Trojan planted on US Consulate website

Russian roulette
By John Leyden → More by this author
Published Thursday 13th September 2007 11:43 GMT

Webpages of the US Consulate General in St. Petersburg, Russia, were infected by malware earlier this week. The US consulate site was caught up in a much larger hack attack and is not thought to have been targeted as such.

The infected pages have since been cleaned up, reports net security firm Sophos which monitored results of the assault.

The attack on the US consulate was part of a larger campaign by cybercriminals targeting vulnerable web servers. The majority of the 400 compromised web pages hit by the attack were hosted in Russia. Hackers planted malicious scripts on compromised hosts.

After retrieving a copy of one of the infected Consulate pages from an internet cache, virus analysts as Sophos were able to identify the malware script planted on the site as Mal/ObfJS-C, a strain of web nasty that attempts to load further malware from a remote server. This malware includes a Trojan downloader script that attempts to plant backdoor code onto the PCs of surfers with vulnerable machines who visit infected sites.

The attack is described in much greater depth in Sophos's blog here. [...]

Read more ...
The Register. Security.

AOL's Free Anti-Virus Switcheroo

A number of AOL users who have taken advantage of the free "Active Virus Shield" anti-virus offer from Kasperksy are complaining that the software has ceased downloading updates. Turns out AOL recently severed its relationship with Kaspersky, and is now offering customers free anti-virus service from McAfee.

It doesn't appear that AOL gave any sort of advanced warning that this change was forthcoming, although the company has information up on its site detailing the new McAfee offering. An AOL spokesperson said that while the the ISP is no longer offering new licenses for the free Kaspersky software, there is no reason that customers who still have time left on their Kasperksy license should have stopped receiving updates for the program.

Even so, some AOL virus shield users have reported that they can no longer download virus signatures to keep the program up-to-date. Assuming those users still have time left on their license (it gets renewed once a year), there appears to be a relatively simple tweak that has helped re-enable updates for many users.

Alternatively, AOL users can remove Kaspersky, pay to upgrade to a full version, or uninstall the program and go with the free McAfee offering. There also are several other free anti-virus options out there, including Antivir Personal Edition Classic, AVAST Home Edition, BitDefender Free, Clamwin Free, and Grisoft's AVG Free. [...]

Read more ...
Brian Krebs on Computer Security. The Washington Post Company.

Microsoft serves light fare on Patch Tuesday

No critical patches for most Windows users
By Dan Goodin in San Francisco → More by this author
Published Tuesday 11th September 2007 22:00 GMTFind your perfect job - click here from thousands of tech vacancies

Microsoft served comparatively modest fare for its monthly patch release on Tuesday, issuing only four security-related updates, only one of which carried its top severity rating of critical. It plugged a hole in a Windows 2000 component, while the other updates fixed vulnerabilities rated as important in instant messenger programs, Visual Studio .Net and Windows services for
Unix found on several different versions of the Windows operating system.

In a rare event, the typical Windows user is likely to have just one patch to install. It addresses a vulnerability in the MSN Instant Messenger and Windows Live Messenger that could allow an attacker to take over a machine by tricking a victim into clicking on a specially crafted chat request. Despite MSN Messenger being installed on every copy of Windows, Microsoft rated the flaw important, presumably because it can't be exploited without the user taking action first.

Some users may have no patches to install, as was the case with this reporter. That's because the vulnerability doesn't affect Windows Live Messenger version 8.1, which was installed on the machine. A spokeswoman says other versions of Windows Live Messenger don't use Windows Update to install new updates. Instead, the client prompts the user to install a new version, she said. Windows Update still encouraged us to run Windows Malicious Software Removal Tool, as it does every month.

The rest of the updates apply to more technically inclined users. The most serious is the patch for a Windows 2000 component known as Microsoft Agent, which fixes a critical vulnerability that could allow an attacker to remotely execute code of his choosing. A third flaw affecting Visual Studio could also allow a remote execution, but only if a user opens a specially crafted RPT file. The last vulnerability, which affects Windows Services for UNIX 3.0, Windows Services for UNIX 3.5, and Subsystem for UNIX-based Applications, could allow an attacker to elevate privileges.

