tag:blogger.com,1999:blog-18041352634499392682024-03-13T11:08:43.765+08:00My Antivirus Solutions* no subscription fee * no trial * no serial no. * no product key * no activation *My-Antivirushttp://www.blogger.com/profile/16717835825434216940noreply@blogger.comBlogger129125tag:blogger.com,1999:blog-1804135263449939268.post-88643079361771291512008-01-27T20:25:00.000+08:002008-01-27T20:28:54.541+08:00Virus Found in Some Best Buy Digital Frames<strong>Barry Levine</strong><br /><strong>News Factor Network</strong><br /><strong>Website: </strong><a href="http://www.newsfactor.com/"><strong>http://www.newsfactor.com</strong></a><br /><br />You can add to the growing list of things you need to do to keep your computer safe -- scan the digital picture frame.<br /><br />Best Buy has confirmed that some units of its Insignia 10.4-inch Digital Picture Frame, purchased over the holidays, had a computer virus. Last weekend, the retailer noted an advisory from its private label, Insignia, which stated that "a limited number" of the frames, model number NS-DPF-10A, were "contaminated with a computer virus during the manufacturing process."<br /><br />According to news reports, Best Buy is not recalling the frames, but it has pulled the remaining units. It said this was the only Insignia frame product affected, and the product has been discontinued.<br /><br /><strong>Precautionary Measure<br /></strong><br />The company said that once it was informed of the contamination, it "immediately" withdrew the product from stores and Web sites "as a precautionary measure to protect our customers." Best Buy did note that "some affected units" were purchased from either its brick-and-mortar stores or from the retailer's Web site before the virus was detected.<br />Best Buy reportedly learned of the infection after customer complaints, but there is no indication of how the virus was acquired during manufacturing, or what the consequences may have been for customers.<br /><br />The company pointed out that the virus can only get to a computer if the digital frame is connected. The frames connect to PCs as well as cameras so photos can be downloaded for display. But Best Buy said cameras, USB drives and memory cards cannot be infected by the virus.<br /><br /><strong>Use Up-to-Date Protection<br /></strong><br />Even if a consumer does attach a contaminated frame to a computer via a USB cable, Best Buy said, any up-to-date antivirus software, such as Norton, McAfee or Trend Micro, should be able to detect and remove the infection. It added that the units contained "an older virus which is easily identified and removed by current antivirus software."<br /><br />The specific virus was not identified by either Best Buy or the manufacturer, although there are reports on the Web that it was a Trojan that could induce a crash on Windows machines.<br />Macintosh-owning picture lovers can rejoice, at least temporarily, because the virus only affects Windows operating systems. Similarly, Linux-based systems are also immune to this particular infection.<br /><br />Virus-infected products may be the next frontier for consumer caution.<br /><br />Last year, Seagate admitted that some of its 500-GB Maxtor hard drives had a Trojan house that could swipe online passwords for games, and some Apple iPods were infected with a virus in 2006. Other consumer products that have reportedly had viruses include GPS devices, digital cameras, memory cards, MP3 players and other brands of digital picture frames.My-Antivirushttp://www.blogger.com/profile/16717835825434216940noreply@blogger.com12tag:blogger.com,1999:blog-1804135263449939268.post-89899840059823779182008-01-27T13:15:00.000+08:002008-01-27T13:19:12.175+08:00Worm fears shut down Skype video feature<strong>Robert McMillan </strong><br /><strong>InfoWorld</strong><br /><strong>Website: </strong><a href="http://www.infoworld.com/"><strong>http://www.infoworld.com</strong></a><br /><br />San Francisco - Skype has been forced to turn off a video-sharing feature in its software because it could be misused to launch a self-copying worm attack against Skype users, security researchers said Tuesday.<br /><br />A bug in the software, which was first <a href="http://us.rd.yahoo.com/dailynews/infoworld/tc_infoworld/storytext/94765/26021039/SIG=12dedmhm1/*http://aviv.raffon.net/2008/01/17/SkypeCrosszoneScriptingVulnerability.aspx">reported</a> last Thursday by security researcher Aviv Raff, stems from the way Skype uses an Internet Explorer component to render HTML.<br />Skype's video-sharing feature allows users to share videos hosted on two sites -- <a href="http://us.rd.yahoo.com/dailynews/infoworld/tc_infoworld/storytext/94765/26021039/SIG=10o4gsr2e/*http://Dailymotion.com">Dailymotion.com</a> and <a href="http://us.rd.yahoo.com/dailynews/infoworld/tc_infoworld/storytext/94765/26021039/SIG=10lb0c1qg/*http://Metacafe.com">Metacafe.com</a> -- while chatting with other Skype users.<br /><br />Last week Raff showed how attackers could exploit the bug to run unauthorized software on a Skype user's PC. But on Tuesday, the security researcher said the flaw was more serious than he'd first thought. It can "be triggered by simply visiting a Web site, or clicking on a link from your instant messaging application," he wrote in a <a href="http://us.rd.yahoo.com/dailynews/infoworld/tc_infoworld/storytext/94765/26021039/SIG=12loj800p/*http://aviv.raffon.net/2008/01/22/NoMoreVideosForYouComeBackWhenPatchAvailable.aspx">blog posting</a>, "Which basically means that this vulnerability is now wormable."<br /><br />Skype appeared to have pulled the video feature from its client software on Tuesday as a result of the bug. Users who attempted to click on the "videos" button within a chat window were greeted with a message that the feature was unavailable "because of some security concerns."<br />"Our brightest engineers are rattling their wrenches to make things all right and bring the beloved videos back. Soon," the message read. "Sorry about this."<br /><br />Skpe representatives did not return calls seeking comment. Last week, Skype spokesman Villu Arak <a href="http://us.rd.yahoo.com/dailynews/infoworld/tc_infoworld/storytext/94765/26021039/SIG=12jtjk9h4/*http://share.skype.com/sites/security/2008/01/skype_cross_zone_scripting_vul.html">confirmed</a> that there was a security problem for Skype 3.5 and 3.6 users who visited the Dailymotion.com Web site, but users were still able to share videos using Metacafe.com.<br />On Tuesday, however, Skype pulled the video feature altogether after being informed of the new problem, Raff said.<br /><br />Because Metacafe had a cross-site scripting flaw, a common type of programming error, Raff was able to run JavaScript on Metacafe.com, which could then be used to run unauthorized software on the victim's computer. Attackers could then forward a link to the malicious Web page to all of the Skype contacts in the victim's computer, spreading the infection.<br /><br />For Raff's attack to work, an attacker would have to post a maliciously encoded video file to either of the Metacafe or Dailymotion Web sites. Metacafe said Tuesday that it's "highly unlikely" that this kind of malicious video would make it through the site's content-filtering process.<br /><br />In a statement, the company said it expects Metacafe videos to be available to Skype users as early as Wednesday morning.