Security Fix
Main
Security
Anti-MalwareMalware
MSNBC Security
Security Fix
Security World News
Random Feeds
Archives
| Jul 2011 | Jun 2011 | Dec 2009 | Nov 2009 | Oct 2009 | Sep 2009 | Aug 2009 | Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 | Feb 2009 | Jan 2009 | Dec 2008 | Nov 2008 | Oct 2008 | Sep 2008 | Aug 2008 | Jul 2008 | Jun 2008 | May 2008 | Apr 2008 | Mar 2008 |Tue, 30 Sep 08
Microsoft, Washington State Sue Scareware Purveyors
http://voices.washingtonpost.com/securityfix/2008/09/microsoft_washington_state_tar.html?nav=rss_blog
Microsoft Corp. and the state of Washington this week filed lawsuits against a slew of "scareware" purveyors, scam artists who use fake security alerts to frighten consumers into paying for worthless computer security software. The case filed by the Washington attorney general's office names Texas-based Branch Software and its owner James Reed McCreary IV, alleging that McCreary's company caused targeted PCs to pop up misleading security alerts about security threats on the victims' computers. The alerts warned users that their systems were "damaged and corrupted" and instructed them to visit a Web site to purchase a copy of Registry Cleaner XP for $39.95. "We won't tolerate the use of alarmist warnings or deceptive 'free scans' to trick consumers into buying software to fix a problem that doesn't even exist," Washington Attorney General Rob McKenna said. "We've repeatedly proven that Internet companies that prey on consumers' anxieties are within our reach."
Sat, 27 Sep 08
Wigle.net: The 411 on Wireless Access Points
http://voices.washingtonpost.com/securityfix/2008/09/wiglenet_the_411_on_wireless_a.html?nav=rss_blog
If you thought your wireless network was too remote or obscure to find, you might want to think again. There's a non-trivial chance that the name of your network and its precise geographic coordinates are already mapped out and searchable by anyone with a Web browser. At least for U.S.-based networks, probably the best place to find that information is at the free database maintained by Wigle.net. The Wireless Geographic Logging Engine is a Web site that maps data gathered by "wardrivers," geeks who enjoy cruising around with open laptops connected to global positioning system (GPS) devices in order to chart the distribution of wireless networks. WiGLE's database allows anyone to search for a wireless network by geographic area or by the name of the service set identifier (SSID), the moniker either manually or otherwise automatically assigned to all wireless access points. Wireless routers broadcast their SSIDs as a way
Fri, 26 Sep 08
Apple, Mozilla Push Security Updates
http://voices.washingtonpost.com/securityfix/2008/09/mozilla_apple_push_security_up.html?nav=rss_blog
Apple on Wednesday issued an update that plugs at least two dozen security holes in the version of Java that runs on Mac OS X systems. Mozilla also pushed out patches to correct a number of security and stability issues with its latest version of the Firefox Web browser. By my count, Apple's Java updates address 24 separate security flaws in its implementation of Java. The majority of these flaws were fixed in security updates that Sun Microsystems has been shipping since April, but Apple maintains its own version of Java and is responsible for managing those updates for OS X systems. The Java update is slightly different depending on whether you're an OS X 10.4 (Tiger) or 10.5 (Leopard) user. Either way, the Java patch is available through Software Update or directly from Apple Downloads. Firefox is configured to install all updates automatically (after the browser is closed out
Wed, 24 Sep 08
Fake Facebook 'Add Friends' E-Mail Adds Malware
http://voices.washingtonpost.com/securityfix/2008/09/facebook_add_friends_e-mail_ad.html?nav=rss_blog
Social networking sites like Facebook and MySpace give scam artists and virus writers new ways to package tried-but-true tricks. The latest example of this making the rounds is an e-mail that appears to be an invitation from Facebook to add a friend: A recipient who opens an attached image to take a look at their new friend instead opens the door for hackers to compromise his PC. Internet security firm Websense warns about this latest scam, which takes advantage of common notifiers sent by Facebook to alert users when another user adds them as a friend on their social network: The spammers included a zip attachment that purports to contain a picture in order to entice the recipient to double-click on it. The attached file is actually a Trojan horse. The message also includes a login form to the Facebook home page. While there are countless examples of scam e-mails