A fifth patch that had been planned for today was pulled for reasons that are not entirely clear. It was to address a vulnerability in SharePoint and had a severity rating of important. "Once Microsoft has developed and tested a security update that meets its quality bar for release, it will release the final update for this affected product along with a bulletin as part of Microsoft’s regularly scheduled process," a company spokeswoman said. You might say this month's Patch Tuesday was a small snack. By comparison, August's release required users to gorge on nine patches, six of which were rated critical. Internet phone provider Skype said the binge triggered a system-wide outage that lasted several days. The explanation left many of us scratching our heads because Patch Tuesday has been a regular fixture for several years now, and it was unclear why the update bundle only recently wreaked havoc. [...]

Read more ...
The Register. Security.

Banner Ad Trojan Served on MySpace, Photobucket

Several banner ads containing Trojan horse programs that can compromise a user's computer have been running on some high-traffic Web sites for the past several weeks, including MySpace.com and Photobucket.com, Security Fix has learned.
Web security company ScanSafe said it first spotted the tainted banner ads on Aug. 8, and estimates that the hostile ads ran several million times for the next three weeks. Other sites that ran the ads included Bebo.com, TheSun.co.uk, and UltimateGuitar.com, officials at ScanSafe said. All a visitor to one of these sites needed to do to infect their machines was to browse a page that featured the ads with a version of Internet Explorer that was not equipped with the latest security updates from Microsoft.

This is hardly the first time malicious software has shown up in banner ads. A little over a year ago, I wrote about a similar banner ad attack that installed spyware on machines of more than a million MySpace.com users. This latest attack won't be the last either: Hacked banner ads are a very efficient way to distribute malware because they end up running on sites that most people trust:

The banner ads in question were traced back to an ad network exchange run by a company called RightMedia, which was recently bought by Yahoo!. The ads were being delivered to RightMedia's network from a third-party ad server. According to ScanSafe, those third-party servers included in their rotation several malicious ads that used Macromedia Flash files to load an invisible "iFrame" (used to insert content from another Web site into the current Web page). [...]

Read more ...
Brian Krebs on Computer Security. The Washington Post Company

Storm Worm Dwarfs World's Top Supercomputers

The network of compromised Microsoft Windows computers under the thumb of the criminals who control the Storm Worm has grown so huge that it now has more raw distributed computing power than all of the world's top supercomputers, security experts say.

Estimates on the number of machines infected by Storm range from one million to 10 million, depending upon which security sources you believe. But hardly anyone would argue that many thousands of new PCs are being stricken by the worm each day, largely because the worm authors are continuously changing their tactics to trick people into installing it.

Massive pools of virus or worm-infected PCs, known as "botnets," are principally used to blast out spam, host scam Web sites, or to flood targeted Web sites with so much junk traffic all at once that they simply crash and are rendered unreachable by legitimate visitors. But the criminals who control these infected machines could just as easily use them to do some serious number-crunching, the kind of computational analysis typically left to the world's fastest supercomputers.

In a posting today to a data security mailing list, Peter Gutmann, a computer science professor with the University of Auckland in New Zealand, said the Storm botnet could easily outperform IBM's BlueGene/L, currently the top-ranked supercomputer on the planet.

Read more ...

Brian Krebs on Computer Security. The Washington Post Company

USAJobs.gov Hit By Attack On Monster.com

USAJobs, the official job search site for the federal government, said Wednesday that more than 146,000 users had their account information stolen as a result of an attack on job search giant Monster.com earlier this month.

In mid August, attackers compromised Monster.com accounts gaining access to the company's resume database. With the help of a Trojan horse program targeted at Monster.com users, the attackers made off with the name, address, telephone number, and email address of at least 46,000 Monster.com users. Anti-virus giant Symantec later stated that as many as 1.6 million people may have had their information stolen in the attacks, which used e-mails that addressed recipients by their real names.

Turns out that Monster Worldwide is the technology provider for USAJobs, which is run by the U.S. Office of Personnel Management. Peter Graves, an OPM spokesperson, said 146,000 USAJobs users were affected by the Monster.com attacks. Graves said OPM has received assurances from Monster that Social Security numbers were not compromised.

