Security Fix

Fri, 27 Mar 09
Conficker: Doomsday, or the World's Longest Rickroll?
http://feeds.voices.washingtonpost.com/click.phdo?i=57f3d284b9e918fd85db6b10aa053227
When it comes to criminal hackers, establishing motive is usually a no-brainer: In a majority of cases, computer worms and viruses are little more than tools that bad guys use to make money. But every so often, a prolific and sophisticated worm or virus emerges that isn't so obviously connected to a financial scheme. Almost every time this happens, people start to get nervous and spin wild theories about the threat, until the hype surrounding said threat starts to reach a fever pitch. This is exactly what's happening with the latest version of the worm dubbed "Conficker," a contagion that has infected millions of PCs worldwide. Computers already infected by the worm are supposed to be automatically updated with some unknown software component on April Fools Day. That's more or less the sum of what computer experts know about the rhyme or reason behind this worm, but it hasn't stopped

Thu, 26 Mar 09
Hacked File-Upload Accounts Prized by E-Jihadis
http://feeds.voices.washingtonpost.com/click.phdo?i=f5ef9926050bb8b7d008ed0ecbdf7139
Hackers who sympathize with radical Islamic groups increasingly are using hijacked accounts at online file-upload and distribution services to disseminate large files, such as videos of attacks on Western forces in the Middle East, new research suggests. Services like RapidShare, Ziddu, and MegaUpload allow users to share large files, yet each places certain restrictions on non-paying users, such as limiting the number, speed, and size of files that free users can upload and download. But according to analysts at iDefense, a security intelligence firm owned by Verisign, hackers from various online jihadists forums have in recent months begun posting lengthy lists of hacked premium RapidShare account usernames and passwords to help fellow members avoid those limits. The same forums have latched onto obscure programs that allow Rapidshare users to effectively circumvent file size limits by splicing up large files into smaller chunks that the programs then reassemble after the constituent

Wed, 25 Mar 09
Mac OS X Top Target in Browser Beatdown
http://feeds.voices.washingtonpost.com/click.phdo?i=2f9364f9fcf9aaacfb0a64e9ccfd3ab3
Legendary bank robber Willie Sutton was made famous for allegedly explaining why he robbed banks with the answer: "Because that's where the money is." So why do cyber crooks attack Web browsers? Because that's where the user is. But maybe a more accurate answer is: "Because that's where the vulnerabilities are." At least, that was the answer given by a 25-year-old German computer science student known only as "Nils," who last week proudly showcased three brand new exploits for remotely hijacking the most popular Web browsers, including Firefox, Safari and the last beta release of Microsoft's Internet Explorer 8. Nils was competing in the "Pwn2Own" contest at the CanSecWest security conference in Vancouver. That contest, sponsored by 3Com's TippingPoint, awarded contestants $5,000 per browser bug. The first person to crack any of the browsers was allowed to keep the laptop it was running on (TippingPoint purchases information about unpatched security

Tue, 24 Mar 09
Web Fraud 2.0: Data Search Tools for ID Thieves
http://feeds.voices.washingtonpost.com/click.phdo?i=7ab28d88c0982e53715a3cb706f02f27
Data such as your Social Security number, mother's maiden name and credit card balance are not as difficult for ID thieves to find as most people think. I've recently learned that cyber crooks are providing cheap, instant access to detailed consumer databases, offering identity thieves the ability to find missing data as they compile dossiers on targeted individuals. Security Fix spent the past week testing services offered by two Web sites that sell access to a wealth of information on consumers. Each site offers free registration, but requires users to fund their accounts via Webmoney, a PayPal-like virtual currency that is popular in Russia and Eastern Europe. I enlisted the help of a half-dozen volunteers who agreed to let me try to find their personal and financial data on these sites. For a payment of $3 each, I was able to find full Social Security numbers on four of the

