Security Fix
Main
Security
Anti-MalwareMalware
MSNBC Security
Security Fix
Security World News
Random Feeds
Archives
| Jul 2011 | Jun 2011 | Dec 2009 | Nov 2009 | Oct 2009 | Sep 2009 | Aug 2009 | Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 | Feb 2009 | Jan 2009 | Dec 2008 | Nov 2008 | Oct 2008 | Sep 2008 | Aug 2008 | Jul 2008 | Jun 2008 | May 2008 | Apr 2008 | Mar 2008 |Wed, 25 Nov 09
Spam 'Godfather' gets 51 months in prison
http://feeds.voices.washingtonpost.com/click.phdo?i=e28dc30394a8da59c7a3e10f9d6b8676
These past few days have seen some notable cyber justice cases: Late Monday, Alan M. Ralsky -- a man dubbed the "Godfather of Spam" -- was sentenced to 51 months in prison. And on Friday, a California man pleaded guilty in a case involving the sale of counterfeit high-tech computer parts to the U.S. military. Ralsky, 64, of West Bloomfield, Mich., joined two co-conspirators in earning stiff prison sentences for long careers of blasting junk e-mail. Following more than four years in prison, Ralsky will be subject to five years of supervised release and will forfeit $250,000 the government seized from him in December 2007, the Justice Department said. According to the government, Ralsky was a top promoter of so-called pump-and-dump scams, schemes in which fraudsters buy up a bunch of low-priced microcap stock, blast out millions of spam e-mails touting it as a hot buy and then dump their
Tue, 24 Nov 09
New attack targets weakness in Internet Explorer
http://feeds.voices.washingtonpost.com/click.phdo?i=8ceac0d1ae93afa619db0c3a16898da6
Blueprints showing attackers how to exploit a previously unknown security hole in versions of Microsoft's Internet Explorer browser recently were published online. The danger here is if IE users browse to a hacked or booby-trapped Web site that uses the exploit, that site could install malicious software. Microsoft has not yet issued an advisory about this threat. According to initial reports from Symantec and vulnerability management firm VUPEN, the exploit works against IE 6 and IE 7 versions only. The vulnerability apparently resides in the way IE handles so-called cascading style sheet information (CSS), which a great many Web sites use to control the design and formatting of text and other site elements. Symantec reports that the attack code is a bit buggy and unreliable at the moment, but that a fully-functional and more reliable exploit almost certainly will be released soon. Symantec advises IE users is to make sure
Sat, 21 Nov 09
Alpha Software disclosure leads to confusion
http://feeds.voices.washingtonpost.com/click.phdo?i=338126a305ee819e2607afee9abeeddd
A few days ago, Security Fix heard from a reader who received a breach notification so casual in tone that he asked me to verify whether it was for real. Sure enough, Burlington, Mass.-based database application company Alpha Software Inc. recently told customers that a data breach had exposed their payment information. That fact was confirmed by similarly confused users posting to the company's online forum. The e-mail notice to affected customers reads: November 9, 2009 Dear Customer, We have been informed that there has been a security breach at the Internet Service Provider where our web site is hosted. This may have resulted in your credit card information being compromised. While it is entirely possible that your credit card information has not been stolen, in the interests of caution, we recommend that you contact your credit card provider to discuss what steps, if any, they recommend. Going forward, we
Fri, 20 Nov 09
FDA targets rogue Internet pharmacies
http://feeds.voices.washingtonpost.com/click.phdo?i=43c6d92eaf5f200ff9ceb598f07aad68
The U.S. Food and Drug Administration is pressuring a number of Internet service providers to shut off nearly 12 dozen Web sites alleged to be selling counterfeit or unapproved prescription drugs. The FDA's office of criminal investigations said it sent 22 warning letters to the operators of the sites, and alerted the appropriate ISPs and domain name registrars that the sites were selling phony pharmaceuticals, all without requiring a prescription. The agency said none of the sites represent pharmacies located in the United States or Canada, as most claim. According to the letters sent to owners of the 136 targeted sites, the online stores hawked everything from powerful controlled substances, including Valium and Xanax, to lifestyle drugs like Viagra and Levitra. Some sites even offered prescription drugs that have not yet been approved for distribution or sale in the United States, such as the anti-obesity drug Acomplia. "Many U.S. consumers
Thu, 19 Nov 09
Bill would ban P2P use on federal networks, PCs
http://feeds.voices.washingtonpost.com/click.phdo?i=95fb0acb1761fc1bff2efda3d80ba352
The chairman of the House Oversight and Government Reform Committee introduced legislation on Tuesday to prohibit the use of peer-to-peer (P2P) file-sharing software across all federal government computers and networks. The "Secure Federal File Sharing Act" would direct the White House's Office of Management and Budget to issue guidelines barring the use and/or installation of P2P software on federal systems, unless otherwise approved for a specific purpose. The bill also calls on OMB to develop a policy that would extend to networks and computers operated by agency contractors, as well as to personal computers of federal employees remotely accessing federal networks. "We can no longer ignore the threat to sensitive government information that insecure peer-to-peer networks pose," said Rep. Edolphus Towns, the Democrat from New York who chairs the House oversight panel, in a statement. "Voluntary self-regulations have failed so now is the time for Congress to act." The bill