OPM is in the latter stages of alerting all two million USAJobs.gov users to be on the lookout for phishing scams that might try to take advantage of the stolen data to make their scam e-mails appear more legitimate. Graves said the first signs of the attack surfaced in July, after the organization received a complaint from a USAJobs user.

Read more ...

Brian Krebs on Computer Security. The Washington Post Company

Pinch-bum malware creates titters

Cheeky Trojan drifts onto the net
By John Leyden

The general dumbing down of the virus creation process along with attempts by for-profit hackers to tie up the resources of security firms mean that anti-virus sofware vendors are beginning to need three alphabetical letters for some Trojan families.

Occasional this naming convention throws up a double entendre-loaded moniker, as when Trojan-Downloader-Small-Coc rose to prominence in May. This week security techies intercepted the first copies of Trojan-PSW-LdPinch-bum. How they laughed.

Summer, and the silly season that accompanies it, draws to a close on Saturday with the start of September

Read more ...

The Register

Storm Worm descends on Blogger.com

'Dude what if your wife finds this'
By Dan Goodin in San Francisco

Miscreants behind the Storm Worm have begun attacking Blogger, littering hundreds of pages with titillating messages designed to trick visitors into clicking on poisonous links.

By now, anyone who doesn't live under a rock is familiar with the spam messages bearing subjects such as "Dude what if your wife finds this" and "Sheesh man what are you thinkin" and including a link to a supposed YouTube video. Recipients foolish enough to click on the link are taken to an infected computer that tries to make their machine part of a botnet.

Now Storm Worm, the malware responsible for those messages, has overrun Google-owned Blogger. According to one search, some 424 Blogger sites have been infected. The actual number is probably higher because our search contained only a small fraction of the teasers used by Storm.

"What it really shows to me is how pernicious these guys are and they're indefatigable in trying to get into every place," said Alex Eckelberry, president of Sunbelt Software who blogged about the Blogger assault earlier. "This is a voracious, voracious worm. I don't think anybody in malware research has seen anything like Storm."

Storm has already gone through more lives than a pack of feral cats. It started out in January as an email promising information about a winter storm that was sacking Northern Europe. Since then it's offered sexy photos, electronic greeting cards and login credentials for various online memberships. According to researchers, Storm has infected more than 1.7 million hosts.

Storm's ability to crack Google's defenses is yet another testament to the resiliency of the malware. Google tends to outshine competitors in blocking spam and sniffing out sites that serve up Trojans.

It's unclear exactly how Storm was able to penetrate Blogger. We're guessing it's through a feature that allows bloggers to submit posts through pre-established email addresses, saving them the hassle of having to access Blogger's control panel. Alas, it may also be enabling Storm to yet again morph.

Representatives from Google didn't respond to emails asking for comment.

Read more ...

The Register

Porn & Spyware Found on Govt. and School Sites

It would be great if the compromised Web servers I wrote about last week at Lawrence Livermore National Labs were an aberration, but sadly they are not. Conducting a simple Google search for adult-themed search terms found in ".gov" domains produces some very interesting results, including pages serving up adult videos along with a generous helping of spyware.

Several pages on both the official Web sites for the State of Louisiana and the Virgin Islands Housing Finance Authority show up prominently in the search results for porn at dot-gov domains. A handful of pages on those sites feature a blank video player that prompts the visitor to install a special video "codec" in order to view the adult movie.

Visitors who agree to install the codec inadvertantly agree to also install a piece of spyware that modifies your browser's home page, produces security alert icons on your Windows desktop, and serves nagging pop-up ads to install bogus anti-virus and anti-spyware security software.

Read more ...

Brian Krebs on Computer Security. The Washington Post Company

World of Warcraft exploit PKs servers

Players in the World of Warcraft discovered an exploit that crashes the game's servers late Sunday, causing massive outages throughout the night.

The bug reportedly crashes the game's main world as well as all instances associated with the server, including its dungeons and battlegrounds.

Officially, Blizzard - the company behind WoW - has kept pretty mum on the exploit. From the WoW forum:

"We're aware of stability issues affecting select realms and are investigating. We'll provide an update to the situation as soon as additional information becomes available."

