Security Fix
Main
Security
Anti-MalwareMalware
MSNBC Security
Security Fix
Security World News
Random Feeds
Archives
| Jul 2011 | Jun 2011 | Dec 2009 | Nov 2009 | Oct 2009 | Sep 2009 | Aug 2009 | Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 | Feb 2009 | Jan 2009 | Dec 2008 | Nov 2008 | Oct 2008 | Sep 2008 | Aug 2008 | Jul 2008 | Jun 2008 | May 2008 | Apr 2008 | Mar 2008 |Wed, 25 Feb 09
Just Say "No" To Gmail "ViddyHo" Chats
http://feeds.voices.washingtonpost.com/click.phdo?i=b16fb07bbfa5faffae01fa8179db27b0
A crazy number of readers have written in asking what they should do about unsolicited instant messages coming in from their Gmail accounts. The messages are from a site called ViddyHo urging them to "check out this video." I hope most readers will recognize the link provided in this chat invite for what it is: An invitation to give your Gmail credentials over to criminals. A quick check of the ever-sobering Google Trends feature would telegraph that this is a scam that has ramped up extremely quickly. Your best bet: Just say "no" to ViddyHo. And that goes ditto for any other unsolicited chat invites, regardless of which instant messaging platform you favor.
Wed, 25 Feb 09
The Tigger Trojan: Icky, Sticky Stuff
http://feeds.voices.washingtonpost.com/click.phdo?i=d5e1d4814608c9af08ac49efb837b2bd
A relatively unknown data-stealing Trojan horse program that has claimed more than a quarter-million victims in the span of a few months aptly illustrates the sophistication of modern malware and the importance of a multi-layered approach to security. When analysts at Sterling, Va., based security intelligence firm iDefense first spotted the trojan they call "Tigger.A" in November 2008, none of the 37 anti-virus products they tested it against recognized it. A month later, only one - AntiVir - detected it. That virtual invisibility cloak, combined with a host of tricks designed to elude forensic malware examiners, allowed Tigger to quietly infect more than 250,000 Microsoft Windows systems, according to iDefense's read of log files recovered from one of the Web servers Tigger uses to download code. iDefense analyst Michael Ligh found that Tigger appears designed to target mainly customers or employees of stock and options trading firms. Among the unusually
Sat, 21 Feb 09
Attackers Exploiting Unpatched Flaw In Adobe Reader, Acrobat
http://feeds.voices.washingtonpost.com/click.phdo?i=738675f64f5481feea1857b61bc01cb4
Hackers are exploiting an unpatched security hole in current versions of Adobe Reader and Acrobat to install malicious software when users open a booby-trapped PDF file, security experts warn. Adobe issued an advisory Thursday warning that its Reader and Acrobat software versions 9 and earlier contain a vulnerability that could allow attackers to take complete control over a system if the user were to open a poisoned PDF file. Adobe said it doesn't plan to issue an update to plug the security hole until March 11. Meanwhile, the folks at Shadowserver.org, a volunteer-led security group, said it has seen indications that this vulnerability is being used in targeted attacks. Shadowserver warns that this exploit is likely to be bundled into attack kits that are sold to cyber crooks who specialize in seeding hacked and malicious Web sites with code that tries to install malware. "These types of attacks are frequently
Thu, 19 Feb 09
Travel-Booking Site for Federal Agencies Hacked
http://feeds.voices.washingtonpost.com/click.phdo?i=bbd2b3ac57987f75105c41e2436116bf
Govtrip.com, which handles travel reservations for at least a dozen U.S. government agencies, last week was infected with a virus that tried to install malicious software when users visited the site, causing some agencies to block employees from accessing it, Security Fix has learned. Sometime on Feb. 11, hackers changed the Govtrip.com Web site to redirect visitors to a site that installed malicious software. A number of agencies, including the departments of Agriculture, Energy, Health & Human Services, Interior, Transportation, and Treasury, use the site exclusively to book travel arrangements. Govtrip.com also is used to reimburse workers via direct deposit, which means that many federal employees' checking account information is stored there as well. On Thursday, Feb. 12, the Federal Aviation Administration began urging employees to avoid visiting the site. Rather, employees seeking to make travel arrangements were given instructions on how to book travel arrangements manually, FAA spokeswoman Laura
Wed, 18 Feb 09
Verizon to Implement Spam Blocking Measures
