MacBook Air promises to expand further the Mac user base. That's troubling news for a platform that, as it enjoys greater uptake, risks the darker side of fandom - stalkers. Or, in this case, hackers and virus writers. Security specialist F-Secure's latest claim to have discovered the first rogue program for the Apple Macintosh - MacSweeper - comes only weeks after it reported it's finding an alarming increase in the quantit......
[more] Mystery web infection grows, but cause remains elusive The mystery over a cluster of poisoned websites distributing a toxic malware cocktail may be better understood but it's still not solved. Five days ago, we wrote about the infection of several hundred websites that was unlike anything seasoned researchers had seen before. Mary Landesman, a cyber gumshoe who first brought it to public attention, asked for help from other security pros in figuring out how the unusual new technique worked. And......
[more] Online crime gangs embrace open source ethos Add the malware bazaar to the list of marketplaces being radically reshaped by the forces of globalization. That's the conclusion of Thomas Holt, a professor of criminal justice at the University of North Carolina at Charlotte, who says the marketplace for rootkits, Trojans and other software nasties increasingly transcends national boundaries. In many respects, malware creation mimics open source communities, in which legions of programmers spanning......
[more] Malicious MMS worm hits Nokia handsets Security vendor Fortinet has uncovered a malicious SymbianOS Worm that is actively spreading on mobile phone networks. Fortinet's threat response team warned on Monday that the worm, identified as SymbOS/Beselo.A!worm, is able to run on several Symbian S60 enabled devices. These include the Nokia 6600, 6630, 6680, 7610, N70 and N72 handsets. The malware is disguised as a multimedia file (MMS) with an evocative name: either Beauty.jpg, Sex.mp3 or Love.rm.......
[more] Most malware comes from legit sites, says researcher The majority of Web sites serving up attack code are legitimate domains that have been hacked by criminals, a security researcher said in a report released today. It\'s the first time that legitimate sites outnumber the malicious ones hackers purposefully set up to spread malware. According to data compiled by Websense Inc., 51% of the sites it classified as malicious in the second half of 2007 had been compromised and then seeded with attack......
[more] Social Networking - the rules to follow to stay safe in 2008 British adults are more frequent users of social networking sites than any of their European counterparts, figures from Ofcom, the communications regulator, indicated recently. People seem obsessed with these sites with four in ten Britons now using their internet connection to keep in touch with their friends on networking websites such as Facebook, Bebo and MySpace. The figure compares with 17 percent in France, 12 percent in German......
[more] Virus writers charged with copyright violation Japan has arrested its first suspected virus writers, but in a strange twist the three suspected creators and distributors of a strain of P2P malware have been charged with copyright violation, in an arrest that recalls Al Capone's prosecution for tax evasion. The trio were cuffed by cops in Kyoto on suspicion of involvement in a plot to infect users of the Winny P2P file-sharing network with a Trojan horse that displayed images of popular anim&eac......
[more] Spammers cloak scams by redirecting through Google services Spammers are using thousands of Google accounts to camouflage their scams from anti-spam filters, a security researcher said Friday. He dubbed the practice "Spam 2.0." Rather than inserting links to the actual pages touting their products, some junk mailers are sticking in links from domains registered with Google Page Creator - the search engine's free web page maker - or accounts with Google's Blogger.com service, said Dan Hubbard, v......
[more] New Word attacks pose as news about Tibet New attacks using rigged Microsoft Word documents have been launched, a security company said today as it warned users to be leery of mail touting news about Tibet. Phony e-mails purporting to contain news about Tibet and its government in exile are making the rounds, according to Trend Micro Inc., which explained that the messages carry attachments that are malformed Word documents designed to exploit a vulnerability in parsing the popular word process......
[more] Expedia, Rhapsody serve attack ads, claim researchers Name-brand Web sites such as Expedia.com and Rhapsody.com have been serving up malicious banner advertisements this week, researchers said today. Later Wednesday, a spokeswoman for Rhapsody questioned the reports, saying that although the service had been pushing attack ads, it had put a stop to the practice last Thursday, Jan. 24. Rigged banner ads built with Flash have worked their way into the popular travel site of Expedia Inc. and into......
[more] Critical flaws found in MySpace, Facebook ActiveX controls Bugs in the ActiveX controls on popular social networking sites Facebook and MySpace can be used by hackers to snatch control of Windows PCs, security experts said today. Initially made public by researcher Elazar Broad on the Full Disclosure security mailing list, the vulnerabilities are in a pair of ActiveX controls that Facebook and MySpace provide to users for uploading images to their pages via Microsoft's Internet Explorer (IE) br......
[more] Sex beats romance, say security experts Romance is out and sex is in, according to security experts who said the Mega-Dik botnet has ousted the infamous Storm as the most prolific sender of spam. The Mega-D botnet, which offers discounted sexual enhancement pills to users, delivers a whopping 30 percent more spam than Storm, famous for delivering malicious Valentines cards. It is the largest botnet on record, according to security firm Marshal, and has exceeded Storm's highest spam output in Se......
[more] Automated crack for Windows Live captcha goes wild Spammers are using a sophisticated piece of software that can create thousands of Windows Live email addresses by cracking the protections designed to prevent the large-scale creation of fraudulent accounts. According to security firm Websense, the bot is surreptitiously installed on the PCs of end users. It then establishes a connection to the registration page of the Microsoft-owned mail service. About a third of the time, the software is abl......
[more] Antivirus company's Web site downloads ... a virus The Web site for Indian antivirus vendor AvSoft Technologies has been hacked and is being used to install malicious software on visitors' computers, security researchers said Thursday. The download section of AvSoft's S-cop Web site hosts the malicious code, according to Roger Thompson, chief research officer with security vendor AVG. "They let one of their pages get hit by an iFrame injection," he said. "It shows that anyone can......
[more] Mapping out Web apps attacks Attackers continue to use well-worn techniques, such as SQL injection, to exploit holes in popular Web applications but have also moved on to other targets, including government sites, and newer exploit methods, such as cross-site request forgery, according to the latest report filed by the Web Applications Security Consortium. The nonprofit industry group released the findings of its annual Hacking Incidents Database report this week, and despite the fact that cybe......
[more] GSS advises firms to look at whitelisting security technology Global Secure Systems (GSS), the specialist IT security reseller and systems integrator, is advising companies to look at installing whitelisting security software on their servers in a bid to stem the rising tide of malware attacks and database information losses. "Whitelisting software was a security safeguard used mainly back in the 1980s when IT security software was in its infancy, but the concept fell from favour because of......
[more] Hackers spread malware with 'Hilary Clinton' spam Cybercriminals may have weighed risk and reward and figured that the first isn't worth the second if they try to exploit the 2008 U.S. presidential campaign, a security researcher at Symantec Corp. said today. At least for now. "We've now seen just two instances of spam using political candidates to spread malicious code," said Oliver Friedrichs, director of Symantec's security response team and a writer on electoral cybercrime. "I......
[more] Mozilla raises Firefox security bar Firefox 3.0's new anti-malware blocker, a tool that prevents some malicious pages from loading, is the browser upgrade's most important new security feature, Mozilla's head of engineering has said. Officially dubbed Malware Protection, the tool warns users when they steer Firefox to sites that are known to install viruses, spyware, Trojan horses and other malicious code. When a user tries to reach a site on the banned list, a large red warning appears in lieu......
[more] Google finds evil all over the Web Google turned its Web-crawling technology loose to hunt down malware-serving pages and found 3 million, meaning about one out of every 1,000 pages is malicious. The Web is scarier than most people realize, according to research published recently by Google.The search engine giant trained its Web crawling software on billions of Web addresses over the past year looking for malicious pages that tried to attack their visitors. They found more than 3 million of th......
[more] Cisco plugs VoIP malware loophole Cisco rushed out a brace of security on Thursday to defend against potentially dangerous exploits via its VoIP kit, including the possibility of malicious code being injected into vulnerable networks. The twin advisories from the network giant cover a range of vulnerabilities in Cisco IP Phones and its Unified Communications Manager (UCM) call management software.A range of Cisco 7900 Series IP Phones are subject to multiple flaws, some of which may lend themse......
[more] UK banks hit by phishing assault UK banks were the second-most targeted in the world last month, following the emergence of phishing attacks via the Storm botnet, according to a new report from RSA. UK financial institutions accounted for 15 percent of all banking brands targeted, according to a report from RSA's Anti-Fraud Command Center (AFCC) last week. They followed on from US banks at 61 percent. RSA's findings are roughly consistent with those of other security firms. McAfee, for instance......
[more] Scareware package planted in ITV.com ads Users visiting the website of UK broadcaster ITV risk exposure to a scareware package. Malware-laced banner ads that lead to download sites for the Cleanator scare package have also been served up on the Radio Times website. Radio Times confirmed that it removed the offending ad late Wednesday morning, following initial reports of the problem on Tuesday. The cleanliness or otherwise of the ITV website is unclear at the time of writing.Cleanator is a rogu......
[more] Localised malware adding to growing number of threats Virus writers are getting more sophisticated and are localising malware for specific markets claims a senior security researcher. For example, said Dave Marcus, security research and communications manager for McAfee Avert Labs, look at the taunting Trojan, which goes after users of the Winny file-sharing program (Winny creator Isamu Kaneko was convicted of abetting copyright violations in late 2006). Winny is file-sharing software that is i......
[more] Logins for 8,700 FTP servers found on sale Criminals have assembled a huge database of hacked FTP server logins belonging to some of the world’s leading companies, a security company has revealed. Security vendor Finjan said it had stumbled upon a database containing account usernames, passwords and server addresses for a staggering 8,700 FTP servers, many of which were being used by US Fortune 100-level enterprises. The hacked servers could be used to distribute crimeware by injecting iframe t......
[more] Malware removes rival rootkits Miscreants have created a strain of malware capable of removing rootkits from compromised PCs, only to install almost undetectable backdoor code of its own. The Pandex Trojan stops previously installed rootkits from working by removing their hooks into system calls. Pandex then installs its own rootkit component, detected by Trend Micro as Pushu-AC. Rootkits are a type of malware that hide their presence on infected PCs, making them more dangerous than typical vir......
[more] Gooner fan site nobbled by malware An Arsenal fan site has been compromised to serve up sophisticated malware. Malicious code smuggled onto Onlinegooner.com redirected users to sites in Asia and Russia that download a wide variety of nasties onto vulnerable Windows PCs. The downloaded malware contains a potent cocktail of rootkit, keylogging, backdoor, ARP (Address Resolution Protocol) poisoning, and DNS (Domain name system) spoofing capabilities.An analysis by net filtering firm ScanSafe sugge......
[more] Criminals automate security testing Cyber-criminals are starting to resemble the legitimate software industry to such an extent that they even pre-test malware applications for effectiveness before rolling them out. That is according to PandaLabs, which has found forums on which criminals hook up with one another to push ahead with development of applications which can be used to test their creations against known security products. In a blog, the company analyses several of the malware-testing......
[more] 'Mebroot' proves to be a tough rootkit to crack A rootkit uncovered in the wild in December is proving to be a real headache to detect, according to Finnish security company F-Secure. Dubbed "Mebroot," the rootkit infects the master boot record (MBR), the first sector of a PC's hard drive that the computer looks to before loading the operating system. Since it loads before anything else, Mebroot is nearly invisible to security software. "You can't execute any earlier than that,&q......
[more] Hackers find clever new way to hose Google users Hackers have found a new way to get Google to point to malicious websites with the help of unwitting websites such as ZDNet Asia and TorrentReactor. As a result, at least 20,000 Google search results that appeared to lead to pages on the Asian version of ZDNet and the BitTorrent tracker site actually directed end users to sites that attempted to install malware. The hack, which was first documented by Dutch researcher Dancho Danchev, takes advant......
[more] Chelmsford council deploys hosted e-mail security platform to cut costs Chelmsford Borough Council has selected the hosted Websense E-mail Security system to protect its network and reduce costs. The three-year contract covers about 1,000 users and will help the council prevent spam and e-mail-borne threats. Websense Hosted Email Security is now fully deployed following a brief evaluation for testing. The service identifies and stops spam and e-mail-borne viruses, phishing attacks and other mal......
[more] The malware menace – but not as we know it Shields are the essential accessory without which no fictional spaceship would be able to venture beyond the final frontier. And with the changing nature of threats in cyberspace, the need is growing for a similar protective ‘shield’ for users, to absorb attacks and to protect online identities against both high-profile and stealthy infiltration attempts. These new types of threats often evade detection by traditional antivirus solutions and security su......
[more] BlackBerry servers ripe for the hacking Many companies running BlackBerry Enterprise Server (BES) could be inadvertently opening a door to attackers, a penetration testing company has found. Penetration testing consultancy NTA Monitor found that most of its customers running the BlackBerry Server with Microsoft Exchange were taking the path of least resistance by opening unencrypted ports from the heart of their network to service providers. The providers, in turn, opened a return back to the BE......
[more] Microsoft patches Excel zero-day bug, releases three other fixes Microsoft issued four "critical" patches, including one for the zero-day Excel vulnerability reported in January, in its March Patch Tuesday round of bug fixes. In all, the company corrected 12 vulnerabilities, all client-side problems associated with its Microsoft Office productivity suite. "Every single patch is critical and needs to be seriously considered for remediation," Paul Zimski, senior director of ma......
[more] Remote workers still causing IT headaches "Reckless" and uninformed remote workers – opening emails from unknown sources and surfing on their neighbours' wireless networks – are partly responsible for an anticipated rise in security spending by IT managers during 2008. That's according to new research commissioned by networking giant Cisco and carried out by market research firm InsightExpress. It surveyed more than 2,000 remote workers and IT professionals across various industries in 10 count......
[more] The threat of the Ajax Super-Worm The rapid evolution of “Web 2.0” has sparked the convergence of social networking on a massive scale and the adoption of new combinations of technologies that significantly increase the so-called ‘attack-surface’. This combination offers irresistible opportunities to organised crime. In recent years, malware attacks have been targeted and mass worms have been quiet. The days of blockbuster headlines about mass infections such as Slammer are long gone. Or are th......
[more] Scaring users into IT security In order to get all employees to do their part in maintaining IT security, sometimes the best strategy is to simply tell them about the attacks and vulnerabilities that companies deal with. There's nothing like telling a good horror story to encourage your employees -- from senior executives to rank-and-file workers -- to do their part in improving IT security. Cisco Chief Security Officer John Stewart has all the technological tools in the world at his fingertips......
[more] Attacks pushing Web controls Significant debate has recently been given over to the topic of whether or not younger workers will eschew jobs at companies that attempt to limit their access to popular Web sites and online applications, but some companies are already responding to rising security threats by blocking their employees from using work machines to move about the Internet freely. Large financial services companies have been known to enforce strict controls over the range of sites that......
[more] What firewalls do and don’t do Over the last few years, security threats to companies have grown and altered dramatically and so have the defences. Traditional firewalls, installed over three years ago, are often not best suited for current threats and don't protect against a number of newer threats. What firewalls doA firewall is a system designed to prevent unauthorised access to or from a private computer network. Firewalls are frequently used to prevent unauthorised Internet users from acce......
[more] Malware targets online gamers Kaspersky Lab has added almost as many new malicious programs to its antivirus databases in 2007, as it had done in the course of the previous 15 years. The significance of this statistic is amplified by the demise of non-commercial malware in 2007, with the motive behind all major epidemics and malicious programs during this period being financially driven. "The Internet had never experienced anything like this onslaught of threats and throughout 2007 Kaspers......
[more] Euro 2008 sales site in drive-by download attack Hackers have successfully planted malware on a website selling tickets for the upcoming Euro 2008 Championships. The site of European ticket re-sale firm euroticketshop.com was infected by Trojan horse malware in a bid to infect soccer-loving surfers with insecure PCs. This drive-by malware style of attack is growing increasingly popular. Visitors attempting to purchase tickets through the site were exposed to a malicious script which is embedded......
[more] Companies struggle as Safari pops up on networks Companies struggle as Safari pops up on networks. For Cody Wilson, the trouble began a few weeks ago, when he noticed that Safari had popped up as a download option with his Apple Software Update, the program that is used to update iTunes and QuickTime. Wilson, a network administrator with Soy Capital Bank and Trust in Decatur, Illinois, soon found out that many of the users on his network had installed the software without realizing it. "I......
[more] Move over Storm - there's a bigger, stealthier botnet in town Researches have unearthed what they say is the biggest botnet ever. It comprises over 400,000 infected machines, more than twice the size of Storm, which was previously believed to be the largest zombie network. Machines from at least 50 Fortune 500 companies have been observed to be running the malicious software that's at the heart of "Kraken," the botnet that security firm Damballa has been tracking for the last few week......
[more] ‘Crimeware as a service’ the next big thing 'Crimeware as a service', where criminals use online cybercrime services instead of running their own servers and software, is the latest development in internet crime, according to a report. The term was coined by security supplier Finjan, in the latest report from its Malicious Code Research Centre. Finjan identified that criminals have started to use online cybercrime services instead of having to deal with the technical challenges of running their......
[more] RSA: Shutting down power grid is no problem for hackers Gaining access to IT systems and shutting down the electricity grid is simple, a security expert told the RSA security conference in Las Vegas. He told delegates he had done so in less than a day. Ira Winkler, a penetration-testing consultant, says he and a team of other experts took a day to set up attack tools they needed then launched their attack, which paired social engineering with corrupting browsers on a power company's desktops. B......
[more] Businesses face new breed of security threats Pass the hash" and "metasploit" are two of a breed of emerging security threats facing corporate IT departments. The key security threats facing businesses range from mutations of established phenomena — such as malware or phishing — to less well-known ones, such as metasploit releases and pass-the-hash attacks. The most dangerous new security threats were revealed by experts at the RSA security conference in San Francisco this week.Ed Skoudis, a ha......
[more] Bot breaks Hotmail's CAPTCHA in 6 seconds A new bot can crack defenses erected by Microsoft Corp. to keep spammers from creating large numbers of accounts on its Live Hotmail service within seconds, a security researcher said today. Dan Hubbard, vice president of security research at Websense Inc., said the bot broke Live Hotmail's CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) within six seconds, on average. CAPTCHA is the name given to the distorted, scra......
[more] Vista security is annoying by design If you're running Windows Vista, you're familiar with UAC (User Access Control). It's the security subsystem that pops up those irritating dialog boxes asking whether you really want to install software, modify system files, or write to the Registry. UAC may be Vista's most-hated feature, but as it turns out, it may also be its best-designed. As reported by Ars Technica, UAC was created with a very specific purpose in mind: to annoy you. Ars picked up this t......
[more] Advice for securing your site and your reputation Is your company's Web site hacked? Today, it can be hard to tell. Online crooks who successfully break into a site often sneak in small bits of code that leave no visible trace but can attack visitors who simply view the page. In fact, according to a Websense Security Labs report, online thugs who want to spread their viruses, Trojans and other malware are more likely to hack an existing site than to put up their own poisoned page......
[more] Merck Brazil deploys Blue Coat ProxySG and ProxyAV to manage Web usage Blue Coat Systems, Inc. has announced that Merck Brazil, a division of the leading manufacturer of vaccines and medicines in Latin America, has deployed Blue Coat® ProxySG® and Blue Coat® ProxyAV™ appliances to manage Web usage, accelerate Internet content and applications, protect against malware and enforce policies for employee Web usage. Blue Coat appliances provide Merck with a unique combination of security, policy con......
[more] Researchers determine source of SQL attacks Security researchers at the SANS Internet Storm Center (ISC) have discovered a utility that served as the foundation for a series of attacks that compromised thousands of websites and infected millions of users' PCs over the past several months. The utility performs automated SQL injection attacks against websites found to be vulnerable to specific web searches, according to a report from the ISC. The utility, which appears to be written in Chinese, a......
[more] Hannaford to spend 'millions' on IT security upgrades after breach Executives at Hannaford Bros. Co. said today that the grocer expects to spend "millions" of dollars on IT security upgrades in the wake of the recent network intrusion that resulted in the theft of up to 4.2 million credit and debit card numbers from its systems. The planned upgrades include the installation of new intrusion-prevention systems that will monitor activities on Hannaford's network and the individual systems at its......
[more] China worries hackers will strike during Beijing Olympics While CNN recently faced distributed denial-of-service attacks from Chinese hackers angry about the cable television network's coverage of a recent Chinese crackdown in Tibet, Chinese security officials remain worried hackers will strike while the Olympic Games are being held in Beijing. "Based on historical experience, many hackers seeking to make a name for themselves view the Olympic Games as a challenge and a target, and the Bei......
[more] MS patch system poses 'significant risk', say researchers A group of four computer scientists urged Microsoft to redesign the way it distributes patches, after they created a technique that automatically produces attack code by comparing the vulnerable and repaired versions of a program. The technique, which the researchers refer to as automatic patch-based exploit generation (APEG), can create attack code for most major types of vulnerabilities in minutes by automating the analysis of a patch d......
[more] Staff actively seek enterprise security loopholes Enterprise users are "actively and intentionally" evading IT security controls and ignoring acceptable use policies, according to Palo Alto Networks' first annual "Application Usage and Risk Report." The recent survey results from Palo Alto, a firewall vendor, are based on traffic from 350,000 users in 20 organisations that span the financial services, manufacturing, healthcare, state/local government and healthcare industries. The report highli......
[more] IM malware spikes in April Instant messaging attacks leapt 162 percent in April according to security firm Akonix. The company tracked 21 new malicious code attacks over the month. The jump accompanies a boom in take-up of enterprise unified communications systems (UC) over the past few months, a fact that is unlikely to be a mere coincidence, Akonix said. UC systems are designed to bring together all a company's communications systems onto a common internet protocol (IP) infrastructure, and of......
[more] Hackers find a new place to hide rootkits Security researchers have developed a new type of malicious rootkit software that hides itself in an obscure part of a computer's microprocessor, hidden from current antivirus products. Called an SSM (System Management Mode) rootkit, the software runs in a protected part of a computer's memory that can be locked and rendered invisible to the operating system but which can give attackers a picture of what's happening in a computer's memory. The SMM rootk......
[more] Vista as insecure as Windows 2000 Good news for users of Windows Vista. According to figures compiled by PC Tools, the OS has experienced only slightly more vulnerabilities than Windows 2000, which appeared eight years ago when malware was far less common. Or is that the bad news? Despite having a reputation as the least vulnerable of Microsoft's operating systems, Vista still managed to record 639 unique vulnerabilities over roughly the last half year, which puts it in a worse position than th......
[more] New attacks break 500,000 websites More than half a million websites have been compromised in a new round of attacks that hacked domains in order to infect unsuspecting users' PCs with a variety of malware, a security researcher said today. "This is an on-going campaign, with new domains [hosting the malware] popping up even this morning," said Paul Ferguson , a network architect with anti-virus vendor Trend Micro . "The domains are changing constantly." According to Ferguso......
[more] Phishing botnet expands by hacking legit sites A botnet is now using a SQL injection attack tool designed to hack legitimate Web sites, a move meant to add more hijacked PCs to its collection, according to a security researcher. The Asprox botnet, which specializes in sending phishing spam, is pushing an update to the infected PCs it controls, Joe Stewart, the director of malware research at Atlanta-based SecureWorks Inc., said today. The update is an executable file -- "msscntr32.exe"......
[more] Has Windows Vista's UAC feature failed Microsoft? Experts agree that Microsoft's Windows Vista is relatively well-protected, but its security features — such as User Account Control (UAC) — have been highlighted by security experts as one reason why the operating system is far less popular than its predecessor, Windows XP. According to Scott Charney, vice president of Microsoft's Trustworthy Computing Group, UAC was designed to give users more control over the applications they run and help the......
[more] Asprox botnet arrival prompts warning on Hybrid security attacks IT security reseller Global Secure Systems (GSS) has warned companies to review their security protection following the arrival of the Asprox botnet on the scene. "Asprox is more than just another piece of botnet malware as it's what we call a hybrid. It uses an SQL-injection attack tool that attacks legitimate Web sites, and so adding to the overall botnet swarm," said David Hobson, GSS' managing director.According to H......
[more] Antivirus is 'completely wasted money': Cisco CSO Companies are wasting money on security processes — such as applying patches and using antivirus software — which just don't work, according to Cisco's chief security officer John Stewart. Speaking at the AusCERT 2008 conference in the Gold Coast yesterday, Stewart said the malware industry is moving faster than the security industry, making it impossible for users to remain secure."If patching and antivirus is where I spend my money, and I......
[more] Phlashing attack thrashes embedded systems A security attack that damages embedded systems beyond repair was demonstrated for the first time in London on Wednesday. The cyber-assault thrashes systems by abusing firmware update mechanisms. If successful, the so-called phlashing attack would force victims to replace systems. The attack was demonstrated by Rich Smith, head of research for offensive technologies and threats at HP Systems Security Lab, at the EUSecWest security conference in London......
[more] Ignorance and the Data Loss Connection Yet another survey from a security firm has found that employees continue to show poor judgment when it comes to letting sensitive data out of their company. This time, the study found that management's policies are also part of the problem: They aren't formed or clearly stated. In its fifth annual study of outbound email and data loss prevention issues, Proofpoint found that more than 40 percent of employees of large (20,000 people or more) forms taking p......
[more] Do Hackers Pose a Threat To Smart Phones? In addition to placing calls, smart phones pack many of the functions found on computers: Internet, email, multimedia programs and even word-processing and spreadsheet capabilities. But, like computers, smart phones are vulnerable to viruses and other types of malicious software. By all accounts, the risk of a smart-phone attack is low. But as people start using the devices for more sensitive tasks -- handling customer data and transferring corporate fil......
[more] Potty-mouthed hackers steal comcast.net keys, go for a spin Unknown hackers hijacked Comcast's domain name for three hours overnight, sending subscribers who tried to access webmail and other services to a rogue site that bragged of the exploit. Comcast lost control of the comcast.net address after the attackers changed registration information stored by its domain registrar, Network Solutions, a Comcast spokesman said. The unauthorized change redirected people attempting to visit the site to a......
[more] Cybercrooks plant phishing scam on crime reduction website Phishing fraudsters hacked a Home Office crime reduction website to host an Italian phishing website on Monday. An RFI (Remote file inclusion) exploit was used to launch the phished page off the webserver hosting crimereduction.homeoffice.gov.uk. As a result of the SQL Injection attack a page resembling the Poste.it site was served up so that it appeared to come from the homeoffice.gov domain. Poste.it is the website of an Italian bank a......
[more] Storm worm resurfaces, tries love angle again After a hiatus, the gang behind the Storm worm is attempting to exploit people's curiosity about a fictional love interest to tempt users into downloading the malware, according to security training organisation the Sans Institute. Donald Smith, a security expert from the Sans Institute, warned on Tuesday that a Storm worm download site had been detected by security researcher 'DavidF'. A link that contained the site's IP address was being spammed o......
[more] City of Utrecht blocks unknown malware and stealthy crimeware attacks The City of Utrecht (Gemeente Utrecht) deployed Finjan’s award winning Secure Web Gateway to secure its infrastructure and data and to ensure the availability, integrity and confidentiality of its communications. Utrecht is the fourth largest city in the Netherlands with a population of close to 300,000 citizens. The City’s 4,000 users are divided into different user groups, depending on their particular responsibilitie......
[more] Stark warning as UK faces cybercrime boom A government report on serious criminal threats to the UK has warned of the growing danger from international gangs of online and credit card fraudsters. The UK Threat Assessment of Serious Organised Crime pinpoints a surge in attempts to hijack bank accounts using email phishing and key-logging malware. The report by the Serious Organised Crime Agency (Soca) says groups of criminals worldwide are collaborating over the web, specialising in roles from s......
[more] Cyber-fraudsters strike gold at South African government The South African government has lost more than £12m (199m Rand) over the last three years thanks to a cybercrime syndicate using spyware. The scam has been running since 2005 and is still going on despite the arrest of 32 people. Thieves have targetted various government departments in four provinces. A number of civil servants have also been sacked. Crooks are using corrupt government officials and suppliers to fix a small piece of kit......
[more] Major security sites hit by XSS bugs The websites of three of the security industry's best-known companies include security flaws that could be used to launch scams against customers, according to a new report. The report, from security watchdog site XSSed, verified 30 cross-site scripting (XSS) vulnerabilities across the sites of McAfee, Symantec and VeriSign. The flaws could be used to launch scams or implant malicious code on the systems of visiting users, according to XSSed. Recent resea......
[more] AVG scanner blasts internet with fake traffic Early last month, webmasters here at The Reg noticed an unexpected spike in our site traffic. Suddenly, we had far more readers than ever before, and they were reading at a record clip. Visits actually doubled on certain landing pages, and more than a few ho-hum stories attracted an audience worthy of a Pulitzer Prize winner. Or so it seemed. As it turns out, much of this traffic was driven by the new malware scanner from AVG Technologies.Six months......
[more] Behind the scenes of Firefox 3.0 There is a clear sense of anticipation building at the Mozilla Foundation's headquarters in Mountain View, California where engineers have been working for the past 34-36 months perfecting Firefox 3.0. "This is the biggest release by far of Firefox," says Mike Schroepfer, vice president of engineering at the non-profit that drives the web browser's development. "We couldn't have done it without the two million people around the world already runn......
[more] New DNSChanger Trojan variant targets routers Secure Computing researchers have discovered a new variant of the DNSChanger Trojan in the wild that attacks routers, meaning any Web surfing computer on that network could be at risk of being redirected to a malicious Web site. The DNSChanger Trojan changes the DNS settings to point to a host Web site address supplied by the attackers, Sven Krasser, director of data mining research at Secure Computing, said in an interview with CNET News.com on Tu......
[more] Browser wars changing security game The re-emergence of the 'browser wars' between Internet Explorer, Firefox, Opera and newcomer Safari is changing the security landscape, say experts. The competition between the browsers, along with a newfound variety, has created both security advantages and new threats as attackers and malware writers adjust to the new landscape. In a recent blog posting, F-Secure researcher Sean Sullivan pointed out that the bevy of IE alternatives is having unexpected ben......
[more] Instant trojan to worm toolkit sighted Miscreants have created a point-and-click toolkit designed to make it easier to both create and distribute Trojans. The Trojan2Worm (T2W) toolkit turns any executable file into a worm with auto-spreading capabilities. As such it provides the ability for Trojan infection agents to acquire worm-like spreading abilities. The tool requires minimal skills to use, net security firm Panda Security reports. Features include the ability to compress infectious files......
[more] Trend Micro gambles on 'in the cloud' technology On Wednesday, Trend Micro CEO and co-founder Eva Chen unveiled a new vision for her company that includes "in-the-cloud" malware analysis. Unlike the computer viruses of 20 years ago, which were slow to evolve and infected thousands of systems worldwide, malware today evolves rapidly and infects relatively few systems, creating thousands of new variants each day. Chen admits that traditional signature-based antivirus strategies may seem a bit out......
[more] Do smart phone viruses really threaten your network? All evidence points to the fact that smart phone viruses will be a threat to your network even though they aren't at this moment. After all, the latest mobile devices are packed with more and more applications and corporate data, are enabled for real Web browsing and online collaboration, and can access corporate servers. What's more, they live outside your firewall and often make use of three wireless networks (Bluetooth, Wi-Fi and cellular).......
[more] Cleaning Chinese malware sites a 'bigger challenge' than in U.S., says researcher More than half the sites spreading malicious code are hosted on Chinese networks, an anti-malware group said today. Of the over 213,000 malware-hosting sites analyzed last month by Stopbadware.org — a joint effort of researchers at Harvard University, Oxford University and several corporations, including Google Inc. and Sun Microsystems Inc. — 52% were hosted by servers running Chinese IP addresses. Of the top 10 n......
[more] Tennis sites hit by drive-by download attacks Two high-profile tennis websites are among scores of victims of a new wave of SQL injection attacks. The website of game regulators ITF and ATP, the professional players tour, were hit by automated attacks in the run-up to this week's Wimbledon championship. The ITF (International Tennis Foundation) website has since been cleaned up but the ATP website remains dirty, according to Fraser Howard, a security researcher at Sophos who's tracking the atta......
[more] Trojan lurks, waiting to steal admin passwords Writers of a password-stealing Trojan horse program have found that a little patience can lead to a lot of infections. They have managed to infect hundreds of thousands of computers, including more than 14,000 within one unnamed global hotel chain, by waiting for system administrators to log onto infected PCs and then using a Microsoft administration tool to spread their malicious software throughout the network. The criminals behind the Coreflood......
[more] IT Directors unprepared for emerging Web-based attacks An IT Director survey conducted by Secure Computing Corporation uncovers a rising concern of insider threats and widespread acknowledgement of being unprepared for emerging Web-based attacks. When asked whether they believed insider or outsider threats posed a bigger problem to their organisation, more than 80 per cent of the 103 Directors surveyed prioritise insider threats (defined as either unintentional data leakage or deliberate data t......
[more] Fake Microsoft patch spam A new spam attack falsely alerts users to download a Microsoft patch, but when responded to, the user is directed to a page that installs malware on the user's computer. According to a report from Websense, the message tells users that their Windows version is vulnerable to a critical security issue and directs them to a download page. The link actually uses an open redirect to a legitimate shopping site. From there, the redirect forwards users to a URL with a pop-up b......
[more] Secure Computing warns Olympic Fever could impact your network The 2008 Beijing Olympics are nearly upon us. And for the first time employees will be able to watch the games via live streaming through a local host – Channel Seven will be streaming over 100 hours of footage from the Games via Yahoo!7. But Eric Krieger, Secure Computing's country manager for Australia and New Zealand, warns that the interest generated by the Olympics could have significant effects on an organisation's productivit......
[more] Cyber-crooks celebrate independence Malware writers are looking to cash in the upcoming 4th of July weekend, say security experts. With the US gearing up to celebrate its Independence Day on the 4th and the release of the iPhone scheduled for the 11th, the first two weeks of July could be a busy time for malware, according to security firm MX Logic. The company predicted in its monthly threat forecast that both events will be used as bait for attackers. MX Logic noted that the 4th of July was......
[more] Secure Computing's Secure Web protects Joy Global from emerging Web 2.0 threats Secure Computing Corporation has announced that Joy Global Inc. has implemented Secure Computing’s Secure Web (formerly known as Webwasher®) security appliance. By deploying Secure Web, Joy Global has greatly improved its network security, including protecting company resources from emerging Web 2.0 threats. In addition, Secure Web has provided the mining equipment supplier with flexible Web filtering and has reduced......
[more] Detroit Knocks Out Email Threats and Improves Citywide Communication With Websense Hosted Email Security The "Motor City" of America, known for its legacy of developing fast automobiles, recently saw its city government email system slow to a crawl, plagued with email servers overrun with spam and computers infected with viruses. That's when the City of Detroit Information Technology Services (ITS) decided to replace their server-based anti-spam solution with Websense® Hosted Email Security acro......
[more] New Trojan in the wild targeting multimedia files Secure Computing is warning of a new Trojan in the wild that is infecting multi-media files on a victim’s hard disk. The initial infection happens from a pirate software site better known as a Warez site, where users go looking for an illegal crack or serial key to run copy-protected software. According to Secure Computing’s security advisory, when trying to play back the infected files, the user is fooled into believing a codec is needed......
[more] Texas Bank Dumps Antivirus for Whitelisting Brent Rickels, senior vice president at First National Bank of Bosque County, had grown tired of dealing with antivirus software. He was tired of regularly updating virus signatures, tired of hackers constantly tweaking malware, and tired of worrying about what users had downloaded onto their PCs. So Rickels dumped the bank’s AV software for a whitelisting product and in the process, become one of its first commercial customers. First National Bank o......
[more] Small Business A Big Target For Cyber Attacks Once upon a time, most small-to-midsize businesses enjoyed a relatively secure status, free from malicious cyber threats. Not so anymore, experts say. "It used to be that SMBs were not a target just because of how small they were," said Andy Klein, senior product marketing manager, e-mail security division for SonicWall Inc., Sunnyvale, Calif. "So they could put up a Web server and no one would ever see it. But that's changed. Two, t......
[more] Malware to hit 1 million mark in days Security vendor, F-Secure is days away from capturing its unprecedented one millionth piece of malware. "Gone are the days where you had to worry about someone trying to rob your car or mug you in the streets. Thanks to the internet, we now have to worry about criminals that are far away." This was the grave warning Chia Wing Fei, security response team manager at F-Secure’s Malaysian headquarters, gave to a room full of visiting journalists last week......
[more] Secure Computing's Secure Web wins top honours in comparative anti-malware study Secure Computing Corporation, a leading enterprise gateway security company, today announced that in an independent test,Secure Computing's Secure Web (formerly Webwasher) Anti-Malware engine again ranked first place, achieving a near-perfect overall score and surpassing all other leading vendors. Secure Computing's Secure Web detected 97% of the samples with the best response time, scoring higher than all 27 other......
[more] Security Sleuths Sound Alarm on Asprox Flare-Up Web security firm Finjan issued a warning Thursday about a new wave of mass Web attacks that it said has affected more than 1,000 Web site domains, including government, retail, healthcare and advertising sites. Security vendors have been aware of the attack toolkit, dubbed "Asprox," for several years. However, they have noticed an uptick in the popularity of the malware since 2007.In May, cyber-criminals began a new round of mass Web at......
[more] Security SAAS Makes Messaging Strides Security in the cloud, also called Security SAAS, is currently focused on messaging security, but expect the concept to include remote vulnerability testing, malware filtering, URL blocking, browser proxy security and other areas as the enterprise work force relies more on mobility and applications in the cloud. Efforts at security in the cloud, also called Security SAAS, are currently focused on messaging security, but expect the concept to expand as the e......
[more] Trend Micro's TrendLabs Identify Malicious Files Spreading in the run up to the Beijing Olympics 2008 Trend Micro's TrendLabs have confirmed that malicious .DOC files have been spreading in the lead-up to the Beijing Olympics next month. According to Trend Micro's official Trend Labs Malware blog, malware authors are busy mounting attacks that play on the sporting event. Reports have surfaced about a zero-day MS Word vulnerability affecting Microsoft Word 2000, 2002, and 2003 which is said to a......
[more] Will you be ditching your antivirus app anytime soon? For the last few months, I've been hearing some well-regarded security people tell me they are considering ditching their antivirus protection all together. They haven't done it, but these individuals feel the days of having a special application scan to remove malware on your desktop are numbered. Malware has changed, but the applications to ferret them out have not. Antivirus programs, as we know them today, are based on 20-year-old techn......