Blizzard spokesman Shon Damron gave us a little more dirt:

"Last night several realms did experience technical issues in regard to an exploit. This exploit was hot fixed within a couple of hours after it was discovered and the problem no longer exists."

Damron wouldn't specify what caused the bug, but we have since heard it may involve a problem with the user logging mechanism in the game's arena mode. We won't go into more detail because the internet already suffers enough entropy, thank you very much.

...

Read more ...

Hacking Groceries: Internet Coupon Fraud

Over the weekend, my wife and I were shopping at Magruder's, a local grocery chain to which we're fiercely loyal, and we noticed a handwritten sign attached to the credit-card reader in the checkout line:

"Attn customers: Due to coupon fraud, we are unable to take Internet coupons."

A store manager, who asked me to kindly leave his name out of this post, said the store-wide policy went into effect last year, after it became apparent that there was "a lot of cheating going on. People were gang-printing these things by the reamfuls."

I've written about teenage hackers creating wholesale counterfeit coupons to get free pizza and other stuff at popular fast food joints, but the type of coupon fraud that's going on these days makes that type of activity seem like amateur hour.

Curious as to just how bad the coupon fraud problem really is, I checked out the Web site for the Coupon Information Center, a non-profit group based here in Alexandria, Va., which represents the manufacturers that issue 70 percent of the coupons in the United States today. Turns out that the Internet is helping to facilitate coupon fraud on a unprecedented scale.

...

Read more ...

Brian Krebs on Computer Security. The Washington Post Company.

Storm Worm Authors Turn to YouTube Lures

Security Fix has spilled quite a bit of digital ink warning readers about the ever changing tactics of criminals behind the the indefatigable "Storm worm." This week's tactic (or today's as the case may be) involves e-mailed Web links disguised as video clips from YouTube.com

Here's one example that I received yesterday:

The link in the image on the right does not take the clicker to YouTube.com, but to an Internet address of a home computer that the bad guys have compromised and are using to serve up malicious software. If you hover such a link with your computer mouse, it should reveal that the true address is a dotted IP address (e.g. http://72.15.x.x), not a page at YouTube.com.

After a user clicks through to one of the Storm addresses, the machine at that address will attempt to exploit a kitchen sink of known Web browser and other software security vulnerabilities. If the would-be victim is invulnerable to these attacks, he or she will be prompted to simply download and run the malicious code.
The Storm worm is already hugely successful, with estimates of infected machines in the many millions worldwide. This clever tactic, however, is likely to significantly increase the pool of sickened machines.

Read more ...

Brian Krebs on Computer Security. The Washington Post Company

Hackers prowl for Trend Micro vuln

Hackers have begun actively scanning for recently announced vulnerabilities in Trend Micro's ServerProtect product.

Security watchers at the Internet Storm Centre (ISC) have noted a huge upsurge of traffic on TCP port 5168, associated with security bugs in ServerProtect (an enterprise software product designed to protect servers and storage attacks).

Flaws in the application create a means for miscreants to load malware onto vulnerable systems. Fortunately, Trend Micro has published software updates designed to plug the security hole.

ServerProtect for Windows version 5.58 Build 1176 is known to be vulnerable, but other versions may also be flawed. Trend advises users to update to Build 1185.

Sys admins are advised to patch up vulnerable systems or run the risk of dealing with compromised machines. "It looks likes machines are getting owned with this vulnerability," ISC warned on Wednesday.

More information on the vulns can be found in advisories from security tools vendor ISS, which discovered the majority of the vulnerabilities, here and here. ®

Read more ...

The Register. Security. Enterprise Security.

Pharmacy Spam Blogs At U.S. Nuclear Safety Lab

The Web site for the institution charged with safeguarding the safety and integrity of the U.S. nuclear arsenal has been inadvertently hosting advertisements and blogs that link to illegal prescription drug sites hawking everything from generic painkillers to erectile dysfunction medication, Security Fix has learned.

Dozens of pages belonging to the official Web site of Lawrence Livermore National Labs appear to have been seeded with the unauthorized advertisements. Beneath each of the full-page ads were a series of blog entries that featured a bizarre mixture of information, including what appears to be ill-translated gibberish interspersed with information that is actually relevant to the advertised drugs.

Security Fix located the pharmacy spam pages by conducting a series of simple Google searches, such as this one.