Sat, 21 Mar 09
Rogue Antivirus Distribution Network Dismantled
http://feeds.voices.washingtonpost.com/click.phdo?i=dc4dba109316c950d29ff2f15d63174a
A major distribution network for rogue anti-virus products has been shut down following reports by Security Fix about massive profits that the network's affiliates were making for disseminating the worthless software. On Monday, Security Fix profiled TrafficConverter2.biz, a program that pays affiliates handsome commissions for spreading "scareware" products like Antivirus2009 and Antivirus360. Scareware tries to frighten consumers into purchasing fake security software by pestering them with misleading and incessant warnings about threats resident on their systems. According to a message posted at TrafficConverter2.biz and its sister sites, the program's credit card payment processor pulled the plug on them shortly after our story ran. TrafficConverter2.biz is currently unreachable, but a message posted to the home page earlier this morning reads: On March 18th, in the evening, with no warnings, the German Merchant Processing was cut off. Merchant was at the bank personally (without intermediaries), proved and with the arrangements on the

Sat, 21 Mar 09
FTC Takes on Freecreditreport.com
http://feeds.voices.washingtonpost.com/click.phdo?i=b4308f8dc45aeda41991d8cb53d3df39
If you watch television, chances are you've seen the jingles where the young guy sings a campy song about his troubles with identity theft, in a bid to pitch a site called freecreditreport.com. Well, now the Federal Trade Commission is getting in on the act, running a series of hilarious public service announcements to point out that such services often are not free at all, and instead pointing consumers to annualcreditreport.com, a site mandated by Uncle Sam and probably the only place online consumers can truly go to get a free copy of their credit reports from each of the three major credit reporting bureaus. Here's my favorite annualcreditreport.com PSA from the FTC: If you haven't seen any of the freecreditreport.com commercials that the FTC is lampooning, it may make more sense if you take a gander at them over at YouTube. Here's one more from the FTC: Looking for

Fri, 20 Mar 09
Antivirus2009 Holds Victim's Documents for Ransom
http://feeds.voices.washingtonpost.com/click.phdo?i=cd58a754200ec1ad471636755ae154dc
Security experts are warning that some new "scareware" programs, software that tries to frighten consumers into purchasing bogus security products, also encrypt the victim's digital documents until he or she agrees to pay a $50 ransom demand. Newer versions of scareware family Antivirus2009 warn users in a fake Windows alert that files in the "My Documents" folder are corrupt. The program them directs the victim to download a program called "FileFixerPro" to fix the supposedly corrupt files. In fact, this version of Antivirus2009 encrypts or scrambles contents of documents in that folder, so that only users who pay $50 for a FileFixerPro license can get the decryption key needed to regain access to the files in their My Documents folder. A number of security forums have chronicled the rise of this nasty development in scareware evolution. This thread, over at the "devshed" Web development forum, includes cries for help from

Wed, 18 Mar 09
Newsflash: Local Man Launches Virus Epidemic
http://feeds.voices.washingtonpost.com/click.phdo?i=4d5a7d75db8506cbd355da4fb82f7710
Malware authors are beginning to personalize virus attacks sent through e-mail, blasting out fake news alerts about shocking events that supposedly happened in or around the recipient's home town. This latest innovation comes compliments of the Waledac worm, widely seen as the successor to the Storm worm, a wily virus that used a seemingly bottomless bag of new tricks to fool people into clicking on links that launch the worm into action. On Monday, security firm Trend Micro began warning people to look out for bogus "Reuters breaking news" e-mails warning of explosion or other various calamities that have supposedly broken out in a city near you. The message content pulls data from so-called "geo-location" services that can use the recipient's Internet address to make a semi-accurate guess of their nearest town. For example, a user who lives in Fairfax, Va., might see this subject line in a missive sent

Tue, 17 Mar 09
Massive Profits Fueling Rogue Antivirus Market
http://feeds.voices.washingtonpost.com/click.phdo?i=6eedc482adeeba193e3bfa85ac4dfdbc
In the cyber underworld, more and more individuals are generating six-figure paychecks each month by tricking unknowing computer users into installing rogue anti-virus and security products, new data suggests. One service, that exemplifies a very easy way these bad guys can make this kind of money is TrafficConverter.biz, one of the leading "affiliate programs" that pays people to distribute relatively worthless security software. Affiliates are given a range of links and Javascript snippets they can use to embed the software in hacked and malicious Web sites, or tainted banner advertisements online. Unsuspecting users who view one of these hacked sites or ads see a series misleading warnings saying their computers are infected with malware, and offering a free scan. Those who agree are prompted to download a program that conducts a bogus scan and warns of non-existent threats on the user's system. The software also blocks the user from visiting