Thu, 19 Nov 09
Experts: Smart grid poses privacy risks
http://feeds.voices.washingtonpost.com/click.phdo?i=2810183e385bb9648d8b09a6a45b1832
Technologists already are worried about the security implications of linking nearly all elements of the U.S. power grid to the public Internet. Now, privacy experts are warning that the so-called "smart grid" efforts could usher in a new class of concerns, as utilities begin collecting more granular data about consumers' daily power consumption. "The modernization of the grid will increase the level of personal information detail available as well as the instances of collection, use and disclosure of personal information," warns a report (PDF) jointly released Tuesday by the Ontario Information and Privacy Commissioner and the Future of Privacy Forum (FPF), a think tank made up of chief privacy officers, advocates and academics. Smart grid technology -- including new "smart meters" being attached to businesses and homes -- is designed in part to provide consumers with real-time feedback on power consumption patterns and levels. But as these systems begin to
Wed, 18 Nov 09
Microsoft warns of Windows 7 security hole
http://feeds.voices.washingtonpost.com/click.phdo?i=4e4e3b6d4c8f9213f4f79d3dbebf5b6b
Microsoft has confirmed reports of a security flaw in its Windows operating system that hackers could use to temporarily destabilize Windows 7 PCs. The software giant also acknowledged that blueprints for exploiting the flaw are now available online. At issue is a so-called "denial-of-service" vulnerability in the component of Windows that handles the sharing of files and folders. Microsoft said attackers could use exploit code now publicly available to cause vulnerable systems to stop functioning or become unreliable. The flaw is present in Windows 7 and Windows Server 2008 R2, and does not exist in older versions of the operating system, the software giant said. In a security bulletin published Friday, Microsoft said the vulnerability would not let attackers install malicious software or take control over an affected system, and that any ill effects from an attack on this flaw could be remedied by simply restarting the PC. In addition,
Sat, 14 Nov 09
Security update for Apple's Safari Web browser
http://feeds.voices.washingtonpost.com/click.phdo?i=0ce161e59bae637009b8cf6813d63d8b
Apple has shipped a new version of its Safari Web browser that fixes at least seven security vulnerabilities. The Safari 4.0.4 update is available for both Mac and Windows versions of the browser. Mac users can grab the latest version through Software Update; Windows users will need to use the bundled Apple Software Update application.
Fri, 13 Nov 09
Nastygram: Beware the NACHA gotcha
http://feeds.voices.washingtonpost.com/click.phdo?i=ce2348d07d58e31247ed32649c69b46a
Cyber thieves on Thursday began blasting out millions of e-mails impersonating NACHA - The Electronic Payments Association, a not-for-profit group that develops operating rules for organizations that handle electronic payments, from payroll direct deposits to online bill pay services. The missives in this latest scam arrive with various subject lines, but all complain about an unauthorized, rejected or failed ACH transaction. Most regular Internet users probably will ignore this message, as few people probably even know what ACH stands for (ACH, or "automated clearing house" refers to the electronic network used by banks to process credit and debit transactions in batches). That's likely just fine with the attackers, who appear to be targeting bookkeepers at small to mid-sized companies -- people who actually recognize what a failed or rejected ACH transaction can mean for their business's bottom line and reputation. According to an alert at the real NACHA Web
Thu, 12 Nov 09
Brazilian Govt: Soot, not hackers, caused '07 blackouts
http://feeds.voices.washingtonpost.com/click.phdo?i=0eab2f3f3d6dc973382ad3d09aab6f55
The Brazilian government is refuting a report aired on Sunday by the CBS news magazine 60 Minutes, which stated that power blackouts in the South American nation in 2005 and 2007 were caused by hackers. Meanwhile, a large swath of Central Brazil is still reeling from another massive blackout that occurred in the region Tuesday evening. Citing six unnamed sources in the intelligence, military and cybersecurity communities, 60 Minutes claimed that a two-day outage that affected 3 million people in the Brazilian state of Espirito Santo was caused by hackers hitting a utility company's control systems. Another, smaller outage in January 2005 also was caused by hackers, the report said. According to the Wired.com Threat Level blog, the utility company involved, Furnas Centrais Elétricas, said it "has no knowledge of hackers acting in Furnas' power transmission system." "Brazilian government officials disputed the report over the weekend, and Raphael Mandarino Jr.