The sites are all now inactive, and it's not entirely clear how long they were up. According to the oldest date on the time-stamped blog entries, the attackers first began planting the ads and blog posts as early as March 2007.

Read more ...

Brian Krebs on Computer Security. The Washington Post Company

Yahoo! Messenger Network Overrun By Bots

A large number of Yahoo!'s instant messenger chat rooms are being overrun by automated programs designed to hawk commercial services, Web sites and other wares, preventing millions of actual human users from joining most of the chat rooms on the company's network.

Normally, when Security Fix writes about automated robots or "bots," it's in the context of remote-controlled Microsoft Windows machines that have been hijacked by cyber crooks for use in online moneymaking schemes. In this case, however, we're talking mainly about relatively benign "chat bot" programs sold and marketed as walking billboards that lurk in the most popular chat rooms and periodically post links to various Web sites.

In a posting on the Yahoo! Messenger Blog subtitled "Bots, Bots and More Bots," product manager Sarah Bacon said the company was aware of the bot problem and was trying to devise a solution. "So stay tuned - we know this is a critical piece, if not the most important," she wrote.

From the tenor of the 620 comments that ensued, it appears many Yahoo! Messenger users are starting to tune out.

"Yahoo set out to fix a problem and the result is that you can not get into a room, or if you do the room is full of bots," wrote Yahoo! user "Bill," on Aug. 21.

Security Fix decided to download the latest (newly patched) version of Yahoo! Messenger and check out the situation last night. It wasn't pretty. Out of the 22 chat rooms I tried to join, only two let me in. The rest merely popped up a "Communications Problem" error message. One of the two that let me in (Amusement and Theme Park) appeared to be full of automated programs posting messages. The other summarily booted me from the room shortly after I joined.

I don't want to make light of Yahoo!'s network troubles, but I find it rather ironic that legitimate users are being kept off the network by bots whose sole purpose is to attract human eyeballs.

Read more ...

Brian Krebs on Computer Security. The Washington Post Company

Windows Vista Parental Controls help ensure family safety on the Internet

Here are four steps you can follow to help protect your family online:
• Keep communication open--talk with your children about what they’re using the Internet for.
• Set clear rules for Internet use.
• Keep personal information private.
• Install and use family safety technology.

Windows Vista includes family safety technology that can help parents choose the online content and experiences that are appropriate for their families. (If your computer runs Windows XP, consider using Windows Live OneCare Family Safety.)
If you're a parent, you can use the Windows Vista Parental Controls to manage the following:
• What Web sites your children can view.
• What time of day and how much time your children can spend online.
• Which video games your children can play.
• Which programs your children can use.

You can also get reports about your children's online activity.

Read more ...

Don't Join the Club

The great Groucho Marx once quipped, "I don't want to belong to any club that will accept me as a member." E-mail users would do well to adopt this attitude with respect to unsolicited invites to join members-only Web sites, as bogus club invites appear to be the latest ruse that malware authors are using to trick people into turning their computers into spam-spewing zombies.

The culprit? Once again, the various criminal groups behind the "Storm worm," a prolific piece of malware that seems to adopt a different lure with each passing week. Last month, it was fake e-greeting cards. Last week, we saw storm disguised as fake "sexy pics." This week, Storm purveyors are pitching their wares in invitations like this one, which landed in my inbox today:

We are glad you joined Web Players.

User Number: 75129641513 Your Temp. Login ID: user3469 Your Password ID: lc411

Please keep your account secure by logging in and changing your login info.

Use this link to change your Login info: http://70.258.83.482.95 [link altered by Security Fix for safety's sake]

Thank You,

Welcome Department
Web Players

Trust me on this one: You don't want to become a member of this club, or any of the hundreds like it spammed out over the past few days. Just hit "delete" and move on with your life.

Read more ...

Securing your network, from home users to small business up to enterprise. What you can do.

Posted by Paul Fleming on: 2007-07-10 23:52:47

With computers being a critical component in running a business, it is more valuable than ever to ensure the security of your networks particularly where there is sensitive data. News headlines announcing that networks have experienced security breaches are all too prevalent.