<br /><br />Raff said that because the attack could lead to a widespread worm outbreak, it would be better for Skype to fix the underlying problem before bringing Metacafe back online.<br /><br />Raff believes that Dailymotion was probably susceptible to this type of attack as well, although he was unable to confirm this after Skype cut off access to the Web site.<br /><br />The problem lies in the fact that Skype uses a Windows Internet Explorer component with inappropriate security settings, researchers say. Instead of processing pages it renders with the more secure "Internet Zone" security setting, Skype uses IE's "Local Zone" security setting, usually reserved for more trustworthy content.<br /><br />Until Skype engineers make some changes to their software, more of these problems will continue to pop up, Raff said.<br /><br />Another security researcher who has been <a href="http://us.rd.yahoo.com/dailynews/infoworld/tc_infoworld/storytext/94765/26021039/SIG=11pc12c7c/*http://www.gnucitizen.org/blog/vulnerabilities-in-skype">studying</a> the flaw agreed.<br />"If they keep their Skype client running in the Local Zone of IE, we will see more of these," said Petko Petkov of GNU Citizen via instant message. "Before killing Metacafe, anyone who owns the server would have been able to own every Skype user on the planet."My-Antivirushttp://www.blogger.com/profile/16717835825434216940noreply@blogger.com6tag:blogger.com,1999:blog-1804135263449939268.post-65936197623144571912008-01-27T13:05:00.000+08:002008-01-27T13:14:57.025+08:00Apple growth will draw malware attacks<strong>Matt Hines</strong><br /><strong>InfoWorld</strong><br /><strong>Website: </strong><a href="http://www.infoworld.com/"><strong>http://www.infoworld.com</strong></a><br /><br /><br />San Francisco - As Apple continues to grow its worldwide market share and the company's products find their way into more business environments, attackers are certain to follow and create greater volumes of exploits aimed at vulnerabilities in the company's software, security experts contend.<br /><br />According to industry analyst firm Gartner, Apple shipped just over 1 million Mac OS X-based computers during the fourth quarter of 2007, a gain of 227,000 over the fourth quarter of 2006. The analyst firm reported that Apple's U.S. market share for 2007 jumped by 28 percent compared to 2006, rising to just over 6 percent.<br />And with Apple CEO Steve Jobs stating at last week's <a href="http://us.rd.yahoo.com/dailynews/infoworld/tc_infoworld/storytext/94704/26005514/SIG=11lpenjrj/*http://www.infoworld.com/archives/t.jsp?N=s&V=94593">Macworld Expo and Conference</a> that the company has already sold 4 million iPhones and 5 million copies of <a href="http://us.rd.yahoo.com/dailynews/infoworld/tc_infoworld/storytext/94704/26005514/SIG=129amcu93/*http://www.infoworld.com/article/07/11/21/47TC-osx-leopard-part1_1.html">Leopard (Mac OS X 10.5)</a>, its latest OS, since launching the products last year, the company's prospects look stronger than ever.<br /><br />However, malware researchers and industry analysts warn that as the sheer number of Apple end-point devices in use worldwide rise, so will the security concerns tied to the company's products.<br /><br />"It's hard to get around market share. At the end of the day, malware writers don't care what operating system you are using; it's about whether or not you have valuable information on your machine and whether there is an opportunity to take advantage of it," said David Marcus, security research manager for McAfee's Avert Labs group.<br />"Microsoft Windows has been targeted so aggressively because it has a much broader deployment than the Mac OS," he said. "But the malware authors watch trends just like everyone else, and they know more people are considering a move to Apple, including government institutions and businesses; if it makes financial sense to go after that opportunity at some point, they will move in that direction."<br /><br />The Mac's vulnerabilitiesIn some cases, attackers will seek to exploit vulnerabilities such as currently unpatched <a href="http://us.rd.yahoo.com/dailynews/infoworld/tc_infoworld/storytext/94704/26005514/SIG=12qnmhcug/*http://www.infoworld.com/article/07/12/14/After-attacks-Apple-fixes-QuickTime-bug_1.html">flaws in Apple's QuickTime</a> multimedia player application. In other cases, malware writers will use threats based more on social engineering, such as with the <a href="http://us.rd.yahoo.com/dailynews/infoworld/tc_infoworld/storytext/94704/26005514/SIG=130jgpiio/*http://www.infoworld.com/article/08/01/15/Mac-security-program-scares-users-into-buying_1.html">MacSweeper rogue cleanup tool</a> that appeared during Macworld Expo, the researcher said.<br />MacSweeper serves as evidence that developers -- both credible and not -- have already begin to turn more of their attention to Apple platforms, anticipating Mac users' security fears, Marcus said. Although MacSweeper is pitched by its creators as a utility for cleaning malware programs and other unwanted software off of Mac OS computers, it has proven to <a href="http://us.rd.yahoo.com/dailynews/infoworld/tc_infoworld/storytext/94704/26005514/SIG=11hjfrqte/*http://www.news.com/8301-10784_3-9850942-7.html">do almost nothing</a> of the sort, despite its $40 asking price.<br /><br />David Maynor, chief technology officer of research and consulting firm Errata Security, said that one area where attackers may seek to assail the Mac OS is via flaws found in some of the older open source libraries of software code used in the platform.<br />Apple also typically lags in patching issues found in those code libraries, such as with the Samba networking protocol used in the company's Mac OS X.<br />Even when the Samba open source community has created a fix for a known security issue, it often takes Apple three to four months to introduce a related patch for its products, giving any attackers looking to subvert Mac systems a lengthy window of opportunity to do so, Maynor maintained.<br /><br />"If someone has a list of these open source security issues in the projects included in Mac OS, they could use that against OS X users," said Maynor. "Samba is a perfect example, as there is generally a large window there."<br /><br />A rise in underground malware activityMaynor said that he observed an increase in Apple-related activity in the underground malware research community last year around several previous QuickTime vulnerabilities.<br />"It's not that the number of Mac vulnerabilities is rising. If you look at their own security archives, you'll see that there were always a lot that were reported, but no one cared in the past," Maynor said. "One of the problems is that a lot of users buy into the misconception that Mac OS is more secure because of Apple's development process, but that's not really the case. Some people also feel that they are protected by Apple's smaller market share, but with more of these computers out there, more attention is being paid to it."<br /><br />According to officials with Lumension, a software vendor that specializes in vulnerability scanning and patching, Mac OS has actually had far more security flaws reported in the last year than Microsoft Windows. Don Leatham, director of solutions and strategy at Lumension, formerly known as PatchLink, said that Mac OS X had nearly five times as many vulnerabilities reported than Windows during 2007. He noted, however, that many of those issues were considered minor, and that the Microsoft Windows security problems were notably more critical.