[more] Social networking sites leave corporate networks vulnerable: survey An increasing number of people are visiting social networking sites at work, potentially exposing corporate networks to malicious attacks, according to research by security vendor Trend Micro. The survey quizzed 1,600 corporate end users in the UK, US, Japan and Germany. It found that 19% of respondents had visited social networking sites while at work, an increase from 15% in 2007. Social networking sites, such as Facebook, My......
[more] Banking Trojan hides in fake Alonso F1 crash story Fabricated news of a supposed car accident involving Formula One star Fernando Alonso is being used to distribute a new banking Trojan. The fake news story, supposedly from Spanish daily El Pais, has two-time motor racing champion seriously injured on Tuesday in an accident in the norther city of Bilbao. The bogus story, distributed via spam emails, links to a video clip depicting what appears to be a spectacular blaze. The clip installs malware......
[more] Super Malware Asprox Takes UK By Storm, Targets Government Websites The last few weeks have seen a resurgence in the number of attacks based on the Asprox malware and coming from East European countries, something that was highlighted by GSS back in May 2008. Asprox uses an SQL-inhection attack tool to attack legitimate Websites and has managed to hit hundreds of Government and consumer websites including some oeprated by the NHS and the Hackney local council, one of 12 local councils hit. Mor......
[more] 1 Millionth Malware Detected! Much faster than expected, the number of malware detections on the web has reached the unfortunate 1 millionth benchmark. According to F-Secure, the number of Trojans, backdoors, exploits and other threats has doubled since the end of 2007, growing at a rate of 2,300 new detections per day. The security company believes this recent explosion of malware is a result of the industrialization of virus production that is the packing, encryption, and obfuscation of exist......
[more] Tale of two halves must end A recent survey carried out by business generation company Emedia has found 50 per cent of network managers and 48 per cent of security managers believe that remote workers are most likely to introduce malware into the corporate network. With IT bosses increasingly concerned over the security risk posed by remote workers, a conflict of interest is now arising. As organisations turn to hosted application services and outsourced datacentres and their employees demand a......
[more] Akonix: Steady Uptick in IM/P2P Attacks Akonix Systems, Inc., the leading provider of unified policy management products for instant messaging (IM) and unified communications, today announced its IM Security Center researchers found steady growth in IM and P2P threats through the first seven months of 2008. With 40 unique threats in July on the heels of the year's peak month of 51 threats in June, the current trendline shows a projected growth of 107% for the year. New IM worms identified this......
[more] With rise in China's Internet use, more security threats seen Don't look now but the rise in Internet usage in China, the popularity of social networks and the proliferation of mobile phones may soon give rise to new Internet security threats the likes the world has never seen, according to Steve Chang, founder and former CEO of security firm Trend Micro Inc. In a forum for top IT students at UP Diliman, Chang warned that the convergence of viruses, trojans and computer worms is changing the ve......
[more] 8 ways to fight spam filter frustration Spam. It fills our in-boxes, wastes our time and spreads malware -- and it's only getting worse. According to Ferris Research, which studies messaging and content control, 40 trillion spam messages are expected to be sent in 2008, costing businesses more than $140 billion worldwide -- a significant increase from the 18 trillion spam messages sent in 2006 and the 30 trillion in 2007. In theory, e-mail filtering software and appliances allow "good"......
[more] Adobe warns of bogus Flash Player installers Hackers are trying to dupe people into downloading malicious software labeled as Adobe Systems' Flash Player, prompting a warning from the company. Adobe is advising users to ignore links on social-networking sites that lead to other Web sites purportedly hosting Flash Player, as those sites often have malicious software. "If the download is from an unfamiliar URL or an IP address, you should be suspicious," Adobe's advisory said. Labeling......
[more] Spammers Go for Olympics Gold Spammers and cybercriminals are fanning the flames of the Beijing 2008 Olympics frenzy in a bid to get a cut of the take. And enterprises need to act now to avoid getting hammered. The latest attack saw 57 e-mails containing press release and media information that appear to be from the International Olympic Committee (IOC) hitting 19 domains, according to MessageLabs, which provides managed secure electronic communications services. These e-mails have an Adobe Ac......
[more] New SQL attacks emerge Security researchers are warning of a new round of SQL attacks being reported. Researchers at F-Secure are reporting an outbreak of attacks that mainly target Chinese sites. Attackers have been using SQL vulnerabilities to inject malicious code into individual web pages. The code then redirects the user to an attack page, which attempts to exploit a number of vulnerabilities on the user's system and install malware. If the attack is successful, the user is infected with a......
[more] BT deploys Blue Coat ProxySG appliances to protects its corporate network from Web 2.0 threats The use of social networking sites has soared over recent years, with an estimated 64 million people worldwide using the technology for both social and work related purposes. For many employers, an outright ban of such sites is simply not realistic and a growing number are now actively embracing the use of networking sites and other Web 2.0 tools such as P2P (Peer to Peer) and Wikis in order to encoura......
[more] Cyberattacks knock out Georgia's Internet presence Hackers, perhaps affiliated with a well-known Russian criminal network, have attacked and hijacked Web sites belonging to Georgia, the former Soviet republic now in the fourth day of war with Russia, a security researcher claimed on Sunday. Some Georgian government and commercial sites are unavailable, while others may have been hijacked, said Jart Armin, a researcher who tracks the notorious Russian Business Network (RBN), a malware and crimi......
[more] Researcher reveals critical Java bugs in Nokia phones A pair of critical vulnerabilities in Sun Microsystems Inc.'s Java technology for mobile devices could be used by hackers to surreptitiously make calls, record conversations and access information on Nokia Series 40 cell phones, a Polish researcher said today. Adam Gowdiak, a researcher who has found numerous bugs in Java 2 Micro Edition (J2ME) in the past, said he reported the two vulnerabilities to Sun last Thursday and notified Nokia the......
[more] Facebook quashes malware attack Facebook has blocked links between its social networking site and malware-infested websites to where malicious hackers have been trying to lure Facebook members. "We've identified and blocked the ability to link to the malicious websites from anywhere on Facebook. Less than .002 percent of people on Facebook have been affected, all of whom we notified and suggested steps to remove the malware," wrote Max Kelly, Facebook's head of security, in a blog post early Fri......
[more] Olympics news sites hit with attacks Hackers are using SQL injection attacks to infect websites with updates on the Olympics, according to a Sophos blog post. Graham Cluley, senior technology consultant with security vendor, Sophos, said that the SQL injection attack was designed to install malware onto users' computers. The attack drags malware from a third-party Russian site, turning personal computers into bots. Apparently, several sites that received a news feed from Agence-France Presse, w......
[more] Hackers spoof MSNBC alerts in new twist on massive malware ruse Hackers trying to plant malware on PCs have switched from touting news supposedly from CNN in come-on messages to pushing breaking stories said to be from rival network MSNBC, security experts said today. The fake messages pose with subject headings that include the phrase "Breaking News," along with phony headlines, such as "Jerry Yang relinquishes control over Yahoo," "Mary-Kate Olsen responsible for Heat......
[more] How to protect against web advertising exploits Web browsers became integrated into many daily job functions years ago. We use them to help streamline business processes, access organisational intranets, and reach across the world within seconds for information. Browsers are responsible for displaying tons of website data, everything from application data, to links and images, to creative advertisements that rely on Java and Asynchronous JavaScript and XML (Ajax). Attackers realise that enterpr......
[more] 5 million fake news spams per hour There's a good chance that you've seen at least one of the spoofed CNN or MSNBC spam messages that are doing the rounds - as many as 5 million of them are being sent per hour. The spoofed messages are modelled on CNN and MSNBC alerts and feature headlines that are calculated to attract attention by tapping interest in celebrities, politics and other current issues. Some of the headlines used are are outlandish, but there seems to be a trend to make them more b......
[more] 'Malvertizement' epidemic visits house of Newsweek.com Newsweek.com is one of several high-profile websites suspected of running rogue banner advertisements that try to trick visitors into installing fraudulent anti-malware programs, security researchers warn. The malicious ads have been appearing on Newsweek's website via feeds that carry the Washingtonpost.com address, according to [a] post on the Bluetack Internet Security Solutions site. The ads redirect users to a site that falsely claims......
[more] Call out a phisher, get attacked by malware Identity thieves target users who talk back in bogus log-in forms Users tired of phishing attacks who retaliate by talking back are being targeted with exploits designed to hijack their computers, a security researcher said today.In a new twist, phishers using the Asprox botnet have struck victims who use the scam\'s log-in screen to give the crooks a piece of their mind. The scammers fire off a multi-exploit attack kit against anyone who uses profanit......
[more] Malware rockets again New report finds more malware was blocked in July than during the whole of 2007. Last month saw more web-based malware blocked than the whole of 2007, an increase of a third, according to security as a service vendor ScanSafe. The firm's latest Global Threat Report for July found an increase of 87 per cent in web-based malware blocks from June to July, mainly caused by the increasing use of SQL injection attacks.July also saw a surge in social engineering-based email attack......
[more] FedEx managed security threat spotted A managed security threat using the name of FedEx to deceive internet users into downloading dangerous malware has been identified.The spam wave has been recognised by IT security firm BitDefender, which claims the malware is engineered to steal sensitive e-banking data.According to the company, an email message claims FedEx was not able to deliver a postal package sent one month ago and asks users to download and print an attached invoice containing a ZBot......
[more] Malware infects space station laptop Malware has once again managed to get from Earth onto the International Space Station, a NASA spokesman confirmed last week. The attack code infected at least one laptop used on the station, an international operation led by the U.S. and Russian space agencies. The NASA spokesman declined to identify the malware, saying only that antivirus software had detected it on July 25. The SpaceRef.com news site last week identified the bug as W32.Gammima.AG. The......
[more] Botnet ranks exploding The number of computers currently controlled by botnets has exploded in recent months, say researchers. Recent figures recorded by the Shadowserver Foundation revealed that in the last 90 days, the number of computers infected by botnets has quadrupled. The increase comes despite a slight drop in the number of botnets, leading researchers to believe that the increase has largely been to the benefit of the large, established operators in the market.The increase has also co......
[more] Microsoft patches 8 critical bugs in Windows, Office Microsoft Corp. today patched eight vulnerabilities, all rated critical, in four security updates for Windows, Office, Windows Media Player, Internet Explorer 6, SQL Server and other programs. Unlike last month, when Microsoft issued 12 bulletins that fixed 26 flaws, today's patched vulnerabilities did not include any that have already been exploited in the wild. "It doesn't look too bad today," said Andrew Storms, director of s......
[more] Warning over Obama sex scandal spam Web monitoring firms are warning IT administrators to update their spam filters after a massive new spamming campaign was detected. Emails are filling up with spam claiming to have a link to a web site that carries video footage of a sexual scandal committed by presidential candidate Barack Obama. It alleges to show footage of him having sex with Ukrainians after a visit to the country last year. “Users who click the link are shown a pornographic video......
[more] XP Security “Scareware” Scams Skyrocketing More users than ever before seem to be falling for scams being levied by fraudsters looking to make a quick – and lucrative – buck from bogus security applications. It’s sad to see people get scammed from their money when they’re seeking some level of protection from Internet threats – but instead they end up paying to install software that does nothing, at best, or is in fact itself malware. At least one security firm says criminals are raking hundreds......
[more] Researchers uncover new tool for building fake YouTube pages Researchers on Thursday discovered a new application that cybercrooks can leverage to create real-looking YouTube pages to serve as the launching pad for malware attacks. “It has the classic-looking square box that you're about to view a YouTube video but you get a pop-up that you're missing a component to view the video,” Ryan Sherstobitoff, chief corporate evangelist at Panda Security, told SCMagazineUS.com.But when user......
[more] BusinessWeek site attacked, turned into malware playground The Web site of BusinessWeek magazine suffered a major SQL injection attack in recent days that left it hosting malware on hundreds of its pages, security vendor Sophos PLC has reported. Once compromised by such a server hole, the attack scripts could, in principle, launch anything desired by the attacker except currently included code for automatic attacks based on JavaScript. That means a visitor could be hit by malware just by landi......
[more] It's time to think differently about protecting data The recent rash of high profile security breaches, data loss incidents and associated fraud highlights the fact that the security industry is failing to meet the threats organizations face when it comes to protecting the lifeblood of their business – their data and their customer's data. As the threats of data loss continue to increase, it's time for IT, CIOs, CEOs, boards and security practitioners around the world to fundamentally reexamine......
[more] Hackers prevent research on malicious code Cybercriminals are randomizing content served from malicious web pages so that they can prevent security researchers from doing proper analysis. According to Websense Security Labs, malware tracking is becoming more difficult because IP addresses and user-agents are being tracked rigorously and often, when pages are served, the content is randomized.Following analysis of malicious Flash files, the company investigated a situation where upon receiving a......
[more] Brad Pitt Tops Charts For Most Celebrity Malware Sites Hollywood actor Brad Pitt has bumped Paris Hilton off the top of the list as the most dangerous celebrity to search for on the Web, according to McAfee researchers. Altogether, fans surfing the Web for "Brad Pitt," "Brad Pitt downloads," and Brad Pitt wallpaper for items like screen savers and images have an 18 percent chance of becoming infected with online security threats such as spyware, spam, phishing, adware and vi......
[more] Secure Computing Highlights Three Major Spam Campigns Secure Computing Corporation has released its monthly report on spam for September 2008 that highlights the spam trends along with three dominant spam surge during August 2008.According to the company, of the three spam outbreaks, CNN/MSNBC News spam was most dominant. Recently, the new spam tactic employed to dupe users into downloading a fake flash player has attracted a great deal of attention. This attack included sending of e-mail messa......
[more] Facebook Malware Campaign Targets New 'Friends' Security researchers discovered a new malicious social-engineering spam campaign Monday designed to lure victims and distribute malware by impersonating the Web 2.0 social networking site Facebook. Capitalizing on the popular social networking site, attackers spoofed the domain facebookmail.com, the official domain used by Facebook for outbound e-mails when alerting users about an upcoming event. Initially, the attack is implemented as a message t......
[more] BBC email list leak highlights dangers of mailing lists Security consultancy Global Secure Systems (GSS) says this week's revelations that a BBC mailing list had been hacked and the users on the list spammed with scams and/or computer viruses, highlights the dangers that spam poses modern companies. "Whilst it's likely that many of the people who signed up to this list were using their personal email addresses, it's a sure-fire bet that some were using their business addresses. And th......
[more] 'Malware-friendly' Intercage back among the living A day after security experts celebrated the death of a network provider accused of hosting a large concentration of the world's cybercrime, California-based Intercage appeared to be among the living again.IP transit provider UnitedLayer agreed to provide upstream service to Intercage about 36 hours after its last transit provider pulled the plug. UnitedLayer's move, which is sure to prove unpopular in some circles, came after Intercage agreed t......
[more] Computer users overeager to click popup 'OKs' Web surfers have a standard reaction to error messages that pop up in their Web browsers, according to new research published this week: They click "OK" and hope it will disappear. Psychologists at North Carolina State University found that computer users have a hard time distinguishing between fake Windows warning messages and the real thing. In an experiment that tested the responses of 42 Web-browsing university students, they found that almost......
[more] Private data at risk from new Trojan A Trojan, highly popular with fraudsters, can add data entry fields to legitimate online banking sites and entice consumers to give up sensitive information such as bank card numbers and PINs. The Limbo malware integrates itself into a web browser using a technique called HTML injection, said Uri Rivner, head of new technologies at RSA Consumer Solutions, a division of EMC. Because it's so closely integrated in the browser, it can operate even while the user......
[more] Police 'find' author of notorious virus The infamous Gpcode 'ransomware' virus that hit computers in July was the work of a single person who is known to the authorities, a source close to the hunt for the attacker has told Techworld. The individual is believed to be a Russian national, and has been in contact with at least one anti-malware company, Kaspersky Lab, in an attempt to sell a tool that could be used to decrypt victims' files. Initially sceptical, the company was able to verify tha......
[more] Fighting the scourge of scareware Microsoft and Washington State's Attorney General filed lawsuits against scam artists who frighten consumers into buying useless software. "Scareware" merchants are accused of tricking computer users into clicking on pop-up alerts that claim their device is "damaged and corrupted". They are then persuaded to buy software that corrects the non-existent issue by offering fake security fixes. It is a "blatant rip-off of consumers," said Attorney Genera......
[more] Phishers cash in on banking crisis Phishers are exploiting confusion over consolidation in the financial industry to extract victims' personal and banking details. Security firm SonicWall said on Thursday that it has been seeing emails that attempt to lure people to fake bank websites, where they are asked to reverify their personal and bank information due to a merger. In one example that targets people affected by the Chase acquisition of Washington Mutual, the email asks recipients to click......
[more] Finjan gains new European patent for malware protection Finjan today announced that the European Patent Office has granted the company Patent No. EP 0 965 094 B1 entitled “System and Method for Protecting a Computer and a Network from Hostile Downloadables”. This patent further adds to Finjan’s extensive and comprehensive intellectual property portfolio in the security market. Features of the patent include techniques to examine executable application programs in real-time and to proactiv......
[more] Spammer campaign exploits email read receipts A new wave of malicious spam relies on requests for delivery confirmations for unsolicited emails. According to security firm BitDefender, the technique uses multiple cons. First, a "read receipt or notification" link attempts to trick the recipient, whose response will verify that the targeted email address is valid and active. If the recipient does not send a read receipt, the spammers deploy a secondary layer of confirmation techniques that uses......
[more] Secure Web gateway for effective data loss prevention in an SSL world Businesses are increasingly moving to SSL-encrypted traffic on their network for greater security and data protection. In fact, in 2007, Enterprise Strategy Group estimated that SSL-encrypted application deployments had increased by 50 to 55 percent. However, more SSL traffic on the network inhibits the effectiveness of a data loss prevention solution. In response to this new application profile that favors SSL traffic, organ......
[more] Academics predict growing cybercrime sophistication Data -- even on platforms such as mobile phones -- will continue to be the primary motive for future cybercrime. That's one of the key findings in a survey released Wednesday by the Georgia Tech Information Security Center (GTISC). The report, called the GTISC Emerging Cyber Threats Report for 2009, outlined the top five areas of security concern and risk for consumer and enterprise internet users for the coming year. The GTISC said it expect......
[more] Fresh Facebook malware attack spotted Security experts are warning both users and administrators following the discovery of a new crop of Facebook malware. Security firm F-Secure said in a recent posting that the company has tracked down a number of pages on the social networking site which attempt to infect users by promising fake videos. The new attacks propagate by way of a malicious worm application which hijacks Facebook information. The user is sent a message from an infected friend which......
[more] F-Secure calls for global internet police The chief research officer at security firm F-Secure has used the company's third-quarter statement to call for the establishment of an international police force to tackle online crime. Mikko Hyppönen warned that the current mish-mash of national law enforcement is proving ineffective, and said that a global approach is necessary. "We should consider the creation of an online version of Interpol - 'Internetpol' - specifically tasked with targeting......
[more] Link spammers set up shop on GMTV sofa website The website of breakfast TV station GMTV was colonised by spammers over the weekend after its domain lapsed. Instead of offering information on presenters or topics to be covered on the show the site became a showcase for links to dating and debt consolidation websites. GMTV - best known for its brightly coloured sofa-filled set and bland interviews conducted with celebrities by Lorraine Kelly - became a link farm for spammers after its domain came......
[more] Botnet experts meet as threat grows for corporations Even though the notorious Storm Worm may have permanently retreated, as recent reports indicate, the threat that botnets pose to businesses arguably has never been higher. Enterprises risk major financial loss due to sophisticated networks of compromised computers barreling through their network with the goal of stealing confidential data, said Jose Nazario, manager of security research at Arbor Networks. "They're finding out they have m......
[more] Compromised Halloween websites passing along rogue software An internet search using the keywords “halloween costumes” may turn up a number of legitimate sites that have been compromised, and users might end up with rogue anti-virus software on their machine. The Halloween attack uses search engine optimization manipulation to distribute the campaigns, according to a Wednesday TrendLabs blog post. Attackers prey on the vulnerabilities in legitimate websites to embed malicious code, accordi......
[more] Financial malware gets smarter An analysis into the use of financial malware has shown that despite a fall in the number of new programs detected criminals are still managing to beat security measures designed to stop fraud. The study found that discoveries of malware aimed at banks and other financial groups is trending downwards this isn’t reflected in a reduced threat. Rather the threats are increasing as malware writers are getting smarter.“Financial institutions around the worl......
[more] Mobile-botnet threat 'a ticking time bomb' Mobile botnets have not yet appeared in security laboratories or the wild but conditions are already ripe for malware attacks to turn mobile phones into zombies, according to a security researcher. Chia Wing Fei, security response manager at F-Secure Security Labs, told ZDNet Asia in an email interview that the security vendor has dealt with viruses, worms, Trojans and spyware targeting the mobile platform, but has not yet encountered a bot or botnet.......
[more] Security firms report new statistics on spam Two security firms have revealed that spam attacks have increased in the last quarter. Secure Computing revealed in its Q3 2008 Internet Threat Report that malware which targets users of social networking sites had become the main source of spam. It also highlighted the rise in panic-inducing ‘bank failure spam' intending to capitalize on the current financial crisis. ‘Scareware' programs also spread rapidly, while election-related spam s......
[more] Brazil is "cesspool of fraud" says RSA guru In a talk at the RSA Conference Uri Rivner, head of new technologies for RSA Consumer Solutions revealed some startling new findings about the changing behaviour of the criminal gangs now controlling online crime. Contrary to the popular view that Russian hackers led the world he revealed that it was Brazil where the latest malware, Trojans and tactics were being developed.“Brazil is now a cesspool of fraud. The three main languages being used o......
[more] Latest tactics for fighting e-crime could backfire Sting operations by law enforcement agencies could force online criminals to forge closer links with each other offline, and become even more difficult to track down and arrest, according to a leading e-crime expert at Lloyds TSB. Speaking at the annual RSA Conference Europe event in London today, Mark Stanhope, senior manager of e-crime at the bank, warned that operations such as Dark Market, in which the FBI infiltrated the eponymous internet......
[more] Javascript to be next core malware language Web 2.0 has placed a demand on browsers to become more interactive and act as a portal rather than a viewing platform is opening up new vulnerabilities, Itzik Kotler, team leader of the Security Operation Center at IT security firm Radware, has warned. As well as developing new signatures and analytics tools for Radware scanning software, Kotler also works on finding new classes of vulnerabilities before they appear in the wild.One such security hole......
[more] IBM claims safer banking with 'security on a stick' IBM has developed a device for online banking so customers plugging into any computer can protect transactions and find out if Trojan malware is trying to steal funds. Created in IBM's Zurich Research Lab, the "security on a stick" is still a prototype and being tested in a few trials in Europe, says Michael Baentsch, a senior researcher there. IBM officially calls it the "Zone Trusted Information Channel" because the little USB-base......
[more] 1 Trojan + 3 years = 500,000 online financial accounts RSA FraudAction Research Lab has discovered log-in information for about 300,000 online bank accounts and 250,000 credit and debit card accounts that have been gathered by a cybercrime gang over the past three years using the Sinowal Trojan. "This may be one of the most pervasive and advanced pieces of crimeware ever created by fraudsters," according to a blog entry posted Friday from RSA, EMC's security unit. The Sinowal Trojan......
[more] Finjan reveals how corporate data is stolen and stored by Cybercriminals Finjan today announced that its Malicious Code Research Center (MCRC) has documented step-by-step how corporate data is being stolen and stored on remote servers owned by criminals. In its October 2008 Malicious Page of the Month report, Finjan describes how a corporate user, while browsing the web for his regular business needs, got infected with a Trojan. The individual who worked for a large media company was just brow......
[more] Worm Exploiting Microsoft Windows Server Spotted A worm designed to exploit the recently patched vulnerability covered in Microsoft Security Bulletin MS08-067 has been detected, US-CERT, the government's cybersecurity organization, warned Monday. Just over a week ago, Microsoft issued MS08-067 as an out-of-band patch to fix a critical flaw that could allow a remote attacker to take over Windows computers without any user interaction. The flaw has to do with the way the Microsoft Windows server......
[more] Hackers leverage Obama win for massive malware campaign Hackers have seized on the results of the U.S. presidential election to launch a major malware campaign that tries to trick users into installing an update to Adobe Systems Inc.'s Flash, but actually plants a Trojan horse on unprotected PCs, security experts warned today. The malware blitz stems from spam messages touting Sen. Barack Obama's victory last night, and offers up a link to what is supposedly a site sporting election results. W......
[more] Security giants propose new testing standard Symantec, McAfee, F-Secure and Kaspersky are among the names that have pledged support for the project, which boasts more than 40 security vendors and media groups as part of the Anti-Malware Testing Standards Organisation. The new system would provide guidelines as to how a test should be conducted, including the types of malware used, method of analysis and accurate support for a conclusion.The guidelines will also outline procedures for studying a......
[more] F-Secure touts cloud-based security The ideal approach, according to F-Secure chief technology officer Pirkka Palomäki, is to combine the best features of locally running systems with security services running in the cloud. Users are now connecting to the internet from a growing number of devices, and the online threat landscape has evolved over recent years with money, rather than reputation, as the driving factor.Palomäki identified three phases in the threat landscape. The first was the......
[more] Spam drop could boost Trojan attacks The dramatic fall in spam traffic reported last week after alleged rogue ISP McColo Corp. was taken offline will only be a temporary reprieve and could actually generate a new wave of Trojans, experts have warned. ISPs disagree on the global percentage drop in spam caused by the shuttering of San Jose-based McColo last Tuesday, with estimates given by those contacted by Techworld ranging from 50% to 80%. But even the lower figure is still an unprecedented fa......
[more] Finjan offers free malware detection audit to halt Crimeware Trojan Finjan has announced it is offering qualified organisations a free malware detection audit to halt Crimeware Trojan’s and other malware attacks on enterprises. Finjan's free trial offer comes after security vendor RSA has estimated the Sinowal Trojan has taken the details of 270,000 online bank accounts and 240,000 payment cards from financial institutions in a number of countries, including the US, UK, Australia and Poland. &q......
[more] UK consumers worth £14k each to cyber criminals Each adult in the UK is worth about £14,500 to internet criminals according to the UK's online security guardians. The value of the average UK person's salary and credit card details to online fraudsters was revealed in the 2008 report by the secure computing initiative Get Safe Online (GSO), whose members include HSBC, Microsoft and the Serious Organised Crime Agency. A quarter of the 1,400 people surveyed said they knew someone who had revealed......
[more] Global firms ignoring web-based threats A quarter of companies experienced a web-based threat last year, but are still underestimating the risk from this vector, according to new research from security firm Webroot. The vendor's latest State of Internet Security report that found one in four respondents globally suffered an attack that caused a server outage, compromised sensitive information or threatened online transactions. The internet was also identified as a greater source of threats than......
[more] Computer virus quarantines London Hospital for second day IT staff at three major London hospitals have spent a second day struggling to restore IT systems following a major computer virus outbreak. Computer systems at the St Bartholomew's (Barts) the Royal London Hospital in Whitechapel and the London Chest Hospital in Bethnal Green were taken down on Tuesday in response to an infection reportedly caused by the Mytob worm. The three hospitals form the Barts and the London NHS Trust. A spokesm......
[more] Hot or not: Software update vulnerabilities The automatic update features in many software applications are proving to be vulnerable to attack. Hackers are taking notice. You should, too. There's been considerable discussion recently about how automatic software updates, such as those to download security patches, can be used as potential vectors of attack. This is unfortunate, as one of the primary tenets of keeping systems relatively secure is to maintain current patch levels. And when most u......
[more] Military's ban of USB thumb drives highlights security risks The U.S. Department of Defense has banned USB drives and other removable media devices after a worm infiltrated Army networks. “All units are not allowed to use any USB mass storage devices, which includes everything from hard drives to cameras to some printers,” an Army lieutenant told SCMagazineUS.com in an email on Thursday. Wired, citing internal U.S. Army emails, first reported the story, reporting that a variation of the worm &l......
[more] Spam has gone from being an annoyance to carrying malware Spam has been around for 30 years now and we’ve grown use to the irritating messages that can at times outnumber the valid ones in our inboxes. Whether they’re offering incredible deals on credit cards, telling us we can earn big money just by giving our bank account details or promising to cure just about any medical ailment, spam messages hit pretty much all of us at one time or another and although spam filtering technologies have come......
[more] Spam on rise after brief reprieve In the world of spam, what goes down must come up. Two weeks after the shutdown of web hosting firm McColo, which saw a two-thirds drop in spam worldwide, spam numbers are creeping up again. Industry experts disagree on the degree to which spam has returned, but most say that prior levels will soon be reached. Some 450,000 infected computers have been spotted trying to connect to the largest of the networks McColo hosted. Messaging security firm IronPort System......
[more] Christmas malware comes early Desperate high-street shops aren't the only ones cashing in on Christmas before December's even arrived - malware writers are taking full advantage too. Websense Labs claims to have detected the first piece of seasonal malware. The campaign masquerades as an electronic Christmas greetings card from postcards.org. The email shows an animated Christmas scene, but links through to a file called postcard.exe that leads to a Trojan backdoor that's been used in previous......
[more] CBS page compromised by hackers Finjan has warned internet users to be on their guard following an apparent compromised webpage on one of the sub-domains on the CBS.com portal. The North American network revealed that etix.cbs.com was compromised as a result of malicious activity. Cybercriminals added a malicious obfuscated script to the infected page which added a malicious IFrame to the page. The injected IFrame automatically loads another malicious script from a remote server controlled......
[more] ISP chops last head off Srizbi bot An Estonian ISP that temporarily hosted the command-and-control servers for the notorious spam-spewing Srizbi botnet, has cut off those servers, according to computer security analysts. Starline Web Services, based in Estonia's capital Tallinn, had hosted four domain names identified as the control points for Srizbi, according to researchers from computer security firm FireEye. Hundreds of thousands of PCs around the world infected with Srizbi, a difficult-to-......
[more] Security vendors warn of Christmas e-crime spike The IT security vendor community came out in force today to warn consumers and corporate web surfers that internet criminals are likely to double their efforts over the Christmas season to infect machines and steal sensitive data. Content security firm Websense released a five-point plan to help users avoid scams, which includes taking steps to ensure all systems are protected with the most recent patches available.User should also be wary of e-c......
[more] Botnet master sees himself as next Bill Gates Owen Walker's future seems brighter today than it did a year ago when New Zealand police came knocking on his door to arrest him on computer hacking charges. Walker, 19, had been facing possible jail time for running a massive botnet that infected as many as 1 million computers, but in July he caught a big break. That's when a New Zealand judge ordered him to pay a fine after he pleaded guilty to hacking charges. Last year, Walker was busted in a jo......
[more] Latest VB100 malware test brings good news The December test focused on products for the 64-bit edition of Windows Vista, and vendors were pitted against 100 malware samples collected from the wild. In order to pass, the security companies are expected accurately to identify all 100 malware samples without returning any false positives. Among those that passed the most recent test were market leaders Symantec and McAfee, along with CA, F-Secure, AVG and Sophos. Microsoft's Forefront and OneCare......
[more] Firefox users targeted by rare piece of malware Researchers at BitDefender have discovered a new type of malicious software that collects passwords for banking sites but targets only Firefox users. The malware, which BitDefender dubbed "Trojan.PWS.ChromeInject.A" sits in Firefox's add-ons folder, said Viorel Canja, the head of BitDefender's lab. The malware runs when Firefox is started. The malware uses JavaScript to identify more than 100 financial and money transfer Web sites, including Barcl......
[more] Cybercriminals need to be punished F-secure has re-ignited its push for the establishment of a global legislative authority to apprehend cyber thieves for their crimes, claiming it’s the only way to stop them. The call to action comes as F-Secure released its half year data report yesterday which predicts that in 2008 a total of 1.5 million samples of malicious software - which is three times more than in 2007 - will be detected. Currently, F-Secure detects between 80,000 to 100,000 samples of......
[more] SonicWall users exposed by license server breach A technical problem in a license management server at SonicWall Inc. created havoc last week for users of the company's firewall and e-mail security products, leaving many companies temporarily unprotected against spam, phishing and malware threats. It wasn't immediately clear how many customers were affected by the license server glitch, which began early last Tuesday and wasn't resolved until that afternoon. But numerous users posted angry mes......
[more] New trojan in mass DNS hijack Researchers have identified a new trojan that can tamper with a wide array of devices on a local network, an exploit that sends them to impostor websites even if they are hardened machines that are fully patched or run non-Windows operating systems. The malware is a new variant of the DNSChanger, a trojan that has long been known to change the domain name system settings of PCs and Macs alike. According to researchers with anti-virus provider McAfee's Avert Labs, t......
[more] Vulnerabilities play only a minor role in malware spread, says researcher Computer users are their own worst enemies, a security company warned today, as it released data that shows software bugs were the source of just 5% of the past year's infections. The majority of the attacks carried out by 2008's top 100 pieces of malware were caused by users surfing to malicious sites and then accepting some kind of download, Trend Micro Inc. researchers said today. From Jan. 1 to Nov. 25, the top 100 a......
[more] New DNS changing malware detected Trend Micro has detected a new DNS changing form of malware which poisons other hosts on the local subnet installing a rogue Dynamic Host Configuration Protocol (DHCP}server on the network. Technical Communications spokesperson JM Hipolito explained that the DHCP is a protocol used to disseminate required information to network clients in order to operate within an IP network. Once a user connects to a network, it will send a request to a DHCP server (the metho......
[more] Website-based malware hits all-time high The use of malware on websites to steal passwords and other sensitive information is rocketing, according to a new report from the Anti-Phishing Working Group. The number of URLs with hidden code for stealing passwords nearly tripled between July 2007 and July 2008, to a record high of 9,529, while the number of malicious-application variants hit a high of 442 in May, the APWG reported in its quarterly report issued this week. The increase is primarily d......
[more] Microsoft sees 'huge increase' in IE attacks Microsoft warned Saturday of a "huge increase" in attacks exploiting a critical unpatched vulnerability in Internet Explorer (IE), and said some originated from hacked pornography sites. Other researchers confirmed that attacks were increasingly coming from compromised Web sites. Microsoft noted the upswing in attacks on the company's Malware Protection Center blog late Saturday. "The trend for now is going upwards," said researchers Ziv M......
[more] There has been as much malware in the first months of 2008 as in the previous 17 years combined Between January and August 2008, Panda Security’s laboratory had detected as many malware strains as in the previous 17 years combined, and this tendency is expected to continue or even grow in 2009. PandaLabs has predicted a continuing increase in the amount of malware (viruses, worms, Trojans, etc.) in circulation in 2009. Banker Trojans and fake antiviruses will be the most prevalent malware types......
[more] Biggest IT Issues Of 2008 When we look back at the biggest IT issues of 2008, we remember a number of hot topics that helped shape the way data centers run. It depends on who you talk to, of course, but according to popular opinion, we’ve come up with a few of the biggest IT issues of 2008: security, virtualization, and power consumption. Security According to Dave Bull, product marketing manager at Secure Computing, there have been several top network security concerns in 2008 tha......
[more] What can you afford NOT to do on IT security? With the ailing economy putting a crimp in IT budgets, information security managers -- like just about everyone else in the tech world -- are feeling pressure to keep their costs in line. Few expect to be hit with outright budget reductions, at least in the short term; regulatory requirements and the ever-expanding list of external and internal threats make it hard to devote less money to security efforts. But there is a growing push to curb or defe......
[more] On the 12th day of Christmas a cyber criminal gave to me…a Facebook profile worth 89p Find out how much your personal and financial information is worth to the Cyber criminal... Are your details on their 2008 shopping hit list? The run up to Christmas is a peak time for online crime. Research from Trend Micro, an internet security company, says that cyber attacks rose 500% in the key shopping period between September and December in 2007. And we’re already seeing a similar trend in 2008. But di......
[more] Microsoft kicks fake security software off 400,000 PCs In the second month of a campaign against fake security software, Microsoft Corp. has booted the rogue application "Antivirus 2009" from almost 400,000 PCs, the company recently claimed. December's version of the Malicious Software Removal Tool (MSRT), a free utility that Microsoft pushes to Windows users as part of Patch Tuesday, targeted one of the most popular phony security app, Antivirus 2009. According to Microsoft, the MSRT erased......
[more] Fake Christmas, holiday greetings spread new malware New malware is spreading via Christmas and holiday greetings, security researchers said today, a tactic reminiscent of those used last season by the notorious Storm Trojan horse. Researchers at the Bach Khoa Internetwork Security Center in Hanoi, Vietnam, reported today that a new piece of malware, dubbed "XmasStorm" by the center, is spreading through holiday-themed spam. Touting subject lines such as "Merry Xmas!" and "Merry......
[more] Many workers in the office environment do not pay attention to security because of a false sense of confidence Cybercrime refers to criminal offences committed with the aid of communication devices, usually over the Internet. Anyone with a smattering of online knowledge should know something about some of these online dangers, even if they don’t fully understand them. The general public has been well advised not to respond to spam, not to open emails from unknown contacts, and only to shop on s......
[more] Do Smartphones Really Need Stronger Anti-Malware? After several years of experts commenting publicly that the mobile malware epidemic predicted by some security vendors a few years back had likely been far overstated, more and more researchers are now getting back on the bandwagon. I'm left wondering to what extent the problem is real today, or merely something we need to care more about looking forward. I remember sitting down for an interview with F-Secure's Mikko Hypponen - one of the most......
[more] Worm surge exploits Microsoft vulnerability Business systems are being attacked by a worm exploiting a known Microsoft vulnerability, IT security experts have warned. Both US-CERT and security organisation F-Secure have issued warnings, urging IT professionals to apply the Microsoft patch. The malware attacks the vulnerability outlined in MS08-067, a Windows Server service flaw that was patched in October. The worm launches a dictionary attack to attempt to crack user passwords, and uses server......
[more] Security vendors: We would block police hacking Two security vendors have said they would block police attempts to hack into systems without a warrant. The Home Office on Friday said it was working with the European Parliament on plans to extend police powers to conduct remote searches of computers. UK police already have the power to hack into suspect systems without a warrant, due to an amendment to the Computer Misuse Act, which came into force in 1995. However, security vendors Kaspersky La......
[more] 'Huge increase' in worm attacks plague unpatched Windows PCs A computer worm that exploits a Windows bug Microsoft Corp. patched more than two months ago continues to wreak havoc, a security company said today, as it boosted its overall threat ranking and warned users to patch their PCs. "We've seen a huge increase in the number of [malware] samples, as well as infections," said Ryan Sherstobitoff, chief corporate evangelist at Panda Security, referring to the "Conficker.c"......