This is where you need a service that checks for those vulnerabilities and prevents from future attacks. Better yet, you need a service that prevents it before it ever happens to your company. Imagine the embarrassment at having to explain to your customers that someone has stolen their credit card information.

We continue to read headline after headline with news stories that credit card information or social security numbers were exploited. Some companies perform security audits on a regular basis. Certainly institutions like hospitals are required to perform these. But it's mostly small to mid-sized companies that are the most vulnerable.

Hackers employ various methods for gaining access to systems. An audit often looks at replicating those methods, looking for vulnerabilities and weaknesses in the infrastructure. Affectionately known as Penetration Testing, it involves isolating mild, moderate and critical security threats and then determining the best course of action. When performing a Penetration test, a couple of key areas need to be targeted to ensure that a secure network system helps companies to avoid: - Preventing financial loss through fraud (hackers, extortionists and disgruntled employees) or through lost revenue due to unreliable business systems and processes. - Legal problems. Non-compliance can result in your organization losing business, receiving heavy fines, gathering bad PR or ultimately failing. At a personal level it can also mean the loss of your job, prosecution and sometimes even imprisonment. Poorly protecting your brand by avoiding loss of consumer confidence and business reputation.

From an operational perspective, penetration testing helps shape information security strategy through identifying vulnerabilities and quantifying their impact and likelihood so that they can be managed proactively; budgets can be allocated and corrective measures implemented.

For the average home user, there are some basic things, especially when setting up a wireless network at home that you can easily do to prevent users piggybacking on your network or even hacking in to it.

Add a little security

Change the SSID (name) of your network and disable the SSID broadcast. Disable DHCP Control MAC Address Filtering

Add more security

WEP Encrypt - adds an extra blocking mechanism for hackers

Even more Security

WPA - setting up a random pre-shared key of 10 characters ensures your network is practically rock-solid. This is a random string of numbers and letters, just make sure you can remember it yourself.

These are some very basic steps to securing your data and ensuring your privacy. Keep in mind that small to medium business should do a little more to keep their information secure as there is even more valuable data ie. other people's. ...

Read more -->

Self SEO. Internet Security Articles

Beware of Five-Star Vaporware

U.K. computer programmer Andy Brice was proud of the awards and accolades his software had won from his peers online. That is, until he noticed that pretty much everyone else's software received the same "5-star" rating and high praise from various software directories and download sites.

Curious about just how thorough the sites are at reviewing software, Brice submitted a fake program that did absolutely nothing. The place he sent the program to was a clearinghouse that distributes shareware and trialware to hundreds of other sites.
Brice even included a descriptor file stating that he was submitting a useless program, which he tauntingly named "awardmestars." To his amazement, the do-nothing program came away with top honors -- complete with official-looking seals of approval -- from at least 16 download sites.

"I should be delighted at this recognition of the quality of my software, except that the 'software' doesn't even run," Brice wrote of the experiment on his blog. "This is hardly surprising when you consider that it is just a text file with the words 'this program does nothing at all" repeated a few times and then renamed as an .exe."

Of the nearly 1,000 download sites that received a copy of "awardmestars," 218 now offer the file for download. Brice said the junk file is awaiting review at nearly 400 other sites. The good news is that some 421 download sites did see the program for what it was worth and rejected it outright.

"The truth is that many download sites are just electronic dung heaps, using fake awards, dubious [search engine optimization] and content misappropriated ... in a pathetic attempt to make a few dollars from Google Adwords," Brice said. "Hopefully these bottom-feeders will be put out of business by the continually improving search engines, leaving only the better sites."
This story got picked up late last week by news-for-nerds megasite Slashdot.org, and the discussion has some interesting perspectives from other programmers and their experiences with software awards.

While there may indeed be hundreds of legitimate download sites that don't try to pull one over on visitors, I've never strayed far beyond a handful of sites that I have come to know fairly well, such as CNet's Download.com, SourceForge.net, and Tucows.com.

Security Fix
Brian Krebs on Computer Security
The Washington Post Company

Would You Like A Job With That Virus?

Cyber crooks are targeting a wave of new attacks at people searching for jobs online, security experts warn. Oddly enough, the criminals behind this scam appear to be just as interested in hiring you as they are in hijacking your PC.

