Security Fix
Main
Security
Anti-MalwareMalware
MSNBC Security
Security Fix
Security World News
Random Feeds
Archives
| Jul 2011 | Jun 2011 | Dec 2009 | Nov 2009 | Oct 2009 | Sep 2009 | Aug 2009 | Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 | Feb 2009 | Jan 2009 | Dec 2008 | Nov 2008 | Oct 2008 | Sep 2008 | Aug 2008 | Jul 2008 | Jun 2008 | May 2008 | Apr 2008 | Mar 2008 |Wed, 30 Sep 09
Microsoft's Free Anti-virus Tool Now Available
http://feeds.voices.washingtonpost.com/click.phdo?i=20b8a18b7f47308c82d6dd67daa0d53e
Windows users looking for a free anti-virus alternative can now take advantage of an offering from Microsoft, which today began offering its Security Essentials anti-virus program. Microsoft Security Essentials is a real-time and on-demand anti-virus scanner that is free for personal use. It runs on Windows XP, Windows Vista, and Windows 7 (both 32-bit and 64-bit versions). Note that in order to use this software, Windows users will first need to pass Microsoft's Genuine Validation (anti-piracy) check, which checks to make sure that you're running a legitimate, licensed copy of Windows. The version made available today didn't seem to differ too much from the beta I reviewed earlier this summer: The initial install and update were painless, and the default quick scan took about 10 minutes, while using limited resources on my test machine. Only time will tell how this offering stacks up against other free AV choices out there,
Tue, 29 Sep 09
New IRS Scam E-mail Could Be Costly
http://feeds.voices.washingtonpost.com/click.phdo?i=4099a93e4391af75794462fca15ff90f
The Department of Homeland Security's Computer Emergency Readiness Team is warning Internet users to be on guard against a convincing e-mail virus scam disguised as a message from auditors at the Internal Revenue Service. According to one victim interviewed by Security Fix, falling for the ruse could cost you or your employer tens of thousand of dollars. An alert issued Monday by the U.S.-CERT states: "The attacks arrive via an unsolicited email message and may contain a subject line of 'Notice of Underreported Income.' These messages may contain a link or attachment. If users click on this link or open the attachment, they may be infected with malicious code, including the Zeus Trojan." The Zeus Trojan is exceptionally good at stealing sensitive data, and it is especially interested in online banking credentials. This fake IRS/Zeus campaign has been ongoing for several weeks now, according to Gary Warner, director of research
Tue, 29 Sep 09
Cyber Gangs Hit Healthcare Providers
http://feeds.voices.washingtonpost.com/click.phdo?i=9c613f64f80eb6ce8ff9e430e6282949
Organized cyber thieves that have stolen millions from corporations and schools over the past few months recently defrauded several health care providers, including a number of non-profit organizations that cater to the disabled and the uninsured. The victims are the latest casualties of an online crime wave being perpetrated against U.S.-based organizations at the hands of cyber thieves thought to be based out of Eastern Europe. On Sept. 9, crooks stole $30,000 from the Evergreen Children's Association (currently doing business as Kids Co.), a non-profit organization in Seattle that provides on-site childcare for public schools. Kids Co. chief executive and founder Susan Brown said the attackers tried to send an additional $30,000 batch payment out of the company's account, but that her bank blocked the transfer at her request. "Now we're in this battle with our bank, because my staff accountant checks the account every day, and we notified the
Fri, 25 Sep 09
Don't Get Web 2.0wned
http://feeds.voices.washingtonpost.com/click.phdo?i=2c3caff94f9dd4607791d3e387cc4121
A recent attack in which tainted banner ads served up rogue software for visitors of popular sites such as drudgereport.com, lyrics.com and horoscope.com is a stark reminder of the importance of keeping up-to-date on software patches. According to Web vulnerability scanning firm ScanSafe, between Sept. 19 and 21, tainted ads that tried to foist malicious software cycled through some of the Web's most popular destinations (drudgereport.com receives more a million visitors per day, according to compete.com). Unlike the attack last week from rogue ads on the New York Times Web site - which heaved bogus anti-virus software onto visitors' systems - this series of bad ads sought to drop a Trojan horse that hijacks the victim's search results, ScanSafe found. The hostile ads tried to exploit several software vulnerabilities in order to drop the search hijackers onto victim PCs. One was a Microsoft Windows/Internet Explorer vulnerability that Redmond issued a
Fri, 25 Sep 09
'Money Mule' Recruitment Network Exposed
http://feeds.voices.washingtonpost.com/click.phdo?i=dce6db68edde112df73bae9c74bb73e9
