Security Fix
Main
Security
Anti-MalwareMalware
MSNBC Security
Security Fix
Security World News
Random Feeds
Archives
| Jul 2011 | Jun 2011 | Dec 2009 | Nov 2009 | Oct 2009 | Sep 2009 | Aug 2009 | Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 | Feb 2009 | Jan 2009 | Dec 2008 | Nov 2008 | Oct 2008 | Sep 2008 | Aug 2008 | Jul 2008 | Jun 2008 | May 2008 | Apr 2008 | Mar 2008 |Sat, 31 Jan 09
Troubled Ukrainian Host Sidelined
http://feeds.voices.washingtonpost.com/click.phdo?i=6fa3864f237062d2e9f7bcdcfd078b2e
A Ukrainian Web hosting provider that, according to published reports, has long served as home base to a prolific and invasive family of malicious software has been taken offline following abuse reports from Security Fix to the company's Internet provider. Since at least 2005, and perhaps earlier, an entity known as UkrTeleGroup Ltd. has hosted hundreds of Web servers that control a vast network of computers infected with some variant of "DNSChanger," according to security software vendor McAfee, which monitors worldwide malware. DNSChanger is a Trojan horse program that changes the host system's settings so that all of the Internet traffic flowing to and from the infected computer is sent through servers controlled by the attackers. In a report issued last month, McAfee said it found more than 400 DNS servers on UkrTeleGroup's network that appeared to be set up to to re-direct Web traffic for systems infected with DNSChanger.
Fri, 30 Jan 09
Blogfight: IE Vs. Firefox Security
http://feeds.voices.washingtonpost.com/click.phdo?i=0eddf24f9eb1e35dbdbaa340cec62460
I'm writing this to set the record straight on some statements made earlier this month by Jeff Jones, a security strategy director at Microsoft. In analysis published on his Technet Security Blog and at cio.com, Jeff picked apart research I conducted in 2007, which found that Microsoft's Internet Explorer browser was unsafe for 284 days in 2006. According to Jones's analysis, Firefox users were instead more "at risk" than their IE counterparts in 2006 -- albeit just by a single day -- 285 days in 2006, he concludes. What Jones neglected to mention was that in my analysis I only examined the longevity of unpatched browser vulnerabilities that by each company's definition earned the most dangerous security ratings. In the case of Internet Explorer, for example, I counted only flaws that Microsoft said were "critical," for one or more versions of the browser or closely-tied component of the Windows operating
Thu, 29 Jan 09
Security Fix Pop Quiz, Reality-Show Style
http://feeds.voices.washingtonpost.com/click.phdo?i=88c187ac959eb78d712168bf9e8f4f42
It's been a while since we published our last Security Fix Pop Quiz, a periodic exercise to see whether you've updated your computer with the proper security updates. Usually when we do these quizzes I focus on the latest updates for third-party software programs, patches designed to guard against attackers who try to install malicious software using known security holes in these widely-used applications. This time around, however, I want to give readers more perspective about why applying these updates are so critical, by looking through the lens of the criminal masterminds behind "Grum," one of this year's largest spam botnets, or groupings of hacked Microsoft Windows PCs typically used to relay junk e-mail. But what exactly is it that makes this malware family so successful? Put simply, it observes the old adage, "If at first you don't succeed, try, try again." Indeed, Grum is incredibly tenacious: the Web sites
Wed, 28 Jan 09
Monster.com Breach May Preface Targeted Attacks
http://feeds.voices.washingtonpost.com/click.phdo?i=2d940735d86030ce97607e463b2d6f85
Job search giant Monster.com quietly disclosed this week that its user database was illegally accessed, resulting in the theft of an unspecified number of Monster user IDs and passwords, names, phone numbers and e-mail addresses. The company said it opted not to notify users by e-mail out of concern that those messages would be "used as a template for phishing e-mails targeting our job seekers and customers." "We believe placing a security notice on our site is the safest and most effective way to reach the broadest audience," the company said in a statement posted on its homepage. "As an additional precaution, we will be making mandatory password changes on our site." In 2007, a Trojan horse program that anti-virus giant Symantec Corp. named Infostealer.Monstres began using hijacked Monster.com employer accounts to hoover up data on Monster.com users, ultimately gathering information on roughly 1.6 million users. Not long after that,
Tue, 27 Jan 09
When Cyber Criminals Eat Their Own
http://feeds.voices.washingtonpost.com/click.phdo?i=b10402cb1be13a57d12974b8e6cdc36f