[more] Paris Hilton's Web site used in Web attack Paris Hilton's Web site has been hacked and is serving visitors a malicious Trojan program designed to steal sensitive information from their computers. The hack was discovered by security vendor ScanSafe, which said that Parishilton.com (Note: This site is not safe to visit as of press time) had apparently been compromised since Friday. Visitors to the site are presented with a pop-up window urging them to download software in order to enhance their v......
[more] 1 in 3 Windows PCs vulnerable to worm attack The worm that has infected several million Windows PCs is causing havoc because nearly a third of all systems remain unpatched 80 days after Microsoft Corp. rolled out an emergency fix, a security expert said today. Based on scans of several hundred thousand customer-owned Windows PCs, Qualys Inc. concluded that about 30% of the machines have not yet been patched with the "out of cycle" fix Microsoft provided Oct. 23 as security update MS0......
[more] Sacked worker faces jail over malware revenge attack A sacked worker has admitted planting malware on his former employer's computer network in a revenge attack. David Ernest Everett Jr, 21, of Blaine, Minnesota, a former help desk staffer at Wand Corp, carried out the attack three weeks after losing his job in March 2008. Wand supplies IT systems including point-of-sale kit for fast food restaurants, including KFC and Burger King. After planting three malicious systems-cacheing files on system......
[more] Malware purposely not infecting machines in certain countries Malware authors are adopting a new technique to avoid getting caught. Recently, two malware families -- Swizzor and Conficker -- stopped infecting machines in countries out of which the authors were operating, so not to attract law enforcement, Pierre-Marc Bureau, senior researcher at ESET, told SCMagazineUS.com on Friday. If a cybercriminals targets users outside of their country, it's harder for authorities to respond, he said. The......
[more] Warship computers scuttled after virus attack Computer systems were disabled on warships and armed forces bases by the Ministry of Defence after a virus spread through a Ministry of Defence network. A number of the MoD's 282,000 staff were left without email or internet access after the MoD took the decision to shut down machines following the virus infection last week, including those on a number of Royal Navy ships. The MoD said that no operational systems were infected and only what it descr......
[more] Malware epidemic demands a united front Cybercriminals are a busy bunch these days: stealing identities by the millions, grabbing credit and debit card account numbers, and waging a myriad other attacks on unwitting users, businesses and vulnerable websites. Their weapon of choice is the malware injection. Today, a page is infected every five seconds, triple the infection rate in 2007. Among the most vulnerable -- and the most lucrative for cybercriminals due to their enormous reach -- are trus......
[more] Most Popular Sites Were Hacked in '08 It's no secret that legitimate sites infected with malware or redirections to malware-laden copycat URLs have become one of the biggest problems in the world of cyber-security - but the sheer ubiquity of the issue has become pretty staggering. In a report published by filtering specialists Websense earlier this week, based on the company's sensor network - which claims to scan over 40 million URLs per hour - a whopping 70 percent of the Web's top 100 most p......
[more] Amazon cloud could be security hole Cloud services are now vulnerable to malicious use, a security company has suggested, after a techie worked out how Amazon's EC2 service could be used as a BitTorrent file harvester and host. Amazon's Elastic Compute Cloud (EC2) is a web service software developers can use to access computing, compilation and software trialling power on a dynamic basis, without having to install the resources locally. Now a developer, Brett O'Connor, has come up with a s......
[more] Bot software peers at victims' screens Bot masters are now watching their prey more intently. While malicious programs typically monitor what the victims does on their computer, a bot program, known as Ozdok, snaps screenshots of what's on its host's screen and sends it back to a server on the Internet, security firm SecureWorks stated in a research note last week. SecureWorks' researchers gained access to a command-and-control server for Ozdok, also known as Mega-D, and culled between 1,000 a......
[more] Alarm sounded over wi-fi networks Wireless access points could be used by hi-tech criminals to spread viruses and worms, warn US researchers. Security holes and the popularity of the devices in cities makes them ideal for spreading malware, they found. Using modelling methods from real diseases the team showed how a worm could gradually infect all access points in urban areas. They found that the majority of vulnerable access points would be hit in the first 24 hours of an outbreak.Password cra......
[more] President Obama's website serving malware US President Barack Obama ran a successful Web 2.0 campaign last year. Now, as leader, he's got to deal with a very Web 2.0 problem: hackers abusing the social-networking features of his website. Hackers have registered bogus accounts on Obama's online community, my.barackobama.com, where they are posting images designed to set off a chain of events that lead to malicious Trojan horse programs. These programs are stepping stones used by hackers to downl......
[more] Disgruntled Fannie Mae insider indicted for cyber intrusion On the day of his firing, a former Fannie Mae employee attempted to destroy 4,000 company servers with malicious code he planted in the system. Rajendrasinh Makwana, 35 was indicted Tuesday on one count of computer intrusion and faces up to 10 years in prison. Makwana, a native of India, came to America in 2006 on a work visa and began working at Fannie Mae in Urbana, Md.He was a Unix engineer and had full access to Fannie Mae computer......
[more] IBM report: Security vulnerabilities going unpatched More than half of the security vulnerabilities disclosed during 2008 had no patches available from the vendor by the end of the year, according to a report released on Monday by IBM's X-Force research group. Meanwhile, 46 percent of vulnerabilities from 2006 and 44 percent from 2007 still had no patch by the end of 2008, the 2008 X-Force Trend and Risk report said. X-Force documented a record number of 7,406 new vulnerabilities last year.......
[more] China muscling in on spam market The number of spam messages originating from computers in China has surged over the past month, and security experts are warning that the country may emerge as a spamming superpower. The rise in spam volumes ends what had been an encouraging period for China. Security firm McAfee reported in December that state enforcement agencies had cracked down on spammers, causing many messages to appear with the malware links already taken down. In January, however, McAfee......
[more] This month's Microsoft patches could lead to a hectic week for IT managers This week could be ‘hectic' with Microsoft offering a critical patch for Internet Explorer. Alan Bentley, regional VP EMEA of Lumension, said even though there are only two critical patches being issued tomorrow, it could still be a hectic week as the most critical patch this month is the IE bulletin requiring a reboot of all XP and Vista machines in the organisation running IE 7. Bentley said: “Large-scale reboots......
[more] Websense introduces hosted email and web security services Websense is to launch new email and web security services. Websense Hosted Email Security and Websense Hosted Web Security enable protection from emerging Web 2.0 and converged threats. With recent claims made that the cloud can be a potential host for malware, the email service will clean a message in the cloud before it reaches its destination. Additionally, Websense claimed that if a user attempts to click on a malicious link in an e......
[more] New Windows virus attacks PHP, HTML, and ASP scripts Researchers have identified a new strain of malware that can spread rapidly from machine to machine using a variety of infection techniques, including the poisoning of webservers, which then go on to contaminate visitors. The malware is a variation of a rapidly mutating virus alternately known as Virut and Virux. It has long proved adept at injecting itself into executable files, which are then able to attack uninfected machines through netwo......
[more] Medical data leakage rampant on P2P network The risk of patient information disclosures on peer-to-peer (P2P) networks is much higher than if a health care worker loses a laptop or removable storage device, according to new Dartmouth College research. Dartmouth College business professor Eric Johnson has written a report called “Data Hemorrhages in the Health Care Sector” and plans to present his findings later this month at the Financial Cryptography and Data Security conference, J......
[more] New attack singles out IE flaw Microsoft warned last week that it would be easy for cybercriminals to build new attacks using bugs it patched in the Internet Explorer browser; now that prediction has come true. On Tuesday, security vendor Trend Micro said that it had spotted the first attack taking advantage of one of two flaws patched a week ago. Microsoft has said that either of these vulnerabilities would be easy to exploit in online attacks. Over the weekend, Trend Micro researchers spotted......
[more] Windows 7: Enterprise features explained The lion's share of attention about the Windows 7 beta has been on consumer features. The new taskbar with its jumplists, mouse-hover features, easy navigation and the more controllable user account control are the immediate attention-grabbers. But the under-the-hood, less "sexy" enterprise features of Windows 7 are not as well known. Popular blogger and editor of Supersite for Windows Paul Thurrott recently said in an interview with CIO.com sister site......
[more] Web filtering evolves to meet changing threats Web filtering today goes beyond just blocking access. It now has to be integrating Web 2.0, managing data leakage, and guarding against malware coming in, according to a new study. The study, conducted by Forrester Research and commissioned by McAfee, found that Web 2.0 use in business is prevalent, but so is the threat of data leakage and malware infection. Findings from the survey, released Tuesday, indicate that web filtering is moving beyond ju......
[more] Conficker worm gets an evil twin The criminals behind the widespread Conficker worm have released a new version of the malware that could signal a major shift in the way the worm operates. The new variant, dubbed Conficker B++, was spotted three days ago by SRI International researchers, who published details of the new code on Thursday. To the untrained eye, the new variant looks almost identical to the previous version of the worm, Conficker B. But the B++ variant uses new techniques to downl......
[more] Global financial crisis brings rise in 'bargain' spam Messages promising cash-savings and discounts are becoming an increasingly popular tool for spammers, according to McAfee. Researcher Micha Pekrul said that the company's Avert Labs had received reports of a new malware attack which uses the lure of coupons to infect users with a piece of trojan software. The spam comes in the form of a short message which contains a hyperlink claiming to offer coupon bundles. Upon clicking the link, the use......
[more] Attackers exploit unpatched Excel vulnerability For the second time in the past five days, security researchers are warning that hackers are exploiting a critical unpatched vulnerability in widely-used software. Attackers are exploiting a "zero-day," or unfixed, flaw in Microsoft Corp.'s popular Excel spreadsheet, using the bug to hijack select systems in Asia, many of them in government offices and high-profile corporations, said Vincent Weafer, vice president of Symantec Corp.'s security respo......
[more] Hackers: Ideology trumps profit when it comes to Web site attacks A study of 57 Web site hacks from last year showed that 24 percent were aimed at defacing a site rather than financial gain. The figures from the latest Web Hacking Incidents Database Annual Report suggest that stealing money and data is not always the overriding motivation for hackers, although it has been a rising trend in recent years. "While financial gain is certainly a big driver for Web hacking, ideological hacking ca......
[more] Security chiefs urged to take joined-up approach IT security needs to be more closely aligned with other corporate security functions, with an individual role co-ordinating and monitoring converged enterprise risk, according to a new benchmarking study by PricewaterhouseCoopers (PwC). The consultancy firm approached 10 of its FTSE 100 clients with the aim of discovering "what a 21st century security function looks like".Steve Wright, security and business continuity management leader......
[more] Visa: New payment-processor data breach not so new after all Days after Visa Inc. seemingly confirmed that a data breach had taken place at a third payment processor, following on the recent breach disclosures by Heartland Payment Systems Inc. and RBS WorldPay Inc., the credit card company is now saying that there was no new security incident after all. In actuality, Visa said in a statement issued today, alerts that it recently sent to banks and credit unions warning them about a compromise at......
[more] Google hits back over Trend attack Google has taken down web pages which security researchers believe are manipulating the search engine to aid in malware attacks. McAfee senior threat researcher Craig Schmugar reported that by late Friday evening US time the company had recorded a major drop-off in the number of malicious web pages which were showing up in queries of popular search terms on Google Trends. Last week, Schmugar said that malware writers appeared to be searching the trends site fo......
[more] Koobface wants some face-to-face time on your system The Koobface Worm, a bit of Malware discovered in 2008, has started to crop up again on social networking sites. Ironic as it seems, the Worm was noticed this week on Facebook, but has spread to nine other social networking portals. Propagation remains the same, Social Engineering. Trend Micro researchers are reporting that the newest variant of Koobface is using old tricks, but adding some interesting characteristics. Like previous versions......
[more] So you're not cutting your IT security budget. But is that good enough? With IT budgets flat or declining, you might have expected security spending to be similarly under pressure. But it seems CIOs faced with rising threats - including those from malware and disgruntled employees - have decided that it pays to be wary. Indeed, several surveys have reported that enterprises are increasing their security budgets in 2009 despite cuts in overall IT budgets, with tech chiefs expecting security issu......
[more] Scottish hospitals laid low by malware infection Appointments for cancer patients had to be rescheduled after a computer virus infected the networking systems at two Scottish hospitals last week. The infection of laboratory PCs at the Stobhill and Gartnavel General hospitals meant the bookings of 12 patients attending the Beatson West of Scotland Cancer Care Centre in Glasgow were postponed, The Glasgow Herald reports. Systems were taken offline for two days to allow computer technicians to clea......
[more] Online attackers feed off Norton forum purge Quick-moving attackers took advantage of a glitch in an update for Symantec anti-virus software, using an information vacuum that followed as an opportunity to lure panic-stricken users to websites that tried to install malware on their computers. The glitch began around 4:30 pm California time on Monday, when Symantec engineers accidentally distributed a software update for older versions of the Norton Anti-Virus that had not been digitally signed.......
[more] Security experts warn of 'staggering' rise in malware Malware volumes grew by a huge 300 per cent during 2008, fuelled in part by continuing job uncertainty, according to new research from security-as-a-service provider ScanSafe. The firm analysed more than 240 billion web requests in over 80 countries last year, and found a particular growth in exploits and iframe attacks, which rose 1,731 per cent, and data-theft Trojans, which increased by 1,559 per cent. Mary Landesman, senior security rese......
[more] ID fraud malware hit 10 million users: 2008 More than 10 million internet users worldwide were hit with identity fraud-related malware last year, according to a new estimate from Panda Security. The number of computers infected with active programs designed to steal personally identifiable or financial information that can be used for identity fraud, such as Trojans for stealing bank account information, rose by 800 per cent from the first half of the year to the second half, the study found.Of......
[more] Gartner reveals key predictions for Identity and Access Management IAM Speaking ahead of the Gartner Identity & Access Management Summit 2009 in London, analysts have identified forward-looking assumptions around smart-card authentication, identity-aware networks, hosted IAM and out-of-band (OOB) authentication. Gartner has revealed its key predictions for identity & access management (IAM) between 2009 and 2011. “There is a continuing need in this time of economic uncertainty and budgeta......
[more] BBC may face legal challenges over Click programme's hacking feature The BBC could face legal challenges if any botnet computers used for the Click programme were located in Finland. Olli-Pekka Niemi, leader of Stonesoft's virus research team claimed that while the BBC purchasing a botnet for around £6000 (A$12800) from a cybercriminal to send spam is unethical, the problem is that it used the 22,000 computers without permission. In Finnish law, this is illegal, and Niemi said that there was no......
[more] Holes in the machine Malicious software may just be a property of the network, says regular contributor Bill Thompson. "The Conficker worm will be active again on 1 April, according to an analysis of its most recent variant, Conficker.C, by the net security firm CA." " This malicious piece of software, also known as Downup, Downadup and Kido, spreads among computers running most variants of the Windows operating system and turns them into nodes on a multi-million member "botnet" o......
[more] New Waledac spam falsely warns of bomb blasts Normally capitalizing on current events and holidays to spread its seed, the Waledac trojan now has turned to the message of fear. Security companies warned Monday of a new malware campaign in which the Waledac botnet creators are distributing emails that falsely claim the recipient's city has been the site of a bomb blast. The emails contain a link that leads to a malicious -- but real looking -- site, complete with the logo for news agency Reuters......
[more] Worm burrows into Church of England email system The Bishop of Manchester has been unable to send or receive email messages for ten days following a computer virus infection. The Rt Rev Nigel McCulloch's PC was hit by malware on March 3. Wider malware-linked problems with the diocese's email systems mean that a sizeable chunk of the 6,000 messages the bishop dispatched over the last ten months may have never have reached the internet, much less their intended recipients, the Manchester Evening N......
[more] ATM malware appears, Diebold issues security update Diebold, which has fielded recent criticism over the reported insecurity of its voting machines, is now fighting off news that its ATMs also can be compromised. Security firm Sophos reported this week that it received three samples of a trojan that was customised to run on Diebold-manufactured cash machines in Russia, said Graham Cluley, Sophos' senior security consultant. The malware was able to read card numbers and PINs -- then when the att......
[more] China more friend than foe, says white hat China's security community is more concerned with vulnerabilities in its own computer networks than leveling attacks at the United States and other western countries, a white-hat hacker told attendees at the CanSecWest Security Conference on Thursday. With 260 million Internet users, an underground malware industry and laws that are just catching up with cybercrime, China has a major security problem on its network, Zhao Wei, CEO of KnownSec, said dur......
[more] New ransomware holds Windows files hostage, demands $50 Cybercrooks have hit on a new twist to their aggressive marketing of fake security software, and are duping users into downloading a file utility that holds users' data for ransom, security researchers warned today. While so-called "scareware" has plagued computer users for months, those campaigns have relied on phony antivirus products that pretend to trap malware, but actually only exist to pester people into ponying up as much......
[more] Police launch £1bn-worth of e-crime investigations The City of London Police (Colp) force has launched £1bn-worth of computer crime investigations over the last year, it was revealed this week. During its first year in operation as the National Lead Police Force for Fraud it has hired 50 new investigators and taken on 70 new cases of suspected fraud involving computers, the e-Crime Congress 2009 event heard today. Colp commissioner Mike Bowron told the Congress: "Those 70 cases......
[more] China's techies turn to cybercrime With China's economy cooling down, some of the country's IT professionals are turning to cybercrime, according to a Beijing-based security expert. Speaking at the CanSecWest security conference last week, Wei Zhao, CEO of Knownsec, a Beijing security company, said that while many Chinese workers may be feeling hard times, business is still booming in the country's cybercrime industry. "As the stock market dropped like a stone, a lot of IT professionals lo......
[more] Security firms reflect on 10th anniversary of Melissa Today sees the 10th anniversary of the notorious Melissa virus that infected email servers across the globe, and forced a step change in the way anti-virus companies react to threats. Melissa was allegedly named after a lap dancer whom David L. Smith, the virus's creator, met in Florida. The malware sent an infected email entitled 'Here is that document you asked for ... don't show anyone else;-)', via Microsoft Outlook to the first 50 email......
[more] Final countdown to Conficker 'activation' begins Security watchers are counting down to a change in how the infamous Conficker (Downadup) worm updates malicious code, due to kick in on Wednesday 1 April. Starting on 1 April, Windows PCs infected by the latest variant of the Conficker worm (Conficker-C) will start attempting to contact a sample of 50,000 pre-programmed potential call-home web servers from which they might receive updates, a massive increase on the 250 potential web server locale......
[more] Major cyber spy network uncovered An electronic spy network, based mainly in China, has infiltrated computers from government offices around the world, Canadian researchers say. They said the network had infiltrated 1,295 computers in 103 countries. They included computers belonging to foreign ministries and embassies and those linked with the Dalai Lama - Tibet's spiritual leader. There is no conclusive evidence China's government was behind it, researchers say. Beijing also denied invol......
[more] Busted! Conficker's tell-tale heart uncovered Security experts have made a breakthrough in their five-month battle against the Conficker worm, with the discovery that the malware leaves a fingerprint on infected machines that is easy to detect using a variety of off-the-shelf network scanners. The finding means that, for the first time, administrators around the world have easy-to-use tools to positively identify machines on their networks that are contaminated by the worm. As of mid-Monday, si......
[more] Conficker activation passes quietly, but threat isn't over An expected activation of the Conficker.c worm at midnight on April 1 passed without incident, despite sensationalized fears that the Internet itself might be affected, but security researchers said users aren't out of the woods yet. "These guys have no designs, I think, on taking down the infrastructure, because that would separate them from their victims," said Paul Ferguson, a threat researcher at antivirus vendor Trend Mic......
[more] Cyber-espionage: a real and present threat A cyber spy ring targeting government and business computers containing sensitive information in over 100 countries grabbed the headlines this week, but the latest attacks are nothing new or unusual, say investigators. UK businesses are still shocked when they discover they have been infiltrated by cyber-espionage operations, but experts warn that this sort of infiltration happens all the time.The headline-grabbing spy operation, dubbed Ghostnet, is de......
[more] Conficker: So what's the moral of the story? 1 April has come and gone and in the minds of many people the Conficker worm turned out to be a joke instead of the major internet security event that might have been envisioned. Was the hype good, or bad, and who is to blame? "I'm not sure what to think," said Bruce Schneier, chief security technology officer at BT. "In a sense, the whole Conficker thing just puts a name on a general problem." The problem is that there ar......
[more] Conficker copycat prowls for victims, says Microsoft An old, but little-known worm has copied some of the infection strategies of Conficker, the worm that raised a ruckus last week, Microsoft security researchers said late Friday. Neeris, which harks to May 2005, is now exploiting the same Windows bug that Conficker put to good use, and is spreading through flash drives, another Conficker characteristic, said Ziv Mador and Aaron Putnam, researchers with the Microsoft Malware Protection Center.......
[more] Power grid hackers probably got inside by attacking PCs, says researcher The hackers who reportedly planted malware on key parts of the U.S. electrical grid, perhaps with the intent to cripple the country's power infrastructure, most likely gained access like any other cybercriminal -- by exploiting a bug in software such as Windows or Office, a security researcher said today. "Any computer connected to the Internet is potentially vulnerable," said Roger Thompson, chief research offic......
[more] Power grid hackers probably got inside by attacking PCs, says researcher The hackers who reportedly planted malware on key parts of the U.S. electrical grid, perhaps with the intent to cripple the country's power infrastructure, most likely gained access like any other cybercriminal -- by exploiting a bug in software such as Windows or Office, a security researcher said today. "Any computer connected to the Internet is potentially vulnerable," said Roger Thompson, chief research offic......
[more] Rogue security apps worry Microsoft mos Microsoft released its sixth Security Intelligence Report on Wednesday, finding that customers are increasingly being plagued by rogue security software and that researchers continue to focus on finding flaws in third-party applications. According to the report, which covers the second half of 2008, the top threat was a trojan downloader, known as Renos, which acts a delivery mechanism for rogue security software. Also known as "scareware," rogu......
[more] Can the status quo threaten your LAN? In times of economic crisis people tend to seek the safety and security of the status quo. "Doing what you've always done, and what everyone else is doing, is the most prudent course," goes the thinking. I contend that the "safe and secure" route of the status quo is actually neither safe nor secure. Recall that a major tenet of technology buying is to gain a competitive advantage. Where's the advantage if everyone's buying the same product? And......
[more] Trend Micro to eyeball malware from cloud Trend Micro has unveiled a major update to its flagship scanning tools that puts your virus signature database online, plus a modular security and system management suite with partner BigFix. Trend Micro's updated OfficeScan Client/Server Suite includes an interesting change to the way its flagship scanning software keeps its list of digital undesirables.The most common method nowadays is letting each individual system store its own virus and malware si......
[more] Over 280 million records compromised last year More than 280 million records were compromised in 2008, according to a new Data Breach Investigations Report from global comms and IT provider Verizon Business. The report was written by the Verizon Business Risk team using first-hand evidence collected from the firm's data breach investigations over 2008. Three-quarters of breaches resulted from external threats, the report found, while just 20 per cent were caused by insiders. This is despite the......
[more] Mac malware turns into botnet A rash of malware for MacOS X systems is now being used to run a botnet, according to researchers. First spotted in January, the trojan had been bundled into copies of pirated MacOS software. At the time of discovery, researchers noted that the malware payload included tools which could allow an attacker to remotely take control of an infected system. Now, it appears as if those components are being put to use. In a recent article, Symantec researchers Mario Barcen......
[more] Cache-poisoning attack snares top Brazilian bank One of Brazil's biggest banks has suffered an attack that redirected its customers to fraudulent websites that attempted to steal passwords and install malware, according to an unconfirmed report. According to this Google translation of an article penned in Portuguese, the redirection of Bradesco was the result of what's known as a cache poisoning attack on Brazilian internet service provider NET Virtua. RegAd('mpu1', 'reg.security.4159/crime'......
[more] One bot-infected PC = 600,000 spam messages a day Some bot-infected PCs can crank out as many as 25,000 spam messages per hour, new research released today claimed. Orange, Calif.-based Marshal8e6 deliberately infected machines in the lab of its research arm, TRACElabs, with the malware responsible for the world's nine biggest spam botnets, then observed the PCs' behavior, including each bot's top-end spam capacity. "One of the our objectives over the past few years has been to emphasize t......
[more] Bank phishing fraudsters learn to spell Phishers aiming to defraud banks have raised their game - and at the very least have learned to spell - according to the banking executives tasked with stopping them. According to David Shroyer, Bank of America senior vice president of online security and enrolment, the attacks fraudsters are targeting at financial services organisations are continuing to develop. For example, fraudsters are now building phishing sites with malware embedded in them which......
[more] Conficker.E set to self-destruct next week The latest version of Conficker is set to self-destruct next week according to security researchers. F-Secure, Trend Micro and SecureWorks are among those that believe Conficker.E - first spotted this April and probably created by the same attackers that since last fall let loose the Conficker.A through Conficker.C variants - has been designed to simply self-detonate on 5 May. "It will simply self-destruct," said Mikko Hypponen, chief researc......
[more] Swine flu causes spam fever Just days after news surfaced of a swine flu outbreak in Mexico, spammers are exploiting the news to advertise online pharmacies. Researchers have tracked several new spam runs which make reference to the outbreak, using such headlines as "swine flu worldwide' and "first US swine flu victims." Other message claimed that actress Salma Hayek and pop star Madonna had contracted the illness. The messages themselves contained links to online pharmacies which peddled drugs......
[more] Celebrity Viruses Improve Security Every so often, a computer virus becomes more than just a novelty for anti-virus researchers and moves into the consciousness of the mass media, even if it's not a grave threat. The recent Conficker outbreak is a fantastic example of this. While only a small fraction of all PC users were infected with the worm, a great deal of media coverage was devoted to the outbreak. Any user affected by Conficker was likely already compromised by the time they heard about......
[more] Researchers Warn of Nasty Trojan Just as we're finally being allowed to stop saying the C word (no, don't make me say it!) experts are warning of a powerful new Trojan attack that could make some waves of its own, based on its ability to spread like a traditional virus and embed itself deeply into end users' machines. In a blog post authored by longtime security guru Paul Henry, of Lumension, the expert contends that the emerging attack, identified as a variant of the Virut.CF Trojan by Symante......
[more] Botnet discovered by Finjan contained 73 government domains A recently discovered botnet that contained 1.9 million infected computers contained 73 government domains. Finjan's UK regional director Tim Warner claimed that when it was discovered in February it was one of the largest botnets to be found and identified. Further analysis revealed that 45 per cent of the domains were in the computing and internet sector. Warner said: “Conficker claimed to have many more infections but they wer......
[more] Botnet probe turns up 70GB of personal, financial data Researchers from the University of California gained control over a well-known and powerful network of hacked computers for 10 days, gaining insight into how it steals personal and financial data. The botnet, known as Torpig or Sinowal, is one of the more sophisticated networks that uses hard-to-detect malicious software to infect computers and subsequently harvest data such as e-mail passwords and online banking credentials. The researcher......
[more] A Botnet by Any Other Name The news has been awash the last few weeks with fears over globe-spanning botnets and their criminal intent: Conficker managed to hog the limelight for well over a month, and then came Finjan's disclosure of a previously unknown - and currently unnamed - botnet consisting of some 1.9 million malicious agents. All this attention underscores a increasingly significant problem for botnet researchers: how precisely should botnets be usefully named? It's not an easy probl......
[more] Five ways to tempt and tame Gen Y The Facebook generation can be dream employees - if you know how to manage them. Danny Bradbury offers tips for keeping them under control and productive. They're young, precocious, tech-savvy - and they like shiny stuff. Generation Y knows what it wants, and if managers and employers want to retain their talents, then they'd better give it to them. The newest generation of employees grew up with technologies that appealed to consumers, such as Facebook, MySpac......
[more] Windows 7 inherently insecure says researcher Windows 7 continues a long-running Microsoft practice of putting users at risk, according to a security researcher. The new operating system's Windows Explorer file manager still misleads users about the true extension of a file, said Patrik Runald, chief research advisor at Helsinki-based F-Secure. Rather than reveal the full extension for a filename, Windows Explorer hides the extension for known file types, giving hackers a way to disguise malware......
[more] Data-sniffing attack costs Heartland $12.6m Electronic payments processor Heartland Payment Systems said Thursday it has allocated $12.6m to cover a security breach that exposed sensitive card holder data crossing its network. More than half that amount involves a fine MasterCard has assessed banks that did business with Heartland, said company CEO Robert Carr, according to this conference-call transcript. The remainder covers legal costs and other expenses related to the breach, which was disc......
[more] Adobe's PDF vulnerability patched Security researchers say Adobe's PDF vulnerability, which was fixed Tuesday, is more of a pressing issue than Microsoft's PowerPoint vulnerabilities fixed the same day. Adobe issued Windows updates for Reader and Acrobat versions 7, 8 and 9 and Macintosh and Unix updates for versions 8 and 9 for a vulnerability in Reader and Acrobat. The company said updates for Adobe Reader and Acrobat 7 for Macintosh are scheduled to be available before the end of June, accord......
[more] Scam sites increasingly masquerading as Facebook, MySpace Cybercriminals are tapping into the popularity of social networking to more effectively craft their scams. Increasingly, scam sites have domains that include the names Facebook, MySpace and Twitter, with no connection to the real sites. By using this tactic, called “domain-name cloning,” cybercriminals are making their scam sites appear to be affiliated with these popular social networking sites. Websites with names such as unblock.......
[more] 'Gumblar' attack explodes across the web A complex new malware attack is setting infection records and raising alarms from security experts. Known unofficially as 'Gumblar' for one of the attack domains, the malware is raising eyebrows and alert levels both for its prolific attack methods and for the danger of its payload. According to researchers, the attack is spreading through site compromises which inject malicious javascript code within components of the site. Upon visiting the infected pa......
[more] Gumblar web-based attack is currently being found six times more often than its nearest rival JSRedir-R, a new web-based attack, has blown all previous web-based malware out of the water, and is currently being found six times more often than its nearest rival. During the last seven days, almost half of all malicious infections found on websites were caused by Troj/JSRedir-R. Mal/Iframe-F, which has been the most widespread web-based threat for more than a year, accounted for just seven percent......
[more] D-Link puts CAPTCHA on home router Home router vendor D-Link has taken the unusual step of adding a CAPTCHA login to its range of broadband routers in order to bolster them against automated Internet attacks. Only one product currently includes the technology, the DIR-685 Wireless N Storage Router, but a number of others will shortly add it to their feature set by upgrade, the DIR-615, DIR-635, DIR-655, DIR-825, and DIR-855. All future products in this part of the market will include CAPTCHA, t......
[more] New Windows netbooks may harbor malware After discovering attack code on a brand new Windows XP netbook, antivirus vendor Kaspersky Labs warned users yesterday that they should scan virgin systems for malware before connecting them to the Internet. When Kaspersky developers installed their recently-released Security for Ultra Portables on an M&A Companion Touch netbook purchased for testing, "they thought something strange was going on," said Roel Schouwenberg, a senior antivirus......
[more] Trend Micro 'de-lags' SMB anti-virus Trend Micro has released a new version of its ‘Worry-Free' SMB security suite, putting the focus on a design it says will greatly improve the software's updating speed. Worry-Free Business Security version 6.0 can ‘buffer' up to 80 percent of the program's detection engine on a server, freeing up the client PCs from having to run burdensome routines, the company said. As with any anti-virus server setup, it can also buffer updates, feeding them to......
[more] FaceTime finds employee Web 2.0 usage in corporate networks up to 10 times more than IT managers' estimates Actual network data from FaceTime Communications reveals that employee use of Web 2.0 applications such as instant messaging, IPTV, VOIP and social networking on corporate networks exceeds IT estimates by up to 10 times. FaceTime also today announced version 2.0 of its Unified Security Gateway (USG), a secure Web gateway purpose-built for the new Internet to provide a single point of cont......
[more] Coping with the malware deluge The struggle between computer security firms and hi-tech criminals has often been likened to an arms race. By Mark Ward Technology Correspondent, BBC News website Any improvement in the way computers spot malicious software is matched by a change in tactics by the criminals that undermines that better protection. One particular tactic that has proved successful for the criminals is the pumping out of ever more copies and variants of their malware. The numbers of ma......
[more] YouTube hit by links that lead to malicious download sites Following reports that YouTube has been hit by new uploads featuring pornographic content, PandaLabs has claimed that almost 5,000 videos on the video-sharing site contain comments with links to a malicious webpage.The company claimed that such attacks have previously been seen, to a lesser extent, on sites including Digg.com and Facebook and now links have been detected that point to a webpage designed to download malware.The comments......
[more] Gumblar 'botnet' continues to grow as new variants detected The Gumblar attack is continuing to hit websites with new variants detected in Japan.Mary Landesman, senior security researcher at ScanSafe, claimed she had received correspondence claiming that the research on Gumblar ‘sounded very much like the GENO reports that had also been circulating in Japan. And as it turns out, indeed they were the same.'"ScanSafe termed the compromises Gumblar because that was the name of the secon......
[more] FBI and US Marshals laid low by mystery virus A mystery viral infection forced the FBI and US Marshals Service to pull the plug on parts of their respective computer networks on Thursday, AP reports.A spokesperson for the US Marshals Service explained that it had disconnected some of its computers from the wider Justice Department systems, as a precaution against spreading the as yet unidentified malware further. Access to internal email and the internet is being restricted at both the FBI and......
[more] PC-pwning infection hits 30,000 legit websites And counting A nasty infection that attempts to install a potent malware cocktail on the machines of end users has spread to about 30,000 websites run by businesses, government agencies and other organizations, researchers warned Friday.The infection sneaks malicious javascript onto the front page of websites, most likely by exploiting a common application that leads to a SQL injection, said Stephan Chenette, manager for security research at securit......
[more] Up to 40,000 web sites hit in mass hacking attack Security vendors cooperating to limit the damage threat poses Up to 40,000 Web sites have been hacked to redirect unwitting victims to another Web site that tries to infect PCs with malicious software, according to security vendor Websense. The affected sites have been hacked to host JavaScript code that directs people to a fake Google Analytics Web site, which provides data for Web site owners on a site's usage, then to another bad site, said Ca......
[more] Twitter becoming 'security nightmare' Twitter mined by new scareware attack The latest attack to hit Twitter is a "security nightmare" and marks the first time hackers have taken to using the micro-blogging site for profit, a researcher said today. Unlike earlier cross-site scripting attacks on Twitter, the latest wasn't a worm, said Roel Schouwenberg, a senior anti-virus researcher with Moscow-based Kaspersky Lab. Instead, it's something even scarier: The first instance of hackers ser......
[more] Cambridge hospital cleans up after mystery malware infection Patients unaffected after PCs get the pox An unnamed computer virus infection forced a UK hospital to temporarily shut down part of its network earlier this week.An unspecified number of computers at Addenbrooke's Hospital, Cambridge were hit by the malware. A spokesman explained that the hospital continued to operate normally while IT staff grappled with the infection. He stressed that patients were not affected by the incident, which......
[more] Data-sniffing trojans burrow into Eastern European ATMs Professionally written, rapidly developed Security experts have discovered a family of data-stealing trojans that have burrowed into automatic teller machines in Eastern Europe over the past 18 months.The malware logs the magnetic-stripe data and personal identification number of cards used at an infected machine and provides an intuitive interface for retrieving the information using the ATM's receipt printer, according to analysts from Sp......
[more] Windows XP ATMs at risk from data-sniffing software Cybercriminals refine malware which steals PINs and card data ATMs running Microsoft's Windows XP operating system that records sensitive card details, risk being hacked as cybercriminals improve a malicious software programme, according to security vendor Trustwave. The malware has been found on ATMs in Eastern European countries, according to a Trustwave report. The malware records the magnetic stripe information on the back of a card as well......
[more] Apple security is 'struggling,' researcher says Laments lack of 'formal security program' A well-known security consultant says Apple is struggling to effectively protect its users against malware and other online threats and suggests executives improve by adopting a secure development lifecycle to design its growing roster of products."Based on a variety of sources, we know that Apple does not have a formal security program, and as such fails to catch vulnerabilities that would otherwise b......
[more] Could a positive note be struck out of the RMT strike for business practice? For those of you located in the capital you will undoubtedly be impacted by the RMT strike action that has caused chaos in London. I am not about to get into political debate about the rights and wrongs of the strike, but much like when Britain was hit by snowstorms earlier this year, the inability to get to the office does bring about the conversations on remote access and the security implications. Steve Watts, co-fo......
[more] Phishing still a mystery to most web users Phishing web sites are still a mystery to the majority of internet users, according to a recent study by VeriSign. The report is part of the company's research into the clues people use to spot potentially unsafe sites. VeriSign set up a Phish or No Phish site, and asked visitors to identify which of two web site images presented side by side is a phishing site.The most commonly missed indication was the poor level of spelling on the phishing site. Aro......
[more] Employees continue to ignore security policies A new survey has confirmed what every IT manager already knows, that internal staff members are continuing to ignore corporate security policies, and are engaging in activities that could put the company at risk. A large number of employees copy secure data to USB drives or turn off security settings in mobile devices like laptops, which could put a company's data at risk, according to a survey released by Ponemon Institute.The rate of noncompliant......
[more] Air France crash prompts spam, malware outbreak As expected, spammers and malware writers are trying to cash in on the Air France disaster. Spammers have begun falsely promising news on the Air France crash as a way of tricking recipients into opening messages promoting Canadian pharmacy products. Junk mailers this week began pushing a new campaign that included subject headings such as "Last seconds of plane" or "A-330 blackbox record" as a means of enticing users into open......
[more] Learn to love your log files Considering how much information is available in log files, you'd think companies would pay more attention to them. Client computers, servers, firewalls, network devices, and other appliances generate reams of event logs every day, but these logs often go ignored. Although it's a security sin, it's understandable on many levels. First, logs can contain vast amounts of uninteresting events. In fact, most logs are nothing but noise. With the rare exception, most logs......
[more] Beladen infections plummet The number of sites infected with malicious code inserted by the Beladen injection has dropped significantly. Websense Security Labs ThreatSeeker Network has detected a consistent decrease of sites infected with the malicious code over the past five days. It claimed that the decrease in infections is highly suspicious, and it believes that the infected hosts are still under the control of the attackers. Websense said that it suspected that those behind the infections......
[more] URL shortening site hacked to redirect millions of links The Cligs URL shortening site was hacked during the weekend to cause 2.2 million links to redirect to the same site. When users clicked on a link that had been reduced in character count by Cligs, instead of going to the expected site, they went to a page on the Orange County Register newspaper website. The site wasn't malicious, nor had it been compromised. “Normally most hacking attacks we see today are all about money,” Gra......
