Security Fix
Main
Security
Anti-MalwareMalware
MSNBC Security
Security Fix
Security World News
Random Feeds
Archives
| Jul 2011 | Jun 2011 | Dec 2009 | Nov 2009 | Oct 2009 | Sep 2009 | Aug 2009 | Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 | Feb 2009 | Jan 2009 | Dec 2008 | Nov 2008 | Oct 2008 | Sep 2008 | Aug 2008 | Jul 2008 | Jun 2008 | May 2008 | Apr 2008 | Mar 2008 |Fri, 31 Jul 09
Critical Update for Adobe Flash Player
http://feeds.voices.washingtonpost.com/click.phdo?i=94d518cabbb03c20d074807dc5a0d65c
Adobe Systems Inc. today issued a security update to its Flash player to plug at least a dozen security holes in the software, including some that hackers have been using in to break into vulnerable systems. The latest update brings Flash player to version 10.0.32.18. Updates are available for most Flash installations on Windows, Mac and Linux machines. To find out what version of Flash you have, visit this page. Adobe recommends users of Adobe AIR version 1.5.1 and earlier versions update to Adobe AIR 1.5.2 Bear in mind that depending on the number of Web browsers you use, you may need to install this update more than once. For example, Windows users who use both Internet Explorer and Firefox will need to visit the Flash download page with each browser. The IE update requires the installation of an ActiveX control, while the Firefox update page asks you to download
Fri, 31 Jul 09
Clampi Trojan: The Rise of Matryoshka Malware
http://feeds.voices.washingtonpost.com/click.phdo?i=b3b4c4e81f74a2045ea85031c2c66aef
Last week, Security Fix told the online banking saga of Slack Auto Parts, a company in Georgia that lost nearly $75,000 at the hands of an extremely sophisticated malicious software family known as "Clampi". I only mentioned the malware in passing, but it deserves a closer look: Research released this week by a top malware analyst suggests that Clampi is among the stealthiest and most pervasive threats to Microsoft Windows systems today. Joe Stewart, director of malware research for the Counter Threat Unit at computer security firm SecureWorks, said Clampi appears to have spread to hundreds of thousands of Windows systems, since its debut in 2007. Unlike other malware families designed to steal credentials -- which are frequently sold and used among the larger cyber criminal community -- Stewart said Clampi appears to be the ever-evolving weapon used by a single organized crime group operating out of Eastern Europe that
Thu, 30 Jul 09
Weaponizing Web 2.0
http://feeds.voices.washingtonpost.com/click.phdo?i=3ddf9a0cd6e15ec4946b8d06e6ba0d65
Imagine simply visiting a Web forum and finding that doing so forced your browser to post an embarrassing Twitter message to all of your contacts, or caused you to admit a stranger to your online social network. Now consider the same dynamic being used to move money out of your online auction account or delete the contents of your e-mail inbox. These are just a taste of the Web 2.0 cross-site trust issues explored in a talk delivered at the Black Hat security conference in Las Vegas today. The presenters, researchers Nathan Hamiel and Shawn Moyer, delivered a related talk at Black Hat last year called "Satan is on my Friends List," that was highly entertaining and relevant to similar trust concerns that plague dozens of social networking sites. And since I am unfortunately not going to be at Black Hat this year, I wanted to catch up with them
Thu, 30 Jul 09
Report: First Lady Safehouse Route, Govt. Mafia Trial Info, Leaked on P2P Networks
http://feeds.voices.washingtonpost.com/click.phdo?i=ec93395311a0574e7a143bacf2b2157c
Update, 2:15 p.m. ET: A previous version of this story incorrectly stated that files were found on P2P networks that listed the location of nuclear missile silos in the United States. A spokesman for the committee said the information regarding nuclear installations is related to sensitive documents accidentally published on the Web site of the Government Printing Office recently, which included a "detailed list of the civilian nuclear complex, including precise locations of weapons grade nuclear fuel." An earlier version also incorrectly stated that on information the location of a safe house for Michelle Obama was compromised. The safe house was designed for former First Lady Laura Bush. The text below has been changed. The latest caches of sensitive data reportedly found on peer-to-peer (P2P) file-sharing networks are shocking: A highly sensitive document dated July 2009, listing the precise location of installations bearing weapons grade nuclear fuel in the United
Wed, 29 Jul 09
Microsoft's Emergency Patch Mess
http://feeds.voices.washingtonpost.com/click.phdo?i=250d4a8652af1363f3742ad73154075d