<br />But Leatham agreed that publicly reported holes in Mac OS products tend to stay unaddressed longer than their Windows counterparts. "It's not always about the sheer number of exploits anyways; it's more about the speed at which real exploits are being created. That's what people will need to be worried about going forward," Leatham said. "If you get to the point where you have professional malware development kits being sold on the underground, as we have today for Windows, that's when there could be real problems for Mac. But we haven't seen any of those just yet."<br /><br />Leatham added that, as with other mobile devices, Apple's iPhone has yet to see any truly dangerous malware attacks. However, when Apple releases its mobile applications development toolkit for the handhelds in February, he said it will be interesting to see if anyone tries to take advantage of the package to aim new threats at the phones.<br />"It would obviously still be a bigger deal if someone created a successful attack that targeted the Research in Motion BlackBerry platform, because those are the devices of choice in most businesses, but with 4 million devices sold by Apple, some of these handhelds are already finding their way into the enterprise," said Leatham. "iPhone has been considered very safe thus far because of Apple's rigorous applications white-listing approach, but we'll be curious to see the security features open to developers in the new toolkit and whether it will attract the interest of any malware writers."<br /><br />Short-term safety, longer-term concernFor now, Apple users likely have little to worry about, the industry watchers agreed. Even with Apple's dramatic market share gains, the majority of its computers are being purchased by consumers, and malware professionals are more concerned with trying to exploit Windows vulnerabilities to steal valuable data from business users, experts contend.<br />"We're nowhere near a tipping point where, from an economic standpoint, it will be a better strategy for attackers to target Macs vs. PCs," said Andrew Jaquith, an analyst with the Yankee Group. "People who write malware for a living are professionals, they want to get the best return on investment from their work, and there are still much higher returns to be found in the Windows space.<br />"We will probably see some opportunistic things being developed on the Mac side as the market share numbers increase, but it's still nowhere near the epidemic we've experienced with Windows," Jaquith said. "Mac is still a safer platform, although not necessarily a more secure one."<br /><br />Reached for comment, an Apple spokesman said that the company takes security "very seriously" and defended that the company has "a great track record of addressing potential vulnerabilities before they can affect users." However, the spokesman reiterated that the firm always welcomes feedback on how to improve security on the Mac.My-Antivirushttp://www.blogger.com/profile/16717835825434216940noreply@blogger.com4tag:blogger.com,1999:blog-1804135263449939268.post-75544166216464673852007-12-04T11:56:00.000+08:002007-12-04T12:05:33.347+08:00Shell, Rolls Royce reportedly hacked by Chinese spies<span> Jeremy Kirk</span><span style="font-weight: bold;"><br />InfoWorld</span><span style="font-weight: bold;"><br />Website: <a href="http://www.infoworld.com">http://www.infoworld.com</a><br /></span><br />San Francisco - Britain's domestic intelligence agency is warning that cybercrime perpetrated by <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1196701079_0">China</span> is on the rise following hacking attacks against Rolls-Royce and Royal Dutch Shell. <p>The agency, known as MI5, recently sent letters to some 300 banks, accounting and legal firms warning that "state organizations" of China were plying their networks for information, according to the <a href="http://us.rd.yahoo.com/dailynews/infoworld/tc_infoworld/storytext/93787/25426095/SIG=12hpcut3g/*http://business.timesonline.co.uk/tol/business/markets/china/article2988228.ece"><span style="background: transparent none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;" class="yshortcuts" id="lw_1196701079_1">Times of London</span></a> on Monday.</p> <p>The U.K. government refused on Monday to confirm the letters. However, the reported correspondence comes just a month after the U.K.'s top domestic intelligence officer warned of "high levels" of covert activity by at least 20 foreign intelligence agencies, with <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1196701079_2">Russia</span> and China as the most active.</p> <p>"A number of countries continue to devote considerable time and energy trying to steal our sensitive technology on civilian and military projects, and trying to obtain political and economic intelligence at our expense," said Jonathan Evans, director general of MI5, <a rel="nofollow" href="https://www.mi5.gov.uk/output/Page562.html">in Manchester, U.K.,</a> on Nov. 5.</p> <p>"They do not only use traditional methods to collect intelligence but increasingly deploy sophisticated technical attacks, using the Internet to penetrate computer networks," he said.</p> <p>The Times, quoting an unnamed source, reported that Rolls-Royce's network was infected with a Trojan horse program by Chinese hackers that sent information back to a remote server. Dutch Shell uncovered a Chinese spying ring in Houston, aimed at pilfering confidential pricing information for the oil giant's operations in Africa, the paper said, citing "security sources."</p> <p>Representatives for both companies contacted in <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1196701079_3">London</span> on Monday did not return calls for comment.</p> <p>The rise in hacking originating in China and Russia has been well-documented by security researchers. But its been harder to distinguish between state-sponsored hackers and those just operating in the same geographic region, said Graham Cluley, senior technology consultant for security firm Sophos PLC.</p> <p>Some 30 percent of the malicious software created is written by Chinese, Cluley said. But about 17 percent of those programs are designed to steal the passwords of users who play online games rather than intended for industrial espionage, he said.</p> <p>"It's not all <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1196701079_4">James Bond</span>," Cluley said.</p> <p>Hackers are also tough to trace since they can often control networks of other computers, called botnets, which can be used to carry out commands and attacks.</p> <p>Botnet investigations are time-intensive and difficult for law enforcement since the computers are often in different countries, requiring international legal cooperation.</p> <p>Spying to gain an advantage over a commercial competitor is nothing new, and it's hard to definitively blame China for it, said Peter Sommer, who teaches information systems security at the <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1196701079_5">London School of Economics</span> and also wrote "The Industrial Espionage Handbook."</p> <p>The job of an industrial spy has also become a lot easier with the advent of the Internet, Sommer said. About 90 of intelligence collected by agents is "open source," or already public information.</p> <p>"You no longer have to get into buildings and try and meet people," Sommer said.