[more] Nine Ball attack strikes 40,000 Web sites More than 40,000 Web sites have been hit by a mass-compromise attack dubbed Nine Ball that injects malware into pages and redirects victims to a site that will then try to download Trojans and keylogger code, Websense said today. According to Websense, which has tracked Nine Ball for a week and a half, the compromised Web site, loaded with malware, will first try to identify a Web visitor by IP address to discover if it’s a repeat visitor. To e......
[more] Legit websites face malware hits Legitimate websites are a growing frontier for malware attacks with over ten million pages affected every year. Security start-up Dasient claimed the threat has risen as more people create their own websites and blogs without proper built-in security protocols. Anyone opening an infected page could have the malware downloaded to their computer without even realising it. "There's a real and present danger of the web being seriously compromised," said Da......
[more] Security experts uncover one-stop botnet marketplace Researchers have uncovered a fully-functional marketplace for the building and selling of botnets. Security firm Finjan said that the site allows criminals to obtain everything from malware and data, to networks of infected PCs. Yuval Ben-Itzhak, chief technology officer at Finjan, described the new site an "eBay for stolen data". "It is basically a hacker-to-hacker platform to provide everything you want, " he said. "......
[more] Fake Microsoft "critical update" spam propagating trojan A new outbreak of spam claims to be a critical update for Microsoft Outlook, but the message really aims to infect users with the information-stealing trojan ZBot, security firm Trend Micro warned this week. First detected on Friday, the message reads: “This update is critical and provides you with the latest version of Microsoft Outlook/Outlook Express and offers the highest levels of stability and security.” The email instru......
[more] Twitter users offered security plug-in As Twitter becomes increasingly abused by hackers, Finjan Software has released a free browser add-on with a new feature that scans links and warns if they point to a page containing malware. The SecureTwitter component is wrapped into SecureBrowsing, a plug-in for either the Firefox or Internet Explorer browsers, said Yuval Ben-Itzhak, Finjan's CTO. SecureTwitter is designed to warn people about links that people post on the micro-blogging service. Becaus......
[more] Nine-ball attack splits security researchers Security researchers are split over the seriousness of a web attack dubbed "Nine-ball" which broke onto the internet last week. Websense last week reported a web attack dubbed "Nine-ball", a moniker derived from the name of ninetorag.in, one of the malware hosts associated with the assault, had claimed 40,000 website victims. Web security services firm ScanSafe, by contrast, describes the attack as "almost non-existent". Mary Landesman, s......
[more] CISO's Fear Internal Data Threat With all the focus that's been placed on external hacking and malware threats, most CISOs are actually more concerned with insider attacks when it comes to defending their organizations against potential data theft, according to a recent survey. Unsurprising in the sense that privileged insiders are those who know exactly where an organization's electronic crown jewels reside, and where their defenses may be weakest, it still seems impressive that an overwhelmin......
[more] Twitter Malware Attack Targets Both Mac and PC Why hit one OS with malware when you can hit two? That is the question. The situation is this: The Twitter account of well-known venture capitalist Guy Kawasaki was hacked and used to send out tweets luring users to a site hosting malware. According to Trend Micro, the malware changes the DNS settings of Windows and Mac machines. If Mac users attempt to view the promised pornographic video on the site, they will download a malicious file. "Fo......
[more] Michael Jackson's death exploited by cybercriminals Always quick to capitalize on major headlines, spammers have begun sending out messages related to the deaths of Michael Jackson and Farrah Fawcett, security researchers said. Jackson's death is being exploited by cybercriminals hoping to infect users with a trojan or to trick curious spam recipients into unwittingly revealing their personal information. Shortly after Jackson's death was confirmed, the SANS Internet Storm Center predicted that......
[more] Trojans are fastest-growing data-stealing malware Most of the rise in cybercrime can be linked to data-stealing malware, and trojans are the fastest growing category, according to a report released by Trend Micro. For example, in 2007, 52 per cent of data-stealing malware were trojans. In 2008, that number increased to 87 per cent, according to the report, entitled Focus Report: Data Stealing Malware. As of the first quarter of 2009, 93 per cent of data-stealing malware were trojans.In addition......
[more] Botnets pushing up spam loads Botnet-controlled PCs are responsible for some 83 per cent of all spam messages, according to a recent report. Security firm MessageLabs said in a recent report that despite efforts to shut down service providers notorious for hosting shady operations, spam vendors are continuing to send out huge loads of junk mail through the use of botnet-infected systems. Researchers estimate that in June spam levels have reached 90 per cent of the total global email load, holdi......
[more] PCs hit by Michael Jackson malware It didn't take long. Security researchers are reporting that hackers have begun to use the death of pop star Michael Jackson to infect people's PCs, just as they predicted. Starting late last week and continuing today, messages posing as breaking news alerts from the likes of CNN and the Los Angeles Times have been reaching users' mailboxes, said several security companies, including Sophos, Symantec and Trend Micro. Some of the messages, which have appeared o......
[more] IT executives get hands on with disaster recovery The number of IT executives getting directly involved in disaster recovery planning has risen by nearly a third over the past year, driven by concerns about threat levels and the risk of natural disaster, according to Symantec. The security firm's annual disaster recovery survey revealed that 67 per cent of companies involve the chief information officer, chief technology officer or IT director in disaster recovery planning, up from 33 per cent......
[more] Firefox 3.5 to be released today Mozilla has confirmed that it will be making the final version of Firefox 3.5 available for download at around 5pm GMT today. The new browser will include a number of advances, including geolocation software that can be used to provide information about local firms during searches. Other features include a private browsing mode that will not record which web sites have been visited and a speeded-up JavaScript engine dubbed TraceMonkey. The latest version, which......
[more] Torrentreactor breach serves potent exploit cocktail Torrentreactor has long been regarded as one of the top bit torrent search engines, and with the demise of The Pirate Bay, it's likely bigger than ever. Now, it's been breached and is serving a potent cocktail of exploits to people browsing the site, Websense Security Labs says. Attackers have managed to inject an iframe into the site that scours Torrentreactor visitors' computers from a long list of vulnerable applications, including Adobe's......
[more] Chinese security company shares huge malware database A Chinese company that has created a massive database of malware found on Chinese Web sites opened up the information to other security organizations on Thursday. Beijing-based KnownSec gathered the viruses and other information with a crawler that scans nearly 2 million Chinese Web sites each day, Zhao Wei, CEO of the security company, said in an interview in Beijing. He planned to give a presentation on the subject at the Forum of Incident......
[more] Hackers take aim at Cold Fusion A new wave of web attacks is targeting web applications written with the ColdFusion development tool. Researchers with security group SANS said that the company has received multiple reports of attacks which target vulnerabilities in older versions of the ColdFusion development application. The attacks are said to target two components in ColdFusion applications, the FCKEditor text editing tool and the CKFinder file management tool. Once an application is comprom......
[more] The one essential truth of computer security Who doesn't love that scene in "A Few Good Men" in which Jack Nicholson's character tells Tom Cruise's character, "You can't handle the truth. I have neither the time nor the inclination to explain myself to a man who rises and sleeps under the blanket of the very freedom I provide, and then questions the manner in which I provide it. I would rather you just said 'Thank you' and went on your way." I often feel like I'm acting out that scenario when s......
[more] Malware authors hit by recession too The recession might be having at least one positive effect - it has started cutting the volume of malware. According to an analysis by German software security company G Data, the number of unique malware signatures dropped by 30 percent between May and June, a fall the company thinks is not a natural lull caused by the holiday season. G Data's Ralf Benzmüller interprets the drop to be caused by the same economic forces that have hit legitimate parts o......
[more] Google to launch operating system Google is developing an operating system (OS) for personal computers, in a direct challenge to market leader Microsoft and its Windows system. Google Chrome OS will be aimed initially at netbooks, the low-cost portable computers that have turned the PC world upside down. Google said netbooks with Chrome OS could be on sale by the middle of 2010. "Speed, simplicity and security are the key aspects of Google Chrome OS," said the company in a blog. The n......
[more] The 10 dumbest mistakes network managers make When you look at the worst corporate security breaches, it's clear that network managers keep making the same mistakes over and over again, and that many of these mistakes are easy to avoid. In 2008, Verizon Business analyzed 90 security breaches that represented 285 million compromised records. Most of these headline-grabbing incidents involved organized crime finding an unprotected opening into a network and using it to steal credit card data, Soc......
[more] Majority of vulnerabilities now being exploited The number of exploits being written to target specific software vulnerabilities could be at all-time highs, new threat figures have suggested. Fortinet's Threatscape report for June, which actually covers the period between 21 May and 20 June, reveals that of the 108 new vulnerabilities added to its firewall intrusion detection system in the period, 62 were being actively exploited. This is equivalent to a 57.4 percent exploit rate, a rise over......
[more] How to choose the right e-mail security approach E-mail is arguably the most sensitive information application in a company's software suite. With e-mail downtime, corporate data loss, and financial threats being major concerns for any business, strong e-mail security is a must. For companies where employees cannot send communications through e-mail, business relationships with partners, customers, and other constituents can grind to a halt, resulting in executive panic. However, with difference......
[more] Experts disagree on Google Chrome security claims Google has claimed that users of its forthcoming Chrome OS will no longer have to worry about viruses, malware and security updates, but security experts disagree on whether the company can deliver on those promises. Google said in a blog post that it was "going back to the basics and completely redesigning the underlying security architecture of the OS so that users don't have to deal with viruses, malware and security updates." An op......
[more] Short URLs on spammers' hit-lists Email security provider MessageLabs said on Tuesday it saw a dramatic spike in the number of spam emails that include shortened URLs. Shortened URLs, which allow spammers to hide the real web address from web surfers and are commonly used on social media sites like Twitter where message character length is restricted, began a sharp rise last week and now appear in more than two per cent of all spam caught in the company's spam trap, according to MessageLabs. Ma......
[more] Authorities close in on South Korea hackers Security experts have reportedly uncovered the command server for the malware botnet believed to be responsible for recent attacks on US and South Korea government web sites. Researchers from Vietnamese firm Bkis Security said on Monday that the company was working with the Korean Computer Emergency Response Team on an effort to track down the source of the attacks. The company said that it now believes the command server controlling the attacks to be......
[more] Check Point endpoints get 'sandboxed' browser Check Point customers will this week get their hands on the latest version of the company's endpoint security client, R72, which features a new security-boosting ‘sandbox' browsing mode. The new WebCheck technology in R72 uses a mixture of approaches to keep corporate web browsing within certain safe limits, the company said. These included heuristic security checks based on ‘signatures' of known malware websites, analysis of unknown ones fo......
[more] AV vendors fight 'scareware' with new whitelist Security vendors have decided to take on the plague of bogus anti-virus software circulating on the Internet by creating a public list of legitimate vendors and programs. Run from the website of the Common Computing Security Standards Forum (CCSS), an organisation set up in March of this year by by Comodo CEO and chief security architect, Melih Abdulhayoglu, the purpose is to give ordinary Internet users something with which to check programs and......
[more] Phone Trojan 'has botnet features' A piece of mobile malware has the capacity to enable a hacker to build a botnet of phones, according to security vendor Trend Micro. The Symbian Trojan, which Trend Micro detects as SYMBOS_YXES.B, poses as a legitimate application called ACSServer.exe and calls itself 'Sexy Space'. It steals the user's subscriber, phone and network information, and connects to a website to send that information back to a hacker. It can also target the victim's contacts with sp......
[more] Radware, RSA team up to offer protection at network level Radware, a provider of integrated application delivery services for business-smart networking, and RSA, the security division of EMC have entered into partnership to expand an integrated crimeware blocking network designed to provide fraud protection for end users against both information and identity theft as well the spread of malware. Under the partnership, the two companies will build a proactive defense at the network layer to prote......
[more] The Scale of Security While we speak of financial transactions in the hundreds of billions of dollars as being something as routine as brushing our teeth, we question the value of programs that cost in the single-digit millions and quibble with friends over dollars. Similarly, there are many problems in our industry that, when explained to an outsider, sound like they should have been solved decades ago. It is only when we relate the number of systems that need to be considered in the repair th......
[more] Researchers set to reveal SSL vulnerability Confidential online connections made from public wireless hotspots remain vulnerable to attacks despite improved security that was supposed to fix the problem, according to security researchers. The vulnerability means that attackers can lurk in the middle of what victims think are secure SSL sessions with banks, retailers and other secure websites, picking off passwords and other information that can be used later to steal account funds or compromise......
[more] Symbian admits Trojan slip-up The Symbian Foundation has acknowledged that its process for keeping malicious applications off Symbian OS-based phones needs improvement, after a Trojan horse program passed a security test. The botnet-building Trojan, which calls itself 'Sexy Space', passed through the group's digital-signing process, Symbian's chief security technologist Craig Heath said on Thursday. Heath said the group is working on improving its security-auditing procedure. "Whe......
[more] Swine flu malware poses as pig plague update Wrongdoers have created a new strain of swine flu-themed malware. A Trojan, containing backdoor and keylogger functionality, poses as a Word document from the US Centre of Disease Control giving information about the disease. The infectious file - Novel H1N1 Flu Situation Update.exe - appears with an icon that makes it look like a Word document file. Users tempted to open the booby-trapped file are presented with a document. Meanwhile the malicious......
[more] Website infected every 3.6 seconds Infected websites have been the single biggest threat over the past six months, and the threat vectors that have seen the most growth are Web 2.0 and social networking technologies, according to a report released this week by security firm Sophos. Approximately 23,500 infected webpages are discovered every day - which amounts to a new infection every 3.6 seconds - according to the report. That infection rate is faster than in 2008, during which the first half......
[more] F-Secure: Chinese firms behind 'Sexy Space' Trojan F-Secure has identified three China-based companies as the creators of the 'Sexy Space' Trojan, which was identified last week to have passed through the Symbian Foundation's digital signing process. XiaMen Jinlonghuatian Technology, ShenZhen ChenGuangWuXian Technology and XinZhongLi TianJin cloaked the malware, also known as Yxe, and submitted it to the Foundation under its Express Signing program, the security vendor said on Wednesday in a st......
[more] Total eclipse used to bait scareware scam Wednesday's total solar eclipse over India and China has been exploited as a bait for sites punting scareware. Miscreants are using black hat search engine trickery to point geographically-confused users towards websites peddling rogue antivirus software, as explained in an illustrated advisory by Trend Micro. A search term associated with the attack "Solar Eclipse 2009 in America" might appear confusing at first, because the century's longest......
[more] Language-specific spam begins to hit the web Spammers are using translation services and templates to develop multiple versions of spam in various languages. According to the July 2009 Intelligence Report from MessageLabs, some countries are experiencing levels of spam in excess of 95 per cent. The report attributes this partially to the success of one technique, predominantly used in non-English language countries, which involves automated translation services and templates enabling spam runs......
[more] Researcher reveals massive 'professional thieving' botnet A ferocious piece of malware that's infected up to a million PCs is stealing a "tremendous" amount of financial information from consumers and businesses that log on to their bank, stock broker, credit card, insurance, job hunting and favorite e-shopping sites, a noted botnet researcher said today. "Clampi is the most professional thieving pieces of malware I've ever seen," said Joe Stewart, director of malware research for Sec......
[more] Botnet armies driving spam to new heights More than 150,000 computers being infected every day, says McAfee. Spam volumes have increased by 140 per cent since March, according to new figures from security giant McAfee, which has recorded its longest run of increasing monthly spam levels. The McAfee Q2 Threats Report, released today, said that the rise had been driven by surging growth in botnet activity. Some 14 million new computers were recruited this quarter, an increase of 16 per cent over......
[more] Nine things about botnets that will scare your pants off I wondered just how deep and wide the botnet problem goes. What I learned with just a little bit of research is enough to make you want to return to the days of stand-alone computing. The reality is worse than most people suspect. Let me share nine known things about botnets that will scare your pants off. At the very least, perhaps this article will prompt you to step up your effort to keep your corporate PCs off the illicit botnets. 1.......
[more] Using software updates to spread malware Two researchers from Israeli security firm Radware have figured out a way to trick computers into downloading malware or take over a computer by hijacking the communications during the update process for Skype and other applications. About 100 applications, many among the most popular on CNET's Download.com, can be targeted, said Itzik Kotler, team leader of Radware's security operations center, before his presentation here at the Defcon conference. K......
[more] Twitter now blocking bad URLs, but imperfectly Hoping to deal with a growing problem, Twitter has quietly introduced a feature to prevent users from posting links to malicious Web sites. But security experts say that it can be easily circumvented. The feature was first noticedMonday by Mikko Hypponen, chief research officer with security company F-Secure. When someone tries to post a link to a malicious Web site, Twitter pops up a short notification saying "Oops! Your tweet contained a URL......
[more] Trend Micro revamps threat resource site Anti-malware vendor Trend Micro has revamped its online threat resource centre to include new free tools designed to boost security and provide IT staff with greater visibility into the threat landscape. The TrendWatch site has had a complete redesign to offer information on current threat activities, educational videos and threat analysis reports, according to the firm.>New to the site is VM Protection, a free software tool designed to help enterpris......
[more] FAQ: The ins and outs of DoS attacks Thursday's denial-of-service attack that knocked Twitter offline for a few hours and affected Facebook, LiveJournal, and Google Sites and Blogger wasn't your average attack. Typically, someone who has a bone to pick with a specific Web site will round up some hijacked PCs and use them to try to shut the site down. In this case, whoever was responsible was trying to block access to a specific user's accounts and not the sites themselves. Denial-of-service at......
[more] Microsoft lays out monthly patch plans Microsoft is planning to issue at least nine security fixes this month. The company said that the 11 August patch release will address issues in Windows, Office, and Visual Studio, as well as updates to the Client for Mac software. Of the nine planned fixes, five have been rated as 'critical.' The designation is reserved for flaws which could allow an attacker to remotely compromise a system and spread malware without user notification or interaction. Only......
[more] Booming scareware biz raking in $34m a month Fraudsters are making approximately $34m per month through scareware attacks, designed to trick surfers into purchasing rogue security packages supposedly needed to deal with non-existent threats. A new study, The Business of Rogueware, by Panda Security researchers Luis Corrons and Sean-Paul Correll, found that scareware distributors are successfully infecting 35 million machines a month. RegAd('mpu1', 'reg.security.4159/crime', 'pos=top;sz=336x2......
[more] Twitter transformed into botnet command channel For the past couple weeks, Twitter has come under attacks that besieged it with more traffic than it could handle. Now comes evidence that the microblogging website is being used to feed the very types of infected machines that took it out of commission. That's the conclusion of Jose Nazario, the manager of security research at Arbor Networks. On Thursday, he stumbled upon a Twitter account that was being used as part of an improvised update serve......
[more] Hackers Put Social Networks Such as Twitter in Crosshairs Web sites such as Twitter are becoming increasingly favored by hackers as places to plant malicious software in order to infect computers, according to a new study covering Web application security vulnerabilities. Social-networking sites were the most commonly targeted vertical market according to a study of hacking episodes in the first half of the year. The study is part of the latest Web Hacking Incidents Database (WHID) report, rele......
[more] Outspoken cop questions whether to "turn the Internet off" Panic erupts as IT security issues hit mainstream television. Australian internet users might understandably be pulling the plug on their broadband connections overnight, after a program aired on national broadcaster ABC highlighted the risks and repercussions of going online. Brian Hay, detective superintendent for fraud and corporate crime at the Queensland Police, gave the ABC's current affairs program Four Corners the ultimate sound......
[more] New group promises to unite security industry A new industry body has been set up to promote closer co-operation and information sharing between vendors in the notoriously competitive IT security industry. The Industry Connections Security Group (ICSG) has been established under the aegis of the IEEE Standards Association, and includes most of the major security vendors, including Symantec, McAfee, Sophos and Trend Micro. The ICSG argues that, although there are already numerous examples of cro......
[more] Social networking remains the most targeted area for attacks as SQL injections preferred One in five hacking attempts were on social networking sites this year. According to the latest Web Hacking Incidents Database (WHID) 2009 bi-annual report from Nebulas Solutions Group and Breach Security, social networking sites were the most targeted vertical market in the first half of 2009, with hackers exploiting Web 2.0 features such as user-generated content including Twitter posts to launch their att......
[more] Police draw flack over cyber crime fiasco An attempted major cyber crime bust appears to have backfired on Australian police. Security experts have levelled sharp criticism at the authorities over the mishandling of the bust and subsequent failed efforts to secure the target site. Authorities in the country had infiltrated the r00t-y0u forum, a popular message board for hackers dealing in stolen credit card data. Australian authorities had tracked down and arrested the administrator of the site......
[more] The 100 'dirtiest' websites on the net identified The 100 'dirtiest' websites on the net have been identified by security vendor Symantec. The 100 websites each host an average of 18,000 security threats - with 40 of them each exceeding 20,000, according to the company. Symantec identified the 'Dirtiest Websites of Summer 2009', as detected by its Norton Safe Web service. The "worst of the worst" sites are plagued mostly by malware, followed by security risks and browser exploits, the......
[more] Malware designed to steal IDs increased 600 percent The number of users victimized by malware specifically intended to rob personally identifiable information leapt 600 percent this year. The number of users victimized by malware specifically intended to rob personally identifiable information (PII) leapt 600 percent this year compared to the same period in 2008, according to a report released on Thursday by PandaLabs, a division of Bilbao, Spain-based Panda Security. Writing on the PandaLabs b......
[more] Could Google be tricked into talking to botnets? Cybercriminals could start to take advantage of the popularity of search engines like Google as vehicles for relaying malicious code to botnets every time a particular keyword is searched for, said one security expert. Creators of botnets could potentially inject code in various Web sites and choose particular keywords that nobody is yet using on the Web, said Vaclav Vincalek, president of Pacific Coast Information Systems (PCIS) Ltd in Vancouver......
[more] London hospital recovers from Conficker outbreak An east London hospital has confirmed its computer systems were infected by the Conficker worm earlier this month. Whipps Cross University Hospital NHS Trust stressed that the outbreak affected only administrative systems, causing minor inconvenience, and did not affect patient care. Systems have since been restored to normal. Around one in 20 computers were affected by the outbreak, the Leytonstone-located NHS hospital explained in a statement.......
[more] Trend Micro slims down anti-virus systems Security vendor Trend Micro is looking to launch an anti-virus suite designed to keep computers running smoothly while still protecting them from malware. The company said that Internet Security 2010 will reduce the footprint of anti-virus software, allowing systems to run faster and with fewer interruptions. Erik Hutslar, director of consumer product management at Trend Micro, explained that the move addresses a common complaint that anti-virus softwar......
[more] Insider risk problem revealed Security experts have turned the notion that so called "malicious insiders" are the biggest cyber security threat for companies on its head. The security vendor RSA revealed that the majority of breaches are actually caused unintentionally by employees. Its survey showed that firms believed 52% of incidents were accidental and 19% were deliberate. "Unintentional risk gets overlooked, yet it's the most serious threat to business," said the RSA's Chris Young......
[more] Cyber crooks increasingly target small business accounts An organization representing more than 15,000 financial institutions has issued a warning about a growing wave of attacks against small banks and businesses by cyber criminals using stolen banking credentials to plunder corporate accounts. In an alert to its members earlier this month, NACHA -- the Electronics Payments Association said that attackers are increasingly stealing onine banking credentials, such as user names and paswords, from......
[more] Spammers are using translation services to easily develop multiple language spam runs According to Symantec Corp.'s MessageLabs Intelligence Report, spammers have been using translation services and templates to easily develop multiple language spam runs, and web-based malware writers take a break as less that one percent of web malware in July is new. With spam levels globally continuing to stay at a two-year high of approximately 90 percent, some countries are experiencing levels in excess of......
[more] Phishing attacks down in 2009 Spam-based phishing attacks declined noticeably during the first half of the year according to IBM. However, it's not all good news, cyber-criminals may simply be shifting to other technologies said IBM in its semi-annual security threat report . "The decline in phishing and increases in other areas (such as banking Trojans) indicate the attackers may be moving their resources to other methods to obtain the gains that phishing once achieved," is the expla......
[more] Trojan zaps banking credentials via IM No longer the province of teens and chat-obsessed netizens, instant messaging is being adopted by a growing number of banking malware applications, which zap pilfered credentials to thieves in real time. The latest entrant is Zeus, a trojan that monitors an infected PC for passwords entered into banking websites and other financial services. Over the past three months, investigators from RSA FraudAction Research Lab have observed the program, which also goe......
[more] FBI investigating laptops sent to US governors The U.S. Federal Bureau of Investigation is trying to figure out who is sending laptop computers to state governors across the U.S., including West Virginia Governor Joe Mahchin and Wyoming Governor Dave Freudenthal. Some state officials are worried that they may contain malicious software. According to sources familiar with the investigation, other states have been targeted too, with HP laptops mysteriously ordered for officials in 10 states. Four......
[more] Rogueware traps users with "green" promise A new rogueware menace is playing the environmental card, seeking to trap users into buying and downloading useless security software by claiming that donations to an environmental program will be made with every purchase. “Green-conscious people, beware!” Mary Grace Timcang, security analyst at Websense, said on the company's Security Labs blog. “Just as the scare tactics of rogue AVs have already taken their toll, yet another......
[more] How to address the two types of insider threats "I read about fraud all the time -- hackers, online gangs, angry employees, etc. It seems like it's on the rise. Why is this so hard to detect and how can we prevent fraud in our organization?" It is true that fraud is increasing, and it does seem that we read about incidents on an almost daily basis. This is a factor of the rise in the amount of sensitive information that is now online, an increased number of online applications that access this......
[more] IT pros divided about security of virtualization, cloud computing Is moving to virtualization and cloud computing making network security easier or harder? When some 2,100 top IT and security managers in 27 countries were asked, the response revealed a profound lack of consensus, showing how divided attitudes are within the enterprise. The "2010 State of Enterprise Security Survey -- Global Data" report shows that about one-third believe virtualization and cloud computing make security "harder,......
[more] Prepare for the next password attack All that often stands between a malicious hacker and access to valuable, confidential data is a few keystrokes: an end-user's or admin's password. Yet even the most carefully crafted and well-guarded password is susceptible to being stolen from an innocent victim, and crafty miscreants have numerous techniques at their disposal to do the dirty deed. In order to protect users and your organization from a password attack, you must first have a clear understand......
[more] 7 Reasons Websites Are No Longer Safe Conventional wisdom is that Web wanderers are safe as long as they avoid sites that serve up pornography, stock tips, games and the like. But according to recently gathered research from Boston-based IT security and control firm Sophos, sites we take for granted are not as secure as they appear. Among the findings in Sophos' threat report for the first six months of this year, 23,500 new infected Web pages -- one every 3.6 seconds -- were detected each day......
[more] Malware writers piggyback on 9/11 anniversary Malware writers have hooked onto the anniversary of the 11 September tragedy to spread malware via false virus messages. Malware writers are either registering new web pages and filling them with terms relating to the event, or breaking into existing web sites and adding terms to rise higher on search engine rankings. They are using these pages to host false antivirus alerts, where users get a window appear telling them they are infected and offerin......
[more] Trojan taps Google Groups as command network Hackers have programmed a Trojan that uses Google Groups newsgroups to distribute commands. Trojan distribution via newsgroups has existed for more than a decade, but using newsgroups as a command and control channel is a new innovation. The Grups Trojan itself is quite simple and is only noteworthy for the command and control structure it deploys. The malware is programmed to log into a Chinese language newsgroup to receive commands, Symantec securi......
[more] Spammers turn to fake non-delivery reports Online fraudsters are ramping up spam attacks through emails designed to look like automated responses to undelivered messages, according to recent figures from PandaLabs. The cloud security firm saw a 2,000 per cent increase in the number of malware laden non-delivery report (NDR) messages in August, compared to the average monthly number in the first six months of 2009.
Legitimate NDRs are automated messages sent to someone by a mail server when it c......
[more] Websense warns of web-based malware epidemic The growing threat to businesses from the web was put into sharper focus today, after security vendor Websense reported a whopping 671 per cent rise in the number of malicious sites during the past year. The firm's biannual State of Internet Security (PDF) report is compiled using email and web site scanning data collected by Websense Security Labs. The report found growth not only in the number of malicious sites but in the continued activity design......
[more] Malware lingers months on infected PCs Malware stays around on infected PCs far longer than previously thought, according to the latest research from Trend Micro. Previous estimates suggested that a compromised machine remains infected for approximately six weeks. Based on an analysis of around 100 million compromised IPs, Trend Micro concludes that many infected IPs are infected (or repeatedly infected) for more than two years, with a median infection length of 300 days. Four in five compromis......
[more] Web server attacks, poor app patching make for nasty mix A dangerous combination of a massive increase in Web server attacks and poor patching practices is a major cause of concern for experts, according to a report issued today by several security organizations. In a groundbreaking study that matched attack trends with patching cycle data, some conclusions came as a shock, said Rohit Dhamankar, the director of security research at 3Com TippingPoint, which contributed real-world attack informat......
[more] Zbot evades most anti-virus programs The banking trojan Zbot, which is one of today's most prevalent financially-motivated trojans, is not detected or removed by most anti-virus programs because of its ability to morph, according to a report issued by internet security firm Trusteer. A study of 10,000 Zbot-infected computers conducted this month revealed that a majority were running an up-to-date AV program, Mickey Boodaei, CEO and founder of Trusteer, told SCMagazineUS.com. 55 percent of Zbot-......
[more] Poor patching threatens security A dangerous combination of a massive increase in Web server attacks and poor patching practices is a major cause of concern for experts, according to a report issued today by several security organizations. In a groundbreaking study that matched attack trends with patching cycle data, some conclusions came as a shock, said Rohit Dhamankar, the director of security research at 3Com TippingPoint. TippingPoint contributed real-world attack information, acquired fro......
[more] Firms fail to focus on most dangerous security threats Enterprises are focusing their information security efforts in the wrong areas, leaving themselves more open to hacking attacks and malware infections as a result. The 2009 Top Cyber Risks Report from the SANS Institute concludes that most organisations are focusing their security maintenance and vulnerability scanning efforts on keeping operating system software up to date. The bigger threat, however, comes from exploits against websites an......
[more] Sharp rise in click fraud as botnet evades filters There has been a spike in click fraud thanks to a new botnet that is eluding the most sophisticated filters of search engines, web publishers and ad networks, according to a web security company. Click Forensics, which provides services to monitor ad campaigns for click fraud, said that the botnet's architects had figured out a way to mask it particularly well as legitimate search ad traffic.
The company is calling this the "Bahama botnet" beca......
[more] Facebook and YouTube malware magnets says Websense A staggering 95% of all "user-generated comments" for blogs, chat rooms and message boards online are spam or malicious, according to a new Websense report on security threat trends. "That's the first time we started monitoring that," says Patrick Runald, Websense senior manager for security research, about the level of spam and malware ploys carried out around blogs and chat rooms.
The Websense Security Labs "State of Internet Security Q1 - Q2......
[more] McAfee warns of software imposter McAfee is warning users following the discovery of a new rogue security application that masquerades as the company's flagship antivirus suite. The company said that the rogue application, known as 'AntiVirus Pro' is using McAfee's own application icons in an attempt to trick users into believing the product is originating from the security vendor. Rogue security applications use deceptive methods, such as fake scans and deceptive alert messages, into believing......
[more] Why malware writers are turning to open source Malware developers are going open source in an effort to make their malicious software more useful to fraudsters. By giving criminal coders free access to malware that steals financial and personal details, the malicious software developers are hoping to expand the capabilities of old Trojans. According to Candid Wüest, threat researcher with security firm Symantec, around 10 per cent of the Trojan market is now open source.
The move to an ope......
[more] Site offers Facebook account break-ins for $100 Security vendor PandaLabs has discovered an online service offering to help those so inclined to hack into any Facebook account they choose for a price: $100. However, those who sign up for the service could find themselves becoming the victims instead, PandaLabs warned today.
The Facebook hacking service, which is delivered via a professional looking Web site, was discovered by PandaLabs earlier this week.
Users of the service are required to fir......
[more] Social Networks Breed Malware Infestation Web 2.0 has been great for the development of online communities. But its benefits come with a downside: Hackers are using the interactivity of social sites to spread their malware. A recent study by security software supplier Websense finds that 95 percent of the comments posted to blogs, chat rooms, and message boards are spam or malicious software.
OK, the message comes from a vendor with a vested interest, but it rings too true: Websense Inc. says i......
[more] Password-stealing malware skyrocketing The use of password-stealing trojans has jumped some 400 per cent in the past year, according to a recent report from McAfee. The security firm said that in 2008, nearly 400,000 variants on trojans designed to log keystrokes and record passwords were found. By comparison, fewer than 100,000 such samples were detected in 2007. Not only is the malware becoming more numerous but, according to McAfee, data-stealing techniques have also become more sophisticate......
[more] What does PCI mean to you? This week my attention has been dominated by one word, well six officially, but often narrowed down to six or even three letters – PCI. To give it its full title it is the ‘Payment Card Industry Data Security Standard', and in my meetings this week at Gartner and other panel debates, the subject arose on several occasions. Now I will be the first to acknowledge that I do not know the ins and outs of PCI (as we will now call it), but thanks to the PCI DSS user group (se......
[more] Security firms battle world's biggest spam campaign Computer users in the US are finding there's someone to fear even more than the tax man. They're being spammed by criminal gangs, preying on users' fears of the tax authorities, leading them to install malicious software. Security researchers estimate that the campaign has already enriched criminals by millions of dollars. The spam campaign, entering its third week now, is showing no signs of slowing down, according to Gary Warner, director of......
[more] Scareware sellers poison 'iPhone MMS' search results Criminals have poisoned major search engines for terms related to the new MMS capability of Apple's iPhone, and are using the results to steer users to fake Windows security software downloads, a researcher said today. "Up to the top six results for search phrases about iPhone and SMS are poisoned," said Stephan Chenette, the manager of security research at Websense. "This obviously has to do with the iPhone's new MMS feature," he added, refe......
[more] Use ants to fight worms To combat worms, Trojans and other malware, a team of security researchers wants to use ants. Not the actual live insects, of course, but computer programs modelled to act like ants in the way they roam a network and search for anomalies. "Ants aren't intelligent," says Glenn Fink, a senior research scientist at the Pacific Northwest National Laboratory who came up with the idea for the project, "but as a colony ants exert some very intelligent behavior." According to Fi......
[more] UK SMEs happy to rely on free security tools Small and medium sized businesses (SMBs) across the UK are the thriftiest when it comes to IT security, and spend less than any of their counterparts from other countries in Europe, according to research by cloud security firm Panda Security. The survey found that almost 98 per cent of UK SMBs spend less than £1,000 a year on security software, and around half spend less than £300 a year.
Some 57 per cent of UK businesses surveyed use fre......
[more] Microsoft launches free security Microsoft has released its free computer security package to the public. From 1700 BST on 29 September, Windows users will be able to download the software from Microsoft's Security Essentials website. The free software gives basic protection against viruses, trojans, rootkits, and spyware.
The Essentials software is Microsoft's second try at making an own-brand security package.
Prior to release, a beta version of Microsoft's Security Essentials (MSE) software,......
[more] Firms most often infected by smaller botnets While big botnets get the lion's share of attention in the media, smaller botnets of less than 100 machines are the rule among most compromise corporate networks, according to a research released last week by security firm Damballa. The company analyzed 600 botnets that it encountered in enterprise networks in a three-month period, and found that the majority -- 57 percent -- were smaller than 100 nodes. Most of the smaller networks consisted of cust......
[more] Cybercrooks net €300,000 in 22 days A recent phishing and malware scam netted a group of criminals some €300,000 in stolen funds, say experts. Security vendor Finjan said that the criminals used a piece of financial malware to infect users and steal account details without being caught by bank security systems.
According to Finjan, the attackers used a combination of phishing sites and exploit attacks to dupe users into downloading a piece of malware known as the Zeus bank trojan.
Onc......
[more] Fake antivirus overwhelming scanners Fake antivirus programs are multiplying at such a rate they could start to overwhelm the detection capabilities of signature-based scanners, the latest figures from the Anti-Phishing Working Group (APWG) have hinted. Rogue or bogus programs passing themselves off as real antivirus software have been one of the malware themes of 2009, but the APWG's numbers for the first half of the year show that the organisation's members detected 485,000 samples, more than......
[more] Large online payroll service hacked In a somewhat unusual data breach, hackers recently stole the login credentials of an unknown number of customers of payroll processing company PayChoice Inc., and then attempted to use the data to steal additional information directly from the customers themselves. The breach, first reported by the Washington Post this week, took place on Sept. 23 and involved PayChoice's onlineemployer.com portal site. Hackers broke into the site and managed to access the r......
[more] Conficker smites Oxford Brookes network Conficker infected communal PCs used by students at Oxford Brookes University on Thursday, leaving sysadmins with a difficult clean-up job. A statement (extract below) by the University explains that the attack affected desktops and servers, prompting a decision to temporarily suspend student access to pooled computer rooms while an ongoing clean-up operation sorts out the mess. The outbreak also affected network services.
There has been a sustained and s......
[more] Who's afraid of malware? Four in 10 have never had a virus Despite an ever-increasing amount of malware in the wild, almost four in ten respondents to a silicon.com poll have never been hit by a virus. The poll, which asked readers when their PC was last infected, found 39 per cent of respondents claim their machine has never fallen victim to a virus, while a further 41 per cent of people's PCs were last infected between one and five years ago. The poll suggests that successful virus attacks co......
[more] Fake Antivirus: 5 software titles you should definitely NOT install We take a closer look at some of the more common scareware traps; what to look out for, how to identify the fakes and 5 rogue security software packages you should try and avoid at all costs. Bogusware, scareware or rogueware - whatever you prefer to call them, are all different names given to describe roughly the same thing: rogue security products that masquerade as the real thing.
According to numbers published by the Anti-P......
[more] Inhibiting employee use of Web 2.0 applications is a double edged sword With strong evidence now emerging that allowing employee access to Web 2.0 sites is beneficial, many organisations are starting to reverse their decisions to ban the new internet. However, with no controls in place to manage sites accessed and content posted, companies are still in danger from data leaving undetected, employees posting negative and possibly libellous comments and escalating bandwidth usage. Organisations th......
[more] Web mail scam propagates itself The industry-wide phishing scam that has affected popular web mail services such as Hotmail and GMail, is spreading, according to experts. Security firm Websense says it has noticed a sharp rise in spam e-mails from Yahoo, Gmail and Hotmail accounts. This is because infected accounts are sending personalised e-mails to contacts suggesting shopping sites, which are in fact fakes.
Security expert Carl Leonard warned people to be on their guard.
He advised people to......