Some of the most prolific and recognizable malware disbursed by Russian and East European cyber crime groups purposefully avoids infecting computers if the program detects the potential victim is a native resident. But evidence from the Conficker worm -- which by some estimates is infecting more than one million new PCs each day -- shows that trend may be shifting. According to an analysis by Microsoft engineers, the original version of the Downadup (a.k.a. "Conficker") worm will quit the installation process if the malware detects the host system is configured with a Ukrainian keyboard layout. However, the latest variant has no such restriction. Stats collected by Finnish computer security firm F-Secure show that Russia and Ukraine had the second and fifth-largest number of victims from the worm, 139,934 and 63,939, respectively, as of Tuesday, Jan. 20. In the past, attackers from the infamous rogue anti-spyware families -- such as Antivirus
Fri, 23 Jan 09
Pirated iWork Software Infects Macs With Trojan Horse
http://feeds.voices.washingtonpost.com/click.phdo?i=4f9e0cc5dc1fe7b67368b314e89d7bd2
A company that makes security software for Mac computers is warning that copies of Apple's iWork productivity software that are available for download from peer-to-peer (P2P) file-sharing networks may be infected with a Trojan horse program. The malicious software appears to be designed to enlist infected systems in a bot army that is targeting Web sites with so much junk traffic they can no longer accommodate legitimate visitors. In an alert issued today, Intego said some pirated versions of the $79 iWork software suite circulating on BitTorrent trackers are infected with what it calls OSX.Trojan.iServices.A. Intego said the Trojan is bundled so that it runs when the user installs the pirated iWork software. iServices.A then opens up a "backdoor" on the victim's computer, effectively alerting the virus writer that a new system is infected and potentially allowing the attacker to upload new software to or perform other actions on the
Fri, 23 Jan 09
Obama Administration Outlines Cyber Security Strategy
http://feeds.voices.washingtonpost.com/click.phdo?i=2e9d1ea2457dc77337aadbaced5e9aff
President Barack Obama's administration has sketched out a broad new strategy to protect the nation's most vital information networks from cyber attack and to boost investment and research on cyber security. The key points of the plan closely mirror recommendations offered late last year by a bipartisan commission of computer security experts, which urged then president-elect Obama to set up a high-level post to tackle cyber security, consider new regulations to combat cyber crime and shore up the security of the nation's most sensitive computer networks. The strategy, as outlined in a broader policy document on homeland security priorities posted on the Whitehouse.gov Web site Wednesday, states the following goals: * Strengthen Federal Leadership on Cyber Security: Declare the cyber infrastructure a strategic asset and establish the position of national cyber advisor who will report directly to the president and will be responsible for coordinating federal agency efforts and development
Thu, 22 Jan 09
Apple's First 2009 Patch Batch Fixes 7 QuickTime Flaws
http://feeds.voices.washingtonpost.com/click.phdo?i=69fcfff5c65a6586411132e554dfdd69
Apple today released a security update for its QuickTime media player. The new version, QuickTime 7.6, is available for both Mac and Windows systems. This release fixes at least seven security vulnerabilities. All seven are serious enough that Apple says they could be used to run software of the attacker's choice on a vulnerable system simply by convincing the user to view a specially-crafted movie or streaming media file. It's important for QuickTime users (particularly Windows users) not to let too much grass grow under their feet before applying this update. Because it is so widely installed (and probably so infrequently updated), QuickTime has drawn the attention of hackers who write and sell automated exploit toolkits. These are software kits that attackers typically stitch into the fabric of hacked Web sites. When a user visits such a site, the toolkit checks to see which if the browser plug-ins may still
Wed, 21 Jan 09
Payment Processor Breach May Be Largest Ever
http://feeds.voices.washingtonpost.com/click.phdo?i=1c1031eb7dc74ab9f09ef6b625a16c91