</p> <p>Public Web sites of companies are rife with e-mail addresses of employees who can be "spear-phished," or sent e-mail with a malicious software such as a keystroke logger. The hacker uses social-engineering tricks in order to get the worker to open the attachment, opening up access to a company's network.</p><br /><p style="font-weight: bold;"><br /><span style="font-weight: bold;"></span></p><p style="font-weight: bold;"><span style="font-weight: bold;"><a href="http://www.infoworld.com"><br /></a></span></p>My-Antivirushttp://www.blogger.com/profile/16717835825434216940noreply@blogger.com2tag:blogger.com,1999:blog-1804135263449939268.post-80019555799700927622007-12-04T11:46:00.000+08:002007-12-04T11:50:28.692+08:00McAfee: Vista Likely a Hacker Target in 2008<span> Jennifer LeClaire<br /></span><span style="font-weight: bold;">News Factor Network<br /></span><span style="font-weight: bold;">Website: <a href="http://www.newsfactor.com/">http://www.newsfactor.com</a><br /><br /></span><p> <span style="border-bottom: 1px dashed rgb(0, 102, 204); background: transparent none repeat scroll 0% 50%; cursor: pointer; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;" class="yshortcuts" id="lw_1196276661_0">Windows Vista</span> is being relegated to the doghouse again this week for being slower than XP, and security experts are warning that Vista might face more serious malware in the upcoming year. </p> <p> New tests show that <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1196276661_1">Windows XP</span>, coupled with the forthcoming Service Pack 3, performs twice as well as Vista with SP1. Devil Mountain Software discovered that a preview version of SP3 for Windows XP offered a 10 percent performance boost. The software development firm said that performance gains with SP1 for Vista were negligible. </p> <p> However, slower speed is one issue, security is another. Considering the probability that more businesses will begin migrating to Vista in 2008, security analysts say that the security of <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1196276661_2">Microsoft</span>'s latest operating system might be a larger problem than performance. </p> <p> <b> Vista Migration Mixed with Danger? </b> </p> <p> The release of Service Pack 1 for Windows Vista is likely to accelerate the adoption rate of Redmond's latest operating system and have a corresponding impact on the bottom lines of malware writers, who have largely continued to target Microsoft's earlier operating systems. According to <span style="border-bottom: 1px dashed rgb(0, 102, 204); background: transparent none repeat scroll 0% 50%; cursor: pointer; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;" class="yshortcuts" id="lw_1196276661_3">McAfee</span>, if professional malware authors begin to see an impact on their businesses as Vista becomes more popular, they might expand their efforts to find holes in the new operating system. </p> <p>Of course, the antivirus firm added, that doesn't mean older threats to Windows XP will disappear. It was several years after the Java vulnerability named in Microsoft Security Bulletin M503-011 was patched before exploits targeting that vulnerability fell off the list of <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1196276661_4">McAfee Avert Labs</span> top 10 threats to consumers. The old threats will persist, McAfee warned, but a new crop is on its way. </p> <p> The National Vulnerability Database reported 10 Vista vulnerabilities in the first nine months after the OS was released. This compares with 16 XP vulnerabilities during the same length of time. The number of reported Windows XP vulnerabilities more than doubled in the following 12 months. If history repeats itself, McAfee cautioned, businesses can expect far more than 20 Windows Vista vulnerabilities to be reported in 2008. </p> <p> <b> 2008: A Year of Security Challenges? </b> </p> <p>The way iSight Partners' Director of Global Response Ken Dunham sees it, 2008 is a significant year for Windows Vista. On the business side, he noted, 2008 marks the year when many corporations will start to consider Vista seriously. </p> <p>Dunham also said that 2008 presents new opportunities for hackers who are looking for corporate assets to attack while companies migrate to Vista. "Vista contains many new important security updates but is not invulnerable to attack," Dunham argued. "Hackers are actively looking for ways to exploit Vista, Internet Explorer 7, and other new features for maximum profit." </p> <p> Of course, Vista isn't the only software system facing security threats. McAfee said there's a target on <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1196276661_5">Web 2.0</span>, online gaming, and instant messaging. "Threats are increasingly moving to the Web and migrating to newer technologies such as VoIP and instant messaging," <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1196276661_6">Jeff Green</span>, senior vice president of McAfee Avert Labs, said in a statement. </p> <p> "Professional and organized criminals continue to drive a lot of the malicious activity," Green said. "As they become increasingly sophisticated, it is more important than ever to be aware and secure when traversing the Web."</p>My-Antivirushttp://www.blogger.com/profile/16717835825434216940noreply@blogger.com3tag:blogger.com,1999:blog-1804135263449939268.post-44843831861939199322007-12-04T11:42:00.000+08:002007-12-04T11:55:00.813+08:00Google Purges Malware Sites Targeting Searchers<p style="font-weight: bold;"><span style="font-weight: bold;">InformationWeek </span><br /><span style="font-weight: bold;">Website: <a href="http://www.informationweek.com/">http://www.informationweek.com</a></span></p><p style="font-weight: bold;"><span style="font-weight: bold;"><a href="http://www.techweb.com/"></a></span></p> <!-- end storyhdr --> <p> In response to a concerted effort by cybercriminals to infect the computers of Google users with malware and make them unwitting partners in crime, <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1196314632_0">Google</span> apparently has purged tens of thousands of malicious Web pages from its index. </p><div class="lrec"><script language="JavaScript1.1" src="http://ad.doubleclick.net/adj/N3880.SD1509.3880/B2391530.26;dcove=o;sz=300x250;dcopt=rcl;click=http://us.ard.yahoo.com/SIG=12hghfia6/M=606813.11902950.12350104.1442997/D=news/S=97570179:LREC/_ylt=AqR4xz33SG4NAChNyILg7ISDzdAF/Y=YAHOO/EXP=1196746889/A=5074798/R=0/*;ord=1196739689901417?"></script><!-- Template Id = 1 Template Name = Banner Creative (Flash) --> <!