Fri, 13 Mar 09
Hacking iTunes Gift Cards, and an iTunes Update
http://feeds.voices.washingtonpost.com/click.phdo?i=b492e8759ccec3d9406a392a00993c74
Recently, several media outlets have been running a fascinating story about hackers making oodles of money selling iTunes gift cards activation codes at online auctions, supposedly after cracking the secret algorithm Apple uses to generate voucher codes for iTunes gift cards. But a blog post published today by one of the security industry's most prominent researchers suggests that the real hack here is far simpler: The crooks are merely using stolen credit cards to purchase and resell the iTunes gift cards. Joe Stewart, director of malware research at SecureWorks writes: This would be a pretty clever hack if it were true -- however, something just isn't quite right here. Nowhere in these articles does it explain one simple thing - how do they manage to generate activated iTunes gift voucher codes? When you purchase an iTunes gift card, it has to be activated before it will work, otherwise you will

Thu, 12 Mar 09
Microsoft Plugs Eight Windows Security Holes
http://feeds.voices.washingtonpost.com/click.phdo?i=af14cbef8fd70584d07b868147816d42
Microsoft Corp. on Tuesday pushed out a set of three updates to fix at least eight security vulnerabilities in its Windows operating systems and other software. The patches are available through Windows Update or via Automatic Updates. Easily the most critical update addresses an image processing flaw present in every supported version of Windows that could be exploited merely by tricking a Windows users into viewing a booby-trapped image on a Web site or sent via e-mail. According to Eric Schultze, chief technology officer for St. Paul, Minn., based Shavlik Technologies, attackers could use this flaw to install and run malicious software on a victim's system even if the user wasn't logged on using the all-powerful administrator account. "With system privileges, the evil code can access, copy, or delete any files on the system, create or delete user accounts, change passwords, or install backdoors," Schultze said. "In other words, nasty

Thu, 12 Mar 09
Sprint: Employee Stole Customer Data
http://feeds.voices.washingtonpost.com/click.phdo?i=d794a5db4ac9dc007bb078da89797cc1
Sprint is warning several thousand customers that a former employee sold or otherwise provided their account data without permission. In letters sent via snail mail to some customers, Sprint urged recipients to contact customers service and change their existing personal identification number and security question. Turns out, a Sprint employee accessed "multiple customer accounts," between Dec. 2008 and Jan. 2009. "It appears this employee may have provided customer information to a third party in violation of Sprint policy and state law. We have terminated this employee. The information that may have been compromised includes your name, address, wireless phone number, Sprint account number, the answer to your security question, and the name of the authorized point of contact on your account." Sprint spokesman Matt Sullivan declined to say how many customers were sent the letters, but said it was less than one percent of its customer base. A woman who

Wed, 11 Mar 09
Adobe, Foxit, Ship PDF Reader Security Updates
http://feeds.voices.washingtonpost.com/click.phdo?i=9b92a3a30694443ac7873ab39761fa0f
Adobe Systems today released an update to plug a dangerous security hole that hackers first began exploiting in January. The update, available here, is for Adobe Reader and Acrobat programs on both Windows and Mac systems. Adobe said it expects updates for Adobe Reader 7 and 8, and Acrobat 7 and 8, to be available by March 18. If you've chosen to read PDF documents using the popular alternative to Adobe -- Foxit Reader -- you also need to update. On Monday, Foxit shipped an update that fixes at least three serious vulnerabilities in its Reader products. That update, which brings Foxit Reader to version 3.0, is available from this link.

Wed, 11 Mar 09
Users Complain of Mysterious 'PIFTS' Warning
http://feeds.voices.washingtonpost.com/click.phdo?i=4706da9c1d3fc9f66d936db9ea4d5a7a
Computer support forums are lighting up with queries from users wondering what to do about an alert on whether to trust a file called "PIFTS.exe". Meanwhile, someone at Symantec's support forum seems to be deleting posts from users inquiring about this alert almost as soon as they go up on the forum. Swa Frantzen, an incident handler with the SANS Internet Storm Center, writes today that PIFTS.exe appears to be related to a Norton update since it has a has a component in it that leverages the user's Internet connection to contact a Web page at norton.com, which is owned and operated by Symantec. A Security Fix reader sent this e-mail today about his experience with this alert: "Symantec's response has been odd. It has removed all chat threads on the subject, and seems to be deleting questions about PIFTS.exe wherever they may be posted. In short, it is Symantec's