Thu, 12 Nov 09
A year later: A look back at McColo
http://feeds.voices.washingtonpost.com/click.phdo?i=44e5bef778fa11d00b7dfadd9bdc638d
A year ago today, the Internet community witnessed a remarkable event: The unplugging of McColo, a Web hosting facility in Northern California that for a long time controlled a majority of the spam-sending operations on the planet. McColo's two main Internet providers abruptly yanked the cord after Security Fix presented them with scads of evidence collected by security researchers tying massive amounts of spam and other illicit activity to McColo's network. The outcome, of course, is now well known: The volume of spam sent worldwide tanked overnight, and remained at diminished levels for many weeks. All sorts of other badness diminished as well (more on that later). But since then, the sizable chunk of virtual real estate previously occupied by McColo has remained eerily quiet. A review of more than 3,000 Internet addresses previously assigned to the hosting firm reveals an Internet ghost town, as if the entire neighborhood had
Wed, 11 Nov 09
Microsoft plugs 15 holes in Windows, Office
http://feeds.voices.washingtonpost.com/click.phdo?i=c4ee5abadca020d8ba0b5ea1ca4a430d
Microsoft on Tuesday released software updates to fix at least 15 security flaws in Windows, Windows Server and Microsoft Office. One of the patches addresses a flaw so serious that users could find their Windows PCs compromised just by visiting booby-trapped Web sites. Richie Lai, director of vulnerability research for patch management firm Qualys, said the most dangerous vulnerability addressed in this month's updates is a flaw in the way Windows handles so-called "embedded font" files. An attacker could stitch specially made embedded fonts into a Web page and use this flaw to install malicious software when people merely browse the site with Internet Explorer on Windows 2000, Windows XP or Windows Server 2003 systems, Lai said. Microsoft said it believes hackers will quickly figure out a way to exploit this flaw for criminal gain. Andrew Storms, director of security operations for San Francisco-based security firm nCircle, agreed, saying the
Wed, 11 Nov 09
Eight indicted in $9M RBS WorldPay heist
http://feeds.voices.washingtonpost.com/click.phdo?i=169a579610fd7b6d65f35a245114ab2f
Eight men have been indicted on charges that they hacked into credit card processing firm RBS Worldpay, and helped steal more than $9 million in a highly coordinated heist nearly a year ago, the U.S. Justice Department said Tuesday. The 16-count indictment, which names individuals from Estonia, Moldova and Russia, is the first major break in a case federal investigators are calling "perhaps the most sophisticated and organized computer fraud attack ever conducted." "Today, almost exactly one year later, the leaders of this attack have been charged," said Sally Quillian Yates, acting U.S. attorney of the Northern District of Georgia, in a written statement. "This investigation has broken the back of one of the most sophisticated computer hacking rings in the world." The men are accused of cracking the data encryption that RBS WorldPay used to protect customer data on payroll debit cards, allowing them to clone the cards. Some
Wed, 11 Nov 09
Apple ships 50+ security updates
http://feeds.voices.washingtonpost.com/click.phdo?i=4c1909081c2a3afcdf8b858f0e0d32ef
Apple has shipped a large security update for computers running its Leopard and Snow Leopard operating systems for the Mac. The bundle contains security fixes for more than 50 vulnerabilities, including updates for components like Adaptive Firewall, FTP server, QuickTime and Spotlight. The update applies to Snow Leopard (10.6.x) and Mac OS X Leopard (10.5.8) systems, as well as OS X Server versions of these operating systems. Users can grab the patches directly from Apple Downloads or via the Mac's built-in Software Update feature. Some of the individual fixes in these bundles are interesting in their own right. For example, Apple said that a vulnerability in Snow Leopard's Login Window could let a user log in to any account without supplying a password. Another update, this one for a bug in Leopard' Dictionary program, is limited to users on the local network, but gives a whole new meaning to the
Tue, 10 Nov 09
Nastygram: MySpace Phish Plants Spy Software
http://feeds.voices.washingtonpost.com/click.phdo?i=34a1059da75c170b037803fe26f96cc2