In a blog post earlier this week, Security Fix examined the crucial role of "money mules" -- people in the United States who are willingly or unwittingly recruited to help cyber fraudsters steal money from businesses. In this column, we'll peer a bit deeper into how mules are recruited, and how they often communicate with their employers. Security Fix interviewed one of the mules hired to receive money from Sanford School District, a small school system in Colorado that was robbed of $117,000 last month when hackers used the district's online banking credentials to send sub-$10,000 payments to this mule and 16 others. The mule I spoke with said she was hired by a company called the Scope Group Inc., which claimed to be a nearly 20-year-old investment firm operating out of New York. The Scope Group did not return e-mails seeking comment, but there is no listing for a
Thu, 24 Sep 09
Maine Firm Sues Bank After $588,000 Cyber Heist
http://feeds.voices.washingtonpost.com/click.phdo?i=8d67b3220f199eef6ad2d1b0ad639962
A construction firm in Maine is suing a local bank after cyber thieves stole more than a half million dollars from the company in a sophisticated online bank heist. On Friday, Sanford, Maine based Patco Construction Co. filed suit in York County Superior Court against Ocean Bank, a division of Bridgeport, Conn. based People's United Bank. The lawsuit alleges that Ocean Bank did not do enough to prevent cyber crooks from transferring approximately $588,000 to dozens of co-conspirators throughout the United States over an eight-day period in May. People's United Bank spokeswoman Valerie Carlson declined to comment for this story, saying the company is aware of the lawsuit but does not discuss pending litigation. According to the complaint, the fraudulent transfers began on Thursday, May 7, when thieves who had hijacked the company's online banking credentials initiated a series of transfers totaling $56,594 to several individuals that had no prior
Wed, 23 Sep 09
Microsoft Issues Stopgap Fix for Windows Flaw
http://feeds.voices.washingtonpost.com/click.phdo?i=c88a347aac93a41bc5d3e4ef183ae296
Microsoft this week released a stopgap security fix for a critical flaw present in some Windows PCs that could let attackers remotely seize control of vulnerable systems. But as scary as this vulnerability sounds, it may actually be better for some Vista users to wait until Microsoft issues an official update. Microsoft issued the emergency workaround after reports that security researchers were publishing proof-of-concept exploits that attackers might use to figure out how to attack the flaw. The workaround Microsoft released doesn't fix the problem so much as disable the vulnerable component. In the meantime, Redmond says, it is working on developing a more precise, official patch. The flaw resides in the file-sharing capability of Windows Vista and Windows Server 2008 systems. It does not affect Windows XP, Windows 2000 or Windows Server 2003 computers. Microsoft says the vulnerability does not exist in the version of Windows 7 that the
Thu, 17 Sep 09
Data Breach Highlights Role Of 'Money Mules'
http://feeds.voices.washingtonpost.com/click.phdo?i=cb9a8aae73bf640ebb481227bc9ede9f
On Friday, Brunswick, Maine-based heating and hardware firm Downeast Energy & Building Supply sent a letter notifying at least 850 customers that the company had suffered a data breach. Downeast sent the notice after discovering that hackers had broken in and stolen more than $200,000 from the company's online bank account. The attack on Downeast Energy bears all the hallmarks of online thieves who have stolen millions from dozens of other businesses, schools and counties over the past several months. In every case, the thieves appeared more interested in quick cash than in pilfering their victims' customer databases. Nevertheless, the intrusions highlight an additional cost for victims of this type of crime: complying with state data breach notification laws. "This is something new to us, fortunately, but we have responsibilities under Maine statute to report these things to our customers and employees," said the company's president, John Peters, in an
Tue, 15 Sep 09
Cyber Crooks Target Public & Private Schools
http://feeds.voices.washingtonpost.com/click.phdo?i=9aafb94d86be9d2053ecfea354bf4dea
A gang of organized cyber criminals that has stolen millions from businesses across the United States over the past month appears to have turned its sights on public schools and universities. On the morning of Aug. 17, hackers who had broken into computers at the Sanford School District in tiny Sanford, Colorado initiated a batch of bogus transfers out of the school's payroll account. Each of the transfers was kept just below $10,000 to avoid banks' anti-money laundering reporting requirements, and went out to at least 17 different accomplices or "money mules" that the attackers had hired via work-at-home job scams. A school employee spotted the bogus payments on the morning of the 19th, when the school district learned that $117,000 had been siphoned from its coffers by cyber crooks. Sanford Superintendent Kevin Edgar said the school successfully reversed two of the transfers totaling $18,000, but that rest of the
Mon, 14 Sep 09
Patches for Macs, and Advice for Mac Users
http://feeds.voices.washingtonpost.com/click.phdo?i=03a7a3793b299dd90af55bddb22e45bc