Mon, 22 Sep 08
Internet Shuns U.S. Based ISP Amid Fraud, Abuse Allegations
http://voices.washingtonpost.com/securityfix/2008/09/internet_shuns_us_based_isp_am.html?nav=rss_blog
A California based commercial Internet service provider whose clients included a laundry list of spammers and scammers is now offline, after the last of the company's upstream Internet providers decided to the pull the plug. Atrivo, a.k.a "Intercage," of Northern California, ceased to be reachable from any points on the Internet early Sunday morning when the ISP's sole remaining provider - Pacific Internet Exchange (PIE) - stopped routing traffic for the troubled company. The final blow comes just weeks after Security Fix joined several researchers in publishing evidence that major portions of Atrivo's network were being used to foist fake security software, Trojan horse programs, and other nastiness. As a result of those reports, several of Atrivo's upstream providers dropped the company as a client. PIE agreed to provide routing for Atrivo after three other major upstream providers apparently decided it wasn't worthy the negative publicity of being associated with
Wed, 17 Sep 08
Apple Pushes New Patches
http://voices.washingtonpost.com/securityfix/2008/09/apple_pushes_peck_of_patches_1.html?nav=rss_blog
Apple on Monday released a large bundle of security updates for computers powered by its OS X operating systems and other software. Included in the patch batch are fixes for roughly three dozen security vulnerabilities. A number of the flaws patched in this release affect only 10.5.x (Leopard) versions of OS X, but updates also are available for 10.4.x (Tiger) Mac systems. Some of the applications fixed include Finder, OpenSSH, QuickDraw Manager, and Time Machine. Apple also released at least nine fixes for ClamAV, the anti-virus software included in OS X server. The patches are available through Software Update or Apple Downloads.
Sun, 14 Sep 08
iPhone Update Plugs Eight Security Holes
http://voices.washingtonpost.com/securityfix/2008/09/iphone_update_plugs_eight_secu.html?nav=rss_blog
Apple on Friday issued an update for the iPhone that includes a bundle of at least eight security fixes. The update is only available through iTunes, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Details about the security holes plugged by this release, version 2.1, are available here.
Sat, 13 Sep 08
Virginia Anti-Spam Law Overturned, Spammer Walks
http://voices.washingtonpost.com/securityfix/2008/09/virginia_anti-spam_law_overtur.html?nav=rss_blog
The Virginia Supreme Court today struck down a state anti-spam law, saying the statute violated the First Amendment right to free and anonymous speech. The decision also tossed out the conviction of a North Carolina man once described as one of the most prolific spammers. The Washington Post's Tom Jackman writes: The ruling, arising from the Loudoun County criminal prosecution of Jeremy Jaynes of Raleigh, N.C., was also remarkable because the Supreme Court reversed itself: Just six months ago, the same court upheld the anti-spam law by a 4-3 margin. But Jaynes's attorneys asked the court to reconsider, typically a long shot in appellate law, and the court not only reconsidered but changed its mind. Jaynes was convicted in 2004 of sending tens of thousands of e-mails through America Online servers in Loudoun. He was the first person tried under the law, enacted in 2003, and Loudoun Circuit Court Judge
Sat, 13 Sep 08
Web Fraud 2.0: Fake YouTube Page Maker Helps Spread Malware
http://voices.washingtonpost.com/securityfix/2008/09/fake_youtube_page_maker_helps.html?nav=rss_blog
A new Web Fraud 2.0 tool makes it a cakewalk for criminals to create fake YouTube pages in a bid to trick people into installing malicious software. The YTFakeCreator tool, pictured at right, is a point-and-click program that automates the creation of authentic-looking YouTube pages, minus the familiar video window. This is the version of YouTube visitors see if their browser is configured to block Javascript or Adobe Flash videos (as the Firefox "noscript" add-on does by default) or if the visitor does not have those programs installed. Even if visitors have both of those programs installed and is not blocking either file format, they will be prompted to install Flash when visiting one of these fake YouTube pages. And, of course, the tool allows the page creator to substitute any nasty file they want for the supposed Flash download. According to Panda Security, crooks can use YTFakeCreator to manipulate