Sat, 7 Mar 09
Why Web Site Security Matters to Us All
http://feeds.voices.washingtonpost.com/click.phdo?i=d3f1fac9067fcd4cce43f5f314d41a16
For the past several months, some of the sharpest minds in the security community have teamed up to block cyber criminals from wresting control over what may be one of the largest armies of hacked computers ever built. While those efforts are ongoing and so far appear effective, all of that work could be undone thanks to the lax security of a single Web site. The scourge in question is the Conficker worm, a contagion that has infected tens of millions of Microsoft Windows machines since its birth in November. Experts figured out early on that Conficker was a two-stage threat because it tells infected systems to contact a list of 250 different domain names each day. If just one of those domains is registered by the virus writer, the thinking goes, it could be used to download an as-yet unknown secondary component to all infected systems, such as malicious

Fri, 6 Mar 09
Twitter Security Hole Left Accounts Open to Hijack
http://feeds.voices.washingtonpost.com/click.phdo?i=f2f0014fbe54f7b3a54d451d5fb35d0e
Micro-blogging service Twitter.com has fixed a vulnerability that until Wednesday night allowed users to create fake posts on other users' Twitter pages, or sign up fellow users for a deluge of potentially wallet-busting text messages. Twitter is designed to let people blog from their phones, by sending text (aka "short message service" or SMS) messages or "Tweets" that will then appear on the user's Twitter.com home page. Any Twitter users who are "following" or have syndicated that account will then receive updates on their Web sites about what that user is doing. Twitter users can choose to receive updates from other users via their own home page, through their phone, or both. The authentication weakness allowed anyone who knew your mobile number to spoof messages to your Twitter.com home page so that they appeared to have come from you, provided your mobile phone number was set up to post and/or

Thu, 5 Mar 09
Fanning the Flames of the Browser Security Wars
http://feeds.voices.washingtonpost.com/click.phdo?i=f64b19ac95f05eeb825249a8cea1b239
A report published this week by software vulnerability watcher Secunia promises to stoke the ever-smoldering embers of the debate over which major Web browser is more secure. In trying to draw conclusions from the data, though, I hope readers will look past the sheer numbers of security holes that each browser maker fixed this past year, to the metric that in my opinion matters most: How long did it take each browser maker to address security flaws once those vendors knew about them? Secunia's study (PDF) found that 115 security flaws were reported in 2008 for Mozilla's Firefox browser, almost four times as many flaws as other popular browsers. In contrast, Secunia said, 31 vulnerabilities were reported for versions of Microsoft's Internet Explorer, while Opera and Safari claimed at least 30 and 32 reported security holes in 2008, respectively. But the Secunia study also measured how nimbly Microsoft and Mozilla

Wed, 4 Mar 09
From (& To) Russia, With Love
http://feeds.voices.washingtonpost.com/click.phdo?i=dafa49ae9f83e242e6fb90c142897af7
If you ask security experts why more cyber criminals aren't brought to justice, the answer you will probably hear is that U.S. authorities simply aren't getting the cooperation they need from law enforcement officials in Russia and other Eastern European nations, where some of the world's most active cyber criminal gangs are thought to operate with impunity. But I wonder whether authorities in those countries would be any more willing to pursue cyber crooks in their own countries if they were forced to confront just how deeply those groups have penetrated key government and private computer networks in those regions? As Security Fix documented in When Cyber Criminals Eat Their Own, a common misconception about hacker groups in Russia and the former Soviet nations is that they avoid targeting their own people. On the contrary, aggregate statistics from recent attacks and outbreaks strongly suggest that perception no longer matches reality.