Over the course of the past few weeks, virus writers have set their sights on users of job search giant Monster.com and at least one other jobs site with tainted online advertisements designed to install malicious software on the visitors' machines, according to SecureWorks, an Atlanta-based security and research firm.

SecureWorks says that since May, more than 40,000 people have had their personal information stolen -- including Social Security numbers, bank account data and job site credentials -- thanks to a Trojan horse program that was planted in several advertisements running on the jobs sites. Some of these ads required a visitor to actually click on them before the Trojan could do its dirty work, while in other cases the Trojan appeared to swing into action as soon as the page hosting the ad was served, researchers found.

SecureWorks researcher Don Jackson said the Trojan was developed using a toolkit sold in black market forums under the name "icepack." The toolkit is similar to the Mpack toolkit that surfaced earlier this year. It generates Trojans that probe for the absence of several software security updates holes that then permit the program to deliver its viral payload. Among the many weapons in its arsenal are exploits for recently patched security vulnerabilities in Apple's QuickTime and Microsoft's Windows Media Player. It also includes exploits for multiple Web browsers, including Internet Explorer, Firefox and Opera. ...

Read more ...
Brian Krebs on Computer Security
The Washington Post Company

Be careful when downloading software

Posted by Michael Horowitz
August 20, 2007 12:19 PM PDT

Like so much else on the Internet, you have to be skeptical about the star ratings of software. Perhaps you suspected this, but now there is proof.

A software developer in the U.K., Andy Brice, was suspicious about the ratings assigned to his software, so he did a test--a lab experiment if you will. He started with a plain text file that said "this program does nothing at all" a few times. Then he renamed the file so that it ended with ".exe" and submitted it to 1,033 download sites. The "program," if you can call it that, won't even run.

Being as obvious as he possibly could, Andy called the program "awardmestars" and included a description of the program that said, "This software does nothing at all." He even included a screenshot that said very plainly that the software does nothing. See his blog for the full details: The software awards scam.

Andy says his nonfunctional software was listed on 218 Web sites, and some even gave him an award. "Approximately 7 percent of the sites that listed the software e-mailed me that it had won an award," he said. His submission was rejected by 421 Web sites, but since he listed it as a utility, many of these rejections were because the site didn't include that type of software. Many submissions are still pending. ...

Read more ...
About News Blog
Recent posts on technology, trends, and more.

Security of the Internet

Published in The Froehlich/Kent Encyclopedia of Telecommunications vol. 15. Marcel Dekker, New York, 1997, pp. 231-255


Overview of Internet Security
As of 1996, the Internet connected an estimated 13 million computers in 195 countries on every continent, even Antarctica (1). The Internet is not a single network, but a worldwide collection of loosely connected networks that are accessible by individual computer hosts in a variety of ways, including gateways, routers, dial-up connections, and Internet service providers. The Internet is easily accessible to anyone with a computer and a network connection. Individuals and organizations worldwide can reach any point on the network without regard to national or geographic boundaries or time of day.

However, along with the convenience and easy access to information come new risks. Among them are the risks that valuable information will be lost, stolen, corrupted, or misused and that the computer systems will be corrupted. If information is recorded electronically and is available on networked computers, it is more vulnerable than if the same information is printed on paper and locked in a file cabinet. Intruders do not need to enter an office or home, and may not even be in the same country. They can steal or tamper with information without touching a piece of paper or a photocopier. They can create new electronic files, run their own programs, and hide evidence of their unauthorized activity. ...

Read more ...

Firewall (networking)

This article is about the network security device. For other uses, see Firewall (disambiguation).

Firewall separating zones of trust
A firewall is a hardware or software device which is configured to permit, deny, or proxy data through a computer network which has different levels of trust. ...
Read more ...

From Wikipedia, the free encyclopedia

Clean your Internet tracks with Ad-Aware 2007

The free spyware-removal software Ad-Aware 2007 helps protect your system from browser hijackers, data miners, and other malware, but it can also wipe your Web surfing tracks for Internet Explorer, Mozilla Firefox, and Opera with just one click. Rich DeMuro shows you how it's done...

Read more ...

Would You Like A Job With That Virus?