Microsoft today released a pair of emergency software updates (Redmond calls them "out-of-band" updates). Yes, that's right folks: If you use Windows -- and especially if you browse the Web with Internet Exploder Explorer - it's once again time to update. The backstory to these patches is a bit complex, so here's the short version: A while back, Microsoft introduced several security flaws into a set of widely-used third-party software development tools, and today it's correcting that error by issuing an updated set of tools. Another update tries to block attackers from exploiting those weaknesses while third-party software makers figure out how to fix their code with the updated tools. On a scale of 1 to 10, with 10 being the most dire and far-reaching, Eric Schultze, chief technology officer at Shavlik Technologies, said he'd put the seriousness of today's out-of-band patch releases at an 8. "When I was at
Sat, 25 Jul 09
Microsoft to Issue Emergency Patches Next Week
http://feeds.voices.washingtonpost.com/click.phdo?i=ec893d5921cde0c0a4a47e5e8bdf68bb
As Security Fix predicted earlier this week, Microsoft says it plans to issue at least two out-of-band software updates next week to plug a series of unusually stubborn and critical security holes in the Windows operating system and its Internet Explorer Web browser. Microsoft says it will issue two patches -- one to deal with problems in Internet Explorer, and another to fix a bug in its Visual Studio software suite. From Microsoft: While we can't go into specifics about the issue prior to release, we can say that the Visual Studio bulletin will address an issue that can affect certain types of applications. The Internet Explorer bulletin will provide defense-in-depth changes to Internet Explorer to help provide additional protections for the issues addressed by the Visual Studio bulletin. The Internet Explorer update will also address vulnerabilities rated as Critical that are unrelated to the Visual Studio bulletin that were
Sat, 25 Jul 09
Network Solutions Hack Compromises 573,000 Credit, Debit Accounts
http://feeds.voices.washingtonpost.com/click.phdo?i=e621505247ef2d7701cda3d933490061
Hackers have broken into Web servers owned by domain registrar and hosting provider Network Solutions, planting rogue code that resulted in the compromise of more than 573,000 debit and credit card accounts over the past three months, Security Fix has learned. Herndon, Va. based Network Solutions discovered in early June that attackers had hacked into Web servers the company uses to provide e-commerce services - a package that includes everything from Web hosting to payment processing -- to at least 4,343 customers, mostly mom-and-pop online stores. The malicious code left behind by the attackers allowed them to intercept personal and financial information for customers who purchased from those stores, Network Solutions spokeswoman Susan Wade said. Wade said the company is working with federal law enforcement and a commercial data breach forensics team to determine the cause and source of the break-in. The payment data stolen was captured from transactions made
Fri, 24 Jul 09
Service Offers to Retrieve Stolen Data, For a Fee
http://feeds.voices.washingtonpost.com/click.phdo?i=f8cf7698e82736188753592d96c0e9b1
A former cyber cop in the United Kingdom is heading up a new online portal that claims to offer a searchable database of about 120 million consumer records that have been phished, hacked or otherwise stolen by computer crooks. Visitors who search for their information and find a match can verify which data were stolen -- for a £10 ($16.50) fee. Colin Holder, a retired detective sergeant with the Metropolitan Police, said the idea for lucidintelligence.com became obvious shortly after he resigned from the U.K. fraud squad in 2004. "About six months after I retired, I was contacted by an old source who said he was seeing a vast amount of credit card and other personal data being exchanged between criminals, and what could he do with it,'" Holder recalled. Many companies scour e-crime chat rooms and message boards for stolen data, and share that data with banks and companies
Thu, 23 Jul 09
Attackers Target New Adobe Flash/Reader Flaw
http://feeds.voices.washingtonpost.com/click.phdo?i=e467ed4d41b98a0bc9e6ec75d1034e7f
Adobe Systems Inc. said Tuesday it is investigating reports that attackers are exploiting a previously unknown security hole in its Acrobat, Flash and PDF Reader applications. Adobe's security advisory says the security weakness appears to affect Adobe Reader and Acrobat 9.1.2, as well as Adobe Flash Player 9 and 10.That's about the extent of the information provided by Adobe at this point. Meanwhile, Symantec says it has seen several instances of this vulnerability being exploited in targeted attacks -- such as those in which the attackers include a poisoned attachment in an e-mail that addresses the recipient by name. Marc Fossi, manager of development at Symantec, said the attacks the company has seen so far involve booby-trapped PDF files that take advantage of Adobe Flash functions built into Reader. Fossi said none of the attacks so far have used stand-alone Flash, such as a malicious Flash movie embedded in a