[more] Companies urged to weigh risks and benefits of social networking Companies should seek to adopt social networking services while remaining wary about the security risks, according to McAfee's Greg Day. The senior threat researcher said on Wednesday that, if managed properly, sites such as Facebook and Twitter can offer effective and low cost ways for firms to connect with customers. Day noted that companies such as Dell have used social networking services to connect with customers, and cited a......
[more] Security researcher shows how hackers spy on BlackBerry and other smartphones IPhone lovers and other smartphone users should take heed: A security researcher showed ways to spy on a BlackBerry user during a presentation at the Hack In The Box (HITB) conference Wednesday, including listening to phone conversations, stealing contact lists, reading text messages, taking and viewing photos, and figuring out the handset's location via GPS. And ironically, Sheran Gunasekera, head of research and dev......
[more] Admins warned of Microsoft patch avalanche Microsoft's next Patch Tuesday round of updates and security fixes will include 13 patches, including one for the release-to-manufacturing version of Windows 7. All previous versions of the operating system will also be patched, along with Internet Explorer, Office, SQL Server and, ironically, the firm's Forefront Security client software. Eight of the fixes are rated as 'critical' in that they could allow for remote code execution. "For October we are......
[more] Twitter bans security maven for sharing naughty link A well known security researcher was banished from Twitter for more than two days for including the address of a malicious website in a two-month-old dispatch. On Tuesday, Mikko Hypponen, chief research officer for anti-virus provider F-Secure, found his Twitter account suspended with no explanation. Every one of his tweets had been erased, and those trying to visit his page found a message that said: "Sorry, the account you were headed to ha......
[more] Top tips to ensure network and endpoint security 2010 can be a safer year if you follow these detailed tips such as limiting access to those who need it, ensuring that systems are secure before connecting them to the Internet, testing the disaster recovery plan, and control the use of portable devices on the network. 1. Limit access to those who need it
In SMBs it is often the case that most people tend to be given full privileges and access to the network and to devices that they do not need t......
[more] Q&A: Websense threat research manager, Carl Leonard V3.co.uk sat down with Carl Leonard to discuss his role as head of the Websense threat labs in Europe, and the state of the threat landscape. Carl Leonard discusses Web 2.0, user-generated content and the dangers of drive-by malware. V3.co.uk: As head of the Websense European threat research team, what does your role entail?Carl Leonard: The security labs division is made up of a strong team of experts located globally. Our main aim is to deve......
[more] Google shares malware samples with hacked site admins Google has rolled out a feature that provides webmasters of compromised sites with samples of malicious code and other detailed information to help them clean up. The search giant has long scanned websites for malware while indexing the world wide web. When it detects outbreaks, it includes language in search results that warns the site may be harmful and passes that information along so the Google Chrome, Mozilla Firefox, and Apple Safari b......
[more] Fake antivirus attacks PCs with ransom demand The Fake antivirus phenomenon has taken an unpleasant turn with the discovery of a Windows program that not only cons users into buying an unnecessary license but appears to lock files and applications on the victim's PC. According to security company Panda Security, rogueware program Total Security 2009 starts out in conventional fashion with the ‘discovery' of a non-existent malware infection for which it demands an unusually ambitious $79.9......
[more] 'Gumblar' botnet beginning to mobilise The massive network of pages compromised by the Gumblar botnet are now being used to spread malware, according to researchers. Security firm ScanSafe reported that a number of pages connected to the Gumblar attacks in May had been serving malware to visitors. The company noted that the attacks were unique in that rather than infect the pages to link to a single attack site, each of the compromised servers is hosting the malware on its own.
In addition to t......
[more] Derbyshire County Council secures 8,000 endpoints from malware infection with Lumension Lumension has been selected by Derbyshire County Council to help them achieve complete visibility of its security posture for 8,000 endpoints across 430 locations. The move follows a drive to meet government information security directives and improve the results of bi-annual risk management audits. With 90 per cent of cyber attacks exploiting known vulnerabilities, Derbyshire County Council selected Lumensio......
[more] Holliday shopping occupying 2 days of work time, claims study Employees shopping online could be using as much as two full working days worth of work time this holiday season, according to a recent survey. The report, conducted by research firm MARC and backed by IT industry group ISACA, suggested that users on average will spend 14.4 hours total shopping online from their work systems. Additionally, ten per cent of those surveyed said that they would be spending upwards of 30 hours shopping.
T......
[more] Facebook users targeted by malware video player trick IT security specialist Finjan has warned users to be wary of an application targeting people on Facebook. The company warned that a fake Facebook site is using malicious Javascript based on an old "Flash Player upgrade installation" trick to entice the user to download an upgrade in order to watch a video. Finjan said the upgrade is actually malware containing the CAPTCHA pop-up.
The malware copies a couple files to C:\Windows, deletes itse......
[more] Monitoring staff email and internet: The dos and don'ts Every office generates so much email, IM and internet traffic it's all but impossible for management to keep track of exactly what's being said, seen and done online. But how can execs be confident that all these digital conversations are necessary and not just time-wasting? Or worse: the cover for data leaks, inappropriate content-sharing or other nefarious or even criminal activities. Why monitor staff email?
Some of the reasons an organ......
[more] Trend Micro CEO: hackers hitting AV infrastructure It's become an all-too-common scam: A legitimate Web site pops up a window that looks just like a real security warning. It says there's something wrong with the computer, and click here to fix it. A few clicks later, the victim is paying out US$40 for some bogus software, called rogue antivirus. Rogue AV scams have become a big problem in recent months, but according to Trend Micro CEO Eva Chen, it's part of a more sinister, strategic attack o......
[more] Web 2.0 is biggest threat say IT professionals Three out of four IT professionals believe Web 2.0-based malware will pose the biggest security threat this year, according to research from Webroot. The security vendor revealed that 73 percent believe web-based threats are more difficult to manage than email-based threats. Furthermore, 23 percent said their company was vulnerable to attacks on Web 2.0 applications including social networks such as Facebook and Twitter, while a quarter said they w......
[more] Balancing security versus productivity for third party data exchange Childhood physics lessons always taught me that objects moving through a system followed the path of least resistance. Whether it is water running downhill, electricity running through a circuit or even weather systems travelling across a continent, this rule always rings true. As Security professionals, it should not then, come as a surprise, that our users will often do the same. I am always amazed when I read about data bre......
[more] Windows 7 security: Five things you should know Microsoft says Windows 7 is the most secure version of the Windows operating system ever developed. Big deal, right? I am pretty sure that Microsoft has made that claim for every new version of Microsoft Windows in the past 15 years, and that it is a valid claim. What else would you expect? Is Microsoft going to come out with a new operating system and make it less secure than its predecessor? I think not. Still, while the marketing around Windows......
[more] Rogue anti-virus levels are at highest recorded in more than a year Levels of scareware, or rogue anti-virus, have been the highest recorded according to Fortinet. In its October 2009 Threatscape Report, author Derek Manky claimed that the total detected malware volume is at its highest in more than a year following a ‘significant' surge towards the end of September leading through October. He claimed that the main contributors were all rogue security downloaders. Manky said: "In our last recap......
[more] Pirate Bay clampdown prompted file sharing site spike Attempts to shut down notorious torrent tracker site The Pirate Bay have spurred a four-fold increase in the number of file sharing websites during the third quarter of 2009. At least some of these sites are primarily designed to distribute scareware and other types of malware rather than pirated content. Net security firm McAfee reports that a 300 per cent increase in file sharing sites that offer music and films has been accompanied by a s......
[more] Malware writers bank on Google Wave interest Malware writers have are now exploiting interest in Google's new Wave service, according to researchers. In a recent report, security vendor Symantec explained that a new wave of Trojans had been crafted to take advantage of the heightened interest in the new invite-only collaboration service. Researchers uncovered trojan applications connected to the Xrumer spam tool which were masquerading as a tool to automatically generate invites for the wave se......
[more] Why can't we do anything about spam? So I open my inbox this morning to find spam from an outfit calling itself Broadcast-info.com. Nothing new there. What was different about this one is that I also had a dozen messages from various other recipients of that spam niblet, trying to unsubscribe. Near as I can figure, the incredibly clueless spammer who sent this one out set it up so that replies went to everyone on the mailing list. That domain doesn't have a site attached to it, and the domain r......
[more] Mac art project game destroys files A Mac game that deletes users' files has sparked a debate about whether it's malware or not. The Space Invaders-style game deletes a file from the Mac home directory every time a user destroys an alien ship. The application, released as part of an art project, clearly warns this is what it does... in big red letters. Of course malware often thrives on people who ignore warnings, so security firms including Inteco, Sophos and Symantec that produce Mac OS X ant......
[more] Windows 7 more vulnerable to malware than Vista, says researcher Microsoft's decision to reduce the number of annoying security messages that Windows 7 delivers when users install software makes the new operating system more vulnerable to malware infection than Vista, a researcher said today. "UAC was neutered too much by Microsoft," argued Chester Wisniewski, a senior security advisory with Sophos, talking about Windows' Users Account Control (UAC), the security feature Microsoft debuted with......
[more] Gumblar site infections return, WordPress among affected In the latest wave of Gumblar attacks, the backdoor script being used to infect legitimate websites has been causing some WordPress blogs and other PHP-based sites to crash, security researchers have warned. "On various forums, you can find posts where webmasters report similar problems with their WordPress blogs," independent security researcher Denis Sinegubko wrote on his Unmask Parasites blog last week. "Their sites are broken and all......
[more] Switchers Guide: Understanding Mac security When it comes to security, using Windows can feel like living in the heart of a big city--the kind of place where you can install all the locks and alarms you want, but you still worry. The vast number of computer users who run Microsoft operating systems form the biggest, juiciest target cybercriminals could dream of. Which is why there are more than twenty-two million unique examples of Windows malware out there. Using the Mac, by contrast, is like......
[more] Google Reader Koobface spotlights security risk 2.0 The rising use of social networking and collaboration apps on corporate networks has spawned increased security risks beyond potential productivity losses, firewall vendor Palo Alto warns. The warning coincides with the appearance of a variant of the Koobface worm linked to Google Reader accounts controlled by hackers. Aside from acknowledged business benefits, Web 2.0 applications can transfer files, propagate malware, and have known security......
[more] China defense ministry site fends off hackers The Web site of China's defense ministry was attacked 2.3 million times in its first month online, Chinese state media said Wednesday. The report is a reminder that Chinese government and military bodies, often accused of cyberespionage against the U.S. and other countries, are also frequently attacked online. The Chinese defense ministry Web site has been under "non-stop" attack since it launched in August as a gesture of transparency, said the Peo......
[more] Gumblar botnet on the march again Security experts at ScanSafe are warning users to be on their guard after recording a resurgence of the notorious Gumblar botnet and its associated malware. The security-as-a-service firm warned in its monthly Global Threat report that 29 per cent of all web malware blocks last month were related to Gumblar, a botnet which installs traffic sniffers and backdoors on PCs and then uses stolen FTP credentials to compromise web sites. "Gumblar is arguably one of the......
[more] Security study exposes enemy within The extent of the security threat posed by negligent employees has been exposed in a study by the Ponemon Institute. Ponemon’s State of the Endpoint survey, which was backed by security vendor Lumension, quizzed more than 3,000 IT professionals in the UK, US, Germany and Australia. Six out of 10 respondents said they lose sensitive data as a result of negligent employees, while nearly three in 10 have suffered malicious theft of sensitive data by employees.......
[more] 3 Basic Steps to Avoid Joining a Botnet Banging the drum for security awareness never gets old. As much as CSOs try to get folks to bone up on safe practices (both online and in the office), there are always going to be some who need reminding. Online, the biggest battle these days is against botnets: networks of infected computers which hackers can use -- unbeknownst to the machine's owner -- for online crimes including sending out spam or launching a denial of service attack. Unfortunately, t......
[more] First malicious iPhone worm slithers into wild A Dutch internet service provider has identified a worm that installs a backdoor on jailbroken iPhones and makes them part of a botnet. The worm, according to XS4ALL, targets jailbroken iPhones whose owners have carelessly failed to change the default password. In addition to connecting to a Lithuanian master command channel, it also changes the root password for the device, making it harder for owners trying to regain control. Infected iPhones are......
[more] New zero-day IE exploit on the loose Internet Explorer is reeling from yet another zero-day exploit, this time causing the browser to crash or tricking users into visiting a malicious web page. The new exploit, which was published to the BugTraq mailing list at the weekend, affects Internet Explorer 6 and 7, according to Symantec researchers. Symantec said that the malware exhibits signs of "poor reliability", but that a "fully-functional reliable exploit" is likely to be available soon.
The is......
[more] Large Hadron Collider spam carries virus Security experts are warning of a malware attack disguised as a video of the Large Hadron Collider in action. The bogus video link arrives in an email, which security firm Sophos said is "dodgy from the start". The message reads: 'Wow, don't ask me how I get this video, but it's realy [sic] cool,' followed by a mytinyurl.net web link.
The scammers claim in the email that thousands of people have already enjoyed and bookmarked the video, but that it requi......
[more] Is losing a mobile device really such a big deal? Losing a mobile device is a common occurrence - but that's doesn't mean it's not serious. Jon Collins looks at what businesses can do to protect themselves from this vulnerability. These days, it's no surprise to anybody that staff mobility - everything from home working to being able to pick up email when out and about - brings with it a business advantage. We at Freeform Dynamics have been asking questions about mobile usage patterns and produ......
[more] RSA: iPhone worm marks "early days of mobile malware" The iPhone worm that emerged over the weekend is indicative of a new wave of mobile malware and businesses have been advised to update their security policy. Following the Apple iPhone worm detection, Sam Curry, vice president of product management and strategy at RSA, claimed that this marks the "early days of mobile malware". While Curry said that the previous attempts such as the Ikee worm were a mere proof-of-concept, the new discovery i......
[more] Koobface-like worm targets Skype users Security experts have warned Skype users that new malware similar to the infamous Koobface worm that caused havoc on Facebook is now targeting the popular IP telephony service. Trend Micro said that it detected the Koobface-like variant as TROJ_VILSEL.EA, a piece of malware designed to steal contact lists, phone numbers, locations and other information that forms part of a Skype profile.
"It is also capable of using Skype's built-in instant messaging capab......
[more] Check Point acquires FaceTime classification and signature database to secure Web 2.0 applications The momentous growth of Web 2.0 platforms and the benefits gained through their use introduces significant new compliance and policy challenges. Government agencies and corporations worry about sensitive information leaking out over Twitter or Facebook and organizations now face new rules, from regulatory bodies such as FINRA, specifically relating to content posted to social networks. Check Point......
[more] China warns about return of destructive Panda virus A computer worm that China warned Internet users against is an updated version of the Panda Burning Incense virus, which infected millions of PCs in the country three years ago, according to McAfee. The original Panda worm, also known as Fujacks, caused widespread damage at a time when public knowledge about online security was low, and led to the country's first arrests for virus-writing in 2007. The new worm variant, one of many that have ap......
[more] Raunchy spam targets online gamers Security experts are warning of a new malicious spam campaign designed to harvest the login credentials of online gamers. According to a blog posting by security vendor Sophos, the spam emails arrive with the subject line “Do you like to find a girlfriend like me?” and contain the following message: Wish to have a boyfriendBe able to protect me, take care of meIntolerable lonely night and would like to have your care.do you Willing?This is my photos.
Attached......
[more] Malware hidden in English language text How hackers could evade antivirus protection. A team of US security researchers have engineered a way of hiding malware in sentences that read like English language spam. The work is a breakthrough because current network security techniques work on the assumption that the code used in code-injection attacks, where it is delivered and run on victims’ machines, has a different structure to non-executable plain data, such as English prose. One of the resear......
[more] Extra spam and malware security for bit.ly Bit.ly has partnered with security firms to bolt improved anti-spam and malware protection onto the URL shortening service. VeriSign’s iDefense IP reputation service will be used to screen against links that point to blacklisted sites hosting exploits, malicious code, botnet command and control servers or other nefarious activity. Websense Threatseeker cloud service will be used to peer behind the web content behind bit.ly links in real time, using beh......
[more] Malware suspected of 'Black Screen' issue Malware has been blamed for a problem with the Windows 7 operating system, dubbed the 'Black Screen of Death'. Some Windows users are confronted by a totally black screen after they log on to their system. Initially it was thought that Microsoft's own security update could have caused the problem but that has now been ruled out.
The software firm that suggested the security update was the problem has apologised for its claims.
Reports suggest the proble......
[more] PrevX U-turn on Windows update Black screen of Death claim PrevX has backtracked on earlier claims that a Windows update caused Windows machines to lock up with a so-called "Black Screen of Death". An updated blog post from the UK-based software security firm withdraws earlier claims that a recent Microsoft update caused a glitch that resulted in affected PCs displaying only the My Computer folder on a blank screen. PrevX's new line is that changes in the Windows Registry that trigger the behav......
[more] Swine flu botnet causes chaos A spam campaign that poses as a message from the Centers for Disease Control (CDC) asking people to register for H1N1 vaccinations continues to be a major problem, according to a security researcher. The messages lead unwary users to a convincing-looking CDC site where they're asked to create a profile in order to receive a vaccination for the swine flu , which has made headlines for both its aggressive spread and a lack of vaccine. The site urges users to download......
[more] New code makes Windows 7 vulnerable to hackers Windows 7 will open up more opportunities for malware authors as they target flaws from the new nature of the operating system. This was one of the predictions of security company Websense, which expected criminals to target new code in Windows 7 that was not present in Vista or XP. In fact, Microsoft released patches for Windows 7 before it was even released.
In an interview with IT PRO, Carl Leonard of Websense said that any new software brought......
[more] Researcher says iPhone data model could lead to malware If you're feeling whiplash over the state of iPhone security, you're in good company. Last month, the first iPhone worms were reported, which either rickrolled your iPhone with a background picture of Mr. Astley, or did far worse things to your software and data. But the only people who were vulnerable were people who had jailbroken their phones, turned on SSH services, and neglected to change their root password. And we all know that peo......
[more] Scammers scrape RAM for bank card data Forget keyloggers and packet sniffers. In the wake of industry rules requiring credit card data to be encrypted, malware that siphons clear-text information from computer memory is all the rage among scammers, security researchers say. So-called RAM scrapers scour the random access memory of POS, or point-of-sale, terminals, where PINs and other credit card data must be stored in the clear so it can be processed. When valuable information passes through, i......
[more] Cybercrooks getting bolder experts warn Online crime could become more direct and aggressive in the coming months, according security experts. In its annual Future Threat Report, security firm Trend Micro suggested that an increasingly crowded underground market could push cybercriminals to adopt new and more aggressive approaches to parting users and their money. Specifically, Trend suggested that bank accounts themselves will be increasingly targeted. Rather than steal payment information or......
[more] Stronger botnets and increased spam detections in 2009 Cybercriminals learn lessons from McColo shutdown. There has been an average rate of 87.7 per cent in detected spam in 2009, as a small number of botnets have become stronger. According to the MessageLabs intelligence annual security report for 2009 from Symantec, cybercriminals have sharpened their survival skills and operated a volume and variety approach over the past 12 months.
It showed that there was a high of 90.4 per cent of detecte......
[more] Botnet found in Amazon's EC2 cloud Security researchers have spotted the Zeus botnet running an unauthorised command and control centre on Amazon's EC2 cloud computing infrastructure. This marks the first time Amazon Web Services' cloud infrastructure has been used for this type of illegal activity, according to Don DeBolt, director of threat research with HCL Technologies, a contractor that does security research for CA. The hackers didn't do this with Amazon's permission, however. They got on......
[more] Report finds most data breaches are 'utterly preventable' Most security breaches are caused by malware, an SQL injection attack or the exposure of remote access credentials such as a VPN password, according to a report by Verizon Business. Verizon's 2009 Supplemental Data Breach Investigations Report, released today, said that malware such as keyloggers and spyware were responsible for the majority of data breaches.
Mark Goudie, managing principal at Verizon Business, told iTnews that the bigge......
[more] Attackers hone Twitterific exploit-site concealer Malware writers have revamped code that uses a popular Twitter command to generate hard-to-predict domain names, a technique that brings stealth to their drive-by exploits. Four weeks ago, when The Register reported Twitter application programming interfaces were being used to generate pseudorandom domain names, none of the addresses checked had actually been registered. Denis Sinegubko, the Russian researcher who discovered the technique, specul......
[more] Businesses need to understand the security issues of Web 2.0 and Social Networking The adoption of Web 2.0 makes the job of keeping email and the web free from attacks, malware and spam even more difficult. Yet, simply closing access to unapproved tools can be short sighted as unhappy employees drift to rival businesses with more enlightened policies. Web 2.0 is growing with increasing momentum and businesses seem to be harnessing some of its benefits to bring them closer to their customers and......
[more] Potent malware link infects almost 300,000 webpages A security researcher has identified a new attack that has infected almost 300,000 webpages with links that direct visitors to a potent cocktail of malicious exploits. The SQL injection attacks started in late November and appear to be the work of a relatively new malware gang, said Mary Landesman, a researcher with ScanSafe, a web security firm recently acquired by Cisco Systems. Hacked sites contain an invisible iframe that silently redirects......
[more] Make sure employee online Christmas shopping doesn't become a business security issue This Christmas, with online sales expected to reach £5 billion, perhaps shoppers can learn a few lessons from the Ghosts of the Charles Dickens classic, A Christmas Carol. As the Christmas shopping season gets underway, most Internet users won't benefit from a visit from the Ghost of Christmas Past to warn them of the dangers of online shopping – a perennial target of cybercriminals attempting to steal confide......
[more] Adobe won't patch latest PDF zero-day until Jan. 12 Adobe won't patch the newest critical vulnerability in its PDF viewing and editing software for another four weeks, even though attack code has been publicly released. In an update yesterday to the security advisory it issued Tuesday, Adobe set the patch date as Jan. 12, 2010, which is also the next regularly-scheduled quarterly security update for Adobe Reader and Adobe Acrobat. Most of the advisory was dedicated to confirming the bug -- whic......
[more] File sharing networks top target for cyber criminals Cyber criminals are set to change their ways of working, according to security company Kaspersky Lab. . Secure content management solutions developer Kaspersky Lab has outlined the threats it expects to see in 2010 as a result of cyber criminal activity. Kaspersky Lab was expecting a rise in the number of global epidemics in 2009 but this year was marked by sophisticated malicious programs with rootkit functionality. Corporates and individual......
[more] Microsoft's 'whitelist' helps hackers, says Trend Micro By recommending that users exclude some file extensions and folders from antivirus scans, Microsoft may put users at risk, a security company said today. In a document published on its support site, Microsoft suggests that users do not scan some files and folders for malware as a way to improve performance in Windows 2000, XP, Vista, Windows 7, Server 2003, Server 2008 and Server 2008 R2. "These files are not at risk of infection. If you sc......
[more] Looking back at malware in 2009 2009 was the year in which nobody that uses the Internet could afford not to educate him/herself about the dangers that lurk in the inbox, in Google's search results, on the social networks they use, and sometimes even on their favorite news site. This year has definitely been marked by the increase of malware being delivered directly to your door (so to speak). So, let's see what were the major threats.
Conficker
Also know as Kido, Downadup or Downup, this worm......
[more] Report: Russian gang linked to big Citibank hack U.S. authorities are investigating the theft of an estimated tens of millions of dollars from Citibank by hackers partly using Russian software tailored for the attack, according to a news report. The security breach at the major U.S. bank was detected mid-year based on traffic from Internet addresses formerly used by the Russian Business Network gang, The Wall Street Journal said Tuesday, citing unnamed government sources. The Russian Business N......
[more] Smartphone attacks, rogue antivirus, cloud breaches top 2010 security concerns The rise of the Conficker worm and Heartland Payment Systems' enormous data breach were two defining security events in 2009. What's in store for 2010? "It's going to get worse," says Patrik Runald, senior manager of security and research at Websense, who argues there has not yet been a year when things got better in terms of security and the wider Internet. Criminals have been mastering botnets, phishing scams and f......
[more] More attacks expected on Facebook, Twitter in 2010 Social-networking sites like Facebook and Twitter can expect more attention from cybercriminals in 2010, according to a new report released Tuesday by McAfee Labs. Also at risk are users of Adobe Systems products including Acrobat Reader and Flash. And move over Microsoft; the security firm predicts that Google's Chrome OS will "create another opportunity for malware writers to prey on users." The company also anticipates smarter and more dange......
[more] 2010 predictions: Security The security landscape is a complex, multi-layered one that changes more subtly and indefinitely than the seasons. It is therefore hard to predict security trends with any degree of certainty. That said, by looking back at the security developments of the past year and talking to security experts, we believe we have come up with a list of key trends that any IT leader worth his or her salt would be wise to keep an eye out for in 2010. Spam, botnets, social networks -......
[more] US 'troubled' by China cyberattacks A senior US official has said the country is "troubled" by recent cyberattacks, originating from China, that targeted human rights activists. Internet giant Google has said it may end its operations in China following a spate of attacks on e-mail accounts. Commerce Secretary Gary Locke said China must ensure a "secure" commercial environment for Google and other firms.
However, a Google spokesman said that it was still filtering its search results for China.......
[more] McAfee CTO: Google hack was 'watershed' moment Last week's revelation of a series of targeted Chinese cyber attacks on Google and at least 20 other firms was a "watershed" moment in cyber security, according to George Kurtz, chief technology officer at security giant McAfee. Writing on the firm's Security Insights blog yesterday, Kurtz said that, although his researchers see " lots of attacks that use complex malware combined with zero-day exploits", the attack on Google, which McAfee has dubbe......
[more] Heartland moves to encrypted payment system Responding to its widely reported and massive data breach that took place a year ago, Heartland Payment Systems will be moving to an end-to-end encryption system for payment transactions, according to Chairman and CEO Robert Carr. "End-to-end encryption is a good way to mitigate the risk of having the kind of compromise that we and hundreds of other companies have had," Carr said in an interview.
"We're using encryption on the front end to keep card n......
[more] Critical infrastructures under attack, warns McAfee Attacks on critical infrastructure IT systems are widespread and growing in frequency, and could cost over $6m (£3.7m) a day on average, according to a detailed new report from security giant McAfee launched today. In the Crossfire: Critical Infrastructure in the Age of Cyberwar is one of the most in-depth reports of its kind in the security area. McAfee surveyed over 600 professionals responsible for critical infrastructure protection across......
[more] Security firms warn of iPad scams Interest in Apple's new iPad tablet will likely touch off a wave of new online scams in the coming weeks, according security experts. The attacks, which have already begun to appear, include search-engine poisoning attacks designed to direct users to attack pages. According to security firm WebSense, such attacks began to appear within hours of the iPad's unveiling. The company noted that specially-crafted sites were being loaded with keywords in order to appea......
[more] The Top 10 Security Threats in Cyberspace The year 2010 promises to be an action packed year in cyberspace. With the giants of the Internet reporting an unprecedented breach in their networks, it is not farfetched to presume that the next world war could be fought in cyber space! Attacks are now exceedingly covert, complex and targeting specific organizations and no million dollar protective blanket of security product/infrastructure can completely secure your machine. The only weapon you have......
[more] Valentine's Day spam starts to appear Valentine's Day still is nearly two weeks away, but the lover's holiday is already attracting the attention of the web's criminal element. Researchers at Trend Micro said they have spotted two spam campaigns - one promoting a fake gift card promotion, the other counterfeit watches - in the wild. Maria Alarcon, an anti-spam engineer, said in a blog post that as Valentine's Day nears, internet users should expect the scams to get more malevolent. "Every speci......
[more] Britain warns businesses of Chinese 'honey trap' Britain's MI5 security service has accused the Chinese government of engaging in an unusually wide-ranging campaign to breach UK business computer networks, in some cases exploiting sexual relationships to pressure individuals to cooperate. The so-called "honey trap" methods were aimed at business executives at trade shows and exhibitions and involved offers of "lavish hospitality and flattery," according to an article in The Sunday Times. The Ne......
[more] Manchester cops clobbered by Conficker Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days. The malware was likely introduced into the GMP network after an already infected memory stick was plugged into a Windows PC.
Conficker (aka Downadup) began spreading on Friday evening leading to a decision to disconnect GMP systems from the Police National......
[more] Researchers identify algorithm that stops worms spreading Researchers have found a way to block the spread of self-propagating worms on corporate networks while keeping infected machines online so they can continue performing their legitimate duties. Using an algorithm they devised, the research team, based at Pennsylvania State University, can quickly measure how virulent worms are and halt their spread while keeping the false-positive rate less than 5 percent, said Peng Liu, an associate prof......
[more] Researcher blasts iPhone security protections A security researcher presenting at the Black Hat security conference in Washington DC has suggested that major flaws exist in the Apple iPhone. Researcher Nicolas Seriot said that Apple was leaving major holes in the smartphone for its software which could possibly allow attackers and malware developers to craft applications which steal user data such as recent calls and locations. "Overall security improves with each new iPhone version, but some b......
[more] Conficker outbreak infects Leeds hospital servers Servers on the network of Leeds Primary Care NHS Trust were struck down by the Conficker worm late last week. The malware infection struck on Friday and forced administrators to take a handful of infected servers offline, in phases, in order to apply deworming tools. Trust PCs were not infected by the attack, which a leaked memo (extract below) blamed on the connection of an infected laptop onto the network.
We have been hit by a virus attack -......
[more] Cybercrooks fake the death of Bill Cosby An online hoax claiming the death of Bill Cosby is now being used to push a malware attack. Researchers at security vendor Sophos have reported a new round of web sites claiming to offer news of the comedian's death. The company said that the pages attempt to mimic CNN's web site and upon loading, users are presented with phony error messages attempting to push fake antivirus packages. "Hunting for information about the story can lead your computer into......
[more] Small drop in Christmas spam but rates still rising McAfee’s latest threat report for the fourth quarter of 2009 saw a drop in spam over the period, although the year ended with overall amounts rising. In the last quarter of the year spam levels dropped from a record of 175bn per day in the third quarter to 135bn, a decline of 24 per cent. However spam levels are likely to rise again, especially given a 40 per cent rise in one day, December 14th, as spammers looked to scoop last minute shoppers.......
[more] Valentine's Day brings out cyber crooks As Valentine's Day nears, security experts are issuing warnings of fresh attacks targeting the holiday. McAfee has reported a new round of attacks targeting user who search for information and files relating to the holiday. According to McAfee Labs director Dave Marcus, attackers have used search engine optimisation techniques to force malicious sites high on result pages for common searches on Valentine's Day. The attack sites promise items such as scree......
[more] Facetime survey reveals rising use of web 2.0 services in companies A major survey of company internet usage, focusing on staff use of social networking sites, instant messaging and internet telephony services, has revealed a significant gap between the perception and the reality as far as IT managers are concerned. According to Sarah Carter, marketing communications manager with Facetime, the company that undertook the research, whilst 61% of firms view malware are their greatest security risk......
[more] Microsoft says rootkit caused Windows blue screens Microsoft late on Wednesday confirmed that a rootkit caused Windows PCs to crash after users applied a security patch issued last week. Only systems infected with the Alureon rootkit were incapacitated with Blue Screen of Death (BSOD) errors that prevented booting, said Mike Reavey, the director of the Microsoft Security Response Center (MSRC), in an announcement on the center's blog. "Our investigation has concluded that the reboot occurs becau......
[more] Cyclist accused of hacking French laboratory A French judge has issued an arrest warrant for a cyclist accused of hacking into computer systems at an anti-doping lab. According to a New York Times report, authorities believe that Floyd Landis, a former Tour de France winner, used a Trojan program to install data-stealing malware on a system at the Châtenay-Malabry drug-testing lab. The accusations are in connection with Landis' 2006 Tour de France anti-doping case. As part of his defence in the......
[more] The State of Web Security Issues While security vulnerability research can expose technical weaknesses that may be exploited, incident research provides in-depth information about the most common targets, motives and attack vectors of modern hackers. And where better to turn for a sense of where we stand today than the Web Hacking Incidents Database (WHID). Analysis of WHID reveals that in 2009 social networks were at the greatest risk, malware and defacement remained the most common outcome of......
[more] Almost 2,500 firms breached in ongoing hack attack Criminal hackers have penetrated the networks of almost 2,500 companies and government agencies in a coordinated campaign that began 18 months ago and continues to steal email passwords, login credentials, and other sensitive data to this day, a computer security company said. The infections by a variant of the Zeus botnet began in late 2008 and have turned more than 74,000 PCs into remote spying platforms that have siphoned highly proprietary......
[more] Lumension combines whitelisting and blacklisting Security vendor Lumension is adding a new function to its security suite which it claims takes the best features from both whitelisting and blacklisting. The Intelligent Whitelisting module works by scanning an entire network for malware and cleaning up any infections where they are found. Once the network is clean then a snapshot is taken and the network is then locked down to allow no new applications to run. Once this has been carried out the......
[more] Huge number of websites barely visited, report finds The Internet, famously, has a long tail, but a new analysis has revealed another characteristic of this vast slew of obscure websites. Huge numbers of them are never visited. Analysing visits to several million websites during the last quarter of 2009 for its State of the Web report (registration required), cloud security startup Zscaler created a Hilbert curve-generated ‘heatmap' of active and inactive IPv4 sites from real customer......
[more] Scareware scams ride the back of killer whale tragedy Supposed footage of Wednesday's fatal Sea World killer whale attack in Florida actually points at sites distributing scareware. Dawn Brancheau, 40, a trainer at Sea World in Orlando, lost her life yesterday after a killer whale attack. Miscreants have wasted no time is exploiting the tragedy, as so many before it, by setting up malware traps designed to ensnare the unwary. Black hat search engine trickery is once again being used to drive tr......
[more] Microsoft shuts down global spam network Microsoft has won court approval to shut down a global network of computers which it says is responsible for more than 1.5bn spam messages every day. A US judge granted the firm's request to shut down 277 internet domains, which it said were used to "command and control" the so-called Waledac botnet.
A botnet is a network of infected computers under the control of hackers.
The firm said that closing the domains would mean that up to 90,000 PCs would stop......
[more] Britain all atweet over Twitter phishing attack The latest phishing attack on Twitter users swept the U.K. overnight claiming several prominent users. The result was evident on Friday morning when users woke up to find messages on compromised accounts that read, "hey, i've been having better sex and longer with this here," followed by a link to a Web site selling sexual-performance drugs. Although the number of people affected is difficult to determine, it made top news on the country's TV netw......
[more] Microsoft to target other botnets with legal weapon Microsoft has several other botnets in its crosshairs, and believes it can use the same legal tactic against them that it deployed last week to strike at the Waledac botnet's command-and-control centers. But the company also admitted that it had not yet severed all communications between the controllers of Waledac and the thousands of compromised Windows computers used by hackers to pitch bogus security software and send a small amount of spam......
[more] RSA 2010: HP shares findings on cloud security study HP has posted the findings of a new study on cloud computing security. The company commissioned the study along with the Cloud Security Alliance as part of the run-up to this year's RSA 2010 conference. The peer-review study examined 29 enterprises, service providers and consulting firms. Researchers found that companies faced a mixture of both malicious and accidental data loss dangers when adopting web services. The vulnerabilities also var......
[more] Microsoft exec suggests Internet tax to pay for cyber security How will we ever get a leg up on hackers who are infecting computers worldwide? Microsoft's security chief laid out several suggestions Tuesday, including a possible Internet usage tax to pay for the inspection and quarantine of machines. Today most hacked PCs run Microsoft's Windows operating system, and the company has invested millions in trying to fight the problem. Microsoft recently used the U.S. court system to shut down the......
[more] RSA 2010: Panel mulls security regulation With data breaches and network infiltration attacks increasingly targeting enterprises, a group of security experts weighed the pros and cons of getting the government involved in IT security Wednesday at the 2010 RSA conference in San Francisco. Former US Homeland Security Michael Chertoff joined Electronic Privacy Information Center executive director Marc Rotenberg and Good Harbor Consulting chairman Richard Clarke to discuss just what steps the gove......
[more] McAfee launches real-time threat response service McAfee has formed a new security group from its malware response teams to offer help and advice to organisations about emerging threats. The Vulnerability Detection and Response Group will include input from McAfee's Labs, the office of the chief technology officer and Foundstone Professional Services. McAfee claims that the service will help enterprises to identify risks, analyse systems and deal with recurring security concerns.The nature of t......
[more] Energizer Bunny's software infects PCs According to researchers at US-CERT (United States Computer Emergency Readiness Team), software that accompanies the Energizer DUO USB battery charger contains a Trojan horse that gives hackers total access to a Windows PC. The Energizer DUO, a USB-powered nickel-metal hydride battery recharger, has been discontinued, said Energizer Holdings, which late Friday confirmed that the software contains malicious code. The company has not said how the Trojan made......
[more] Overlooked online threats There's the danger you know, and then there's the danger you don't know. Most of us are rightfully wary of downloading and running programs that have no pedigree, or of performing day-to-day operations as an administrative user. But with each passing year, new security threats march in to eclipse the old, many of them not getting their share of attention until it's too late. Threats go unappreciated for various reasons. Some seem too obscure or unlikely to be valid unt......
[more] Argos buries unencrypted credit card data in email receipts Catalogue firm Argos has been criticised for an email security breach that exposed customers' credit card details and CCV security numbers. The exposure came to light after an Argos customer who checked his order confirmation email found that his credit card number and security code was buried in the HTML source of the message. The slip-up meant that any miscreants who intercepted email confirmation messages from Argos would be able to......
[more] McAfee warns of scareware plague Security firm McAfee has used its first Consumer Threat Alert to advise web users of the dangers of fake anti-virus scams. Malware writers are increasingly using the technique to snare unwary users by presenting pop-up windows appearing to be a security report from a recognised firm. The ads prompt the user to 'scan' their computer for viruses, but in fact often deliver malware designed to steal personal data and credit card information."It is an incredibly......
[more] Banking fraud up as card losses fall Online banking losses and phishing attacks both recorded double-digit growth last year as UK customers continued to fall victim to online scams, according to figures released today by The UK Cards Association and Financial Fraud Action UK. The two organisations reported a year-on-year increase in online banking losses to £59.7m in 2009, while phishing attacks rose by 16 per cent to reach over 51,000 during the period. The increases are down to criminal......
[more] Fake antivirus software is most costly security scam of 2010 Fake antivirus programs that encourage web users to part with their hard-earned cash and download hoax security software is likely to be the most costly scam of 2010, says McAfee. According to the security firm, cybercriminals make upwards of $300m from conning web users worldwide into downloading scareware.The security firm also said it had seen a 660 percent rise in scareware over the past two years, and a 400 percent increase in re......