-- Copyright 2002 DoubleClick Inc., All rights reserved. --><script src="http://m1.2mdn.net/879366/flashwrite_1_2.js"></script> <object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="FLASH_AD" height="250" width="300"><param name="movie" value="http://m1.2mdn.net/1333483/fuel_mpg3_300x250_v2.swf?clickTag=http%3A//us.ard.yahoo.com/SIG%3D12hghfia6/M%3D606813.11902950.12350104.1442997/D%3Dnews/S%3D97570179%3ALREC/_ylt%3DAqR4xz33SG4NAChNyILg7ISDzdAF/Y%3DYAHOO/EXP%3D1196746889/A%3D5074798/R%3D0/*http%3A//ad.doubleclick.net/click%253Bh%3Dv8/361e/7/a8/%252a/c%253B119994887%253B5-0%253B0%253B21840770%253B4307-300/250%253B21868936/21886826/1%253B%253B%257Efdr%253D156377429%253B0-0%253B0%253B21814561%253B4307-300/250%253B23464734/23482587/1%253B%253B%257Esscs%253D%253fhttp%3A//www.chevy.com/fuelsolutions"><param name="quality" value="high"><param name="bgcolor" value="#"><param name="wmode" value="opaque"><param name="AllowScriptAccess" value="always"><embed src="http://m1.2mdn.net/1333483/fuel_mpg3_300x250_v2.swf?clickTag=http%3A//us.ard.yahoo.com/SIG%3D12hghfia6/M%3D606813.11902950.12350104.1442997/D%3Dnews/S%3D97570179%3ALREC/_ylt%3DAqR4xz33SG4NAChNyILg7ISDzdAF/Y%3DYAHOO/EXP%3D1196746889/A%3D5074798/R%3D0/*http%3A//ad.doubleclick.net/click%253Bh%3Dv8/361e/7/a8/%252a/c%253B119994887%253B5-0%253B0%253B21840770%253B4307-300/250%253B21868936/21886826/1%253B%253B%257Efdr%253D156377429%253B0-0%253B0%253B21814561%253B4307-300/250%253B23464734/23482587/1%253B%253B%257Esscs%253D%253fhttp%3A//www.chevy.com/fuelsolutions" quality="high" wmode="opaque" swliveconnect="TRUE" bgcolor="#" type="application/x-shockwave-flash" allowscriptaccess="always" height="250" width="300"></embed></object><noscript></noscript><noscript></noscript>In a <a href="http://us.rd.yahoo.com/dailynews/cmp/tc_cmp/storytext/204300556/25373636/SIG=12id20hd6/*http://sunbeltblog.blogspot.com/2007/11/breaking-massive-amounts-of-malware.html">blog post</a> on Monday, Alex Eckelberry, CEO of Sunbelt Software, noted that many search results on Google led to malicious Web pages that expose visitors to exploits that can compromise vulnerable systems. </div> <p>"We're seeing a large amount of seeded search results which lead to malware sites," said Eckelberry. "These are using common, innocent terms -- one researcher landed on a malware site through searching for alternate firmware for a router." </p> <p> Sunbelt published a <a href="http://us.rd.yahoo.com/dailynews/cmp/tc_cmp/storytext/204300556/25373636/SIG=11vns61kn/*http://www.sunbelt-software.com/ihs/alex/searchterms21388.pdf"><span class="yshortcuts" id="lw_1196314632_1">list of search terms</span></a> that returned malicious pages, the result of search engine optimization campaigns by cybercriminals to get their pages prominently ranked in Google -- Sunbelt refers to this as "SEO poisoning." The list includes hundreds of search strings containing the words "<span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1196314632_2">Microsoft Excel</span>," along with a number of other popular technology-oriented terms, products, and companies. </p> <p> On Tuesday, the SANS Institute <a href="http://us.rd.yahoo.com/dailynews/cmp/tc_cmp/storytext/204300556/25373636/SIG=126ogggg0/*http://www.informationweek.com/showArticle.jhtml?articleID=204204049"><span class="yshortcuts" id="lw_1196314632_3">said</span></a> that the number of vulnerabilities in <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1196314632_4">Microsoft Office</span> had grown by 300% from 2006 to 2007, particularly in Excel. </p> <p> A Microsoft spokesperson wasn't immediately available. </p> <p> Sunbelt researcher Adam Thomas in a blog post attributes the thousands of pages to a bot net designed "to post spam links and relevant keywords into online forms (typically comment forms and bulletin board forums)," in order to place prominently in Google searches for those terms. </p> <p> Those duped into visiting malicious Web pages from <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1196314632_5">Google search results</span> could, if their systems are vulnerable, acquire malware known as Scam.Iwin, which is designed to use the victim's computer to defraud Google and its advertisers. "With Scam.Iwin, the victim's computer is used to generate income for the attacker in a pay-per-click affiliate program by transmitting false clicks to the attacker's URLs without the user's knowledge," explained Thomas in a blog post. "The infected Scam.Iwin files are not ordinarily visible to the user. The files are executed and run silently in the background when the user starts the computer and/or connects to the Internet." </p> <p> Google didn't respond to a request for comment. </p> <p>But it appears Google has deleted the malicious pages from its index. "Google took action on these domains and you won't find them anymore in Google," said Eckelberry. </p> <p> According to Trend Micro, cybercriminals have been planning for the holiday online shopping season for months. </p> <p>"Since September, cybercriminals have been boosting their search engine rankings using a variety of methods such as 'comment spam' and 'blog spam' in preparation for the Christmas period," said Raimund Genes, CTO of Trend Micro, in an e-mailed statement. "With shoppers visiting these sites likely to purchase goods online after infection, their credit card details become a main target for cybercriminals looking for financial gains this season." </p> <p>Eckelberry credits the cybercriminals responsible with being particularly crafty because they attempt to conceal their malicious Web pages from certain types of searches favored by malware researchers.</p> <p> </p><center> <p> <a href="http://us.rd.yahoo.com/dailynews/cmp/tc_cmp/storytext/204300556/25373636/SIG=12bm1chli/*http://www.informationweek.com/news/showArticle.jhtml?articleID=204300556"><span style="background: transparent none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;" class="yshortcuts" id="lw_1196314632_6">See original article on InformationWeek.com</span></a> </p></center><p style="font-weight: bold;"><span style="font-weight: bold;"><a href="http://www.techweb.com/"><br /></a></span></p>My-Antivirushttp://www.blogger.com/profile/16717835825434216940noreply@blogger.com7tag:blogger.com,1999:blog-1804135263449939268.post-39518746478831521532007-11-22T21:20:00.000+08:002007-11-22T21:34:57.102+08:00Virus Definition Updates 22/11/2007AVG Anti-Virus Free Edition 7.5<br /><a rel="nofollow" target="_blank" href="http://www.grisoft.cz/softw/70/update/u7avi12091s.bin">Download AVG AVI:269.16.4.1</a><br /><a rel="nofollow" target="_blank" href="http://www.grisoft.cz/softw/70/update/u7avi1209u12051s.bin">Download AVG AVI:269.</a><a rel="nofollow" target="_blank" href="http://www.grisoft.cz/softw/70/update/u7avi1209u12051s.bin">164</a><a rel="nofollow" target="_blank" href="http://www.grisoft.cz/softw/70/update/u7avi1209u12051s.bin">.2</a><br /><a rel="nofollow" target="_blank" href="http://www.grisoft.cz/softw/70/update/u7avi1209u9911s.bin">Download AVG AVI:269.</a><a href="http://www.grisoft.cz/softw/70/update/u7avi1209u9911s.bin"><span style="text-decoration: underline;">16.4</span></a><a rel="nofollow" target="_blank" href="http://www.grisoft.cz/softw/70/update/u7avi1209u9911s.bin">.3</a><br /><a rel="nofollow" target="_blank" href="http://www.grisoft.cz/softw/70/update/u7iavi11551s.bin">Download AVG </a><a rel="nofollow" class="dwnprg" target="_blank" href="http://www.grisoft.cz/softw/70/update/u7iavi11551s.bin">IAVI:1145</a><br />Version: -<br />Date: 22/11/2007<br /><div class="post-body"><div class="post-body"><div class="post-body"><div class="post-body"><div class="post-body"><div class="post-body"><div class="post-body"><div class="post-body"><div class="post-body"><div class="post-body"><div class="post-body"><p>AntiVir PersonalEdition Classic<br /><a rel="nofollow" target="_blank" href="http://dl.antivir.de/down/vdf/ivdf_fusebundle_nt_en.zip">Download AntiVir IVDF</a><br />Version: 7.00.00.248<br />Date: 22/11/2007<br /><br />Avast! 4 Home Edition<br /><a rel="nofollow" target="_blank" href="http://files.avast.com/iavs4pro/vpsupd.exe">Download Avast VPS</a><br />Version: <span class="important_note">071121-0</span><span class="important_note"></span><br />Date: 21/11/2007<br /><br />Symantec<br /><a rel="nofollow" target="_blank" href="http://definitions.symantec.com/defs/20071121-002-i32.exe">Download Norton VDU</a><br /><!