Cyber crooks are targeting a wave of new attacks at people searching for jobs online, security experts warn. Oddly enough, the criminals behind this scam appear to be just as interested in hiring you as they are in hijacking your PC.

Over the course of the past few weeks, virus writers have set their sights on users of job search giant Monster.com and at least one other jobs site with tainted online advertisements designed to install malicious software on the visitors' machines, according to SecureWorks, an Atlanta-based security and research firm. ...

Read more ...

FREE online virus scanner

Trend Micro HouseCall - Free Online Virus and Spyware Scan
Trend Micro's FREE online virus scannerTrend Micro HouseCall is an application for checking whether your computer has been infected by viruses, spyware, or other malware. HouseCall performs additional security checks to identify and fix vulnerabilities to prevent reinfection. It's Free!
> Scan & more..


BitDefender Free Online Virus Scanner.
Free Online Virus ScannerBitDefender.
Online Scanner is a fully functional antivirus product. It features all required elements for thorough antivirus scanning and effective cleaning: it scans your system's memory, all files, folders and drives' boot sectors, providing you with the option to automatically clean the infected files.
> Scan & more..


F-Secure Online Scanner.
Scan Your Computer With the F-Secure Online Virus Scanner
F-Secure Online Virus Scanner is a free service. Use it to find out if your computer is infected and disinfect your computer if needed.
> Scan & more..


Free Virus Scan - Kaspersky Lab
Take the Kaspersky Challenge: See what your current antivirus is missing.
Our free online virus scanner is a great way to find out if you have any viruses or spyware on your machine without having to uninstall your current antivirus software or install a new one. Most importantly, you can see what viruses your current antivirus software let slip through! You just need to be online and using Internet Explorer.
> Scan & more..


Free online antivirus. Download ActiveScan and clean your PC ...
Panda ActiveScan with TruPrevent®
Your Second Opinion in Pc Security
Free online antivirus to combat viruses, spyware and other Internet threats.
-Scans, disinfects and eliminates over 185,000 viruses, worms and Trojans from all system devices, hard disks, compressed file and all your email.
-Detects spyware. 84 percent of malware installed on computers worldwide is spyware. Do you know if your PC is spyware free?
-Detects the following types of malware: Dialers, Hacking tools, Rootkits (New), Jokes, Security risks.
> Scan & more..


Symantec Security Check.
Symantec Security Check tests your computer's exposure to a wide range of online threats. It's free and an effective tool that helps determine your Internet security needs.
> Scan & more..


ewido - anti-spyware and anti-malware solutions
With the help of our online scanner you can scan and clean your computer from malware without having to install additional software on your computer.
> Scan & more..

Google's search with 'online scan' keyword.
> Read more..

Network security

Network security consists of the provisions made in an underlying computer network infrastructure, policies adopted by the network administrator to protect the network and the network-accessible resources from unauthorized access and the effectiveness (or lack) of these measures combined together.

Read more...

From Wikipedia, the free encyclopedia

Computer security

Computer security is an application of information security to both theoretical and actual computer systems. For sake of simplicity, issues regarding privacy should be handled under the subject of information privacy rights. For the purpose of this article, Computer security is a branch of computer science that addresses enforcement of 'secure' behavior on the operation of computers. The definition of 'secure' varies by application, and is typically defined implicitly or explicity by a security policy that addresses confidentiality, integrity and availability (see CIA Triad) of electronic information that is processed by or stored on computer systems.

The traditional approach is to create a trusted security kernel that exploits special-purpose hardware mechanisms in the microprocessor to constrain the operating system and the application programs to conform to the security policy. These systems can isolate processes and data to specific domains and restrict access and privileges of users. This approach avoids trusting most of the operating system and applications.

Read more...

From Wikipedia, the free encyclopedia

Internet security

Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software.

Read more ...

From Wikipedia, the free encyclopedia

Security

Security is the condition of being protected against danger or loss. In the general sense, security is a concept similar to safety. The nuance between the two is an added emphasis on being protected from dangers that originate from outside. Individuals or actions that encroach upon the condition of protection are responsible for the breach of security.

The word "security" in general usage is synonymous with "safety," but as a technical term "security" means that something not only is secure but that it has been secured. ...

Read more ...

From Wikipedia, the free encyclopedia