Thu, 23 Jul 09
Microsoft Scrambling to Close Stubborn Security Hole
http://feeds.voices.washingtonpost.com/click.phdo?i=393f0c7eeb7afd121ea16165c82bc2f2
Microsoft may soon be taking the unusual step of issuing an out-of-band security update to address multiple weaknesses that stem from a Windows security flaw that the software giant tried to fix earlier this month, Security Fix has learned. Last week, on its regularly scheduled Patch Tuesday (second Tuesday of the month), Redmond issued software updates to plug nine security holes. Among those was a patch for a flaw in Windows and Internet Explorer that hackers were exploiting to break into PCs. However, it soon became clear that Microsoft had known about this vulnerability since at least April 2008. On July 9, noted security researcher Halvar Flake published a blog post suggesting that the reason Microsoft took so long to fix the bug may be because the flaw was caused by a far more systemic problem in Windows. According to Flake, the problem resides in a collection of code that
Wed, 22 Jul 09
Update for Norton Internet Security & Firefox 3.5
http://feeds.voices.washingtonpost.com/click.phdo?i=adcaaecbd9ff32fa42786b0cbfc41025
A few readers have asked me why their installation of Norton Internet Security 2009 won't play nice with their copy of Firefox 3.5. Symantec now has an update to fix this compatibility issue. The problem was with the Norton Toolbar, a component of NIS2009 that Symantec markets as a way to encrypt and securely store your passwords and logins, and other sensitive data. I know many people who use this feature, so if you're one of them, follow the instructions here to get this feature to work with Firefox 3.5. If you use NIS2009 but don't store your personal data with the toolbar, there is no need to install this update. NIS has earned a bad rap over the years for being a slow, resource-hogging beast of an anti-virus program, but when I trialed the program for a few months, I found NIS2009 to be very fast and unobtrusive. Still,
Tue, 21 Jul 09
The Growing Threat to Business Banking Online
http://feeds.voices.washingtonpost.com/click.phdo?i=35859a2efdfe11b46047ad9b93075035
Federal investigators are fielding a large number of complaints from organizations that are being fleeced by a potent combination of organized cyber crooks abroad, sophisticated malicious software and not-so-sophisticated accomplices here in the United States, Security Fix has learned. The attacks also are exposing a poorly-kept secret in the commercial banking business: That companies big and small enjoy few of the protections afforded to consumers when faced with cyber fraud. Earlier this month, I wrote about Bullitt County, Kentucky, which lost $415,000 after criminals planted malicious software on the county treasurer's PC. That rogue program allowed the crooks to initiate wire transfers to more than two dozen so-called "money mules," people duped into laundering the money and wiring it to the perpetrators in Ukraine. A few days after that story ran, I heard from a source in federal law enforcement who said the attack against Bullitt County was only the
Sat, 18 Jul 09
Firefox Update Plugs Critical Security Hole
http://feeds.voices.washingtonpost.com/click.phdo?i=486bb7324ca1d1ac9c3b1f437d5eed19
Mozilla has pushed out an update to Firefox 3.5 to plug a critical security hole that Security Fix warned about this week. According to the SANS Internet Storm Center, there have been reports of public exploits for this flaw being used in the wild. The update brings Firefox 3.5 to version 3.5.1, and can be installed by selecting "Help," and then "Check for Updates," (3.5 users may also have the update auto-installed upon restarting the browser). This update appears to fix a number of other stability and security issues as well. If you took my advice to blunt the threat from the public exploit for this flaw, take a moment to undo the setting you changed earlier. That's because my advice was disable the vulnerable component -- Tracemonkey -- which dramatically speeds up the rendering of Javascript in Web pages, and is among the most-touted improvements in Firefox 3.5. To
Fri, 17 Jul 09
PC Infections Often Spread to Web Sites
http://feeds.voices.washingtonpost.com/click.phdo?i=4735a68e86a6a0c24c671f997a838245