A new spam campaign targeting MySpace.com users once again illustrates the blended threat from junk e-mail attacks, experts warn. This latest run tries to lure recipients into giving up their MySpace credentials, and then attempts to trick victims into installing password-stealing malicious software. Attackers began blasting out the junk e-mails early Monday, according to researchers at the University of Alabama, Birmingham, Researchers at the school so far have tracked more than 30 Web site names associated with this attack, each beginning with "accounts.myspace.com" and ending in a United Kingdom country code domain (.uk). The campaign is nearly identical to one launched late last month targeting Facebook.com users, said Gary Warner, director of research in computer forensics at UAB Birmingham: Recipients are directed to a fake Myspace.com page and asked for their login credentials. That attack cycled through at least 242 different look-alike Facebook scam sites before the last was
Mon, 9 Nov 09
First iPhone worm targets modified handsets
http://feeds.voices.washingtonpost.com/click.phdo?i=b599e25197e97ab3c6b105ebb8e41dd3
The first known computer worm written for Apple's iPhone currently is infecting iPhones in Australia, swapping out the device's background image with that of 80s singer Rick Astley. The contagion, dubbed "Ikee," spreads only among iPhones that have been "jailbroken," a process that removes the device's software protection mechanisms and allows iPhone users to install applications that are not available through Apple's official App Store. Ikee spreads not through any vulnerability exactly, but by exploiting a feature that many users of jailbroken iPhones likely never took the time to understand or read about. Most of the software packages that users install in order to jailbreak their iPhones come with a service known as Secure Shell (SSH). This service allows the devices to be accessed remotely over the Internet with a special password. The trouble is that the most common jailbreaking software installs SSH using a default password. As a result,
Sat, 7 Nov 09
Poking at Google's new privacy Dashboard
http://feeds.voices.washingtonpost.com/click.phdo?i=c7f6b9a15407000d5a53de229aeb9827
Google this week unveiled a new feature called Dashboard, intended to give users a way to view -- and in modest ways limit -- the breadth of information the search giant collects about our online lives. To check out Dashboard, browse to this link, and sign in to your Google account. From there, you can manage which Google Documents you're sharing, edit your Gchat history, or clear out items from your Web search history, among other tasks. Google said it was launching the service "to provide users with greater transparency and control over their own data." The reaction from privacy experts has been mixed. Ari Schwartz, vice president and chief operating officer at the Center for Democracy & Technology, called the Dashboard offering a good first step, and one that is several steps ahead of what Google's peers in the search businesses currently offer their users. "Google has said that
Fri, 6 Nov 09
Updates for Adobe's Shockwave, Sun's Java
http://feeds.voices.washingtonpost.com/click.phdo?i=1cbdb579e3b713502f31b80cf699394b
Sun Microsystems has issued an update to its Java software that fixes at least one security vulnerability. Separately, Adobe is pushing out a patch to plug four security holes in its Shockwave Player. The Sun patch brings Java 6 to version 17. If you're not sure whether you have Java or what version you may be running, visit this page and click the "Do I have Java?" link. If you don't have Java, you probably don't need it. If you do have it, make sure you've got this latest version. To update from within Java, open the Windows control panel, click the Java icon, then at the tab marked Update hit the Update Now button (in Windows 7, to get to Java click start, type "Java" in the search box and pick the first result). To see whether your system has Adobe's Shockwave Player, follow this link: If you see
Thu, 5 Nov 09
SnapNames: Former exec. bid up domain prices
http://feeds.voices.washingtonpost.com/click.phdo?i=570d0fea8c27c619c7c8f6ea8bf022ae
SnapNames, the largest reseller of Web site names, Wednesday alleged that a former top executive secretly bid on tens of thousands of domain name auctions over the past four years, driving up costs for other bidders and enriching himself in the process. SnapNames owner Oversee.net said it learned about a month ago that the executive had been bidding on its domain auctions in violation of company policy that bars employees from doing so. Mason Cole, vice president of Oversee corporate communications, said the executive was dismissed Monday. The company Wednesday began notifying affected customers via e-mail, stating that "in every auction where the employee's fictitious account submitted a bid which resulted in a higher price being paid by the winning bidder, SnapNames will offer a rebate, with 5.22 percent interest (the highest applicable federal rate during the affected time period), to affect customers for the difference between the prices they