-- NAVCEVER start --><!-- NAVCEVER start --><!-- NAVCEVER start --><!-- NAVCEVER start -->Version: 91121b<br />Date: 21/11/2007<br />Supports the following versions of Symantec antivirus software:<br />Norton AntiVirus 2003 Professional Edition<br />Norton AntiVirus 2003 for Windows 98/Me/2000/XP Home/XP Pro<br />Norton AntiVirus 2004 Professional Edition<br />Norton AntiVirus 2004 for Windows 98/Me/2000/XP Home/XP Pro<br />Norton AntiVirus 2005 for Windows 98/Me/2000/XP Home/XP Pro<br />Norton AntiVirus 2006 for Windows 2000/XP Home/XP Pro<br />Norton AntiVirus 2007 for Windows XP Home/XP Pro/Vista<br />Norton AntiVirus for Microsoft Exchange (Intel)<br />Norton SystemWorks (all versions)<br />Norton Utilities for Windows 95/98 (all versions)<br />Symantec AntiVirus 3.0 for CacheFlow Security Gateway<br />Symantec AntiVirus 3.0 for Inktomi Traffic Edge<br />Symantec AntiVirus 3.0 for NetApp Filer/NetCache<br />Symantec AntiVirus 8.0 Corporate Edition Client<br />Symantec AntiVirus 8.1 Corporate Edition Client<br />Symantec AntiVirus 9.0 Corporate Edition Client<br />Symantec AntiVirus 10.0 Corporate Edition Client<br />Symantec AntiVirus 10.1 Corporate Edition Client<br />Symantec AntiVirus 10.2 Corporate Edition Client<br />Symantec Mail Security for Domino v 4.0<br />Symantec Mail Security for Domino v 5.0</p> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div>My-Antivirushttp://www.blogger.com/profile/16717835825434216940noreply@blogger.com0tag:blogger.com,1999:blog-1804135263449939268.post-22083755215850764972007-11-22T21:16:00.000+08:002007-11-22T21:20:30.971+08:00Firefox 2 Security Update Coming<p style="font-weight: bold;"><span style="font-weight: bold;">InformationWeek 21/11/2007</span><br /><span style="font-weight: bold;">Website: <a href="http://www.informationweek.com">http://www.informationweek.com</a></span></p><p> Even as <a href="http://us.rd.yahoo.com/dailynews/cmp/tc_cmp/storytext/204201139/25296405/SIG=12bk9p60o/*http://www.informationweek.com/news/showArticle.jhtml?articleID=204200393"><span class="yshortcuts" id="lw_1195709811_0">Firefox 3</span></a> moves into beta, <a href="http://us.rd.yahoo.com/dailynews/cmp/tc_cmp/storytext/204201139/25296405/SIG=117il52p1/*http://www.mozilla.com/en-US/firefox/"><span class="yshortcuts" id="lw_1195709811_1">Firefox 2</span></a> is getting a security makeover. </p><div class="lrec">The Mozilla Quality Assurance Community has <a href="http://us.rd.yahoo.com/dailynews/cmp/tc_cmp/storytext/204201139/25296405/SIG=11l7tmhup/*http://quality-drupal.stage.mozilla.com/en/node/919"><span class="yshortcuts" id="lw_1195709811_2">called for volunteers</span></a> to help test Release Candidate Builds of Firefox 2.0.0.10, which is expected to be released next week, following the Thanksgiving holiday. </div> <p>Firefox 2.0.0.10 addresses a Java Archive handling bug that was first reported back in February. The vulnerability allows a malicious attacker to conduct a cross-site scripting attack by hiding exploit code in a Java Archive (.jar) file. This is because the .jar protocol is not restricted to .jar files and will open .zip files, which can be malicious. </p> <p>"In simple terms, [this] means that any application which allows upload of .jar/.zip files is potentially vulnerable to a persistent cross-site scripting," said Petko Petkov, founder of security consultancy <a href="http://us.rd.yahoo.com/dailynews/cmp/tc_cmp/storytext/204201139/25296405/SIG=10ns0j545/*http://gnucitizen.org"><span style="background: transparent none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;" class="yshortcuts" id="lw_1195709811_3">gnucitizen.org</span></a>, in <a href="http://us.rd.yahoo.com/dailynews/cmp/tc_cmp/storytext/204201139/25296405/SIG=1282hp64f/*http://www.gnucitizen.org/blog/web-mayhem-firefoxs-jar-protocol-issues"><span class="yshortcuts" id="lw_1195709811_4">blog post</span></a> earlier this month. "Potential targets for this attack include applications such as Web mail clients, collaboration systems, document sharing systems, almost everything that smells like <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1195709811_5">Web 2.0</span>, etc., etc., etc." </p> <p> The browser update also addresses a redirection bug related to .jar/.zip files. </p> <p> The Mozilla Security Blog <a href="http://us.rd.yahoo.com/dailynews/cmp/tc_cmp/storytext/204201139/25296405/SIG=12farnkde/*http://blog.mozilla.com/security/2007/11/16/jar-protocol-xss-security-issues/"><span class="yshortcuts" id="lw_1195709811_6">notes</span></a> that this exploit has been demonstrated to work against Gmail as a way to access the victim's stored contacts. </p> <p> "In future versions Firefox will only support the jar scheme for files that are served with the correct application/java-archive MIME type," says the Mozilla Security Blog. "Firefox will also adjust the security context to recognize the final site as the source of the content. This will be addressed in Firefox 2.0.0.10, which is currently in testing."</p><p style="font-weight: bold;"><br /><span style="font-weight: bold;"></span></p>My-Antivirushttp://www.blogger.com/profile/16717835825434216940noreply@blogger.com0tag:blogger.com,1999:blog-1804135263449939268.post-5775834028796362232007-11-22T21:12:00.000+08:002007-11-22T21:15:45.004+08:00MySpace Hacker Tells His Story<p style="font-weight: bold;"><span style="font-weight: bold;">PC World 20/11/2007</span><br /><span style="font-weight: bold;">Website: <a href="http://www.pcworld.com">http://www.pcworld.com</a></span></p><p> If Samy Kamkar plays his cards right, he may be allowed to visit MySpace again in just a few months. For the time being, however, he's not even allowed to touch a computer, following a January 2007 guilty plea for creating what many consider to be the first Web 2.0 worm: the Samy worm.</p>Samy's worm wasn't malicious, but it did force News Corp.'s MySpace social-networking site to shut down in late 2005 after forcing more than 1 million users to declare Samy a "hero" on their profile pages. <p>Last week, Samy, who is now 21, made his first public appearance since his conviction, attending the OWASP App Sec 2007 conference, hosted by eBay, in San Jose, California. He was treated like a celebrity at the show, but there were some complications. Under the terms of his plea agreement, he can only use computers for work, so he was forced to show slides that he'd dictated to a friend on a computer that was operated by a conference staffer. </p> <p>It's not easy being a computer geek cut off from computers, but if Samy remains a model parolee, he could be allowed to use computers again in a couple of months. He talked to IDG News Service about what life has been like since his arrest and what he plans to do as soon as he's online again.</p> <p>IDGNS: What were you thinking when you wrote the Samy worm?</p> <p>Kamkar: When I wrote the worm, it initially wasn't a worm. Initially I was just trying to spruce up my MySpace profile. I also wanted to show off to a couple of friends, so I thought 'wouldn't it be cool if I did this? What if I made some of these people add me as a friend automatically?' Then I figured, 'what if I made them add me as a hero?' So I wrote a little code and what ended up happening is whenever someone viewed my profile, they would automatically add 'But most of all, Samy is my hero' at the end of their hero section on their profile. And after that, I thought, 'If I can make this person my friend, if I can make myself their hero, couldn't I just copy this code onto their profile?'