A data breach last year at Princeton, N.J., payment processor Heartland Payment Systems may have compromised tens of millions of credit and debit card transactions, the company said today. If accurate, such figures may make the Heartland incident one of the largest data breaches ever reported. Robert Baldwin, Heartland's president and chief financial officer, said the company, which processes payments for more than 250,000 businesses, began receiving fraudulent activity reports late last year from MasterCard and Visa on cards that had all been used at merchants which rely on Heartland to process payments. Baldwin said 40 percent of transactions the company processes are from small to mid-sized restaurants across the country. He declined to name any well-known establishments or retail clients that may have been affected by the breach. Baldwin said it would be unfair to mention any one of his company's customers. "No merchant of ours represents even [one-tenth
Tue, 20 Jan 09
Move Over, Client #9
http://feeds.voices.washingtonpost.com/click.phdo?i=983b9407312862854ece42efdb7c8fec
A popular Web site that helps connect young women with so-called "Sugar Daddies" has fixed a major security hole that - apparently since its inception two years ago -- allowed anyone with a Web browser to view the private negotiations between site members. This discovery highlights the potential privacy pitfalls of placing too much personal information online, and fully trusting social networking sites. Most online communities, such as Facebook, provide residents a way to keep their public and private online personas separate. In many cases, when a breach between those two worlds occurs, it's because the user misconfigured or misunderstood their privacy settings, as I've documented with users of Google's Calendar service. But when the social networking community itself is responsible for the misconfiguration, the results could be disastrous and long-lasting. Seekingarrangement.com, an adult social networking site that boasts some 300,000 registered users, contained a weakness that allowed anyone to
Sat, 17 Jan 09
Tricky Windows Worm Wallops Millions
http://feeds.voices.washingtonpost.com/click.phdo?i=5c142ceb3fbbc407dea7ec9d4a19fb67
A sneaky computer worm that uses a virtual Swiss army knife of attack techniques has infected millions of Microsoft Windows PCs, and appears to be spreading at a fairly rapid pace, security experts warn. Also, while infected PCs could be used for a variety of criminal purposes -- from relaying spam to hosting scam Web sites -- there are signs that this whole mess may be an attempt to further spread so-called "scareware," which uses fake security alerts to frighten consumers into purchasing bogus computer security software. The worm, called "Downadup" and "Conficker" by different anti-virus companies, attacks a security hole in a networking component found in most Windows systems. According to estimates from Finnish anti-virus maker F-Secure Corp., the worm has infected between 2.4 million and 8.9 million computers during the last four days alone. If accurate, those are fairly staggering numbers for a worm that first surfaced in
Wed, 14 Jan 09
Microsoft Plugs Three Windows Security Holes
http://feeds.voices.washingtonpost.com/click.phdo?i=ed07d534c1d622426e3393a2b951d1ba
Microsoft today issued a critical software update to plug at least three security holes in its Windows operating systems. The patch, which applies to all supported versions of Windows, is available from the Microsoft Update Web site, or via Automatic Updates. All three security vulnerabilities relate to a weakness in the "Server Message Block" (SMB) protocol, a component of Windows used to provide shared access to files, printers, and other communications over a network. Blueprints showing would-be attackers how to exploit one of the flaws were posted online back in October; Microsoft said the other two vulnerabilities were privately reported. SMB threats can generally be stopped by a decent firewall, as they rely on the attacker or malicious software having direct access to a network hosting vulnerable systems. However, businesses typically test patches before deploying them to make sure they don't interfere with custom software, and in the meantime infected
Wed, 14 Jan 09
Meet the New Bots: Will We Get Fooled Again?
http://feeds.voices.washingtonpost.com/click.phdo?i=da884a9f2b48fae7e56210852d557a5a
The close of 2008 sounded the death knell for some of the most notorious spam networks on the planet. But already several new breeds of spam botnets -- massive groups of hacked PCs used for spamming -- have risen from the ashes, employing a mix of old and new tricks to all but ensure a steady flow of spam into e-mail boxes everywhere for many months to come. * In September, the shuttering of Northern California based host Atrivo/Intercage was the final nail in the coffin for the Storm worm, widely considered one of the most ingenious spam botnets ever created. * In November, the unplugging of Silicon Valley hosting provider McColo -- a network experts say absorbed many of the refugees from Atrivo's shutdown -- spelled the beginning of the end for "Srizbi," which was until recently considered the most massive spam botnet with an estimated 450,000 infected computers.