Apple last week released Mac OS X 10.6.1, the first security update for Snow Leopard users. Cupertino also issued a bundle of updates to fix more than 30 security flaws in its 10.4 and 10.5 OS X and OS X Server systems. Snow Leopard shipped with an outdated and insecure version of the Adobe Flash Player. The 10.6.1 update fixes that, patching at least nine vulnerabilities in Flash, and bringing the Snow Leopard Flash plug-in up to date with the current 10.0.32.18 version. The Tiger and Leopard security bundles also include the Flash update, along with security fixes for components like ColorSync and CoreGraphics. The updates are available through Software Update or via Apple Downloads. One final note: Over the weekend, a number of Security Fix readers who are also Mac users wrote in to ask for advice after being peppered with rogue anti-virus pop-ups. The readers complained they received
Sat, 12 Sep 09
Clamping Down on the 'Clampi' Trojan
http://feeds.voices.washingtonpost.com/click.phdo?i=8dceeae60fe8656fafec9c97e7587259
Finding the notorious Clampi banking Trojan on a computer inside your network is a little like spotting a single termite crawling into a crack in the wall: Chances are, the unwelcome little intruder is part of a much larger infestation. At least, that's the story told by two businesses which recently discovered Clampi infections, compromises that handed organized cyber gangs the access they needed to steal tens of thousands of dollars. In early August, attackers used Clampi to swipe the online banking credentials assigned to the Sand Springs Oklahoma School District. The thieves then submitted a series of bogus payroll payments, totaling more than $150,000, to accomplices they had hired throughout the United States. Sand Springs Superintendent Lloyd Snow said the district has since been able to get about half of those transfers reversed, while the district's bank graciously covered the rest of the loss. Initially, Snow said, suspicion fell
Fri, 11 Sep 09
Updates Plug iPhone, QuickTime Security Holes
http://feeds.voices.washingtonpost.com/click.phdo?i=4257f83b7d0362322f4d3963f63842f4
Apple has shipped a security update to fix multiple vulnerabilities in the iPhone and iPod Touch. The company also pushed out a patch to plug security holes in Windows and Mac versions of its QuickTime media player. The iPhone update -- version 3.1 -- includes at least 10 security fixes, and several minor new features, such as the ability to better organize apps in iTunes and to download ring tones wirelessly. Apple also issued an update for its iPod Touch (v. 3.1.1) that includes a short list of new features. The QuickTime update brings that software to version 7.6.4 and fixes at least four separate security problems. Apple users can grab the update via Software Update, while Windows users will need to use the bundled Apple Software Updates application. The iPhone and iPod Touch updates are only available through iTunes.
Thu, 10 Sep 09
Cyber Thieves Steal $447,000 From Wrecking Firm
http://feeds.voices.washingtonpost.com/click.phdo?i=6cedaf21411c57d80221da86d87d60df
Organized cyber thieves are increasingly looting businesses in heists that can net hundreds of thousands of dollars. Security vendors and pundits may be quick to suggest a new layer of technology to thwart such crimes, but in a great many cases, the virtual robbers are foiled because an alert observer spotted something amiss early on and raised a red flag. In mid-July, computer crooks stole $447,000 from Ferma Corp., a Santa Maria, Calif.-based demolition company, by initiating a large batch of transfers from Ferma's online bank account to 39 "money mules," willing or unwitting accomplices who typically are ensnared via job search Web sites into bogus work-at-home schemes. Ferma President Roy Ferrari said he learned of the fraud not from his bank but from a financial institution at which several of the mules had recently opened accounts. Ferma employees worked extensively with that bank and several others to reverse the
Wed, 9 Sep 09
Microsoft Fixes Eight Security Flaws
http://feeds.voices.washingtonpost.com/click.phdo?i=3c988fa7b80378b741905e780bfe3970
Microsoft today pushed out software updates to plug at least eight critical security holes in computers powered by its various Windows operating systems. The patches are available through Windows Update or via Automatic Updates. The flaws were addressed in a bundle of five patches, each of which earned Microsoft's most dire "critical" rating, meaning they are serious enough that attackers could break into systems without any help from users. One particularly dangerous flaw covered by this month's patch batch is a problem with the way Windows handles Javascript. While this flaw stems from a faulty component of the Windows operating system, it would most likely be exploitable through Internet Explorer versions 6, 7 and 8, said Wolfgang Kandek, chief technology officer at software security provider Qualys. The flaw resides in every version of Windows except Windows 7. In fact, none of the vulnerabilities patched today affect Windows 7, Kandek said.