http://feeds.voices.washingtonpost.com/click.phdo?i=6fea07d3a52deb153663b489719d10d6
Verizon.net is home to more than twice as many spam-spewing zombies as any other major Internet service provider in the United States, according to an analysis of the most recent data from anti-spam outfit Spamhaus.org. Verizon, however, says it plans to put measures in place to prevent it from being used as a home to so many spammers. Security Fix examined the latest stats from Spamhaus's "composite block list," (CBL) which relies on intelligence relayed by large spamtraps and e-mail infrastructures around the world. The list only is comprised of Internet addresses that have been observed to be sending spam, worms and viruses, or participating in other malicious activity. Spamhaus currently includes 225,454 U.S. based Internet addresses on its CBL. Of those, nearly one-quarter -- almost 56,000 -- are assigned to Verizon.net. Comcast, which according to Spamhaus is home to the next-largest concentration of malicious hosts among U.S. ISPs, has
Mon, 16 Feb 09
Apple Patches More Than 50 Security Holes
http://feeds.voices.washingtonpost.com/click.phdo?i=b0bb50f60c72f4b161dcb998f61f769b
Apple last week issued security updates to plug more than 50 security holes in its OS X operating system and other software. The patches, which affect Mac OS X 10.4 and 10.5, Java for the Mac and Safari for Windows systems, are available through Apple Downloads or via the company's automatic update program. Apple's Security Update 2009-001 addresses roughly four dozen security flaws in the operating system and bundled software. Java Release 8 patches at least four security flaws in Apple's version of Java for Mac OS X 10.4 and 10.5 Cupertino also fixed a critical vulnerability in its Safari Web browser for Windows XP and VIsta systems. Sarari 3.2.2 for Windows fixes a flaw that Apple said could allow a Web site to run hostile Javascript on the user's system if he or she subscribed to an RSS feed that included a malicious link. Brian Mastenbrook, the researcher Apple
Sun, 15 Feb 09
As Tax Season Continues, Beware of Scams
http://feeds.voices.washingtonpost.com/click.phdo?i=3065d98b95db28cd31aa8273aa018f39
As sure as the taxman cometh each year, so do the scam artists. The Internal Revenue Service is warning U.S. taxpayers to be prepared for a steady increase in scams and virus attacks via e-mail, telephone and the Web as the April 15 tax-filing deadline approaches. "We see a big upswing in complaints about these phishing emails January through April during the tax filing season," IRS spokeswoman Nancy Mathis said. The most common type of scam arrives via e-mails claiming to come from the IRS or Treasury Department. They typically try to either scare consumers into thinking there is an error with their tax filing, or that they are eligible for a tax rebate or benefit from the government economic stimulus package that just passed on Capitol Hill. These so-called "phishing" e-mails typically arrive in an e-mail that urges users to visit a site, which in turn prompts visitors to
Fri, 13 Feb 09
Microsoft Offers $250,000 Reward for Conficker Worm Author(s)
http://feeds.voices.washingtonpost.com/click.phdo?i=272035059e96c16d6b46c2a8e161b8e8
Microsoft Corp. today said it is offering a $250,000 reward for information that leads to the arrest and conviction of those responsible for launching the "Conficker" computer worm, a threat that has infected millions of Microsoft Windows PCs over the past two months. The reward is the most public acknowledgment yet of the damage inflicted by the Conficker worm - known to some anti-virus companies as "Downadup" -- which wiggles into Microsoft systems primarily through a security hole in the Windows operating system. Microsoft issued a software update in late October to help customers guard against the attack, but Conficker can spread even to systems that have already been patched, by piggybacking on removable media -- such as USB drives -- that launch the worm when connected to a Windows system. "As part of Microsoft's ongoing security efforts, we constantly look for ways to use a diverse set of tools
Wed, 11 Feb 09
Critical IE, Exchange Flaws in Microsoft's Patch Tuesday
http://feeds.voices.washingtonpost.com/click.phdo?i=74882d7bfd4e5452515195751892ced9