Tue, 13 Jan 09
Tiny Charges Often Precede Big Trouble
http://feeds.voices.washingtonpost.com/click.phdo?i=300055490111eea367f5e3acf0fbbcf9
Security experts advise consumers to keep a close eye on their bank and credit card statements, and for good reason: Small, unauthorized charges often are the first sign that thieves have made off with your account number and are getting ready to sell it to other crooks or use it to rack up thousands of dollars in fraudulent purchases. The Boston Globe writes this week about one such scam, which shows up on consumer accounts as 25-cent charges to a mysterious company called Adele Services, supposedly in New York. From that piece: Two theories of what is going on have advanced on message boards and among consumer advocates: Someone is trying to find out whether an illegally obtained credit card number will work before making a bigger charge, or they're trying to rip off tiny amounts from tons of people. The latter theory has more credibility at the moment. The
Thu, 8 Jan 09
Caveat Emptor: Watch Out for Phantom Stores
http://feeds.voices.washingtonpost.com/click.phdo?i=e569fd8d4086f4a48c43ca1749c0e624
Most people are proud to say they would never fall for a phishing scam, that they would never give their personal and financial information away at fake banking sites, just because someone asked them to in an e-mail. But how many people will use that same common sense when a too-good-to-be-true bargain presents itself at a no-name online electronics shop? A slew of fake electronics sites, some of them apparently being promoted by major online search engines and comparison-shopping sites, have been swindling consumers out of cash and credit card numbers for several weeks. The Web sites are confusingly named after legitimate electronics and clothing shops in the United States. All say they accept major credit cards and PayPal, and some carry seals boasting that they are "hacker safe." But customers who order something from these sites soon find their accounts charged increasing amounts for unauthorized transactions. Regina Arndt, owner
Tue, 6 Jan 09
Spamhaus: Google Now 4th Most Spam-Friendly Provider
http://feeds.voices.washingtonpost.com/click.phdo?i=02025a9ee1a7ccb46ce4163d39260c51
Google's free services are being heavily exploited by spammers to redirect visitors to sites touting knockoff designer drugs and scams, according to the latest rankings from Spamhaus.org, a group that tracks unsolicited commercial e-mail. Last month, Security Fix called attention to Microsoft's persistent ranking on Spamhaus's running list of the "Top 10 Worst Spam Service ISPs". Now that Microsoft has cleaned up its act, it appears the bad guys are moving on to Google, which is now ranked #4 on the list (#1 being the worst). "Microsoft got rid of the bad guys, and off they went to Google, which is now hosting a lot of the stuff that was on Microsoft's domains," said Richard Cox, Spamhaus's chief information officer. Other Internet providers, including Sprint and Verizon, currently round out the #8 and #10 slots on the Top 10 list, respectively. According to Spamhaus, spammers are using Google Documents to
Tue, 6 Jan 09
Phishers Now Twittering Their Scams
http://feeds.voices.washingtonpost.com/click.phdo?i=df9cfd946bd0ec512688ef374c9599e4
Phishers are trying to trick Twitter users into forking over their user names and passwords by sending tweets that direct users to fake Twitter login pages, security experts warn. Update, 7:31 p.m. ET: Twitter now says that in an unrelated incident, the Twitter accounts for president-elect Barack Obama and 33 other notables were compromised by an individual who hacked into some of the tools the company's support team uses to help people do things like edit the email address associated with their Twitter account when they can't remember or get stuck. More on that incident from a new post on the Twitter blog. Original post: Blogger Chris Pirillo spotted the Twitter phishes on Jan. 3, after receiving a tweet that asked him to log in at a counterfeit Twitter site called "twitter.login-access.com" (it's probably best to avoid visiting this site, which is still active as of this writing.) Suspecting that