Most people are familiar with the notion that a computer virus can be passed from PC to PC, but many folks would probably be surprised to learn that a sick PC can often pass its infection on to Web sites, too. Some of the most pervasive malicious software circulating today (e.g., Virut) includes spreading capabilities that hark back to the file-infecting methods of the earliest viruses, which spread by making copies of themselves, or by inserting their code into other files on the host system. Malware often modifies existing files on the victim's PC to maximize the chances that infected files will be shared with and downloaded onto new host systems. One of the most effective ways of doing that is for malware to inject copies of itself into all of the HTML files found on a victim's computer. The end result could be this: If the victim is also
Thu, 16 Jul 09
Spammers, Virus Writers Abusing URL Shortening Services
http://feeds.voices.washingtonpost.com/click.phdo?i=9f0b480bffce10929bc0d88b4ff661ff
Purveyors of spam and malicious software are taking full advantage of URL-shortening services like bit.ly and TinyURL in a bid to trick unwary users into clicking on links to dodgy and dangerous Web sites. Fortunately, with the help of a couple of tools and some common sense, most Internet users can avoid these scams altogether. According to alerts from anti-virus vendors McAfee, Symantec and Trend Micro, the latest to abuse these services is the Koobface worm, which targets users of social networking sites like Facebook (Koobface is an anagram of Facebook) and Myspace. It's now also spreading via microblogging service Twitter. Koobface arrives as a message that urges users to click on a link to a video, which invariably leads to a site that prompts the visitor to install a missing video plug-in. The fake plug-in turns the user's system into a bot that can be used for a variety
Wed, 15 Jul 09
Microsoft Patches Nine Security Flaws
http://feeds.voices.washingtonpost.com/click.phdo?i=aba0fc4370baa7c9330d275e64ebebfd
Microsoft Corp. today issued software updates to plug at least nine different security holes in its various Windows operating systems and other software. Today's patch batch includes fixes for two very serious flaws that are actively being exploited by attackers to break into vulnerable PCs. Redmond issued patches to fix the vulnerability in its Video ActiveX Control for Internet Explorer, as well as the DirectShow flaw in Windows. Criminals currently are using both security holes to plant rogue software on PCs when users visit certain hacked or malicious Web sites. Contrary to what Microsoft itself said, the company did not release an official patch to plug the other ActiveX flaw hackers are actively exploiting -- which I first wrote about yesterday. Instead, it has released an interim workaround to blunt the threat from that weakness. Unfortunately, someone at Redmond seems to be a little confused about this point. In its
Wed, 15 Jul 09
Stopgap Fix for Critical Firefox 3.5 Security Hole
http://feeds.voices.washingtonpost.com/click.phdo?i=b7cd499ab783cbd9f0fa30b4270d6884
Instructions showing hackers how to exploit an unpatched, critical security hole in Mozilla's new Firefox 3.5 Web browser have been posted online. So, until Mozilla can ship an update to quash this bug, Security Fix is posting instructions to help readers protect themselves from this vulnerability. The security hole has to do with a flaw in the way Firefox 3.5 handles Javascript, a powerful programming language heavily used on popular Web sites. Specifically, the vulnerability was introduced with the addition of the Tracemonkey, a new feature in 3.5 that is designed to dramatically speed up the rendering of Javascript. Vulnerability watcher Secunia rates this flaw "highly critical," noting that it is the type of flaw that criminals could use to remotely install rogue software, merely by convincing users to visit a hacked or booby-trapped Web site. Fortunately, there is a relatively easy fix for this that can be reversed once
Tue, 14 Jul 09
Microsoft: Newly Discovered MS Office/IE Flaw
http://feeds.voices.washingtonpost.com/click.phdo?i=b09227150a2a8dd31f8c984c4a9d2d94
For the second time in a week, Microsoft is warning that criminals are exploiting a previously unknown security hole in its software to break into Windows computers. The company has released a stopgap fix to help protect users until an official software update is available. The problem stems from yet another insecure ActiveX component, this time one made to manage Excel spreadsheets between Internet Explorer and various Microsoft Office products. In an advisory released today, Microsoft said it is aware of attacks exploiting this vulnerability, which is the sort that could give criminals complete control over a vulnerable Windows PC merely by tricking users into visiting a booby-trapped Web site with IE (yes, this means if you use Windows but consistently use a non-IE browser to surf the Web and open e-mail links, then you have little to worry about from this flaw). According to Microsoft, your system is vulnerable