Tue, 3 Mar 09
"Koobface" Worm Resurfaces on Facebook, MySpace
http://feeds.voices.washingtonpost.com/click.phdo?i=f01ce208b618d552c90c648c72e48ff5
Security experts are warning users of Facebook, MySpace and other social networking communities to be on guard against a new strain of the "Koobface" worm, which spreads by tricking users into responding to a message apparently sent from one of their friends. The latest version of Koobface arrives as an invitation from a user's friend or contact, inviting the recipient to click on a link and view a video at a counterfeit YouTube site. Visitors are told they need need to install an Adobe Flash plug-in to view the video. The bogus plug-in instead installs a Trojan horse program that gives Koobface author(s) control over the infected user's computer, according to security firm Trend Micro, which documented the new strain on its blog. In addition, the worm also hijacks the victim's social networking account, by sending out additional invites in order to spread the worm to the victim's friends and

Mon, 2 Mar 09
Microsoft: Attackers Target Unpatched Excel Flaw
http://feeds.voices.washingtonpost.com/click.phdo?i=33f931957f7e4087f8191a8f75bff997
Microsoft Corp. is warning computer users that attackers are now exploiting a previously unknown security hole in the company's Excel spreadsheet software to break into vulnerable systems. The vulnerability, which appears to be present in all supported versions of Microsoft Excel and Microsoft Office (including Office 2004 and Office 2008 for Mac), could be exploited merely by convincing a user to open a booby-trapped Excel file hosted on a hacked or malicious Web site, or sent as an attachment in an e-mail message. Microsoft reports that it is "aware only of limited and targeted attacks that attempt to use this vulnerability," and that it is working on shipping a fix for the flaw. Symantec researchers report on the company's blog more or less supporting Microsoft's claim that this flaw is not yet widely being exploited. But that should not deter readers from following this tried-and-true advice: If you didn't ask

Mon, 2 Mar 09
ID Fraud, Abusive Debt Collectors Top Consumer Gripes in '08
http://feeds.voices.washingtonpost.com/click.phdo?i=d8ef75d842cc52cbb3173ea5aca70ba0
Identity fraud was the top complaint consumers lodged last year with the Federal Trade Commission, followed by gripes about harassing and abusive debt collectors, the agency reported today. Of the 1,223,370 complaints the FTC received last year, 313,982 - or 26 percent - were related to identity fraud. The biggest chunk of those complaints related to credit card fraud (20 percent), while employment fraud and fraud related to government documents/benefits each accounted for 15 percent of identity fraud complaints. Phone or utilities fraud made up 13 percent, while 15 percent of complaints related to bank and loan fraud complaints. Debt collectors have always generated a large volume of complaints, but this is the first year that the FTC has included the industry as a category in its top complaints listing, FTC spokeswoman Claudia Bourne Farrell said. In November 2008, nationwide debt collection agency Academy Collection Service and its owner agreed

Mon, 2 Mar 09
Adobe Issues Security Update for Flash Player
http://feeds.voices.washingtonpost.com/click.phdo?i=0be8fa03dfc9c5a50d8e36e5ed480a0e
Adobe Systems Inc. has shipped an update for its ubiquitous Flash player that fixes at least five security flaws. A few of the flaws are critical, meaning users could have malicious software installed on their system merely by visiting a Web page that features a booby-trapped Flash movie. Many readers will need to apply two different versions of this patch: One is designed for Internet Explorer, and another updates the Flash player in Firefox, Opera and Safari. This can be accomplished by visiting this update link twice, once with IE, and then again with Firefox or whichever other browser you're using. The patch plugs security holes in Flash player 10.0.12.36 and earlier. Updates are available for Flash versions made for Windows, Mac OS X, and Linux. Not sure which version of Flash you have installed, or want to make sure the fix worked? Visit this link to find out. Adobe

Mon, 2 Mar 09
Adobe Urges Stopgap Changes To Blunt Cyber Threat
http://feeds.voices.washingtonpost.com/click.phdo?i=0224650f62b442926e9ae1fb97912c14
Adobe Systems Inc. has found itself in the midst of a public relations maelstrom of the sort once reserved only for Microsoft Corp., as security experts chastise the company for not moving fast enough to address a critical security hole in its products even as third-party software makers offer makeshift fixes for the flaw. On Feb. 19, experts at Shadowserver.org, a volunteer-led security group, let the world know that bad guys were attacking an unpatched security flaw in Adobe Acrobat and Reader to break into systems when users opened booby-trapped .PDF files. The Shadowserver guys said one way to mitigate this threat was to disable the rendering of Javascript within these programs. Later that day, Adobe released its own advisory, which acknowledged that the flaw existed in all supported versions of its products, and on all operating systems. The company said it planned to ship an update to fix the