Thu, 5 Nov 09
Business e-banking and the 6-figure password
http://feeds.voices.washingtonpost.com/click.phdo?i=04e6e181fddac114073fc1b5a0bb224a
On Monday, Security Fix featured the story of Ronnie Cutshall, a Tennessee man who was caught up in an international money laundering scam after being recruited through a work-at-home job offer. That story mentioned that Cutshall received a $9,600 transfer from a company called American Realty, but that I didn't have any luck in tracking down the victim company. Today the American Realty company affected by that scam contacted me after reading my story (turns out they're located in Shalimar, Fla., not Georgia, as I had previously thought). A few weeks ago, an American Realty employee clicked a link in an e-mail scam that spoofed an IRS alert about unreported income. The Web site linked to in that message quietly installed a password-stealing Trojan horse program named Zeus. From there, the perpetrators were able to swipe the company's online banking credentials, and initiate unauthorized payroll payments to Cutshall and about
Thu, 5 Nov 09
Spike in Social Media Malware, Phishing Attacks
http://feeds.voices.washingtonpost.com/click.phdo?i=2c971bc8d876a888a69740dcf65ca8f1
E-mail scams targeting users of social media sites like Twitter and Facebook are blurring the lines between traditional phishing attacks and those designed to plant password-stealing malicious software on the victim's PC. For the past week, scammers have been blasting out e-mails that at first glance appear to be run-of-the-mill phishing scams aimed at stealing user names and passwords from Facebook users. The messages urge recipients to "update" their information by clicking a provided link and entering their Facebook user name and password at a counterfeit Facebook login page. Facebook users who fall for the ruse are "logged in" to the fake Facebook page and then prompted to install a "Facebook Update Tool," which is in fact a copy of the Zeus password stealing Trojan. A study released in October found that 54 percent of U.S. companies have banned workers from using social networking sites. The author of that survey
Tue, 3 Nov 09
What Windows Autorun Has Wrought
http://feeds.voices.washingtonpost.com/click.phdo?i=ec18b1678cd45119e3671812a3be061f
A new report by Microsoft shows that the two most prevalent threats to Windows PCs in the first half of 2009 were malicious programs that have been aided mightily in their spread by a decision by Microsoft to allow the contents of removable media -- such as USB thumb drives -- to load automatically when inserted into Windows machines. In its latest "Security Intelligence Report," Microsoft counted the number of threats detected by its anti-malware desktop products, and found that the Conficker worm, along with a Trojan horse program called Taterf which steals passwords and license keys for popular computer games, were detected on 5.21 million and 4.91 million Windows computers, respectively. The original version of Conficker emerged nearly a year ago, and initially it spread by exploiting a networking vulnerability in Windows. But Conficker infections soared by the millions in January with the arrival of Conficker B, which introduced
Tue, 3 Nov 09
FDIC: Uptick in 'money mule' scams
http://feeds.voices.washingtonpost.com/click.phdo?i=b4896ba79fdf4e23177466cf47a68993
The Federal Deposit Insurance Corporation (FDIC) is warning financial institutions about an uptick in scams involving unauthorized funds transfers from hacked online bank accounts to so-called "money mules," people hired through work-at-home scams to help cyber criminals overseas launder money. According to the FDIC, the following are examples of events that may indicate money mule account activity: -A customer who just opened a new account suddenly receives one or several deposits, each totaling a little less than $10,000, and then withdraws all but approximately eight to 10 percent of the total (the mule's "commission"). -A foreign exchange student with a J-1 Visa and fraudulent passport opening a student account with a high volume of incoming/outgoing money transfer/wire activity. In tracking more than 50 companies over the past five months that have been victimized with the help of willing or unwitting money mules, I've spoke to dozens of folks who got