[more] Get to the root of security threats One of my clients was recently hit (again) by the Conficker worm. The company's systems were all fully patched, yet the malware still managed to infiltrate hundreds of machines. It was evident that worm was able to spread rapidly via a network share vector. But the real question remains: How did the worm infiltrate the network in the first place, given that all the systems were patched? This scenario perfectly illustrates the importance of root-cause analysis......
[more] Cybercrime's bulletproof hosting exposed Researchers at RSA have identified the network framework that endows some of the worlds most notorious botnets with always-on connections that are virtually immune from takedowns. At the network's heart are the servers that shepherd tens of thousands of infected PCs so they continue to send spam, spread malware, and stay updated with the latest bot software. By maintaining multiple conduits between these master control channels and the outside world, mal......
[more] Harnessing the cloud as part of our defenses 90% of malware comes from hidden download pointers in trusted and popular Web sites and each day in 2009, 15,000 new web pages were infected with malware. Now, there are billions and billions of web pages, many of which - from news pages through blogs or search engine results - change literally in real time. Cloud computing is acknowledged as a new delivery model for IT services based on the Internet (represented in diagrams as a cloud - hence the cl......
[more] Warnings made of backdoor Trojan disguised as a download for a Skype Email Toolbar Websense has warned of malware that claims to be a download for a Skype Email Toolbar. It claimed that there is currently a 'very low' anti-virus detection for the spam email message, which contains a file attachment named SkypeToolbarForOutlook.zip that contains a backdoor Trojan. Carl Leonard, security research manager at Websense Security Labs, whose ThreatSeeker Network discovered the new wave of email attack......
[more] New malware overwrites Adobe software updaters For the first time security researchers have spotted a type of malicious software that overwrites update functions for other applications, which could pose additional long-term risks for users. The malware, which infects Windows computers, masks itself as an updater for Adobe Systems' products and other software such as Java, wrote Nguyen Cong Cuong, an analyst with Bach Khoa Internetwork Security (BKIS), a Vietnamese security company, on its blog.......
[more] Scammers capitalizing on tax season to spread Zeus Cybercriminals have been capitalizing on tax season by sending messages that appear to come from the Internal Revenue Service but actually lead to the data-stealing trojan Zeus, researchers at anti-virus firm Trend Micro warned Thursday. The messages ask users to follow a link and review their tax statement to fix errors related to unreported or under-reported income, according to Trend Micro. The URL leads users to a variant of Zeus, which ste......
[more] Lumension Device Control protects Barts and The London NHS Trust against data theft and malware infections Barts and The London NHS Trust has selected Lumension Device Control to protect against virus and malware infections while safeguarding the confidentiality and integrity of patient data. The Trust partnered with Lumension for its data protection solution to prevent data loss and theft by enforcing removable device usage and encryption policies for all removable devices such as laptops, MP3......
[more] SEO poisoning attacks are likely to gain steam this year A malicious SEO poisoning attack, also known as a Blackhat SEO attack, occurs when hackers manipulate search engine results to make their links appear higher than legitimate results. As a user searches for related terms, the infected links appear near the top of the search results, generating a greater number of clicks to malicious Web sites. Search engine optimization (SEO) poisoning is an increasingly popular method of attack for cyberc......
[more] Blue Coat stresses need to combat social engineering Administrators and security vendors must step up efforts to prevent social engineering attacks in the enterprise, according to security vendor Blue Coat systems. The company said in its annual security report that in addition to swifter analysis and protection, end-users need to be made aware of the practices commonly used to trick them into installing malware and releasing sensitive data. Blue Coat cited increasingly popular trends such as s......
[more] Forrester offers advice on social media security Acceptable usage policies, content security tools, and a strong governing process including user education are all vital if firms are to reap the rewards from allowing social networking use while protecting themselves from the manifold risks, according to Forrester. In a new report, To Facebook Or Not To Facebook, analyst Chenxi Wang argued that social media is becoming entrenched in the enterprise but that information security managers are worri......
[more] Sophos exposes blackhat search engine techniques IT security firm Sophos has conducted a new research which reveals the automated tools used by Search Engine Optimisation (SEO) hackers and how companies can protect themselves. Sophos said the business of using blackhat SEO techniques to impregnate legitimate sites has become a huge money-spinner for cybercriminals. Every day scores of new malicious campaigns are discovered taking advantage of the hottest news stories on the internet to spread ma......
[more] Differences between viruses, trojans and worms explained In the anti-malware business we often quibble over details the general public does not care about. To us these differences are important, though, as classifying a piece of malware helps us define and understand its nature and helps those of us stuck with detecting or cleaning up an infection. Many people try to use their understanding of these terms to defend their poor choices in security practices. It might be a good time for a little r......
[more] Security experts warn of mobile Trojan threat Security experts are warning Windows Mobile phone users to beware of downloading games to their devices, after it emerged that a Russian-speaking hacker has been uploading versions of a particular game with malicious Trojan programs hidden inside. Graham Cluley, senior technology consultant at Sophos, said yesterday that Windows Mobile users playing the 3D Anti-terrorist Action game have reported that their phones are making expensive calls to inter......
[more] Bogus UPS spam wrecks Windows XP A new wave of bogus UPS shipping spam is being used to push a piece of malware which can render PCs unbootable, security company Webroot has warned. The company's warning relates to a Trojan downloader called 'tactilol' that appears to turning up either as a zipped attachments with stock UPS shipping confirmation spam, or as a Facebook update. The attack will undoubtedly have a number of different payloads, but the one that caught Webroot researcher's attention......
[more] South Korea accounts for third of the world's malware Almost a third of global internet viruses are being sent from South Korea. According to Network Box, in March it accounted for 31.1 per cent of the world's malware, a leap from February's 8.9 per cent. The US is the second most prolific producer of viruses, holding steady from February at 9.34 per cent, followed by Brazil at 6.04 per cent, China at 5.05 per cent and India at 3.86 per cent. Simon Heron, internet security analyst at Network Bo......
[more] The need for a truly unified security solution It's no secret that modern security threats are converging and a significant proportion of data loss occurs via coordinated Web and email attacks. So why is it that many organisations manage multiple different security technologies? Information held and shared electronically proves rich pickings for cybercriminals. Businesses are actively targeted for specific information, and the threat can hit using email, Internet and data stealing technology -......
[more] New MacOS X malware surfaces Apple Mac users are being warned to keep a close eye on their systems following the discovery of a new piece of malware for MacOS X. Dubbed "HellRTS," the malicious tool has been spotted as a proof of concept sample. Thus far no active exploits or attacks have been spotted, though experts warn that samples of the malware have been widely circulating online. According to MacOS X security specialist Intego, the malware can be spread either through a trojan download or......
[more] Network Solutions customers hit by mass hack attack Network Solutions' security team is battling a mysterious attack that has silently infected a "huge" number of the websites it hosts with malicious code. The mass compromise affects sites running WordPress, Joomla, and plain-vanilla HTML, according to reports here and here from Securi Security and Stop Malvertising. Many of the infected sites include encoded javascript that secretly attempts to install malware on visitors' computers.The attack......
[more] Why Employees Break Security Policy (And What You Can Do About It) It happens every day: an employee who's out of the office wants to get into his machine at work. Instead of using a more secure method, he decides to email some files to his home machine, or upload a file to Facebook, or use a popular PC file sharing tool. And the next thing you know, your organization is dealing with a major data leak. Despite years of education and training, many enterprise end users still don't understand th......
[more] Poor patching was 2009's biggest security threat The biggest single threat to computer security is now the inability of PC users to patch their computers, Symantec's review of 2009 year has hinted. According to the figures in Symantec's latest Internet Security Threat Report, last year saw a rise in malware volume, sophistication, automation and criminal opportunism in line with the sort of predictions one might have made based on the previous year's rises. In short, malware activity has never......
[more] Zeus banking virus is back warns security firm Zeus, a virus that steals online banking details from infected computer users, is more powerful than ever, warns a web security company. Trusteer says it has spotted the Trojan virus in one of every 3,000 of the 5.5m computers it monitors in the US and UK. Zeus 1.6 can infect people using Firefox and Internet Explorer web browsers, the company claims.The malware steals login information by recording keystrokes when the infected user is on a list of......
[more] Linux machines linked to spam Although Linux holds only a small market share, Linux computers appear to send a disproportionate amount of spam compared to other operating systems, according to new research from Symantec's MessageLabs messaging security division. Symantec looked at spam from November 2009 through March and broke down what kind of operating system is on the computer that sent the spam. Analysts do that by a method called passive fingerprinting, which involves analyzing the netwo......
[more] Major malware campaign abuses unfixed PDF flaw Several security companies today warned of a major malware campaign that tries to dupe users into opening rigged PDFs that exploit an unpatched design flaw in the PDF format. Users who open the attack PDFs are infected with a variant of a Windows worm known as "Auraax" or "Emold," researchers said. The malicious messages masquerade as mail from company system administrators and come with the subject heading of "setting for your mailbox are cha......
[more] Half of social networkers post risky information, study finds Consumer Reports survey also notes that social network use in the U.S. has doubled over the past year More than half of all users of social networks in the U.S. are posting information that could put them at risk from cyber criminals, according to a Consumer Reports study.The magazine, which released its State of the Net survey today, noted that 52 percent of adults who use social networks, such as Facebook, MySpace, and Twitter, hav......
[more] Technology security myths debunked Bursting the security bubble Think you can hide behind the privacy of an "unlisted" cell phone number? Think again. Maybe you believe you don't need security software on a Mac or iPad. You'd swear that Firefox is the safest browser in town. Wrong on both counts.Most of us don't think about security for our digital devices until something goes wrong, or it's time to renew an antivirus subscription. But what the security experts like to call the threat......
[more] Thousands of websites infected with 'backdoor code': Websense While users are concerned about the threat posed by rogue anti-virus, claims have been made that thousands of websites are infected by a backdoor code. Carl Leonard, Websense security labs manager, told SC Magazine that its Threatseeker Network was seeing more blended threats and SEO poisoning threats that are changing not daily, but hourly. He said: "It is a sign of the times that everyone is interested in news and if an anti-v......
[more] The true extent of insider security threats Internal employees are responsible for as much as 80 percent of the malicious attacks at organizations -- at least according to the stats I've seen cited around the Internet. Yet that figure seem to be much higher than what I've observed in my professional IT management and consulting experience over the past two decades. Out of at least 100 security incidents -- a conservative number -- I've seen, only a handful were caused by employees. In light of......
[more] Chatty Skype worm tries to fox antivirus programs A new instant messaging (IM) worm has been spotted using a number of evolved techniques to beat installed security programs and catch even suspicious users off-guard. According to BitDefender, Backdoor.Tofsee's cleverness starts with its choosiness - it infects only PCs running Skype and Yahoo Messenger, leaving other users uninfected.If a user running one of these applications is chanced upon, it then checks to see whether the target system is......
[more] McAfee: USB worm is biggest PC threat A worm that is spread via USB flash drives has been named the biggest security threat to PC users by McAfee. According to the security vendor's Threats Report: First Quarter 2010, an AutoRun related infection was also the word's third biggest PC threat, while the rest of top five biggest PC threats were made up of password-stealing Trojans. The report revealed that Spam rates have maintained steady.However, there has been an increase in diploma spam, or spa......
[more] IBM unleashes virus on AusCERT delegates Delegates to AusCERT, Australia's premier information security event held this week on the Gold Coast, have taken home a little of the stuff they spent the week agonising over - a virus. In an email this afternoon, IBM advised visitors to its AusCERT booth that its complimentary USB key was infected with a virus. An IBM spokesman and conference organisers confirmed the email was genuine.It is the second time in two years that clumsy exhibitors have infec......
[more] Rogue Facebook apps launch 'beach babes' attack Another attack using rogue Facebook applications hit users' PCs Saturday in a virtual repeat of last weekend's massive assault, security researchers said. Like the earlier attack, today's scam uses a sex-oriented video as bait, said Patrik Runald, a Australian researcher who works for Websense Security. The scam is spread through Facebook messages touting "Distracting Beach Babes" videos that include a link to the malicious applications......
[more] Are hackers spying on you from your mobile phone? Imagine sitting in a café and discussing the details of a business proposal with a potential client. Neither you nor the client has a laptop, you're just two people having a conversation. But unbeknownst to you, someone half a world away is listening to every word you say. Later, as you leave, you receive a text message referring to the proposal and demanding money in exchange for silence. Recent research from two universities suggests th......
[more] Facebook the new battleground for spam, malware: Sophos Facebook and Twitter users beware. Hackers and spammers are focusing on social networking sites, according to security firm Sophos. In the early days of the Internet, email used to be the major carrier of spam messages on the web. Today, according to Sophos, spammers have shifted to social networking sites - where users are many and prevalent - in carrying out their dastardly deeds. Compromised social networking accounts are just like PCs......
[more] How to foil Web browser 'tabnapping' A new, incredibly sneaky identity-theft tactic surfaced earlier this week when Mozilla's Aza Raskin, the creative lead of Firefox, unveiled what's become known as "tabnapping." Stated simply, tabnapping -- from the combination of "tab" and "kidnapping" -- could be used by clever phishers to dupe users into giving up passwords by secretly changing already-open browser tabs. All of the major browsers on Windows and Mac OS X are vulnerable to the attack. Becaus......
[more] Android rootkit is just a phone call away Hoping to understand what a new generation of mobile malware could resemble, security researchers will demonstrate a malicious "rootkit" program they've written for Google's Android phone next month at the Defcon hacking conference in Las Vegas. Once it's installed on the Android phone, the rootkit can be activated via a phone call or SMS (short message service) message, giving attackers a stealthy and hard-to-detect tool for siphoning data from the ph......
[more] The biggest botnets: Is your PC part of one? There are hundreds of botnets, ad hoc networks of Windows PCs that are infected with one or more programs to let them do the bidding of their controllers, some are far more trouble than others. While you can't afford to ignore any botnet threat, here are some of the worst of the worst. "When it comes to botnets, size does matter," said Scott Emo, head of endpoint solutions at Check Point, a network security company. That's because "the......
[more] Microsoft To Fix Flaws In IE, SharePoint In 10-Patch Release Microsoft plans to release 10 patches - three critical - repairing 34 vulnerabilities, for its June release, including ones that address a critical flaw in Internet Explorer and an important vulnerability in SharePoint server. Altogether, three of the 10 Microsoft "Patch Tuesday" security bulletins - set to be released Tuesday June 8 - are rated with the highest severity ranking of "critical," indicating that the f......
[more] Facebook "clickjacking" spreads across site Hundreds of thousands of Facebook users are falling victim to so-called "clickjacking" attacks, warn web security labs. Facebook members see links to subjects such as "World Cup 2010 in HD" or "Justin Bieber's phone number" that their friends appear to have "liked". Clicking the link tricks users into recommending the site on Facebook too.Security experts say the scam currently has no malicious intent but could be adapted to deliver malware.The link g......
[more] HSBC browser plugin attacked by Trojan A popular anti-keylogging tool used by online banks such as HSBC, Trusteer's Rapport, has come under direct attack by malware writers trying to bypass its protection settings. In a discovery reported made by fellow security vendor Webroot Software, a Trojan the company names 'Phisher-Rancor' runs a batch file that tries to close down the Rapport app, while a second variant targets a separate binary, config.js. Luckily, the malware fails to overcome Rapport'......
[more] Security Manager's Journal: Without patch management, you are nothing. Does it all come down to patch management? As a security manager, I pursue many initiatives, striving to protect the company on many fronts. But patch management is a key metric of our risk exposure, since there is a direct correlation between security incidents and patch compliance. So, in a way, it does all come down to something as basic as patch management, because if we fail there, we can't be secure. Of course we have......
[more] Adobe to patch critical Flash flaw Thursday Adobe has been forced to issue a security patch for Flash a month ahead of its planned cycle. Adobe plans to fix critical security vulnerabilities in Flash Thursday rather than waiting for the patch cycle date of 13 July. The firm is also bringing forward the date to issue patches for similar problems with Reader and Acrobat on 29 June. Brad Arkin of the Adobe Secure Software Engineering Team blogged that it was the only option available for the softw......
[more] World Cup streaming to choke corporate networks, doomsayers predict Every World Cup and major sporting event since France 98, if not before, has come accompanied by dire predictions of networking doom. This time around Nigel Hawthorn, EMEA VP Marketing at security appliance firm Blue Coat, was the prime source of an article FIFA World Cup: the world's biggest ever DoS?. Hawthorn predicted: "Networks will fail because of World Cup streaming. If it doesn't happen, I'll eat my replica shirt." Hawt......
[more] Cybercriminals are using the 2010 World Cup to snare their victims WatchGuard security analysts have seen an explosive growth of online threats relating to the 2010 World Cup, which kicks off tomorrow and runs to July 11. IT administrators should be aware of these World Cup threats and take appropriate action to mitigate their effects. Key threat findings:Spam - WatchGuard sees a global increase in spam using World Cup as the theme. In addition to traditional marketing spam, there is an increas......
[more] Guidelines released for antivirus software tests A coalition of security companies and researchers has agreed on guidelines for how security software products should be tested, which may help put an end to long-running disputes about different testing methodologies. Two sets of guidelines covering principles for testing security software for performance and testing entire security suites were adopted by the Anti-Malware Testing Standards Organization (AMTSO) at its latest meeting in Helsinki.Th......
[more] New Facebook click-jacking scam spotted Security researchers have spotted a new click-jacking scam on Facebook which spreads through the site's news feed and 'Like' feature. UK security vendor Sophos issued a warning to users over what the company describes as a "like-jacking" attack. The attack appears as a link to a web page offering photos of the '101 hottest women in the world.' The link presents a page which, when clicked, forwards the victim to a third-party site, and accesses their news......
[more] Controversial Windows XP vulnerability now being exploited The Windows XP exploit that was published by a Google engineer last week is now being exploited in the wild, according to researchers at Sophos Labs. The vulnerability, which could allow remote code execution if a user views a specially crafted Web page using a Web browser, or clicks a specially crafted link in an e-mail message, was published by Tavis Ormandy just five days after he alerted Microsoft to the problem. Sophos reported Tue......
[more] Anti-vuvuzela trumpet software is a scam Security experts are warning World Cup fans not to fall for a piece of scam software promising to remove the noise of the South African vuvuzela trumpets during TV broadcasts. Links to a web site selling the 'Anti-Vuvuzela Filter' have been doing the rounds on various social networks this week, but Webroot malware researcher Andrew Brandt said that the €2.95 price tag will leave users with nothing but an empty wallet."The site claims to be able......
[more] Popularity is the biggest hack magnet I frequently tell readers and audiences that the most widely used software in a particular category is successfully exploited the most. I've alluded to this theory as Roger's Hacking Popularity Corollary -- I've also seen it called the "Grimes Corollary" -- though taking singular credit for widespread commonsense may be a bit disingenuous. As the popular saying goes, bank robbers rob banks because that's where the money is. When talking about the corollary,......
[more] World Cup continues to drive spam The World Cup is continuing to play a major role in global spam loads, according to Symantec. The company said in its monthly MessageLabs Intelligence report that throughout the month the football tournament had been popular not only for pushing spam related to the event, but also for getting unrelated spam messages through filters. Researchers have for weeks been warning that the event would be a popular lure for scams and malware attacks as cybercriminals loo......
[more] A fifth of Android apps 'open to snoopers' One in five applications available for Android handsets could expose user data to third-party hackers, according to a new report from security vendor SMobile Systems. The company said that the openness of the Android Market benefits developers but may present enterprise users with problems if they download a vulnerable application. "Android Market offers flexibility that markets such as the Apple App Store do not by allowing anyone to develop and......
[more] Police arrest London teenagers in cyber crime swoop The Metropolitan Police has arrested two London youths for their alleged roles in an international cyber crime forum. The teenagers were picked up yesterday on suspicion of encouraging or assisting crime, unauthorised access under the Computer Misuse Act and conspiracy to commit fraud. The arrests were made with the aid of the Police Central e-Crime Unit (PCeU).The accused have not been named, and are identified only as '17-year-old male ('A')......
[more] Asprox botnet causing serious concern Security researchers are warning of a rapidly growing number of web sites infected by the Asprox spam botnet. Asprox is capable of launching SQL injection attacks, and has more than doubled its appearance on application service provider (ASP) sites from 5,000 to 11,000 overnight, according to M86 Security. The firm has tagged the botnet with a 'high severity' badge, meaning that it is particularly serious.M86 Security threat analyst Rodel Mendrez said in a......
[more] Spammers still hot for Michael Jackson One year after his death, pop star Michael Jackson is still being used as a target for spammers. An anti-spam researcher at Symantec is reporting a series of new spam emails that push products related to the death of the man known as the 'King of Pop'. Symantec researcher Dermot Harnett said that the messages are titled "The Official Michael Jackson Commemorative Anniversary Coin In Loving Memory of Michael Jackson," and advertise a collectable c......
[more] McAfee offers up SaaS web security protection Security giant McAfee has launched a software-as-a-service (SaaS) security product designed to protect enterprises from web-based threats in the cloud before they can reach the corporate network. McAfee SaaS Web Protection is based on the same scalable, multi-tenant platform architecture that powered the MX Logic solution, and works completely in the cloud, thus requiring no upfront investments in hardware or software.The product uses McAfee's Globa......
[more] How many enterprise admins is too many? I'm often asked how many enterprise admins -- the most privileged users on a Windows network -- a company should have. The answer is straightforward enough: the bare minimum. Doling out that type of power willy-nilly is a great way to expose your systems to attacks. In fact, the No. 1 way to minimize overall security risk is to minimize the number of enterprise admins you have and how often they need to logon. The specific number depends on the operationa......
[more] Kraken botnet re-emerges 318,000 nodes strong Kraken, a large and difficult-to-detect botnet that peaked in 2008 and was dismantled by early 2009, is back, and anti-virus solutions are struggling to detect it, according to researchers at Georgia Tech Information Security Centre. The botnet reappeared in April and, as of last week, was made up of more than 318,000 unique IP addresses, or about half its 650,000 maximum size in 2008, Paul Royal, research scientist at the Georgia Tech centre told S......
[more] Online crims not just 'speccy geeks', researchers warn Misconceptions about the nature of cybercrime are affecting the fight against online economic skulduggery. Widespread beliefs that e-crooks are likely to be either "geeks with glasses" or digital pranksters are well wide of the mark, according to researchers from Trend Micro, which reckons the majority of cybercrooks would be indistinguishable from the man in the street. Cybergangs are located around the world. Russia, the Ukraine and China......
[more] Trojan writers target U.K. banks with botnets Cybercriminals are building country-specific botnets to target U.K. bank customers with dedicated malware, security company Trusteer Ltd. has reported. The company identifies two pieces of malware -- the previously undetected Silon.var2 and the longer-established Agent.DBJP -- as the two bank Trojans being distributed by Zeus-based botnets using U.K.-infected PCs. Silon.var2 now affects one in every 500 U.K.-based PCs connected to the Trusteer Flash......
[more] Radware's APSolute Attack Prevention offers a combination of advanced security protections from hybrid network attacks in a single device Recent attacks in 2009 and 2010, such as the July 2009 cyber attacks and Conficker malware show that attackers are using hybrid attack techniques that utilise multiple attack types and vectors. Today, organisations are deploying individual protection tools, such as Intrusion Prevention System (IPS), Network Behavioral Analysis (NBA) and Denial of Service (DoS)......
[more] Google confirms attack on YouTube Malicious hackers attacked Google's YouTube on Sunday, exploiting a cross-site scripting (XSS) vulnerability on the ultra-popular video sharing site, hitting primarily sections where users post comments. "Comments were temporarily hidden by default within an hour [of discovering the problem], and we released a complete fix for the issue in about two hours. We're continuing to study the vulnerability to help prevent similar issues in the future," a Goo......
[more] Honeypots for hacker detection Most corporate networks lack serious oversight, that is, no one is really watching. Watching the network and computer systems is expensive, overwhelming and fraught with false positives. No wonder then that insider attacks go undetected for months, malware proliferates stealthily and hackers can spend their time gradually infiltrating deeper and deeper, undetected. It's simply too hard to discern between legitimate activities and illegitimate or malicious activiti......
[more] Trojan skewers security software with Windows Security watchers have discovered a Trojan that uses built-in Windows functionality to overwrite security software and compromise systems. The malware - which poses as an antivirus update - uses Windows input method editor (IME) to inject a system, technology that normally creates a means for users to enter characters not supported with their input device. For example, PC users with a 'Western' keyboard would take advantage of the technology to input......
[more] Bizarre phone ransom Trojan found by researchers Researchers have discovered a bizarre piece of Trojan ransomeware which disables programs on infected PCs before demanding victims make an unaccountably small payment to a Ukrainian mobile phone network in return for an unlock code. According to Webroot, the Krotten ransom Trojan is one of the oddest pieces of malware of the year. Taking the path of least resistance, it eschews the complex encryption outlook taken by a range of ransomware program......
[more] Top 10 social networking threats Social network tools have changed the way we interact in our personal lives and are in the process of transforming our professional lives. Increasingly, they play a significant role in how business gets done. But they're also high risk. With hundreds of millions of users, these tools have attracted attackers more than any other target in recent years. Here, according to Palo Alto Networks, are the top 10 social network threats/risks that enterprises must consid......
[more] Security rule No. 1: Assume you're hacked A recent Forbes magazine article advised readers to assume that their companies have been hacked. Some readers have asked me to weigh in, and here's my assessment: The article is slightly hyperbolic, but all in all, it's a pretty accurate assessment. Most companies are actively hacked, and their sensitive data is being stolen and leaked to outsiders. Many readers might find such statements inaccurate and unsupported, and they may wonder where is the doc......
[more] Malware distributors incorporate well-known brands in their email spam to deliver dangerous programs to unwitting victims An ongoing campaign where malware distributors use email spam to deliver dangerous programs to unwitting victims has begun to change its tune, switching the scam to incorporate different brands. In the latest scam, the message appears to be an order confirmation from Amazon.com for the purchase of an expensive consumer electronics item, or a contract (spelled, tellingly, 'con......
[more] Microsoft confirms 'nasty' Windows zero-day bug Microsoft on Friday warned that attackers are exploiting a critical unpatched Windows vulnerability using infected USB flash drives. The bug admission is the first that affects Windows XP Service Pack 2 (SP2) since Microsoft retired the edition from support, researchers said. When Microsoft does fix the flaw, it will not be providing a patch for machines still running XP SP2. In a security advisory, Microsoft confirmed what other researchers had b......
[more] Flaw could expose 'millions' of home routers Millions of household routers are susceptible to a flaw that creates a handy means for hackers to hijack surfing sessions or hack into home networks. Craig Heffner, a researcher at security consultancy Seismic, is due to detail the flaw and release a proof-of-concept tool at the Black Hat conference in Vegas later this month. The DNS rebinding-related security flaw affects kit from Linksys Belkin and Dell, among others. DNS rebinding have been around......
[more] McAfee moves into Mac security space McAfee has released a pair of security offerings for MacOS X. The company said that it would be extending its Internet Security and Family Protection offerings to the MacOS X platform. Both products target end user markets and will require MacOS 10.5 or later. The Internet Security offering will offer basic malware detection and firewall protections along with the McAfee Site Adviser web security service and the Secure Search tools.For families, the company......
[more] Honeypots stick it to insider threats One of the more popular benefits of setting up honeypots on your organization's network is to learn about malware and hacker behavior, but I often recommend that companies install a low-interaction honeypot on internal networks to simply report anything that touches it. See, honeypots are fake assets. Nobody should access them. Thus, they often can be used for finding trusted insiders or partners doing things they were not authorized to do. Case in point: R......
[more] Adobe to beef up PDF security with Reader sandboxing Adobe Systems Inc. today announced that it will harden the next version of its popular Reader PDF viewer, a frequent target of attacks, by adding "sandboxing" technology to the software. Sandboxing, perhaps best known for its use in Google Inc.'s Chrome browser, isolates processes from one another and the rest of the machine, preventing or hindering malicious code from escaping an application to wreak havoc or infect the computer.Previously,......
[more] Microsoft Windows shortcut bug could be tough to patch Microsoft may have a tough time fixing the Windows shortcut vulnerability, a security researcher said today. A noted vulnerability expert, however, disagreed, and said Microsoft could deliver a patch within two weeks. "The way Windows' shortcuts are designed is flawed, and I think they will have a very hard time patching this," said Roel Schouwenberg, an antivirus researcher with Moscow-based Kaspersky Lab.Schouwenberg based his p......
[more] Spam attacks to rise 30 per cent in 2010 Spam attacks will rise by a whopping 30 per cent in 2010 compared with 2009, presenting a continued threat to the security of enterprise networks and corporate information, according to Cisco's 2010 Midyear Security Report. The company said that most spam originates from the US, followed by India, Brazil, Russia and South Korea.The report also found that the growth of social networking is having a major impact on organisations' abilities to maintain effe......
[more] Half of employees ignore social media policy Cisco urges companies to get a firmer grip on social networking. Half of employees reportedly ignore company policies prohibiting the use of social media tools at least once a week.The 2010 mid-year security report from Cisco revealed that while 50 per cent of end-users ignore company policy, 27 per cent said they change the settings on corporate devices to access prohibited applications.Spencer Parker, product manager at Cisco, said: "This is an......
[more] Data breaches exploit configuration errors, not software vulnerabilities Hackers appear to be increasingly counting on configuration problems and programming errors rather than software vulnerabilities in order to steal information from computer systems, according to a new study from Verizon. Verizon issues an annual report on data breaches, but this year had access to statistics related to investigations done by the U.S. Secret Service, which the company said broadened the scope of its analys......
[more] Microsoft schedules emergency Windows patch for Monday Microsoft today said it will issue an emergency patch for the critical Windows shortcut bug on Monday, August 2. The company said it is satisfied with the quality of the "out-of-band" update -- Microsoft's term for a patch that falls outside the usual monthly delivery schedule -- but also acknowledged that it has tracked an upswing in attacks. "In the past few days, we've seen an increase in attempts to exploit the vulnerability,"......
[more] Check Point touts rogue apps security tool Enterprise security firm Check Point has announced an update to its gateway appliance designed to tackle the growing number of rogue applications being used in the workplace. According to a survey by the firm, carried out with the Ponemon Institute, over half of enterprise employees overlook internal security and policies in order to use applications such as those found on Facebook, and are putting their business, productivity and company-wide bandwidth......
[more] Detecting source rather than code is key, says Trend Micro From their Silicon Valley office, David Perry, global education director of Trend Micro, told Infosecurity that it's no longer sufficient to detect code, but instead, it's more productive to detect the source of the code. "Organised crime is now commercially produced. The bad guys are trying to break our methods of protection, and one virus has turned into a criminal enterprise of many components. We can no longer focus on detectin......
[more] Hackers find a new target in payroll processing Depression-era bank robber Slick Willie Sutton is famous for saying that he robbed banks "because that's where the money is." If he were around today, he'd have other options. In what may be a troubling sign of things to come, criminals recently hacked into a desktop computer belonging to Regeneron Pharmaceuticals and tried to steal money by redirecting funds using Regeneron's account on the company's third-party payroll system, operated by Ceridi......
[more] Employee misuse taking up to a quarter of bandwidth Personal web activity and streaming media is helping to clog enterprise web connections, according to Symantec. The company's MessageLabs branch said that in some cases companies were losing up to a quarter of available bandwidth to misuse by employees. Symantec Hosted Services senior malware analyst Dan Bleaken said in a company blog posting that the World Cup in particular highlighted the risk for bandwidth crunch from increased use of strea......
[more] Hoax Facebook virus makes more trouble than a real virus A hoax Facebook virus is spreading rapidly across the social network. Many users have been hoodwinked into forwarding an inaccurate warning about the spread of non-existent malware that claims a girl committed suicide over a post her father wrote on her Facebook wall. No such tragedy has occurred but many are forwarding the wrong-headed message (extract below) creating confusion in the process.WARNING: THERE IS A VIRUS GOING AROUND AGAIN,......
[more] Smartphone security put on test BBC News has shown how straightforward it is to create a malicious application for a smartphone. Over a few weeks, the BBC put together a crude game for a smartphone that also spied on the owner of the handset. The application was built using standard parts from the software toolkits that developers use to create programs for handsets.This makes malicious applications hard to spot, say experts, because useful programs will use the same functions.While the vast ma......
[more] U.K. bank hit by massive fraud from ZeuS-based botnet Security vendor M86 Security says it's discovered that a U.K.-based bank has suffered almost $900,000 (675,000 Euros) in fraudulent bank-funds transfers due to the ZeuS Trojan malware that has been targeting the institution. Bradley Anstis, vice president of technology strategy at M86 Security, said the security firm uncovered the situation in late July while tracking how one ZeuS botnet had been specifically going after the U.K.-based bank......
[more] Virus writers hit Google Android phones A malicious application that can steal cash via phones running Google's Android operating system has been found circulating in the wild. The program poses as a media player but once installed starts sending premium rate text messages. The service being sent messages is operated by the malicious app's creator, who scoops up the fees.Discovered by Kaspersky Labs, it is believed to be the first booby-trapped application for Android.In a security advisory Kas......
[more] Patch Tuesday puts serious pressure on admins Security experts have warned administrators to ignore Microsoft's latest Patch Tuesday update at their peril, despite it covering a record-tying 34 vulnerabilities. A third of the vulnerabilities are rated 'critical', suggesting work needs to start immediately, but firms need to think carefully about what order to fix them in. Of the many patches issued by Microsoft, the security firm Symantec highlighted in a blog post that the SMB pool overflow vul......
[more] Security software market expected to grow by 11% in 2010 Gartner has predicted that the security software market will grow by 11 per cent this year. Its analysts have said that the security software markets will weather the current economic downturn better than in 2001 and 2002, because the market conditions are dramatically different in terms of maturity, penetration, confidence in IT, and geographic and vertical mix. With worldwide security software revenue forecast to surpass US$16.5 billion......
[more] Testing shows most antivirus suites fail against exploits A majority of security software suites still fail to detect attacks on PCs even after the style of attack has been known for some time, underscoring how cyber criminals still have the upper hand. NSS Labs, which conducts tests of security software suites, tested how security packages from 10 major companies detect so-called "client-side exploits." In such incidents a hacker attacks a vulnerability in software such as Web brows......
[more] Why Intel is buying McAfee Intel's acquisition of security company McAfee could help the chip maker make a splash in the handheld and embedded markets, in which the company has struggled to establish a presence, according to analysts. Intel on Thursday announced plans to acquire McAfee for US$7.68 billion, saying this will help the chip maker blend advanced hardware and software security to protect devices from internal and external threats. Hardware and software changes will improve both Intel......
[more] Microsoft releases tool to block DLL load hijacking attacks Microsoft on Monday responded to reports of potential zero-day attacks against a large number of Windows programs by publishing a tool it said would block known exploits. However, the company declined to confirm whether any of its own applications are vulnerable, saying that it is currently investigating Microsoft-made software. Monday's security advisory was its first public reaction to a wave of reports from researchers that develope......
[more] Hackers bait Zeus botnet trap with dead celeb tales Hackers are using tales of dead celebrities to build out Zeus botnets by duping users into compromising their own PCs, security experts said today. The list of celebrities -- actors and singers for the most part, with an occasional sports star tossed in -- range from Anniston (Jennifer) and Cruise (Tom) to West (Kayne) and Z (Jay), said Symantec. According to the spam that carries the malware, the personalities perished along with 34 others whe......
[more] Secure Your Virtualized Infrastructure Whether it's physical infrastructure or virtual, the same security concerns apply. Viruses, bots, worms, and other malware can enter the network by way of a virtual connection, just as they can through a physical machine, and employees can create accidental or purposeful data breaches. But although the worries are the same, there are security issues that are particular to the virtual world. Here are some tips for keeping your virtualized infrastructure secu......
[more] 1-in-4 worms spread through infected USB devices Hard on the heels of a report that a USB drive was used to compromise U.S. military networks in 2008, a security company today claimed that 25% of all new worms are designed to spread through the portable storage devices. "Much of the malware in circulation has been designed to distribute through these devices," said Luis Corrons, the technical director of PandaLabs, the research arm of Panda Security, in a statement Thursday. "Not......
[more] Moscow police investigate alleged ransomware gang Russian police are reportedly investigating a criminal gang that installed malicious "ransomware" programs on thousands of PCs and then forced victims to send SMS messages in order to unlock their PCs. The scam has been ongoing and may have made Russian criminals millions of dollars, according to reports by Russian news agencies. Russian police seized computer equipment and detained a Russian "crime family" in connection with......
[more] Global spam hits all-time high Spam hit an all-time high this year, with more unwanted messages pouring in from a smorgasbord of countries, thanks in part to globalization. Such are the findings of a recent and comprehensive report on all things security-related from IBM X-Force. The typical spam message has sources as diverse as the spam lunch meat; it's sent from a machine located in the United States, India, or Brazil, and it contains a .ru URL (Russia's top-level domain) that's hosted in Chi......
[more] Heartland pays another $5.4m for malware infection The United States' fourth largest credit card payments processing company Heartland Payment Systems has agreed to pay a US$5 million ($5.4 million) settlement to its financial services customer Discover over a data breach caused by a malware infection. Heartland processed card payments for Visa, Mastercard and other financial service providers to the tune of US$70 billion in 2009.The payments processor had already paid American Express US$3.6 mi......
[more] Botnet takedown may yield valuable data Researchers are hoping to get a better insight on botnets after taking down part of Pushdo, one of the top five networks of hacked computers responsible for most of the world's spam. Thorsten Holz, an assistant professor of computer science at Ruhr-University in Bochum, Germany, said his group is working on an academic paper focused on methods to figure out what type of malicious spamming software is on a computer that sent a particular spam e-mail. They l......
[more] Facebook glitch let spammer post to walls A clever spammer found a glitch in Facebook's photo upload system and used it to post thousands of unwanted Wall messages this week. Facebook confirmed the bug Friday, after notifying affected users of the issue. Andrew Jones was one of the victims. He thought that his Facebook account had been hijacked Sunday after a friend pointed out a spam message on his wall. He quickly changed his password, but worried that some of his other e-mail accounts might......
[more] SQL injections dominate malware in 2010 As Gumblar named 'the most significant malware development in years'. The number of IPS SQL injections increased substantially in the second quarter of 2010 following a downturn. Cisco's global threat report for the second quarter of 2010 revealed that IPS SQL injection signature firings increased substantially in the period to coincide with outbreaks of SQL injection-compromised websites. It also claimed that Asprox SQL injection attacks made a reappearan......