</p> <p>I didn't think this would be a big deal, so I tried it out. I thought maybe I'll get one friend tomorrow and a few in maybe a few days. It went quickly. Apparently, MySpace is a bigger place than I assumed.</p> <p>IDGNS: How hard was it to write the worm?</p> <p>Kamkar: I'm not a Web application security expert, but I'm into security and I'm into Web applications. As a programmer, it wasn't too much to learn how to use AJAX, which really helped make the worm work and proliferate really quickly. It only took a few days to write the thing from start to finish and it was only in the last day that I thought that this could be a worm.</p> <p>IDGNS: Do you think it would be easy to write another MySpace worm now?</p> <p>Kamkar: It would be much harder to write a MySpace worm right now just because they've added so many restrictions, but it's always possible and there are so many other sites that these exploits are available on. So it could still happen.</p> <p>I think that more worms are going to come out. I've heard of more worms trying to take off using the same code base that I wrote, and just changing a few things. Luckily restrictions have really prevented those from working out too well. But yeah, from here on out, I think worms are only going to get more advanced.</p> <p>IDGNS: What's your life been like since you pleaded guilty in this case last January?</p> <p>Kamkar: My life has been a bit different. I have computer restrictions now, so I can only use computers for work purposes. I also serve community service and I'm on probation. So on top of the restitution, it's a little more than a slap on the wrist.</p> <p>IDGNS: The worm you wrote was fairly innocuous. It just made you really popular on MySpace. How do you feel about being indicted for this?</p> <p>Kamkar: Well, I didn't have malicious intent writing the worm. I understand that it was a big example of what you shouldn't be doing, so I think if I were in their shoes, maybe I'd do the same thing. Maybe I'd say, 'Well that guy got a lot of press. He's showing, this is how you hack a Web site and this is how you write a worm, and we want to make sure people don't do that.'</p> <p>And I agree that people shouldn't be doing that and I shouldn't have released that. So I sort of see it on both sides.</p> <p>IDGNS: Do you regret doing it?</p> <p> Kamkar: I wish I could take it back.</p> <p> IDGNS: What's the first thing you're going to do when you're free to use a computer again?</p> <p> Kamkar: The first thing I'm going to do when I can use a computer again is probably just get back into development on the site and write projects that are interesting to me and non-malicious. No more worms.</p> <p> IDGNS: Would you work for MySpace if they wanted you to?</p> <p> Kamkar: I think in the future, I'd be happy to help out because they actually provide a pretty cool site. Right now, I'm involved in one project with one company, but in the future, that's definitely an option.</p>My-Antivirushttp://www.blogger.com/profile/16717835825434216940noreply@blogger.com0tag:blogger.com,1999:blog-1804135263449939268.post-89551992701686757252007-11-13T13:50:00.000+08:002007-11-13T13:52:21.773+08:00MySpace Still Denies Security Holes<p style="font-weight: bold;"><span style="font-weight: bold;">News Factor Network 12/11/2007</span><br /><span style="font-weight: bold;">Website: <a href="http://www.newsfactor.com/">http://www.newsfactor.com</a></span></p><p style="font-weight: bold;"> <span style="border-bottom: 1px dashed rgb(0, 102, 204); background: transparent none repeat scroll 0% 50%; cursor: pointer; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;" class="yshortcuts" id="lw_1194930096_0">Alicia Keys</span>' <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1194930096_1">MySpace</span> page isn't the only profile to be hacked with malware. Some 8,000 band profiles have been hacked in the exact same way -- and many of those profiles are still linked to malware sites, according to security researcher Chris Boyd, who first posted information about the attack on October 31.</p>MySpace has denied that there is a security problem with the social-networking site, saying that the bands that were hacked fell victim to phishing attacks, which compromised their profile passwords. <p>Writing on his VitalSecurity blog, Boyd said MySpace's explanation defies rational thinking. "This is patently nonsense," Boyd wrote. "What -- an endless stream of bands, record labels, music newspapers, and producers all woke up yesterday and forgot what the real MySpace Web site looks like? Give me a break." </p> <p> <b> 'Bubbling Scum of Malware' </b> </p> <p>The fact that Keys' profile was rehacked after MySpace announced it had been cleaned belies the notion that phishing is responsible, said Andrew Storms, director of security operations for nCircle. "I tend to agree that there is a yet-to-be-reported problem with MySpace," Storms said. "MySpace has gotten a bad rep as a bubbling scum of malware," he added. "It's where people go to incubate their malware." </p> <p>In the so-called Alicia Keys hack, malware authors inserted a very large transparent background image on the site, linked to the malware being hosted in <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1194930096_2">China</span>. "It's a classic drive-by attack," Storms said. "The user doesn't even have to click." Simply by mousing over the page, users are inviting the malware onto their system. </p> <p>"The first attempt is to install it automatically," Storms said. If that doesn't work, the malware presents a prompt, saying that a new codec is needed to play a video. By default, browsers are set to prompt the user before installing software, but they also present an option to download automatically, which many users choose, Storms said. </p> <p>"You know a site has got problems when the only surefire solution to not be subjected to hack attacks and dubious redirects is to not use it. But that's currently where we are. Well played, MySpace," Boyd wrote on his blog. </p> <p> <b> MySpace Should Act Soon </b> </p> <p>Making matters worse, MySpace has simply deleted many affected bands' profiles, including their content and friend information, without so much as a warning, according to press reports. Vaughn Atkinson, guitarist with the British band JetKing, said MySpace deleted the band's profile and has refused to restore it from backup. Many little-known bands are in similar straits, Boyd said. </p> <p>"So you can imagine how angry a lot of these bands are when they've gone and built that complex network of friends, people who spread the word about their music, promoters, upcoming shows, and a lot more besides and then -- whoops. No more MySpace page." </p> <p>As this story continues to grow, Storms said, MySpace will have to take action. "MySpace is going to have to come out soon with some more information, he said. "They're going to have to say we've identified the security problem and it's been fixed or we've reset all these profiles -- or both." </p> <p>While to some degree bands "get what they pay for" -- nothing, in this case -- MySpace should treat all users the same, Storms added. "If this kind of hacking continues, they're going to have to offer some sort of user-initiated rollback," he said.