Fri, 12 Sep 08
Fake Antispyware Purveyor Doubles as Domain Registrar
http://voices.washingtonpost.com/securityfix/2008/09/fake_antispyware_purveyor_also.html?nav=rss_blog
A cyber gang known for aggressively spreading fake anti-spyware programs through hijacked and malicious Web sites has become an authorized reseller of domain names. Security Fix has learned that this gang is using its access as a registrar to ease the process of creating new Web sites used to push their invasive software. Klikdomains.com, also known as Vivids Media GMBH, sells Web site names in the .com, .net, .org, .info, .biz, .name, .us, and .in top level domains. Klikdomains is part of Klikvip.com, which has for at least the last three years hired affiliates to trick people into installing its fake antivirus and anti-spyware products. Experts say Klikdomains is yet another example of what happens when major Internet domain name registrars fail to police the activities of domain resellers. Klik is a reseller of domain registration services offered by India based registrar Directi Internet Solutions. Last week, Security Fix examined
Thu, 11 Sep 08
Security Updates for iPod Touch, iTunes and QuickTime
http://voices.washingtonpost.com/securityfix/2008/09/security_updates_for_ipod_touc.html?nav=rss_blog
Apple on Tuesday released software updates to fix at least 20 security holes in its various products, from the iPod Touch to OS X and Windows versions of iTunes and QuickTime. The iPod Touch update fixes seven flaws, and is available only through iTunes, which Apple updated to iTunes 8 yesterday. My colleague Mike Musgrove has a nice write-up on the new features in the latest iTunes version, which includes just a couple of security fixes. The more interesting of the two describes a "misleading" warning box from OS X about the safety of poking holes in the built-in firewall to accommodate music sharing in iTunes. From Apple's description: Description: When the firewall is configured to block iTunes Music Sharing and the user enables iTunes Music Sharing in iTunes, a warning dialog is displayed which incorrectly informs the user that unblocking iTunes Music Sharing doesn't affect the firewall's security. Allowing
Wed, 10 Sep 08
Microsoft Patches Eight Security Holes
http://voices.washingtonpost.com/securityfix/2008/09/microsoft_patches_for_eight_se.html?nav=rss_blog
Microsoft today released four security updates to plug at least eight security holes in its Windows operating systems and other software. The updates all earned Microsoft's most dire "critical" rating, meaning attackers can exploit the vulnerabilities to break into Windows PCs with little or no help from users. The most important and urgent of these patches addresses five vulnerabilities in the Windows graphics device interface (GDI), a component of Windows that is used in rendering certain types of images. Hackers could exploit this flaw to compromise Windows PCs just by convincing users to visit a malicious or hacked Web site with Internet Explorer. Security experts are warning Windows users not to let any grass grow under their feet before applying this patch. The last time Microsoft issued a security update for GDI, cyber crooks were spotted exploiting the flaw within two days of the patch release. "If I was a
Tue, 9 Sep 08
EstDomains: A Sordid History and a Storied CEO
http://voices.washingtonpost.com/securityfix/2008/09/estdomains_a_sordid_history_an.html?nav=rss_blog
In this second part to an ongoing investigation into the notorious Web site host and domain name registrar EstDomains Inc., Security Fix examines the company's history, the legacy of its current chief executive, and its future prospects. The "Est" in EstDomains is a nod to the company's origins: It was founded in Tartu, the second largest city in Estonia (although the corporation is officially registered in Delaware). The chief executive of EstDomains is 27-year-old Vladimir Tsastsin, pictured below. Tsastsin also is named as the head of Rove Digital, a company that appears to encompass a domain auction service named Bakler.com, and a recently launched Web traffic-shaping service called Zmot. It seems Mr. Tsastsin has a rather colorful past, and is no stranger to organized crime. According to the local court and news media, he was recently sentenced to three years in an Estonian prison after being found guilty of credit