Fri, 10 Jul 09
PCs Used in Korean DDoS Attacks May Self Destruct
http://feeds.voices.washingtonpost.com/click.phdo?i=267295e7afd01b328a45db18a31d1f18
There are signs that the concerted cyber attacks targeting U.S. and Korean government and commercial Web sites this past week are beginning to wane. Yet, even if the assaults were to be completely blocked tomorrow, the attackers could still have one last, inglorious weapon in their arsenal: New evidence suggests that the malicious code responsible for spreading this attack includes instructions to overwrite the infected PC's hard drive. According to Joe Stewart, director of malware research at SecureWorks, the malware that powers this attack -- a version of the Mydoom worm -- is designed to download a payload from a set of Web servers. Included in that payload is a Trojan horse program that overwrites the data on the hard drive with a message that reads "memory of the independence day," followed by as many "u" characters as it takes to write over every sector of every physical drive attached
Wed, 8 Jul 09
Washington Post, White House, FAA, DoD, Others, Targeted in Online Attack
http://feeds.voices.washingtonpost.com/click.phdo?i=f9b14d5d2ebef6040beba90b7bac409c
Washingtonpost.com and Security Fix readers may have noticed that our site was a bit slow and occasionally unreachable today. Turns out, the site has been under attack by about 60,000 compromised PCs around the globe for several hours now. We weren't the only site reportedly picked on, though. According to several security researchers who asked to remain anonymous because they are still helping to investigate the assault, the same attackers targeted Web sites for the White House, the Department of Homeland Security, the Department of Defense and the Federal Aviation Administration, with varying success. The culprit is a piece of malicious software that orders infected PCs to visit the Web sites on its hit list over and over again, all in an apparent bid to render the targets unreachable to legitimate visitors. Joe Stewart, director of malware research at Atlanta-based SecureWorks, said he examined the attack software and found that
Wed, 8 Jul 09
High Crimes Using Low-Tech Attacks
http://feeds.voices.washingtonpost.com/click.phdo?i=4d857d5675412e43063793f078372473
Criminals are resurrecting low-tech attacks to siphon tens of thousands of dollars from unsuspecting victims. According to financial fraud experts, so-called "man-in-the-phone" attacks require little more than a telephone and old-fashioned con artistry. The scam works like this: The criminal calls a target, claiming to be the fraud department of the target's bank calling to alert the mark to potential unauthorized activity. The recipient of the call is then told to please hold while a fraud specialist is brought on the line. The perpetrator then calls the victim's bank, and bridges the call, while placing his portion of the call on mute. When the bank's fraud department asks various questions in a bid to authenticate the victim, the criminal records the customer's answers. Depending on the institution, the answers may include the victim's Social Security number or national ID number, a PIN or password, and/or the amount of last deposit
Wed, 8 Jul 09
Predicting Social Security Numbers
http://feeds.voices.washingtonpost.com/click.phdo?i=f8c118c371ad14ea899f19adaeb01354
The Washington Post today carries a story I wrote about new research, which found that it is possible to guess many -- if not all -- of the nine digits in an individual's Social Security number using publicly available information, a finding experts say compromises the security of one of the most widely used consumer identifiers in the United States. The full story is here. I'm mentioning it in the blog to call attention to some resources and additional information on this subject for readers who are interested in digging deeper. In the story, we wrote of the two Carnegie Mellon University researchers: Acquisti and Gross found that it was far easier to predict SSNs for people born after 1988, when the Social Security Administration began an effort to ensure that U.S. newborns obtained their SSNs shortly after birth. They were able to identify all nine digits for 8.5 percent
Tue, 7 Jul 09
Microsoft: Attacks on Unpatched Windows Flaw
http://feeds.voices.washingtonpost.com/click.phdo?i=07569f87ec015cced2ac586fb33876ad