Sat, 5 Sep 09
More Business Banking Victims Speak Out
http://feeds.voices.washingtonpost.com/click.phdo?i=31041d56949627bc7827a0d25761e3f2
Since our story about Eastern European cyber crooks targeting small to mid-sized U.S. businesses ran last week, I've heard from a few more victims. Eerie similarities in their descriptions of how they were robbed suggest the bulk of this crime may be the work of one or two gangs. David Johnston, owner of Sign Designs, Inc., a Modesto, Calif.-based company that makes and installs electric signs, said his company lost nearly $100,000 on July 23, when crooks used the company's credentials to log in to its online banking account and initiate a series of transfers to 17 accomplices at seven banks around the country. "Our daily limit on these transactions was $100,000, and [the thieves] took just $47 short of that amount," Johnston said. "What we're looking at really is the bank robber of 2009. They don't use a gun, they have lots of helpers, their [profits] are huge, and
Fri, 4 Sep 09
Apple Updates Java, Backdates Flash
http://feeds.voices.washingtonpost.com/click.phdo?i=76350d9593929ab5fa4b929dc9e7192c
Apple Thursday shipped an update to plug a slew of critical security holes in its version of Java for Leopard systems (OS X 10.5). In other Apple patch news, it appears those who have updated to the latest version of OS X -- 10.6/Snow Leopard -- received an insecure version of the Adobe Flash player. The Java update brings Mac's version of Java to 10.5 Update 5, and fixes at least 16 security flaws in the program. Users can grab the patch through Software Update or directly from Apple Software Downloads. Mac users who have upgraded to Snow Leopard should be aware that the current version of the installation disc comes with an outdated version of Flash -- version 10.0.23.1. Snow Leopard users can upgrade to the latest version -- 10.0.32.18 -- by visiting the Flash Player Download Center.
Thu, 3 Sep 09
What To Do When Scareware Strikes
http://feeds.voices.washingtonpost.com/click.phdo?i=2f28cc8ded9eb77e546f9664cc17f55a
Mrs. Krebs and I were enjoying a relaxing, quiet morning last Saturday in our living room -- silently bonding with our respective laptops propped on our knees -- when she nearly jumped off of the sofa, shouting, "Uh oh! It's one of those fake virus things popping up! WhatdoIdo!?!?" It occurred to me as I reached for her computer that most people probably wouldn't know what to do should they stumble across a hacked or malicious site that tries to frighten and corral visitors into downloading and purchasing some rogue anti-virus product (a.k.a. "scareware"). The misleading pop-ups and animations about supposed security and privacy threats are unnerving, to be sure, and can be awfully convincing to the unwary. Typically, they are the result of scripts stitched into legitimate, hacked Web sites, or into banner ads that scam artists stealthily submit to some online ad networks. It is tempting to try
Tue, 1 Sep 09
Getting Friended By Koobface
http://feeds.voices.washingtonpost.com/click.phdo?i=d746b7e7415218d83de33de6800922f4
You know you've attracted the attention of online troublemakers when they start using their malicious software to taunt you by name. Such is apparently the case with the latest version of Koobface, a worm that spreads on Facebook, Twitter and other Web 2.0 sites and turns infected systems into bots that can be used for a variety of improper and possibly criminal purposes. According to an analysis performed on the malware by researchers from the University of Alabama at Birmingham, the latest version references a domain that begins with an expletive and ends with ...briankrebs.com (if you figure it out please DO NOT visit this Web site, as you could pick up a malicious program). I suppose I should be flattered, as I'm in good company: According to the researchers, this Koobface variant also forces infected systems to call out to another domain that drops an expletive in the middle