Microsoft Corp. today released four patch bundles to fix at least eight security vulnerabilities in PCs powered by its Windows operating system and other software. The fixes are available through Microsoft Update or via Automatic Updates. Half of the flaws fixed in February's patch batch earned Microsoft's most urgent "critical" rating, meaning attackers could wield them to break into vulnerable systems with little or no assistance from users, aside from maybe convincing users to visit a booby-trapped Web site or open a specially-crafted e-mail. Two of the critical vulnerabilities reside in Microsoft's Internet Explorer 7 Web browser (oddly enough, Microsoft says IE6 is not affected). The other two critical flaws Redmond fixed are found in Microsoft Exchange, an e-mail server program used by tens of millions of organizations. Andrew Storms, director of security operations for nCircle, a network security company, said the Exchange vulnerability is especially serious for businesses, because
Tue, 10 Feb 09
Covering Your Tracks in Firefox
http://feeds.voices.washingtonpost.com/click.phdo?i=595f9fff3014c0eb07b108bf434b8e42
Firefox users looking for a little more control over the privacy of their Web browsing habits should check out a handy add-on called "RefControl," a Firefox extension that lets you decide which sites should be allowed to see your most recent browsing history. When you visit a Web site, the people who run that site can see by looking at their traffic logs the name and Internet address of the site you were at directly before visiting their site, also known as the "referrer" link. Using RefControl, Firefox users can block all referrers, or block referrers for all sites except those included on your personal exclusion list. RefControl users can even set a fake referrer for all or specific sites that includes a custom message (e.g., "NoReferrerForYou"), a sentiment that will show up in the visited Web site's logs. RefControl is very easy to use. By default, the add-on doesn't
Sat, 7 Feb 09
Consider the Source, Not Just the File Type
http://feeds.voices.washingtonpost.com/click.phdo?i=47050577b3ebafea9112ba3826724dce
An uptick in malware that infects music files being traded on popular peer-to-peer (P2P) file-sharing networks should give Windows users pause about downloading songs from unknown sources. Symantec is reporting a spike in the number of audio files infected with what it calls Trojan.Brisv.A (detected as Worm.Win32.GetCodec.a by other antivirus vendors). The malicious software resides in otherwise innocuous-looking music Windows Media Audio (.wma) files that, when opened, changes all .mp3 and .mp3 files on a host system to Windows Media Audio (.wma) format. Audio files altered by the Trojan won't lose their .mp2 or .mp3 file extensions. Rather, the Trojan embeds in each converted media file a placeholder, so that when a victim tries to listen to it, the song is opened up in Windows Media Player. At that point, the victim is prompted to download an audio codec in order to continue playback. If the victim installs the codec,
Sat, 7 Feb 09
Quick Poll: Many Smaller Banks Hit By Heartland Breach
http://feeds.voices.washingtonpost.com/click.phdo?i=d54841c836fbecc7d29dd7ca0e908913
In another sign that the recently disclosed data breach at credit card processing giant Heartland Payment Systems may indeed be one for the record books, a quick survey of community banks indicates that a majority of institutions have been notified that at least some of their debit or credit cards were compromised in the breach. Princeton, N.J., based Heartland has not disclosed how many credit and debit card accounts may have been intercepted by malicious software the company recently found on its payment processing network. Heartland's president and chief financial officer Robert Baldwin told Security Fix last month that the company processes about 100 million card transactions each month. The Independent Community Bankers of America, a trade group that includes some 5,000 banks representing 18,000 locations nationwide, took an informal poll of its members recently to find out how many were contacted by Heartland. According to the ICBA, 83 percent
Fri, 6 Feb 09
Data Breach Led to Multi-Million Dollar ATM Heists
http://feeds.voices.washingtonpost.com/click.phdo?i=a10bb575ced71894c8b3f13975f02ed9
A nationwide ATM heist late last year netted thieves $9 million in cash in one day, according to published reports. The coordinated attack stemmed from a computer intrusion at payment processor RBS WorldPay. Atlanta-based RBS WorldPay announced on Dec. 23 that hackers had broken into its database and made off with personal and financial data on 1.5 million customers of its payroll cards business. Some companies use payroll cards in lieu of paychecks by depositing employee salaries or hourly wages directly into payroll card accounts, which can then be used as debit cards at ATMs. RBS said that thieves also might also have accessed Social Security numbers of 1.1 million customers. New York's Fox 5 cites FBI sources as saying that thieves used the stolen payroll cards recently to withdraw $9 million from ATMs from 49 cities, including Atlanta, Chicago, New York, Montreal, Moscow, and Hong Kong. Steve Lazarus, a