Microsoft warned today that hackers are targeting a previously unknown security hole in Windows XP and Windows Server 2003 systems to break into vulnerable PCs. Today's advisory includes instructions on how to mitigate the threat from this flaw. In a security alert posted today, Microsoft said the vulnerability could be used to install viruses or other software on a victim's PC if the user merely browsed a hacked or booby trapped Web site designed to exploit the security hole. Redmond says at this time it is aware of "limited, active attacks that exploit this vulnerability." Microsoft doesn't define "limited, active" attacks in the context of this vulnerability, but the SANS Internet Storm Center is reporting that thousands of newly compromised Web sites have been seeded with code that exploits this vulnerability. SANS also says instructions for exploiting the vulnerability have been posted to a number of Chinese Web sites. According
Fri, 3 Jul 09
PC Invader Costs Ky. County $415,000
http://feeds.voices.washingtonpost.com/click.phdo?i=64a5975c3a005c3062f49c027c0ef37b
Cyber criminals based in Ukraine stole $415,000 from the coffers of Bullitt County, Kentucky this week. The crooks were aided by more than two dozen co-conspirators in the United States, as well as a strain of malicious software capable of defeating online security measures put in place by many banks. Bullitt County Attorney Walt Sholar said the trouble began on June 22, when someone started making unauthorized wire transfers of $10,000 or less from the county's payroll to accounts belonging to at least 25 individuals around the country (some individuals received multiple payments). On June 29, the county's bank realized something was wrong, and began requesting that the banks receiving those transfers start reversing them, Sholar said. "Our bank told us they would know by Thursday how many of those transactions would be able to be reversed," Sholar said. "They told us they thought we would get some of the
Thu, 2 Jul 09
Spam Rates Recovering From 3FN Takedown
http://feeds.voices.washingtonpost.com/click.phdo?i=3998335be5020b577ad20e3e1226bc2b
Google published a report on spam rates this past quarter indicating that spam volumes declined roughly 30 percent following the Federal Trade Commission's takedown of the troubled online hosting provider 3FN early last month. Google says spammers have already made up a significant amount of ground, climbing 14 percent from the initial drop. The stats differ from other figures Security Fix collected about the impact of the 3FN takedown. Google's spam data was drawn from Postini, the company's e-mail security and archiving service. The following graph shows Postini's view of spam volumes over the past six months: Read more about Google's view of spam trends, at their quarterly report, available here.
Thu, 2 Jul 09
A Bustling Week for Cyber Justice
http://feeds.voices.washingtonpost.com/click.phdo?i=cab25affad4187a1a06e94c283441faa
This past week has been a bustling one for cyber justice. The Federal Trade Commission announced a settlement in its ongoing case against scareware purveyors; a notorious hacker admitted stealing roughly two million credit card numbers; the Justice Department has charged a software developer from Arkansas with launching a series of debilitating online attacks against several online news sites that carried embarrassing stories about him. Finally, a federal appeals court decision gives security vendors added protection against spurious lawsuits by adware companies. -- Last week, the FTC said it had settled with James Reno and his company ByteHosting Internet Services LLC. Both were named in the commission's broad sweep last year against purveyors of "scareware," programs that uses bogus security alerts to frighten people into paying for worthless security software. The settlement imposes a judgment of $1.9 million against Reno and Bytehosting, yet the court overseeing the case suspended all
Wed, 1 Jul 09
FFSearcher: A Stealthy Evolution in Click Fraud
http://feeds.voices.washingtonpost.com/click.phdo?i=7878f21c7f56c9c7c37715b1d558c4a5
Every so often, a new piece of malicious software comes along that introduces a subtle yet evolutionary technological leap, a quickly-mimicked shift that allows cyber crooks to be far more stealthy in plying their trade. According to research released last week, this happened most recently in the realm of click fraud, a rapidly growing problem that inflates online advertising costs for legitimate companies and ad networks. For years, hackers have used malicious software to perpetrate click fraud by hijacking the results displayed when users search for something online. The trouble is, these scams can be rather clumsy: Victims often figure out pretty quickly that something is wrong, usually because their searches are redirected to an unfamiliar search portal, as opposed to their regular default search provider. But a new Trojan horse program being distributed by tens of thousands of recently hacked Web sites hijacks search results so that Google.com users