Tue, 9 Sep 08
A Superlative Scam and Spam Site Registrar
http://voices.washingtonpost.com/securityfix/2008/09/estdomains.html?nav=rss_blog
Over the past week, a number of the Internet's largest data carriers have ceased providing online connectivity to Atrivo (a.k.a. "Intercage"), an ISP that security experts say is home to a huge number of scammers and spammers. This week, I'm turning the spotlight on EstDomains Inc., Atrivo's most important customer and the single biggest reason so many experts have condemned Atrivo. According to RegistrarStats.com, EstDomains is the 49th largest domain name registrar, with more than 270,000 domains. Security Fix is still working on cataloging all of those domains, but for the purposes of this analysis we'll examine some 10,000 Web site names that are both registered through EstDomains and using the company's various domain name servers to route traffic to them. I chose to focus on that particular subset of 10,000 domains mainly so that EstDomains could not simply disavow knowledge of the sites' activities by claiming it serves as
Sat, 6 Sep 08
Scammer-Heavy U.S. ISP Grows More Isolated
http://voices.washingtonpost.com/securityfix/2008/09/scam-heavy_us_isp_grows_more_i.html?nav=rss_blog
Last week, Security Fix published an analysis of Atrivo, a California based Internet service provider, also known as Intercage, that has proven to be a virtual magnet for cyber-criminal operations. Since that time, Atrivo's biggest network backbone provider decided it could no longer support the company, and stopped offering it direct connectivity. I first got wind of this change while reading a post on the NANOG mailing list, which caters to professionals employed by ISPs and various network providers. Marcus Sachs, director of the SANS Internet Storm Center, had said it looked like Global Crossing had stopped handling long-haul Internet traffic for Atrivo/Intercage within hours after our story was published. I followed up with Marc, but he was unable to produce any conclusive data showing the change. Fast forward to today, and with the help of Jose Nazario at Arbor Networks, I was able to pull together a view of
Fri, 5 Sep 08
Number of Bot-Infected PCs Skyrockets
http://voices.washingtonpost.com/securityfix/2008/09/number_of_bot-infected_pcs_sky.html?nav=rss_blog
The number of PCs compromised with software that lets cyber criminals control the machines from afar has more than quadrupled over the last quarter, security experts warn. The estimates come from Shadowserver, a group of volunteers that monitor activity from robot networks or "botnets," large armies of hacked personal computers used for spam, phishing and all kinds of criminal activity. Shadowserver saw a rise from roughly 100,000 botted PCs to about 400,000 over the past three months. John Bambenek, an incident handler with the SANS Internet Storm Center, which tracks hacking trends, speculates that the spike is probably related to the massive numbers of Web sites that have been hacked by SQL attacks, and seeded with browser exploits. While those numbers might seem high, they suggest more of a recent upward trend in bot counts rather than an accurate picture of just how many compromised PCs are out there. In
Wed, 3 Sep 08
Firefox Plug-in Offers Clarity on Web Site Security
http://voices.washingtonpost.com/securityfix/2008/09/firefox_plug-in_offers_clarity.html?nav=rss_blog
A new security add-on for the latest version of Firefox is available to help users make better sense of a controversial new feature of Firefox 3 that blocks users from visiting a Web site when the browser detects a problem with the site's security certificate. The "Perspectives" add-on for Firefox 3, developed by researchers at Carnegie Mellon University, tries to help users make more informed decisions about what to do when the browser warns about a problem with the site's secure sockets layer (SSL) certificate. Web sites use SSL to encrypt data transmitted to and from the visitor's browser, thereby thwarting any would-be eavesdroppers. SSL certs also offer rudimentary authentication of the identity of the cert holder: Most SSL certs are third-party validated, meaning that some level of checking was done by companies like Verisign or Microsoft to verify that the entity that applied for the cert was the rightful