Thu, 5 Feb 09
OpenOffice Installs Insecure Java Version
http://feeds.voices.washingtonpost.com/click.phdo?i=5e8d3fd9c2822e692895d23be7feee56
An alert reader let me know that the latest version of OpenOffice, the open source alternative to the Microsoft Office productivity suite, also installs a very old, insecure version of Java. Users who accept the default installation options for OpenOffice 3.0.1 also will get Java 6 Update 7, a version of Java that Sun Microsystems released last spring (the latest version is Java 6 Update 12). This is notable because not only could attackers target security vulnerabilities that were fixed in subsequent versions of Java, but Java 6 Update 7 was released prior to Sun's inclusion of a feature known as "secure static versioning," which is intended to prevent Web sites from invoking even older versions of Java that may be present on the user's system. Starting with Java 6 Update 11, Sun included a feature that uninstalls older versions, but that functionality for whatever reason did not automatically remove
Thu, 5 Feb 09
Report: Most Spam Sites Tied to Just 10 Registrars
http://feeds.voices.washingtonpost.com/click.phdo?i=807913524502ecbf4baced263cd70343
Nearly 83 percent of all Web sites advertised through spam can be traced back to just 10 domain name registrars, according to a study to be released this week. The data come from millions of junk messages collected over the past year by Knujon ("no junk" spelled backwards and pronounced "new john"), an anti-spam outfit that tries to convince registrars to dismantle spam sites. While there are roughly 900 accredited domain name registrars, spammers appear to register the Web sites they advertise in junk e-mail through just one percent of those registrars. Knujon's rankings include: 1. XinNet Cyber Information Company Limited 2. eNom 3. Network Solutions 4. Register.com 5. Planet Online 6. Regtime Ltd. 7. OnlineNIC Inc. 8. Spot Domain LLC 9. Wild West Domains 10. Hichina Web Solutions Knujon co-founder Garth Bruen said registrars made his list based on several factors, including: the number of reported illicit domains held
Tue, 3 Feb 09
Data Breaches More Costly Than Ever
http://feeds.voices.washingtonpost.com/click.phdo?i=3e0bebc3780c6b0bd00da5d296548974
Organizations that experienced a data breach paid an average of $6.6 million last year to rebuild their brand image and retain customers following public disclosures of the incidents, according to a new study. The fourth annual survey by the Ponemon Institute, a Tucson, Ariz., based independent research company, found that companies spent roughly $202 per consumer record compromised. The same study put the total cost of a breach in 2007 at $6.3 million, and roughly $4.7 million in 2006. The survey examined cost estimates from 43 organizations that reported a data breach last year. The average number of consumer records exposed in each breach was about 33,000, but the number of records affected in each incident ranged from fewer than 4,200 to more than 113,000. Eighty-four percent of the companies surveyed had experienced at least one data breach or loss prior to 2008, said Larry Ponemon, the institute's founder. The
Sun, 1 Feb 09
Google: This Internet May Harm Your Computer
http://feeds.voices.washingtonpost.com/click.phdo?i=4ab7789c4f4463d01f4e9041d12506e0
A glitch in a computer security program embedded deeply into Google's search engine briefly prevented users of the popular search engine from visiting any Web sites turned up in search results this morning. Instead, Google users were redirected to page that warned: "This site may harm your computer." Calls and e-mails sent to Google were not returned as of publication. I will update this blog if and when I hear back from them about the cause and length of this incident. The problem, which appears to have been corrected by the time of publication, was related to Google's "Stop Badware" program, which is designed to keep Internet users from visiting sites that Google's bots have found try to install malicious software when users browse the sites. I first learned of the blockage just before 10 a.m. ET, when my wife complained that Google was telling her that OfficeDepot.com was trying