[more] How easy is it to hack a mobile? Continuing scrutiny of the methods used by some News of the World journalists (NoW) to listen to private voicemails has turned the spotlight on mobile security. But how easy is it to hack a handset? "It depends on how much money, time and effort you want to put into it" said Nigel Stanley, a mobile security analyst at Bloor Research. Mr Stanley said the number of ways to get at information on a handset was growing, even as it got far less likely that th......
[more] TechCrunch hacked to distribute Zeus Trojan via JavaScript file Technology blog TechCrunch was flagged by malware-detections yesterday after it was infected by a variant of the Zeus Trojan. It was initially detected by security blogger The Harmony Guy, who asked on Twitter if anyone else was getting malicious PDFs from pages at TechCrunch Europe and later claimed that a JavaScript file he identified had "some mangled code at the start which loads an iframe from virtuellvorun.org". Gra......
[more] Spammers exploit second Facebook bug in a week Facebook today said it has fixed the bug that allowed a spamming worm to automatically post messages to users' walls earlier this week. The flaw was the second in the past week that let spammers flood the service with messages promoting scams. Last week, Facebook quashed a different bug in its photo upload service that let a spammer post thousands of unwanted wall messages. The newest worm was noticed Monday by researchers at a pair of antivirus ven......
[more] Firefox among first browsers to fix DLL load hijacking bug Mozilla on Tuesday patched 15 vulnerabilities in Firefox, 11 of them labeled critical. One of yesterday's patches addressed a problem found in scores of Windows applications, making Firefox one of the first browsers to be patched against the DLL load hijacking bug that went public three weeks ago. Nearly three-quarters of the vulnerabilities in Firefox 3.6 were rated "critical," Mozilla's highest threat ranking, representing bu......
[more] Hackers focusing on data leaks and web site defacement Organisations are suffering from increasingly sophisticated attacks, as hackers attempt to gain profit from leaked data and deface corporate web sites, according to a report from Trustwave. The firm has released its latest Web Hacking Incidents report, which focuses on the impact of hack attacks, aiming to give a clear view of their severity and knock-on effects. "Attackers are professional criminals who are developing new ways to gener......
[more] One in three people believe that all websites are equally dangerous A survey of computer users has found that one in three believe that all websites pose a security threat. Asked 'where do you suspect is the greatest danger of malware infection on the internet', 34 per cent said that when it comes to security, all websites are equally dangerous. Websites that offer illegal software were deemed to be dangerous to 27 per cent, 22 per cent believed that visitors to adult sites are exposed to danger......
[more] Anti-US hacker takes credit for 'Here you have' worm A hacker who claims he was behind a fast-spreading e-mail worm that crippled corporate networks last week said that the worm was designed, in part, as a propaganda tool. The hacker, known as Iraq Resistance, responded to inquiries sent to an e-mail address associated with the "Here you have" worm, which during a brief period early Thursday accounted for about 10 percent of the spam on the Internet. He (or she) revealed no details abo......
[more] Windows malware dwarfs other viral threats The vast majority of malware - more than 99 per cent - targets Windows PCs, according to a new survey by German anti-virus firm G-Data. G-Data reckons 99.4 per cent of all new malware of the first half of 2010 targeted Microsoft's operating system. Just 0.6 per cent of the 1,017,208 new malware programs discovered in 1H2010 targeted other systems, such as Apple Mac boxes and servers running Unix. The figures help to place much-publicised but rare malwar......
[more] Criminals 'go cloud' with attacks-as-a-service Just like legitimate businesses, criminals are turning to the cloud as a way to generate new services and simplify their infrastructure. While some sites offer botnets for lease or sale, and other sites offer aid with cheating on games, the latest crop of criminal enterprises is serving up attacks as a service. In the latest example of this, a Chinese group has opened up a site, called IM DDODS, that allows customers to sign in and order denial-of-s......
[more] Is Stuxnet the 'best' malware ever? The Stuxnet worm is a "groundbreaking" piece of malware so devious in its use of unpatched vulnerabilities, so sophisticated in its multipronged approach, that the security researchers who tore it apart believe it may be the work of state-backed professionals. "It's amazing, really, the resources that went into this worm," said Liam O Murchu, manager of operations with Symantec's security response team. "I'd call it groundbreaking,&qu......
[more] New emails containing Zeus malware detected Warnings have been made of a new wave of malicious email messages that carry a Zeus payload. According to Websense Security Labs, the campaign is related to pharmaceutical spam messages, except that it combines an HTML or ZIP attachment with a social engineering technique. Detection found that in the case of an HTML attachment, criminals are using an obfuscated JavaScript and content is encrypted with a commercially available HTML obfuscation tool. Web......
[more] Lower Your Data Center's Exposure To Security Risks Security threats to businesses and their networks come from numerous sources: hackers, malware, user error, and attacks by competitors and even governments. Moreover, rapid technological evolution has generated security threats that didn't exist a few years ago, along with increased employee and customer interactivity. Failure to keep up can be a disaster waiting to strike. If your IT department has been taking its security for granted, a fres......
[more] Iran confirms massive Stuxnet infection of industrial systems Officials in Iran have confirmed that the Stuxnet worm infected at least 30,000 Windows PCs in the country, multiple Iranian news services reported on Saturday. Experts from Iran's Atomic Energy Organization also reportedly met this week to discuss how to remove the malware. Stuxnet, considered by many security researchers to be the most sophisticated malware ever, was first spotted in mid-June by VirusBlokAda, a little-known security......
[more] ZeuS attacks mobiles in bank SMS bypass scam Security researchers have warned that cybercrooks might be able to compromise online bank accounts even in cases where banks use SMS messages to authorise transactions. The approach relies on first compromising a targeted user's computer using a variant of the ZeuS banking Trojan before infecting the same user's smartphone. Thereafter it would be possible to initiate a transaction and authorise it following the receipt of an SMS message to a second co......
[more] LinkedIn users attacked by deadly Zeus spam Networking site LinkedIn is being used as the lure for a huge spam campaign designed to infect UK and US businesses with the data-stealing Zeus/Zbot Trojan, Cisco has reported. After appearing on 27 September, by 11am BST (6am eastern), spam featuring a bogus LinkedIn reminder accounted for up to a quarter of all spam detected by the company in a 15-minute period. Users are asked to review the contact request for a fictitious user by clicking on an emb......
[more] Malware Targeting Top News Sites, Message Boards Malware is all around. Indeed, according to research from information security firm Websense, "no matter how careful you are, today's Internet user is only two short clicks away from malicious content and an infected computer or network," at least for the Internet's top 1,000 websites. That "two degrees of malware separation" applies to 70% of top news sites, 70% of leading message boards, and 50% of social networking sites.......
[more] Metropolitan Police cracks Zeus crime ring The Police Central e-crime Unit (PCeU) has arrested 19 people on suspicion of using a well known malware program to steal millions from bank accounts, according to widespread reports. The Metropolitan Police unit arrested 15 men and four women aged 23 to 47 in dawn raids on Monday in the London area. The gang is suspected of stealing up to £6m in just three months, according to the reports. The gang reportedly used the Zeus trojan to infect PCs an......
[more] The 7 most attacked applications Which are the software world's most attacked applications? All applications are attacked to some extent but as time has gone on a favourite list has started to emerge based on two fundamental weaknesses: how widely used that application happens to be and how many software vulnerabilities, known and unknown, have been uncovered in it. The more popular an app, the larger the number of potential targets, and the more incentive there is to research its vulnerabilitie......
[more] Facebook hit by new iPhone spam attack Facebook users are being warned about a new spam scam that tries to tempt users into visiting a website with the promise of a free Apple iPhone. It's a pretty basic nuisance scam as such things go. According to security company Sophos, the following message appears on a user's message wall: "Anyone want my old phone? Claimed my free iPhone today, so happy lol... If anyone else wants one go here [link]." Clicking on the link brings up an ‘al......
[more] Fake browser warnings dupe users into downloading 'scareware' Scammers are spoofing the anti-malware warnings of popular browsers to dupe Windows users into downloading fake security software, Symantec said Monday. Several malicious Web sites are displaying phony versions of the alerts that Google's Chrome and Mozilla's Firefox present when users encounter pages suspected of hosting attack code, said Symantec researcher Parveen Vashishtha in a post to the firm's blog. Rather than simply warn use......
[more] Zeus hackers could steal corporate secrets too Criminals who use the Zeus banking crimeware may be working on an new angle: corporate espionage. That's what worries Gary Warner, director of research in computer forensics with the University of Alabama at Birmingham, who has been closely monitoring the various criminal groups that use Zeus. Zeus typically steals online banking credentials and then uses that information to move money out of Internet accounts. In the past year, however, Warner has......
[more] Adobe hits Reader users with 23-patch 'whammy' Adobe patched 23 security vulnerabilities in its Reader PDF viewer on Tuesday, most of them critical, including one that has been exploited by hackers for at least a month or possibly much longer. Tuesday's patch job set a record for 2010, and came close to last year's biggest update, a 29-fix collection Adobe shipped in October 2009. In September, Adobe promised to speed up the delivery of today's patches, which were originally meant to ship next......
[more] Sick PCs should be banned from the net says Microsoft Virus-infected computers that pose a risk to other PCs should be blocked from the net, a senior researcher at software giant Microsoft suggests. The proposal is based on lessons from public health, said Scott Charney of the firm's trustworthy computing team. It is designed to tackle botnets - networks of infected computers under the control of cybercriminals.Putting machines in temporary quarantine would stop the spread of a virus and allow......
[more] Fighting to keep bad stuff off Facebook Not all of the 19 million Facebook "fans" of superstar Lady Gaga have her interests at heart. During a recent one-week period, 93 malicious links were posted on Lady Gaga's Facebook site to try to trick visitors into downloading dangerous malware. Plus, 372 postings were just pure spam and 1,717 "fans" were mouthing profanity. That's according to Websense, which this week is announcing general availability of a service called Defensio......
[more] Criminals could launch 'social reality' attack, say researchers Malware could soon become sophisticated enough to launch social engineering attacks based on analysis of a victim's behavioural patterns and social interactions, researchers have suggested. According to the MIT and Israel-based authors of Stealing Reality, such malware would represent a major step change from today's crude threats, capable of inflicting serious damage to targeted individuals. Some malware might exist solely to build......
[more] Six enterprise security leaks you should plug now The Titanic was thought to be unsinkable, a testament to the engineering prowess of its day and the fact that luxury liners rarely collided with massive icebergs. In modern enterprises, there's a similar perception of invulnerability. Yet, for every large organization that glides through the year without any mishaps, there are many stories about perilous break-ins, Wi-Fi sniffing snafus and incidents where Bluetooth sniper rifles were used to ste......
[more] Zeus not the only bank Trojan threat, users warned Online bank account users should not ignore the threat posed by obscure data-theft Trojans such as ‘Bugat', ‘SpyEye', and ‘Carberp', security company Trusteer has warned. In recent weeks, the Zeus bank Trojan has attracted all the attention with news of a number of successful online bank account raids, but other threats lurk, the company says. One example is Bugat, on the face of it not the most frightening bank Trojan in circu......
[more] This Facebook Password Will Self-Destruct in 20 Minutes Facebook members using unfamiliar computers to log on can now do so using disposable passwords, skirting security problems sometimes found on public PCs. If the member has a phone number registered with Facebook, he or she can request a temporary password via SMS that remains usable for just 20 minutes. Questions about the system's effectiveness have been raised, however. Facebook has unveiled new measures to keep members secure when they l......
[more] U.S. takes the prize for most infected PCs Microsoft has released its semi-annual summary of security problems, solutions, insights, and recommendations known as the Security Intelligence Report, which is a distillation of the experiences from Microsoft's Malware Protection Center, Security Response Center, and Security Engineering Center. The report covers January through June of 2010, and it holds all sorts of surprises. In the first quarter of 2010, out of 600 million different PCs scanned wo......
[more] 'Unprecedented wave' of Java exploits hits users, says Microsoft Microsoft said Monday that an "unprecedented wave" of attacks are exploiting vulnerabilities in Oracle's Java software. According to a manager at Microsoft's Malware Protection Center (MMPC), attempts to exploit Java bugs have skyrocketed in the past nine months, climbing from less than half a million in the first quarter of 2010 to more than 6 million in the third quarter. "Some of our exploit 'malware' families wer......
[more] How advanced persistent threats bypass your network security Hundreds of companies around the world have been thoroughly compromised by APTs (advanced persistent threats) -- sophisticated forms of cyber attacks through which hackers mine for sensitive corporate data over the long term. APTs aren't easily purged; rather, victimized companies often spend day after day trying to make a dent in them. Meanwhile, some security practitioners consider "APT" an overblown marketing term. It isn'......
[more] Mac OS vulnerabilities skyrocket in 2010 Mac OS vulnerabilities have increased by over five times in less than a year, according to Panda Security figures. In 2009, 34 vulnerabilities were detected in the Mac OS and thus far in 2010 this has risen to 175. The platform can also be affected by 170,000 macro viruses for Windows, Panda said. Furthermore, there are 5,000 classified strains of malware that specifically target Apple systems."We would even say that today, the Windows operating syst......
[more] Adobe Shockwave bitten by code execution bug Security researchers have disclosed an unpatched vulnerability in the latest version of Adobe Shockwave that allows attackers to remotely execute malicious code on end user machines. The memory corruption vulnerability can be exploited by booby-trapped movie files, making it possible for attackers to take full control of machines by luring owners to malicious websites. The security bug was disclosed on Thursday by researchers at Abysssec Security. It'......
[more] UK web sites to blame for spam epidemic One in 10 UK web firms is sending unsolicited email to customers, contributing to a spam landscape that is spiralling out of control, according to spam monitoring firm Spam Ratings. The firm's 12-month study of 10,000 web sites and 150,000 emails found that spam has increased dramatically, and that the main source of the messages is web sites. The volume of spam coming from web sites rose by 110 per cent between October 2009 and September 2010, according t......
[more] Juniper Networks launches mobile security platform Juniper Networks is planning to roll out a complete mobile security platform. The company said that the Junos Pulse Mobile Security Suite would spread from the service provider level to the enterprise IT and end-user spaces. The platform will bundle security protections with mobile device management and access control services. Juniper Networks chief executive Kevin Johnson said that the platform will look to get out ahead of the spread of mobil......
[more] Koobface malware jumps to OS X The notorious Koobface social networking malware is now targeting MacOS X systems. Security firm Intego is reporting that variants of the malware have been targeting Mac users on social networking sites such as Facebook, Twitter and MySpace. Bursting onto the malware scene in 2009, Koobface made headlines by using the popular social networking services to spread amongst users. Modified versions of the malware were spotted in the wild earlier this summer. The MacOS......
[more] Users complacent about mobile security, finds research Seven out of 10 people store sensitive information such as medical and bank details on their mobile phone without any security, new research has found. At the same time, four out of five respondents cite security as a top priority when buying or using a smartphone. The research was conducted by security firm Juniper Networks. It announced its first global threat centre to monitor vulnerabilities in the mobile world."We are all living th......
[more] How Data Loss Prevention solutions can be used to prevent data breaches In these compliance-driven times, there is more to a data breach than just the risk of loss of reputation or the public's trust to consider. Earlier this year, the Information Commissioner's Office (ICO) was given the power to fine organisations up to £500K for serious data breaches - some ten times the maximum penalty level that had previously been in place. Some are now calling for even higher penalties and even mand......
[more] Sophos delights Mac users with free antivirus Security software company Sophos has finally broken ranks and decided to offer Mac users a free antivirus product without hidden strings. Branded, free-to-use antivirus products for Mac OS X are almost unheard of and the examples that do exist are designed to tempt users into upgrading to get more features and support or lack some features. Sophos Anti-Virus Home Edition for Mac looks like becoming the first ever full-featured Mac security software......
[more] Firesheep not evil, says snooping tool's maker The security researcher who created the Firesheep snooping tool defended his work today, saying it's no one's business what software people run on their computers. He also criticized Microsoft for adding detection of Firesheep to its antivirus software, calling the Redmond, Wash. company's move "censorship." Eric Butler, the Seattle-based Web applications developer who released Firesheep more than a week ago, took to his blog Tuesday to co......
[more] Lock Down Your Android Devices Two years ago almost nobody had heard of Android. Now it's nearly ubiquitous among smartphone users, and it's on track to become the most popular mobile operating system in the United States. When it comes to business use, though, Android still has some growing to do. Here's how to keep your Android phones and tablets safe from malware and hackers. Some security concerns--such as the nefarious wallpaper apps issue (in which the apps allegedly collected personal inf......
[more] Nasty IE 0day exploit hosted on Amnesty International site Visitors to Amnesty International's Hong Kong website are being bombarded with a host of lethal exploits, including one that attacks an unpatched vulnerability in Microsoft's Internet Explorer browser, researchers at security firm Websense said. The injected IE attack code resides directly on the pages of amnesty.org.hk, an indication that the perpetrators were able to penetrate deep into the website's security defenses. The code exploit......
[more] Businesses under all-out cyber attack, says Websense Cyber criminals are mounting an all-out attack on businesses, which is likely to continue, according to the Websense 2010 Threat Report. The report shows that in the past year, 52% of data-stealing attacks were conducted over the Web, 9% of data stealing attacks happened over e-mail, and 90% of all unwanted e-mails contained links to spam sites or malicious websites, up 4% on 2009. Most of today's blended attacks are considered "zero-day,......
[more] Zeus malware targeting Citrix Access Gateway Versions of the infamous Zeus malware have begun harvesting login credentials for network appliances, according to researchers. Security firm Trusteer is reporting the discovery of new code within certain Zeus configuration files that attempts to collect data from Citrix VPN tools. The company said that the code appears to be specific to certain Zeus 2.0 installations and instructs an infected machine to capture and transmit a screenshot of all mouse......
[more] Malware threats quadruple since 2007 Malware levels have quadrupled since 2007 with 60,000 new pieces of malicious code discovered every day, according to the latest stats from McAfee. The security vendor's latest quarterly threats report (PDF) said that new malware is at its highest ever level, and that 14 million unique pieces were discovered in 2010, one million more than the same time last year. Koobface and AutoRun malware attacks appear to have levelled off, but cyber criminals are still h......
[more] McAfee CEO: Get ready for tidal wave of mobile attacks Next year will mark the turning point of the mobile application threat, McAfee president and CEO Dave DeWalt predicted during a keynote at SC Congress Canada in Toronto. In the past, protecting email was the major security concern associated with smartphones, DeWalt said. But now, the thousands of available third-party apps pose a major risk of malware introduction or private information disclosure. This challenge is only going to increase i......
[more] Hackers exploit royal engagement searches The official announcement of Prince William's engagement to Kate Middleton happened less than 24 hours ago, but that hasn't stopped hackers exploiting web users searching the net for the latest news about the happy couple. According to security firm Websense, poisoned search results have already started appearing in Google and other search engines. The search results lead to malicious web pages that infect a user's PC with malware when they navigate to......
[more] Code clues point to Stuxnet maker Detailed analysis of the code in the Stuxnet worm has narrowed the list of suspects who could have created it. The sophisticated malware is among the first to target the industrial equipment used in power plants and other large scale installations. New research suggests it was designed to disrupt centrifuges often used to enrich uranium.Detailed analysis of the worm has revealed more about the team behind it and what it was supposed to do.Code secretsThe close l......
[more] Adobe launches more secure 'sandboxed' Reader X Adobe on Thursday released Reader X, the next version of its popular software that includes a "sandbox" designed to protect users from PDF attacks. Reader X on Windows features Protected Mode, a technology that isolates system processes, preventing or at least hindering malware from escaping the application to wreak havoc on the computer. The new version is also available for Mac OS X and Android, but those editions lack the sandbox.Prote......
[more] Kroxxu botnet hits a million web users Security experts have uncovered a dangerous new botnet which has already infected over 100,000 domains and one million systems worldwide, although it is still unclear how the cyber criminals are monetising their efforts. The Kroxxu botnet has been designed solely to steal FTP passwords but, unlike traditional botnets, it is able to spread through infected web sites alone rather than individual PCs, according to researchers at Avast Software who have been tr......
[more] Radware unveils newer version of DefensePro for attack prevention Radware, a provider of integrated application delivery offerings for business-smart networking, has unveiled the new version of its DefensePro software version 5.10. The new version integrates a reputation engine which mitigates against threats including financial fraud, information theft and malware spread facilitated by blocking network attacks such as Trojans, pharming, phishing and Bots. Radware's APSolute Attack Prevention st......
[more] Malware Infecting Other Malware Can Complicate Antivirus Detection Malware infected with other malware can make life more complicated for antivirus programs. Malware authors don't always get along - in fact, there have been a number of instances where attackers target each other. But sometimes, malware infecting malware can be a good thing for attackers. According to Trend Micro Threat Response Engineer Roland Dela Paz, there has been an uptick of this kind of activity, which he called "hyb......
[more] How to avoid an ICO fine The Information Commissioner's Office (ICO) finally came good today on its repeated promise to levy fines of up to £500,000 on firms contravening the Data Protection Act. V3.co.uk has spoken to various data protection experts to come up with the definitive guide for companies not wanting to become the next headline maker for the wrong reasons. First, a few points to consider. Although the financial penalty could be a significant burden on an organisation, especiall......
[more] Hidden URLs pose iPhone phishing threat Security researcher Nitesh Dhanjani has demonstrated a method of hiding URLs on Apple's iOS that can fool users into thinking they are visiting legitimate sites. Dhanjani showed in a posting on the SANS Institute blog how the user interface could be used to hide the true URL of an internet page, which would make phishing attacks much easier. He demonstrated an attack on the Bank of America's iPhone web page. "It makes sense to point out that Bank of A......
[more] 'Nightmare' kernel bug lets attackers evade Windows UAC security Microsoft is investigating reports of an unpatched vulnerability in the Windows kernel that could be used by attackers to sidestep an important operating system security measure. One security firm dubbed the bug a potential "nightmare," but Microsoft downplayed the threat by reminding users that hackers would need a second exploit to launch remote attacks. The exploit was disclosed Wednesday -- the same day proof-of-conce......
[more] Q&A: Qing Li, chief scientist, Blue Coat Systems Qing Li has been working in the IT industry for 20 years but for the last six he has been at Blue Coat working on the problems and opportunities of IPv6. Now chief scientist for the company, Li was recognised this year with the IPv6 Forum's IPv6 Application Solution Pioneer Award for his work in the field. V3.co.uk sat down with him to discuss the industry and the perils and opportunities opened up by the new system. Blue Coat's theoretical ap......
[more] Golden rules for secure instant messaging As time progresses, cybercriminals are refining their techniques to lure potential victims to visit malicious hyperlinks. Instant messaging is a very effective way for malware to stay active and thrive. Last week, an unnamed computer worm forced Microsoft to temporarily suspend active links in its Live Messenger 2009 to prevent the aggressive instant messaging (IM) worm spreading. Mak James, technical manager at ESET UK comments, "This is quite a s......
[more] Is a next-generation firewall in your future? The traditional port-based enterprise firewall, now looking less like a guard and more like a pit stop for Internet applications racing in through the often open ports 80 and 443, is slowly losing out to a new generation of brawny, fast, intelligent firewalls. The so called next-generation firewall (NGFW) describes an enterprise firewall/VPN that has the muscle to efficiently perform intrusion prevention sweeps of traffic, as well as have awareness......
[more] Viruses for the holidays: Three go-to tools to keep you merry This time of year, you'll probably see family and friends from far and near. You may visit them or they may visit you, but in either case, computer woes will arise. As the "IT guy" (or gal) in your circle, you'll be expected to deal with them. This past week, my wife had our second child, a girl this time, and my in-laws have been visiting and helping with pretty much everything. My father-in-law brought his own laptop, and......
[more] Smartphones seen as a major threat to corporate networks Over three-quarters of workplace smartphone users believe they expose their business to attack. A recent survey found that eight out of ten respondents believe smartphones expose their business to attack, with data leakage cited as the top security concern. Graham Titterington, a principal analyst at Ovum and author of the report, told SC Magazine that there is a large quantity of mobile devices supplied by large organisations and often se......
[more] Ransomware returns: 'If you ever want to see your data again...' Ransomware is back. After a hiatus of more than two years, a variant of the GpCode program has again been released, kidnapping victims' data and demanding $120 for its return. Like the ransomware programs before it, GpCode encrypts a victim's files and then demands payment for the decryption key. The new version of GpCode -- labeled GpCode.AX by security firm Kaspersky -- comes with a bit more nastiness than previous attempts. The......
[more] Twitter hit by festive malware campaigns Experts at Panda Security have warned of festive malware threats spread via Twitter that capitalise on popular trending topics. The vendor's PandaLabs unit said that thousands of tweets have been sent using festive phrases such as 'Nobody cares about Hanukkah' or 'Shocking video of the Grinch', along with short URLs pointing to malicious web sites. Clicking on the link will take the user to a page that infects systems with fake codecs by exploiting the CV......
[more] Researchers bypass Internet Explorer Protected Mode Researchers say they have devised a way to carry out stealthy drive-by exploits even when victims are using recent versions of Internet Explorer with a feature known as Protected Mode. The attack, described in a paper released by Verizon Business, requires the attacker to have an exploit for a vulnerability that's not currently patched. It works only against machines that have the Local Intranet Zone enabled, as is the default for domain-joined......
[more] Trend Micro issues virtualisation security warning Attacks targeted at datacentres and virtualised environments could represent the next vanguard of threats if cyber criminals begin to shift their attention away from the increasingly well secured desktop, according to security experts. Trend Micro chief technology officer Raimund Genes told V3.co.uk that, despite the many benefits of cloud computing, the back-end virtual infrastructures of many clouds are potentially at risk. "If the deskto......
[more] Many malware attacks triggered by USB devices One in every eight malware attacks occurs via a USB device, often targeting the Windows AutoRun function, according to Czech security vendor Avast Software. The company reported that of the 700,000 recorded attacks on computers in the Avast user community during the last week of October, 13.5% came via USB devices such as flash drives. AutoRun alerts computer users when a new device is connected and helps them choose which application should run the......
[more] Ponemon Study: Workers Ill-Equipped For Cyber Threats An overwhelming majority of organizations don't feel adequately prepared to defend themselves against increasingly sophisticated malware attacks and many are less prepared than they were a year ago, according to the latest Ponemon Institute study, released Monday. The State of Endpoint Risk study, co-sponsored by the Ponemon Institute and security firm Lumension, assessed how effective organizations are in adopting effective endpoint security......
[more] Whitehats peer into new botnet's heart of 'Darkness' Whitehat hackers are tracking a new botnet that's quickly become a popular platform for launching web attacks. Over the past few weeks, members of the Shadowserver group have observed the Darkness botnet unleashing distributed denial of service attacks on more than 100 websites in the financial, insurance and retail industries. They've also uncovered an online campaign advertising DDoS-for-hire services that boast high quality and an average c......
[more] Ensuring your business's safety In the 1995 film "Hackers" the lead character downloads sensitive information to a floppy disk. Today, of course, advances in technology have yielded equally advanced security threats. Consider news reports in the past year about computers compromised by botnets. Businesses face daily threats from these and other cybersecurity dangers that are further enhanced by increased reliance on new business communications and computing tools. While most business o......
[more] UK comes top in EU security study Encouraging news emerged on the security front today after the latest research from the European Union revealed that just 12 per cent of enterprises in the region suffered security related hardware or software failure last year. The research from EU statistical office Eurostat also found that just five per cent of European firms reported the destruction or corruption of data owing to malware infection or unauthorised access. UK and Hungarian firms fared the best......
[more] Trend Micro warns of targeted attacks in 2011 Trend Micro is the latest security vendor to release its predictions for 2011, saying unsurprisingly that more of the same is on the way, with social engineering, highly targeted attacks and use of the web as the primary channels for delivery. The security vendor is predicting fewer attacks focused on planting malicious code onto legitimate web sites in 2011, and more malware email campaigns. These typically use social engineering techniques, such as......
[more] Microsoft slates another monster Patch Tuesday Microsoft today said it will deliver a record 17 security updates next week to patch 40 vulnerabilities in Windows, Internet Explorer (IE), Office, SharePoint and Exchange. Among the 40 patches will be two that address a pair of bugs that hackers have already exploited. "I really was not expecting 17," said Andrew Storms, director of security operations at nCircle Security. "I expected 10 at the most." The 17 updates -- Microsoft......
[more] Dramatic growth in the number of drive-by download attacks According to Kaspersky Lab statistics, the top 20 malicious programs detected on the Internet in November included a total of nine exploits, three redirects and one script downloader that were used for carrying out drive-by downloads. November saw a dramatic growth in the number of drive-by download attacks according to Kaspersky Lab. This vulnerability occurs when users visit an infected site that contains a redirect script. The redirec......
[more] Beware: 7 Scrooge-worthy scams for the holidays The holiday scam season is upon us. For Beth Jones, a senior threat researcher with Sophos, this time of year means an upswing in fraudulent activity online. Between malware authors looking to infect machines, and identity thieves hoping to con consumers out of credit card information, this is the prime month for behavior that qualifies for the naughty list. "The two-week mark before Christmas is when things start to ramp up out of control,&qu......
[more] Microsoft to boost Office 2003, 2007 security Microsoft said on Tuesday that it would backport an Office 2010 security feature to the older and more widely used Office 2003 and Office 2007 early next year. Dubbed Office File Validation (OVE), the technology validates older, pre-XML file formats for Word, Excel, PowerPoint and Publisher, then opens those that don't conform to the documented format -- rigged files containing an exploit, for example -- in a special "sandbox" within Office......
[more] Google beefs search result malware warning Google has expanded a program designed to prevent search engine users from visiting websites that could scam them or install malware on their computers. The feature includes the words "This site may be compromised" to search results that contain sites that Google's automated tools indicate may be under the influence of third-party spammers, phishers or other scammers. Hackers often exploit vulnerabilities on legitimate sites so they can be use......
[more] A brief history of Christmas-related malware Since the very earliest days of computer viruses, malware authors have been inspired by the Christmas holidays when developing attacks. Here's a quick, and probably incomplete, history of some of the Christmas-related malware that we have seen over the years. Christmas 1987"Christmas Tree" (also known as "CHRISTMA EXEC"), which spread in December 1987, was an early example of an email-aware worm. Using the subject line "Let th......
[more] Top five most serious internet security holes Businesses can leave themselves vulnerable to date theft and other online threats; particularly as security and IT budgets are under pressure as businesses look to save money. Although money is tight, it is important companies stay protected online, as on average, the total cost of security breaches including lost business in the UK last year was $2,565,702 (US dollars). Data theft and other online threats presently represent a significant danger for......
[more] 2010 tech snapshot: IT security This year has seen an almost unparalleled buzz of activity in the security space, from big name mergers and acquisitions activity to allegations of state-sponsored attacks and most recently, the rise of the hacktivist. Alongside this are the continued threat of spam, the growing sophistication of malware and changing trends among the workforce such as mobile working and the use of social networking, which are exposing the enterprise to new and dangerous threats. S......
[more] A third of all malware in history created in 2010, says report More than a third of all malware that has ever existed was created by criminal gangs in 2010 alone according to the latest PandaLabs Annual Report. To be precise, the company found that 34 percent of all existing malware has been concocted by cyber-criminals in the last year, banishing forever the image of the disgruntled geek creating viruses in his bedsit. It's not all bad news however, there's been a dramatic slow-down in the rate......
[more] Mass infection worms are going to give way to precision malware strikes Stuxnet is the most complex piece of malware in the cybercriminals' arsenal to date. The epidemic also marked the beginning of the era of attacks on industrial targets. The worm is unique in that it uses as many as four zero-day Windows vulnerabilities at the same time in order to infiltrate victim computers, and has a rootkit component signed with certificates stolen from integrated circuit manufacturers, Realtek Semiconduc......
[more] Blue Coat ProxyOne appliance simplifies web security Network security firm Blue Coat Systems has launched a new appliance designed to bring enterprise-grade web security to small firms with few IT resources. The ProxyOne hybrid appliance combines anti-malware scanning, web filtering and user activity reporting in a single box which is easy to install and run, according to the vendor's European marketing vice president, Nigel Hawthorn. "Large organisations have always been able to implement......
[more] Spam back on track with UK in fifth place The UK is fifth in a list of the worst spam relaying countries, with unwanted email continuing to plague inboxes across the globe despite a recent drop in levels, according to a new report from security firm Sophos. The UK remained in fifth place despite having decreased its percentage of total spam output. The proportion of junk mail coming from UK servers fell from five per cent to just over 4.5 per cent. The US has retained its pole position in the ra......
[more] Blue Coat offers secure browser for Apple iOS Blue Coat Systems has released a secure browser for the Apple iOS platform, promising phishing and malware protection and content filtering for iPhone, iPad and iPod Touch devices. The company is distributing the K9 Web Protection Browser for free to family and individual users. The browser is similar to the versions the company offers for Windows and OS X systems. Driving security for the browsers is WebPulse, a cloud-based service which offers rapi......
[more] Report claims that the use of cyber weaponry will shortly become 'ubiquitous', as threats increase but with no cyber war on the horizon Claims made that there will never be a true cyber war but better user education is needed of exploits. According to a report by the Organisation for Economic Co-operation and Development (OECD), named ‘Reducing Systemic Cybersecurity Risk', very few single cyber-related events have the capacity to cause a global shock, but governments need to make detailed......
[more] Hackers steal $150,000 with malicious job application Small businesses have a new scam to worry about: criminal job applicants who want to hack into online bank accounts. The U.S. Federal Bureau of Investigation issued a warning Wednesday about a new twist on a long-running computer fraud technique, known as Automated Clearing House fraud. With ACH fraud, criminals install malicious software on a small business' computer and use it to log into the company's online bank account. They set up bogus......
[more] Mac malware threat still tiny, report suggests Virus writers finally paid some attention to Apple Macs in 2010, with several new types of malware appearing to puncture the myth of the platform's security invulnerability, security company Intego has reported in its annual review. The numbers are still tiny and hard to meaningfully compare to PC equivalents, but it does look as if there has recently been a modest rise in the sophistication of Mac malware. Perhaps the most interesting was October's......
[more] Kama Sutra PowerPoint named as one of the threats of the last three months, as new warnings made on malware that bypasses cloud-based anti-virus The Kama Sutra virus has been named as one the largest threats of recent months. In Cyberoam's 2010 internet threats trend report for Q4, the Trojan downloader associated with a Kama Sutra presentation titillated recipients into downloading a PowerPoint presentation of sexual positions, but left their PCs infected with a malicious code that opened a bac......
[more] Fake anti-virus scam hits Twitter Researchers have uncovered a new scam targeting Twitter users. The operation is said to make use of the Goo.gl link-shortening service in order to hide the actual address of the attack site. Attackers are believed to be using compromised Twitter accounts to post Tweets advertising various pages linked through the goo.gl service. When users click on the links, they are directed through the link-shortening service to a third party page which launches the actual at......
[more] Carberp banking malware upgrades itself A piece of banking malware that researchers have been keeping an eye on is adding more sophisticated capabilities to stay hidden on victims' PCs, according to the vendor Seculert. Carberp, which targets computers running Microsoft's Windows operating system, was discovered last October by several security companies and noted for its ability to steal a range of data as well as disguise itself as legitimate Windows files and remove antivirus software. It has......
[more] MyDoom the most destructive malware of the decade The 2004 MyDoom malware infection was the most costly piece of malicious software deployed in the past decade. Security vendor McAfee ranked the infection as the most destructive malware of the 2000s in terms of monetary damages. The company estimates that costs from lost productivity and commerce from the infection's massive spam campaigns mounted as high as $38bn ultimately. At its peak, MyDoom-related spam slowed global internet traffic by 10......
[more] Cyber criminals use digital certificates to cripple your organisation The recent cyber attack on an Iranian nuclear facility using the Stuxnet virus should worry all of us - not just those in close proximity who were in danger of being blown into the next world by the actions of a computer virus. The headlines around the story of the Stuxnet attack on an Iranian nuclear facility were familiar. Digital security threats and the hype surrounding them have become commonplace in our interconnected an......
[more] Intel developing zero-day attack blocker Intel CTO Justin Rattner says the chip maker is working on security technology that will stop all zero-day attacks. And, while Rattner would give few details about it, he said he hopes the new technology will be ready to be released this year. "I think we have some real breakthrough ideas about changing the game in terms of malware," Rattner said. "We're going to see a quantum jump in the ability of future devices, be them PCs or phones or......
[more] Newspaper site pulls plug after 'sustained' hack attack South African newspaper The Mail & Guardian pulled down its website on Wednesday to protect readers against "sustained attacks" that attempted to infect them with malware. Online editor Chris Roper told The New Age that the hackers had been conducting phishing attacks on the site and the worry was that someone would be duped. He said he hoped to have the site back online in the next 36 hours. The site remained inaccessible at......
[more] Could a vulnerability tax work? Apple's new security chief, David Rice, has some interesting views on how to improve software security - in particular a vulnerability tax concept. The soon-to-be global security head believes such a tax could be handled in the same way as pollution, making companies pay for the amount of environmental damage they caused. "We run cars in various crash tests to see how they respond, we can run these attack patterns on software, judge how it performs and give......
[more] Smartphones and social media can be a risky combination By visiting social media sites, smartphone users are exposing themselves to security risks, warned Avi Chesla, vice president of security at Radware. Most smartphone users do not realize how much personal data is stored and transmitted through apps. Criminals can hack into a social networking accounts, steal passwords, ATM codes and other personal data. "The main problem is that social networks allow almost anyone to learn about the pe......
[more] Researchers pry open Waledac, find 500,000 email passwords Researchers have taken a peek inside the recently refurbished Waledac botnet, and what they've found isn't pretty. Waledac, a successor to the once-formidable Storm botnet, has passwords for almost 500,000 Pop3 email accounts, allowing spam to be sent through SMTP servers, according to findings published on Tuesday by security firm Last Line. By hijacking legitimate email servers, the Waledac gang is able to evade IP-based blacklisting t......
[more] Scareware impersonates legit antivirus software from AVG In what could be an alarming preview of tomorrow's malware-spreading techniques, a new version of scareware is on the move, one that's designed to look exactly like it's a legitimate antivirus product from reputable security company AVG. Microsoft has issued an alert about AVGAntivirus2011, malware that purports itself to be AVG Antivirus 2011. The program pretends to perform a security scan of a user's system, claims to find an array of d......
[more] Next-generation banking malware emerges after Zeus The rumored combination of two pieces of advanced online banking malware appears to be fully underway after several months of speculation. What appears to be a beta version of a piece of malware that has bits of both Zeus and SpyEye is now in circulation, albeit among just a few people, said Aviv Raff, CTO and cofounder of Seculert. Seculert has published screen shots of the new malware, which has two versions of a control panel used for managin......
[more] Blue Coat heads to the cloud Security and WAN optimisation vendor Blue Coat Systems has announced the launch of Blue Coat Cloud Service, a new platform for delivering its security products. The first part of Cloud Service to see the light of day is the Web Security Module, which Blue Coat claims can provide real-time protection from web threats. It can be deployed and managed from anywhere in the world, which will benefit companies with a dispersed workforce relying heavily on portable devices,......
[more] Europe's virus victims revealed Almost one third of internet users in the European Union caught a PC virus despite the majority having security software installed, statistics show. Viruses were most prevalent in Bulgaria and Hungary, the survey of 30 countries reveals. The 2010 figures, released by the EU's statistics office to mark Internet Safety Day, show the safest countries were Austria and Ireland. The figures also detail financial losses online.They show that 3% of net users in the 27 EU......
[more] Facebook exploit toolkit dumbs down rogue app creation Miscreants have begun selling a cut-price point and click Facebook rogue application generation tool, designed for script kiddies too clueless to code their own malicious application. The rogue Facebook app creation tool kit is available is available at just $25, net security firm Websense reports. The toolkit offers a means to direct surfers towards survey scams, spread malware or act as a tool in furtherance of click-fraud scams, all by fo......
[more] Sophos goes virtual with email security appliance Sophos has expanded its range of email security and data protection products with a virtual email security appliance, designed to offer enhanced inbound and outbound threat protection with simplified management at a low cost. Available immediately for VMware virtualised environments, the Sophos Virtual Email Appliance integrates data loss prevention with email encryption and proactive spam and malware protection. The appliance features the vendor......
[more] Stuxnet blitzed 5 Iranian factories over 10-month period The Stuxnet worm repeatedly attacked five industrial plants inside Iran over a 10-month period, according to new data collected by researchers from antivirus firm Symantec. Three of the undisclosed organizations were targeted once, one was hit twice and one was targeted three times, members of Symantec's Security Response Team wrote in the report, which updates findings first released in September. The attacks took place in 12,000 separate......
[more] Juniper Networks eases connectivity and security issues Juniper Networks has announced a range of software and services that should help mobile operators boost scale and security and improve connectivity for end users. The firm said at Mobile World Congress in Barcelona that the additions will boost current services, and improve networks for future growth, higher bandwidth and rich media apps. Juniper expects that there will be billions of smartphones in use by 2020, and is looking to improve th......
[more] Hacked BBC streaming websites serve up malware Streaming sites operated by the BBC were hacked on Tuesday so they silently served visitors with malware, researchers from security firm Websense said. An iframe tag on the BBC's 6 Music and 1Xtra websites injected an exploit that was housed on a website with an address ending in cc, a top level domain for the Cocos Islands. The malicious binary was generated by the Phoenix exploit kit, which dates back to 2007 and streamlines malware infections by......
[more] Botnets claim 7-fold increase in victims Botnets used in banking credential theft and other criminal enterprises made huge gains in 2010, claiming more than seven times as many victims as the previous year, according to a report issued by a security firm that follows the large networks of infected machines. The dramatic increase was fueled by improvements in DIY botnet construction kits, which allowed internet-based fraudsters to construct new networks that quickly gained traction, the report fr......
[more] Government employs hackers in brave new scheme Since the dawn of computing there's been a cold war between those who run computer systems and those who attack them. And never the twain shall meet, at least until now. Speaking at the ShmooCon hacker convention in Washington, DC, Defense Advanced Research Projects Agency (DARPA) project manager Peiter Zatko has announced Cyber Fast Track, a new scheme that will rely on the skills of "small organisations, boutiques, hacker spaces, [and] maker......
[more] Lumension releases beta version of its Application Scanner v2.0 Lumension has released a beta version of its free Application Scanner v2.0 that scans executable files and identifies all applications within the endpoint environment, along with its Endpoint Intelligence Center (EIC) that consolidates malware, vulnerability, patch, and application information with relational cloud-based intelligence. Using the Application Scanner v2.0, IT administrators can check their applications with the Lumensi......
[more] Financial industry 'target of choice' for cybercrims Government research paper attempts to put a dollar value on losses. Although the $81 billion a year financial and insurance industry was a "target of choice" for cybercriminals, little was known about the scale of crimes perpetrated against it, a report from the Australian Institute of Criminology released today showed. Institute researcher Raymond Choo said the sector's reliance on information and communications technologies put it......
[more] Facebook and web apps threaten network security The world is very different from the days when email ruled the roost and Yahoo, not Google, was the first search engine name that rolled off your tongue. In 1995, the worst security threat was a virus on a floppy disk. But in 2011 the security landscape has completely changed; cyber crime is a huge industry and computers have the ability to bring down the networks of whole countries. The internet is not just web browsing and email any more, it's Fa......
[more] ZeuS trojan attacks bank's 2-factor authentication A variant of the ZeuS banking trojan is targeting mobile phone users who rely on their handsets to get enhanced, two-factor authentication from ING Bank Slaski in Poland, a security blogger said on Monday. The ZeuS man-in-the-mobile attacks appear to similar to those that hit Spain in September, researchers from antivirus provider F-Secure said. Both attacks attempt to steal so-called mTANs, short for mobile transaction authentication numbers, w......
[more] 10 building blocks for securing the Internet today During his keynote speech at RSA Conference 2011, Microsoft's corporate VP for trustworthy computing Scott Charney called for a more cooperative approach to securing computer endpoints. The proposal is a natural maturation of Microsoft's (my full-time employer) End-to-End Trust initiative to make the Internet significantly safer as a whole. It closely follows the plans I've been recommending for years; I've even written a whitepaper on the subje......
[more] Oddjob Trojan keeps banking sessions open after victims log out Miscreants have created a banking trojan that keeps victims' accounts open to plundering even after their marks log out of their accounts. The memorably named OddJob Trojan hijacks customers' online banking sessions in real time using their session ID tokens. By keeping accounts open even after victims think they have quit, the malware creates a window for fraudsters to loot compromised accounts and commit fraud. Trusteer, the trans......
[more] Windows to suffer fewer attacks as it loses ground to mobile According to Kaspersky Lab's prediction, there's a silver lining for Microsoft as it struggles to gain a foothold in the mobile space against Apple iOS and Google Android: Over the next decade, the company's oft-targeted Windows platform won't be quite as juicy a target for certain breeds of cyber criminals as it has been. That's not to say that Windows will fall out of bad guys' sights entirely. In business environments, the platform......
[more] The true cost of cybercrime According to a recent UK government report, the overall cost to the UK economy from cybercrime is believe to be £27bn per year. The UK government report demonstrates that businesses need to take the threat from cybercrime seriously. In addition to spam and malware attacks, businesses need to be aware of the risk from cybercriminals gaining remote access to company systems, spying on sensitive activities and stealing information. However, the report does not prov......
[more] Hackers avoiding encryption with memory scraping What's "pervasive memory scraping" and why is it considered by SANS Institute security researchers to be among the most dangerous attack techniques likely to be used in coming the coming year? Simply put, pervasive memory scraping is used by attackers who have gained administrative privileges to successfully get hold of personally identifiable information (PII) and other sensitive data held encrypted in a file system, according to Ed Sko......
[more] Malware prominent on user-generated content websites Malware has moved to online storage and open/mixed content sources. Malware has moved from the dark corner of the internet to more popular areas, such as online storage and open/mixed content sources. Blue Coat Systems' 2011 web security report, which examines web behaviour and the malware to which users are most frequently exposed, found that malware hides in acceptable web categories. The number of new online storage sites hosting malware in......
[more] Hacker writes easy-to-use Mac Trojan In a sign that hackers, like everyone else, are taking an interest in everything Apple, researchers at Sophos say they've spotted a new Trojan horse program written for the Mac. It's called the BlackHole RAT (the RAT part is for "remote access Trojan") and it's pretty easy to find online in hacking forums, according to Chet Wisniewski a researcher with antivirus vendor Sophos. There's even a YouTube video demonstration of the program that shows you......
[more] Pervasive memory scraping enables hackers to grab personally identifiable information from users' PCs The SANS Institute has reported a new trend in hacking techniques, used by hackers to grab personally identifiable information (PII) from users' PCs. Known as ‘pervasive memory scraping,' the technique relies on the fact that certain areas of Windows memory are only occasionally overwritten, meaning that data from software that has been closed down on the PC, can still remain for some time......
[more] Malware ads hit London Stock Exchange Web site Visitors to the London Stock Exchange's Web site were hit with malicious ads over the weekend, designed to pop up fake security messages on their computers. The culprit was an online advertisement that was somehow placed on the Unanimis ad network, which is used by the the Web site, a London Stock Exchange spokeswoman said Monday. "We had an advert on the site that linked through to a third-party website that was hosting this malware," she......
[more] Malvertising - latest threat lures users to malicious sites Unsuspecting internet surfers are being fooled into clicking on seemingly above-board ads from recognisable brands only to end up on malicious websites that install malware on the users' computers. Websense Security labs have discovered that the popular auto trading site Autotrader.co.uk and cinema site Myvue.com have both served ads that redirected the user to malicious websites. In both cases the malicious ads were tailored to respond......
[more] Companies scramble to tame the wild endpoint A failure to gather adequate information on endpoint devices is the top security concern for a third of firms, according to a survey of IT managers and chief security officers. The survey, conducted by Zogby on behalf of IBM and supporting Big Blue's announcement of a number of endpoint management products and strategies, found that 90 percent of companies planned to purchase new technologies to help them better manage their endpoints. A major proble......
[more] Microsoft planning light Patch Tuesday update Microsoft is planning a fairly light Patch Tuesday update for March, but has said that the critical and important fixes should be deployed as quickly as possible. Just three patches are being released next week, two for Windows, one rated critical and one important, and one for Office rated important. All three address problems that could let hackers remotely take over a PC or server, and affect Windows versions right up to Windows 7 SP1. However, th......
[more] WordPress : DDoS attacks came from China The large distributed denial-of-service (DDoS) attacks that hit the WordPress.com blog publishing platform last week originated from China, according to the founder of the site. A DDoS attack involves harnessing hundreds or thousands of computers to simultaneously bombard a website with data so that it becomes overwhelmed. The computers in such attacks have typically been infected with malware so that they can be used without the consent and awareness of......
[more] Corporate data breach average cost hits $7.2M The cost of a data breach went up to $7.2 million last year up from $6.8 million in 2009 with the average cost per compromised record in 2010 reaching $214, up 5% from 2009. The Ponemon Institute's annual study of data loss costs this year looked at 51 organizations who agreed to discuss the impact of losing anywhere between 4,000 to 105,000 customer records. The private-sector firms participating in the Ponemon Institute's "2010 Annual Study: U......
[more] M86 social media scanner takes the worry out of surfing M86 Security has launched a free plugin to allow users to safely access social media sites and search engine pages without concerns about malicious links. The M86 SecureBrowsing plugin is for PC and Mac and does real-time scans of URLs to alert users to potentially malicious web content embedded in search results, malware-laced advertising and malicious links in Facebook, Twitter and LinkedIn. URLs are anonymously sent to cloud-based scanne......
[more] Trend warns of Linux malware spreading on routers Trend Micro has issued a warning to administrators after picking up the first copies of a Linux malware variant that is infecting routers. The malware, dubbed ELF_TSUNAMI.R, uses a combination attack to spread. It is capable of running its own brute force attacks against routers, but also exploits a flaw in the D-Link DWL-900AP+ internet router. The code also links infected machines to botnet servers via IRC channels. "This malware is pred......
[more] Apple security update leaves iPhone 3G users unprotected Apple is leaving some of its older mobile devices unprotected with its latest patch batch. An iOS 4.3 update, which includes a number of critical security fixes, is incompatible with the still widely used iPhone 3G and older versions of the iPod Touch. The latest version of Apple's mobile software can only be applied on the iPhone 3GSs and later models; the iPod Touch 3rd generation and later models; as well as all versions of the iPad. Se......
[more] One third of Smartphone users in Europe store PIN codes, passwords and user names on their devices According to a Smartphone IT Security survey conducted for Kaspersky Lab, sensitive information is held on smartphones. The results found that approximately one third of users from all the countries surveyed store credentials (such as PIN codes, passwords and user names) to access personal and corporate email on their devices - despite the fact that 20 per cent of all respondents have reported th......
[more] Hackers exploit Flash zero-day, Adobe confirms Adobe today confirmed that attackers are exploiting an unpatched bug in Flash Player using Microsoft Excel documents. The company will patch Flash next week and will also update Adobe Reader, which includes code that renders Flash content inserted in PDF files. "They have exploits out in the wild, so they're moving pretty quickly," said Wolfgang Kandek, chief technology officer at Qualys. "That's commendable." According to a secu......
[more] Major spam network silenced mid-campaign The sudden drop in activity of a major spam producer looks to be the result of the largest co-ordinated attack on spammers. At 15:30 GMT on 16 March, a network of spam-producing computers, known as Rustock, suddenly stopped. It also appears that the infrastructure needed to control the spam network has been disrupted. Security researchers said that would make it the largest ever take down of a cyber crime network.In 2010, the Rustock botnet - a coll......
[more] Spotify apologises for tainted ad kerfuffle Spotify has promised to review its security following an attack that exposed users of the free version of its music streaming service to malware on Thursday. Tainted ads displayed to music fans served up content from sites that used the Blackhole Exploit Kit in an attempt to infect users with the Windows Recovery fake anti-virus (scareware) application. Windows users did not even need to click on an ad to risk getting hit, as an advisory by web securit......
[more] New method finds botnets that hide behind changing domains Researchers at Texas A&M University say they have a new method for finding domain-fluxing botnets, which evade detection by constantly alternating domain names. Dr. Narasimha Reddy, who works in the University's Department of Electrical and Computer Engineering, collaborated with student Sandeep Yadav and Ashwath Reddy, as well as with Supranamaya "Soups" Ranjan with Narus Inc., to develop the new method. It can be used to......
[more] Security in 3D Managing security complexity is the number one obstacle that enterprises face today, according to a recent Check Point and Ponemon Institute survey of over 2,400 IT security professionals. With the prevalence of data loss and the proliferation of Web 2.0 applications, mobile computing and the rise of sophisticated, blended attacks, it is no wonder that businesses--regardless of their size--are struggling to keep up with the evolving threat landscape. More and more companies are re......
[more] Ransom Trojan returns for new encryption attack The creators of the deeply unpleasant GPCode Trojan have released a new version of the malware that encrypts victims' data files and tries to extort money for the unlock key. The major innovation this time compared to a version from November 2010 is that the criminals demand a slightly higher fee of $125 for the key paid through the Ukash payment pre-paid card site instead of using direct money transfer. GpCode.bn, as it has been named by Kaspersky......
[more] Government-backed website in malware scare A government-backed website, designed to champion the UK's start-up businesses has inadvertently linked users to malware, it has emerged. StartUp Britain, which launched on Monday, linked to a page hosting fake anti-virus programs, according to security firm Sophos. It will be an embarrassment for the government, which has been widely promoting the initiative.The link was removed shortly after launch, according to StartUp Britain.It told the BBC in a st......
[more] EU parliament suspends webmail after cyber-attack The European Parliament network has fallen under cyber-attack, leading to a suspension of webmail and other security restrictions. The assault, which has led to the suspension of webmail access in Strasbourg, comes after attacks against the European Commission and the External Action Service networks. The Parliament and the Commission run over separate networks. The attack on the parliamentary network was reportedly detected on 24 March, two days......
[more] RSA gives details of SecureID attack methodology RSA has been briefing analysts on the attack vectors used by the hackers seeking access to SecureID technology, and how the break-in was stopped. The company said that the initial attack came in the form of emails sent to groups of low ranking employees entitled "2011 Recruitment Plan," which contained an Excel spreadsheet with malware using an Adobe Flash exploit. The bulk of these were shifted into spam folders, but some were opened an......
[more] Epsilon security breach could be problem for years to come An attack on internet marketing company Epsilon has netted millions of customer email addresses from some of the biggest names in the corporate world. Epsilon has confirmed that the databases it keeps on corporate customers for email promotions had been hacked and a large number of user names and email addresses were stolen, including those from JP Morgan, Honda, McDonalds, Disney, TripAdviser and Marriot. No financial information was ta......
[more] EMC brings NetWitness into RSA fold EMC has agreed to acquire monitoring and analysis firm NetWitness whose software EMC's security division RSA used to identify an attack on its corporate servers. The deal officially closed on 1 April for an undisclosed fee, bringing NetWitness under the umbrella of RSA - EMC's security division. "The intensity and sophistication of advanced adversaries and zero day malware challenge every organisation to rethink traditional approaches to network security,......
[more] FAQ: Epsilon email breach An email server breach at Epsilon Interactive exposed the names and email addresses of millions of people. The breach is being described as the worst of its kind. Here's what you need to know: What happened? Epsilon Interactive last Friday announced that unknown intruders had broken into one of its email servers and accessed the names and email accounts of some of its 2,500 corporate customers. Epsilon has not disclosed how many accounts in total were exposed in the bre......
[more] Epsilon breach used four-month-old attack A data breach exposing the customer details of the likes of Citigroup, Hilton Hotels and Dell Australia was part of a series of socially-engineered attacks first reported by an Epsilon technology partner some four months ago, iTnews can reveal. The world's largest email service provider, Epsilon, disclosed on April 1, 2011 that the data it manages on behalf of a subset of its 2500 global clients had been accessed by hackers the day prior. Today iTnews ca......
[more] Report: End-user ignorance at Epsilon let hackers steal customer data The hackers who managed to steal millions of customer email addresses from marketing giant Epsilon did so by exploiting what is arguably the weakest link in IT security: end-user ignorance or, perhaps more aptly, inadequate end-user training. ITNews reported today that the perpetrators of the data heist, which affected customers of numerous large corporations across an array of industries, got a foot in the door through succes......
[more] Koobface confused with toon More than half of British small businesses think Koobface is a social networking site. More than half of British small businesses believe that Koobface was a social networking site. A survey of 1337 small businesses nationwide by Eclipse, an internet service provider for small businesses and home users, found that 52 percent confuse the social networking worm with Facebook, while 13 percent believe it to be a cartoon character from a children's TV show. It also found......
[more] Users feel more secure using smartphones to surf the Internet than PCs According to research from Kaspersky Lab, over 90 percent of users in most European countries store personal data, such as photos, emails or contact details, on their smartphones. Around one-third also save login information, such as PIN codes or passwords, for various services on their mobile devices, demonstrating a large gap between secure reality and user perception. 1,600 smartphone users were surveyed in Great Britain,......
[more] Adobe confirms critical Flash zero-day bug For the second time in the last four weeks, Adobe has told users that hackers are exploiting an unpatched bug in Flash Player, again by embedding malicious code inside a Microsoft Office document. In a security advisory issued Monday, Adobe said that attackers are exploiting the vulnerability by embedding Flash attack files within a Microsoft Word document sent as an email attachment. Adobe did not spell out a patch timeline for the newest Flash zero-da......
[more] UK police arrest three men over 'SpyEye' malware U.K. police arrested three men late last week in connection with using the SpyEye malware program to steal online banking details. Two of the men were charged on Friday and appeared in Westminster Magistrates Court in London on Saturday. Pavel Cyganoc, 26, a Lithuanian living in Birmingham, England, was charged with conspiracy to cause unauthorized modifications to computers, conspiracy to defraud and concealing proceeds from crime. Aldis Krummins......
[more] In a first, feds commandeer botnet, issue 'stop' command For the first time ever, the US government has attempted to take down a botnet by setting up a substitute control channel that temporarily disables the underlying malware running on hundreds of thousands of infected end user computers. The move, announced Wednesday after federal prosecutors seized domain names, IP addresses and servers operated by the operators, is intended to cut the head off a notorious botnet known as Coreflood, which h......
[more] Blue Coat is the leader in Content Security Gateway Appliance Markets According to the latest report from Infonetics Research, Blue Coat Systems, Inc. (Nasdaq: BCSI) was the worldwide market leader in Content Security Gateway Appliances in 2010, and the leader in Europe, the Middle East and Africa (EMEA) with 35.7 percent market share, nearly double that of its nearest competitor. Blue Coat has led the worldwide and EMEA markets every year since 2006, when Infonetics first began reporting market......
[more] Adobe patches latest Flash zero-day Adobe today patched a critical vulnerability in Flash Player that the company said criminals were already exploiting with malicious Microsoft Word and Excel documents. On Monday, Adobe acknowledged the bug, said exploits were circulating, and promised to fix the flaw with an emergency update. Today's update was Adobe's second rush patch in less than four weeks. The new version, Flash Player 10.2.159.1, is available for Windows, Mac, Linux and Solaris.Missing f......
[more] Top-secret US lab infiltrated by spear phishers - again One of the most sensitive science labs in the US has shut down all internet access after attackers exploited a vulnerability in Microsoft's Internet Explorer browser to steal data from some of its servers, according to published news reports. The security breach at the Oak Ridge National Laboratory is at least the second time since 2007 that computers have been hacked when employees were duped by phishing emails. The most recent compromise......
[more] Fake AV makers, scammers exploit Bin Laden news Malware makers and scammers have quickly latched onto the news that U.S. military forces killed Osama Bin Laden, security researchers said today. Antivirus vendors have spotted multiple threats based on the news, including links that lead to fake security software -- dubbed "rogueware" -- attack code masquerading as plug-ins that users must supposedly download to view video, and attempts to harvest personal information. Sunday night, Pres......
[more] Man who liveblogged Bin Laden raid was hacked The Pakistani programmer who dubbed himself "the guy who liveblogged the Osama raid without knowing about it" is also the guy who got his website hacked without knowing about it. Sohaib Athar was in the international spotlight Monday morning after he inadvertently tweeted about the early morning raid that killed Osama bin Laden and several of his associates. His on-the-ground tweets provided early details on what could turn out to be the bi......
[more] Phishing emerges as major corporate security threat The successful use of phishing emails to breach secure organizations like Oak Ridge National Laboratory and EMC's RSA security division is a stark reminder of the serious threat posed by a type of attack that was previously dismissed as low-tech. The Oak Ridge lab last month disclosed that sophisticated data-stealing malware had infiltrated its networks. The breach originated in a phishing email sent to about 570 employees. The email was disgu......
[more] New graphics engine imperils users of Firefox and Chrome The US Computer Emergency Readiness Team is advising users of the Mozilla Firefox and Google Chrome browsers to disable a recently added graphics engine that can be exploited to take control of end user computers. The web standard known as WebGL opens the browsers to serious attacks, including the remote execution of malicious code, independent research consultancy Context Information Security recently warned. The technology made its debut......
[more] Google Android prime target for malware attacks, says Juniper Symbian and Microsoft Windows Mobile platforms have been the proving ground for mobile malware over the past five years, but a new Juniper Networks report states that Google Android now takes "the crown" as the platform getting the most attention from malware developers. "That's where the momentum is for 2011," says Dan Hoffman, chief mobile security evangelist at Juniper, whose "Mobile Devices: The New Fronti......
[more] Looking beyond anti-virus to limit costs, attacks As more than two million new malware signatures are identified each month, and more organizations are falling prey to zero-day attacks, traditional anti-virus (AV) simply can't keep up in the malware arms race. If your organization is anything like the companies we've been speaking with, then you know firsthand the headache and ongoing challenge that the rising cost of malware has created. In fact, 48 percent of organizations recently reported......
[more] Windows scareware fakes impending drive disaster Scammers are trying to trick Windows users into paying to fix bogus hard drive errors that have apparently erased important files, a researcher said today. The con is a variant of "scareware," also called "rogueware," software that pretends to be legitimate but actually is just a sales pitch based on spooking users into panicking. Most scareware masquerades as antivirus software. But Symantec researcher Eoin Ward has found a n......
[more] We're doomed to insecurity in the cloud and on thin clients Working in the IT security field, you spend every waking hour stvriving to improve protection and lower risk. Then another computing technology emerges -- the Internet, wireless networking, mobile computing, social networking, and so on -- and you have to learn every security lesson all over, as if something new and surprising has come along. In the past few weeks, we've seen authentication token leaks from Facebook; a rise in mobile ma......
[more] Fake security software catches out Apple owners A fake security program for Apple computers called MACDefender has racked up a significant number of victims. Hundreds of people who installed the software have turned to Apple's forums for help to remove it. The program's tactic of peppering screens with pornographic pictures has made many keen to get rid of it. MACDefender seems to have been successful because of the work its creators did to make it appear high up in search results.The number of......
[more] 7 questions about the Mac malware scare A few answers help clarify what the MacDefender scareware plague really means for Mac users and administrators It was only a matter of time. Numerous reports from the field leave little doubt that Apple OS X has become the target of its first widespread malware campaign -- in the form of MacDefender (aka, MacSecurity or MacProtector). Mac Defender is classic scareware: You're prompted to download and install an antivirus program to protect your system, whe......
[more] Microsoft links Apple and Windows fake antivirus scams Russian criminal group could be producing both strains of malware Microsoft said this week that it has evidence of a link between the fake security software now plaguing Mac users and a hard-charging family of similar software on Windows.Phony security software, labeled "rogueware" and "scareware" by experts, has long been a huge thorn in Windows' side. But earlier this month researchers announced the discovery of a Mac-s......
[more] Apple admits Mac scareware infections, promises cleaning tool Apple on Tuesday promised an update for Mac OS X that will find and delete the MacDefender fake security software, and warn still-unaffected users when they download the bogus program.The announcement -- part of a new support document that the company posted late Tuesday -- was the company's first public recognition of the threat posed by what security experts call "scareware" or "rogueware.""In the coming da......
[more] 89 per cent of all web resources used for hosting malware come from just 10 countries During the first quarter of 2011, Kaspersky Lab's solutions blocked 412,790,509 attempted local infections of users' computers connected to the Kaspersky Security Network. The Top 10 list of countries where users' computers were exposed to the highest risk of local infections consisted entirely of Asian and African countries. First place in the ranking is occupied by various malicious programs detected with t......
[more] Lockheed-Martin Attack Signals New Era of Cyber Espionage The network of defense contractor Lockheed-Martin was attacked using counterfeit electronic keys. Since the RSA Security network was hacked and the keys to its SecurID tokens were compromised a few months ago, the world has been waiting for the proverbial other shoe to drop. Well, it dropped. In an analysis of the breach at RSA Security, NSS Labs predicted, "This was a strategic move to grab the virtual keys to RSA's customers--who a......
[more] McAfee sees progress in slowing cybercrime Increased efforts amongst law enforcement and security research groups have helped to slow the tide of cybercrime. Security firm McAfee highlighted a series of police actions and raids in its most recent quarterly threat report. The report highlighted efforts including operations which brought down fraud and money laundering operations as well as high-profile botnet takedowns. McAfee Labs principal engineer Adam Wosotowsky told V3.co.uk that the latest......
[more] Apple ships removal tool for Mac-menacing malware Apple has updated its Mac operating system to protect against a malicious application that has been hoodwinked untold numbers of users by masquerading as legitimate security software that warns they have serious infections on their machines. Apple issued Security Update 2011-003 on Tuesday to update Mac OS X to detect for MacDefender, one of several trojans that gets installed through an elaborate ruse that's become almost a rite of passage for o......
[more] 5 top social media security threats Social media platforms such as Twitter, Facebook, and LinkedIn increasingly are being used by enterprises to engage with customers, build their brands and communicate information to the rest of the world. But social media for enterprises isn't all about "liking," "friending," "up-voting" or "digging." For organizations, there are real risks to using social media, ranging from damaging the brand to exposing proprietary in......
[more] UK beefs up cyber warfare plans 'Cyber' soldiers will be put alongside conventional troops as the government puts cyber attacks on an equal footing with other conflicts. The news comes as US defence firm Lockheed Martin admitted it came under a significant cyber attack last week. The Ministry of Defence (MoD) said it will recruit hundreds of cyber experts to shore up UK defences.It is part of a £650m fund set aside by the government for dealing with cyber security."Our forces depend o......
[more] Boy-in-the-Browser attacks continue to evade traditional anti-malware software Boy-in-the-Browser (BITB) attacks are gaining force as they continue to evade traditional anti-malware software. Tomer Bitton, from the Imperva Application Defense Center, explains, "Many are familiar with Man-in-the-Browser (MitB) attacks, but most are unaware of the lesser known Boy-in-the-Browser (BitB). Not as sophisticated as MitB, BitB malware has evolved from traditional key loggers and browser session rec......
[more] MoD suffered 1,000 serious cyber attacks last year Defence secretary Liam Fox has become the latest high-profile politician to warn of the seriousness of cyber attacks against the UK, claiming that his ministry suffered over 1,000 "potentially serious" attacks last year. Fox reportedly revealed in a speech to the London Chamber of Commerce and Industry on Tuesday evening that cyber security threats had doubled over the past year, and that his department is a key target. "Our syste......
[more] World Bank cut connection to IMF after "major" cyberattack The International Monetary Fund (IMF) has admitted to being the victim of a cyberattack so serious that its global partner the World Bank temporarily decided to cut all computer links between the two organisations. The precise nature of the attack and when it happened was not revealed to IMF staff, who were reportedly told of the attack in an email last week, but is believed to have been some months before its now deposed head, Dominique......
[more] Fake antivirus software wears convincing Microsoft Update mask Windows users running Firefox are being targeted by scareware groomed to look convincingly like Microsoft Update, according to a security adviser at Sophos. The news once again demonstrates that cyber criminals are becoming increasingly skilled at crafting malware to dupe even the moderately tech-savvy user, exploiting info in users' Web browser user strings and appropriating reputable companies' product names, logos, and designs. Th......
[more] Trend Micro takes aim at stealthy hackers stealing secrets Trend Micro says it can catch hackers in action breaking into networks and trying to steal secrets with a new line of line of network-analysis tools and security services. Branded Real-Time Threat Management Solutions, Trend Micro's approach includes network appliances monitor network traffic for telltale signs of hacker entry or malware, such as outbound botnet traffic calling back to its master control point. One appliance, called the......
[more] Spear phishers sharpen skills, craft 'incredible' attacks, say experts Recent break-ins at high-profile targets like the International Monetary Fund (IMF) demonstrate just how proficient hackers have become at "spear phishing," researchers said today. "Today's spear phishing is not only more prevalent but also much more technically proficient," said Dave Jevans, chairman of the Anti-Phishing Working Group (APWG), an industry association dedicated to fighting online identity t......
[more] Windows XP, Vista AutoRun update reduces malware infections by 82% Microsoft today credited a February security update for lowering AutoRun-abusing malware infection rates on Windows XP and Vista by as much as 82% since the start of the year. Four months ago, Microsoft offered XP and Vista users an optional update -- which was later changed to automatically download and install -- that disabled AutoRun. Microsoft changed AutoRun's behavior in Windows 7 to block automatic execution of files on a......
[more] Just four per cent of smartphones and tablets are protected against malware The mobile security software market will be worth $1bn by 2013 as the need for protection on smartphones and tablets against a growing number of threats becomes essential, according to Juniper Research. The market will grow to $3.6bn by 2016 when over 277 million devices will be protected, up from just four per cent, or around 27 million, according to the firm's Securing and Protecting a Mobile Future white paper. Report......
[more] Microsoft warns on support scams A survey from Microsoft reveals just how widespread the fake tech support call scam is becoming. The crooks cold-call people at home and claim to be calling from Microsoft or a well-known security firm and offering "free security checks". The software giant surveyed 7,000 computer users in the UK, Ireland, US and Canada and found an average of 16 per cent of people had received such calls. In Ireland this rose to a staggering 26 per cent. More than a fi......
[more] McAfee extends mobile offerings with WaveSecure and SiteAdvisor for Android McAfee is looking to extend the reach of its mobile security line with a pair of services for Android tablets and smartphones. The company said that its Mobile Security Suite would add support for the McAfee SiteAdvisor platform. The addition of SiteAdvisor will allow the company to bundle web security tools into its existing anti-malware and anti-theft platforms. Additionally, McAfee will be adding support for the WaveS......
[more] Time to guard your digital certificates When criminal hackers break into a company, they're usually looking to steal stuff they can sell, like credit-card information or intellectual property. But these days, some sophisticated thieves also seek digital certificates -- as a way to make their malware appear to potential targets to be valid software. In a recent report, security firm AVG gave two examples of companies whose certificate data was taken by attackers and then used to sign malicious so......
[more] LulzSec was "the canary in the coal mine" for enterprise security Last week, notorious hacking group LulzSec officially ended its months-long hacking campaign and formally disbanded itself. In its wake, the group left a trail which includes high profile denial of service attacks and data breaches, which have lead to the details of tens of thousands of users being posted online and the trashing of several security offier's reputations. LulzSec grabbed headlines for its brazen attacks on targets i......
[more] Trend Micro spots Android malware acting as SMS relay A Trend Micro security researcher claims to have discovered a new type of malware infection on the Google Android platform that acts as an SMS (text message) relay. According to Mark Balanza, the security vendor's threats analyst, the new type of Android malware - unlike previous Android-specific threats he and his team have seen - does not piggyback on legitimate Android apps. Once installed, he says, ANDROIDOS_CRUSEWIN displays a blank wind......
[more] In the IT security world, policies and controls are king Over a decade ago, Stephen Northcutt, one of the original founders of the SANS Institute, recruited me to help plan a course purely about security policies and procedures. At the time, I was all about hands-on hacking and defending, and I saw little value in a course purely focused on "paperwork." It took me a long time to realize that without the paperwork, you don't get any real security. Almost all security professionals can s......
[more] Researchers discover 4.5 million-strong super-botnet Millions of PCs around the world appear to have been quietly infected by the dangerous TDSS ‘super-malware' rootkit as part of a campaign to build a giant new botnet, researchers from security firm Kaspersky Lab have discovered. Malware and botnets come and go, but TDSS is different. First detected more than three years ago, TDSS (also known as ‘TDL' and sometimes by its infamous rootkit component, Alureon), it has grown into a mul......
[more] Anonymous hacking school class graduates next month In about a month the first graduates of the new Anonymous hacking school could start having an impact on the frequency of cybercrime. "You could have a quarter of a million people who could be educated on how to hack, not professionally, but enough to be significant," says Karim Hijazi, CEO of security startup Unveillance. He bases that projected impact on the number of followers that the hacking group LulzSec acquired on Twitter duri......
[more] Security researchers discover 'indestructible' botnet More than four million PCs have been enrolled in a botnet security experts say is almost "indestructible". The botnet, known as TDL, targets Windows PCs and is difficult to detect and shut down. Code that hijacks a PC hides in places security software rarely looks and the botnet is controlled using custom-made encryption. Security researchers said recent botnet shutdowns had made TDL's controllers harden it against investigation.The......
[more] Is host-based antivirus software losing luster? Traditional host-based antimalware packages just aren't that useful anymore, according to some companies that find it either doesn't protect against the main dangers they face from the Web or it simply doesn't run well in virtualized computer environments. "We're hovering at 95 percent virtualized," and the move has necessitated a new approach to security, such as deploying virtual-machine-based intrusion detection and protection. But Pri......
[more] Who are all these hacker groups? Hacker groups that attack or steal -- some estimates say there are as many as 6,000 of such groups online with about 50,000 "bad actors" around the world drifting in and out of them -- are a threat, but the goals, methods, and effectiveness of these groups vary widely. When they're angry, they hack into business and government systems to steal confidential data in order to expose information about their targets, or they simply disrupt them with denial-o......
[more] Search Engine Poisoning explained Search Engine Poisoning attacks manipulate, or "poison", search engines to display search results that contain references to malware-delivering websites. There are a multitude of methods to perform SEP: taking control of popular websites; using the search engines' "sponsored" links to reference malicious sites; and injecting HTML code. Imperva's second Hacker Intelligence Initiative (HII) report reveals the intricate workings of a ‘Sea......
[more] Jay Leno is top spam scam lure, security company finds US talkshow host Jay Leno, singer Madonna, actress Cameron Diaz and President Barack Obama share an unpleasant secret their publicists are powerless to do anything about. A new analysis by security company BitDefender has identified these celebrities as the most commonly-used lures in US spam campaigns, usually combined with bogus and sensational headlines designed to pique the interest of naive Internet users. These four names were connecte......
[more] Banking Trojan hits Android phones A banking Trojan that has plagued Symbian, BlackBerry and Windows Phone users has now made its way to Android devices. The Zitmo Trojan, which has been used by the ZeuS criminal gang to steal banking information, was confirmed to be on Android devices by security firm Fortinet last week. In a blog post on the company's website, senior antivirus analyst Axelle Apvrille said that the Trojan poses as a banking activation application and then once installed sniffs......
[more] Has your company been infiltrated by the Shady Rat hack? When McAfee released its Operation Shady Rat hacking report earlier this week, it didn't name all of the organizations it thought could have been hacked as part of a large, five-year ongoing campaign. Yours might be one of them. McAfee said 72 organizations worldwide were hacked, according log reports in a server that McAfee gained access to. It listed a few, such as the U.N., the U.S. International Trade Organization and the World Anti-Do......
[more] 'Shnakule' malware network combines fake ads and bogus AV alerts Security experts have warned of a major malware network known as 'Shnakule' that uses a combination of fake advertising banners and bogus security alerts to infect computers. Researchers at Blue Coat said that the malware spreads through code embedded in advertising banners that redirect to a third-party site which attempts to launch a fake anti-virus attack. The pages generate a pop-up window designed to resemble a Microsoft secur......
[more] Microsoft patches 1990s-era 'Ping of Death' Microsoft today issued 13 security updates that patched 22 vulnerabilities in Internet Explorer, Windows, Office and other software, including one that harked back two decades to something dubbed "Ping of Death." Of Tuesday's 13 updates, called "bulletins" by Microsoft, two were labeled "critical" -- the most-serious rating in the company's four-step score -- nine were marked "important," the next-most-dangerous......
[more] Super Glue website comes unstuck after Javascript attack Five days after it was first discovered, the website of the Super Glue Corporation is still serving visitors with a malicious script, pushing them to sites selling fake security software, security company Avast has revealed. "This infection seems to be sticking like glue," said a company note on the discovery put out on Wednesday, the first of what will be a long string of glue-themed jokes at the company's expense. The attack it......
[more] Verizon claims most data breaches undiscovered for months or years Vast majority of leaks caused by external attacks, claims telecom vendor Over 90 percent of data breaches are the result of external attacks and almost 60 percent of organisations discovered them months or years later, Verizon claimed at the RSA security conference.Called the Verizon 2011 Investigative Response Caseload Review, it compiles statistics from 90 data breach cases investigated by the company's incident response team l......
[more]