</p><p style="font-weight: bold;"><br /><span style="font-weight: bold;"></span></p>My-Antivirushttp://www.blogger.com/profile/16717835825434216940noreply@blogger.com0tag:blogger.com,1999:blog-1804135263449939268.post-46598236191052430022007-11-13T13:46:00.000+08:002007-11-13T13:49:27.476+08:00Some Ad Networks Are Bad News<p>By <span> Larry Seltzer - eWEEK</span></p><p><span><br /></span></p><p> You wouldn't go surfing to just any site. You're careful about where you go. You only go to sites you trust. </p> <p>But who are you trusting? A series of recent attacks has resulted in seemingly respectable news sites serving malware and redirecting users to sites that serve malware.</p> <p>The problem is in the ads on those news sites. The ads are served by advertising networks that weren't careful enough with their own security. When you trust a Web site you have to trust everyone it's in bed with.</p><p>The first one I became aware of was YNet, an Israeli news site. Don't go to that site just yet. The <a href="http://us.rd.yahoo.com/dailynews/zd/tc_zd/storytext/219243/25182782/SIG=10l8fb4nf/*http://Ynetnews.com"><span class="yshortcuts" id="lw_1194914563_2">Ynetnews.com</span></a> site I read is in English. The Hebrew site at <a href="http://us.rd.yahoo.com/dailynews/zd/tc_zd/storytext/219243/25182782/SIG=10jivbj3e/*http://ynet.co.il"><span class="yshortcuts" id="lw_1194914563_3">ynet.co.il</span></a> is far more popular, in fact the most popular news site in <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1194914563_4">Israel</span>. It is the Internet site for Yedioth Ahronoth, a very large Israeli newspaper.</p> <p>About two weeks ago I noticed that after going to the page from a bookmark that had only the domain name in it I was redirected to a different site on the domain <a href="http://us.rd.yahoo.com/dailynews/zd/tc_zd/storytext/219243/25182782/SIG=10pga6t8u/*http://malware-scan.com"><span class="yshortcuts" id="lw_1194914563_5">malware-scan.com</span></a>, a classic "rogue anti-spyware" site that I recognized from prior experience. There are a variety of scams that come from this domain, but this one said that my system was infected with malware and that they could scan it. The browser window shrinks down to dialog box size to give the appearance of a dialog box. You can't cancel out; no matter what you do (other than killing the process in Task Manager) you are brought to the "scanning" Web site, where your system is faux-scanned, and lots of malware is found on it.</p> <p>I've observed this attack many times now, both through up-to-date versions of Internet Explorer and Firefox. Sometimes the "app" being pushed is a "performance optimizer" rather than a malware scanner, but in any event it's malware. Kaspersky Antivirus on my system recognized it as "not-virus.Hoax.Win32.Renos.kd." I got a lot of analysis help from the ubiquitous Gadi Evron, from independent analyst <a href="http://us.rd.yahoo.com/dailynews/zd/tc_zd/storytext/219243/25182782/SIG=10ph49cq6/*http://www.larholm.com/"><span class="yshortcuts" id="lw_1194914563_6">Thor Larholm</span></a> and from Adam Thomas of <a href="http://us.rd.yahoo.com/dailynews/zd/tc_zd/storytext/219243/25182782/SIG=1115m0m5f/*http://www.sunbeltsoftware.com/"><span class="yshortcuts" id="lw_1194914563_7">Sunbelt Software</span></a>.</p> <p>The redirect came from code in one of the many ad sections in the Ynetnews.com home page. The code in this page is disturbingly complex and contains a large number of IFRAME tags, many to other domains. An IFRAME tells the browser to go to some other site and read in the HTML from there. This is an example of what is called transitive trust: I trusted Ynet, it trusted its ad providers, therefore I trusted those ad providers. Big mistake. The attack is still up and running as of Sunday, Nov. 11. Incidentally, the actual attack came through Flash code on one of the ad domains (<a href="http://us.rd.yahoo.com/dailynews/zd/tc_zd/storytext/219243/25182782/SIG=10kh7jqkm/*http://adtraff.com"><span class="yshortcuts" id="lw_1194914563_8">adtraff.com</span></a>) that performed the redirect. </p> <p>And Ynet isn't the only news site to be infected with this plague. It's spreading. <a href="http://us.rd.yahoo.com/dailynews/zd/tc_zd/storytext/219243/25182782/SIG=11af6qtiv/*http://www.azstarnet.com/business/209714"><span class="yshortcuts" id="lw_1194914563_10">Tucson Newspapers had a similar attack</span></a>. That attack, according to a report, was on the site for 10 to 18 days. They say, "Our people reacted very quickly," which seems to be a contradiction.</p> <p>A third attack, on the Boston Herald, was reported to have come in through a Flash ad on <a href="http://us.rd.yahoo.com/dailynews/zd/tc_zd/storytext/219243/25182782/SIG=10ohlj7uu/*http://advertising.com"><span style="background: transparent none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;" class="yshortcuts" id="lw_1194914563_11">advertising.com</span></a>. I've confirmed that the attack is still on the advertising.com site, although it's not clear that that specific flash movie is actually being served on any advertising.com customer sites.</p> <p>The <a href="http://us.rd.yahoo.com/dailynews/zd/tc_zd/storytext/219243/25182782/SIG=10pga6t8u/*http://malware-scan.com"><span style="background: transparent none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;" class="yshortcuts" id="lw_1194914563_12">malware-scan.com</span></a> attack itself is interesting enough (yawn!), but I'm basically interested in how legitimate news organizations got to include such obviously undesirable content on their sites. Not only does the attack itself subject the user to malware, but it takes them away from the news site. And yet Ynet hasn't bothered yet to do anything about it, at least as far as I can tell.</p> <p>In all of these news site cases, I've seen the redirect performed through the same Flash movie mechanism, but I think the movie was served from three different sources: advertising.com, adtraff.com and in the Tucson Newspapers site all of the ad content appears to be served from <a href="http://us.rd.yahoo.com/dailynews/zd/tc_zd/storytext/219243/25182782/SIG=10j3s392a/*http://tucson.com"><span class="yshortcuts" id="lw_1194914563_13">tucson.com</span></a> through Akamai. Ad networks have complicated relationships, but I'm definitely confused. Someone is selling this dirty ad, and legitimate sites are getting scammed.</p> <p>And then, just as I was finishing up this column, we found another one on an even more significant site: MLB.com, the site of Major League Baseball. It's not clear yet where the redirect is coming from, but it goes through <a href="http://us.rd.yahoo.com/dailynews/zd/tc_zd/storytext/219243/25182782/SIG=10onadcg0/*http://newbieguide.com"><span class="yshortcuts" id="lw_1194914563_14">newbieguide.com</span></a>, which hosts what seems to be the same malicious Flash movie, to <a href="http://us.rd.yahoo.com/dailynews/zd/tc_zd/storytext/219243/25182782/SIG=10osuk33j/*http://adverdaemon.com"><span class="yshortcuts" id="lw_1194914563_15">adverdaemon.com</span></a> and on to the fake anti-malware ad, which we've seen both at <a href="http://us.rd.yahoo.com/dailynews/zd/tc_zd/storytext/219243/25182782/SIG=10ndmunjm/*http://longlifepc.com"><span style="background: transparent none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;" class="yshortcuts" id="lw_1194914563_16">longlifepc.com</span></a> and <a href="http://us.rd.yahoo.com/dailynews/zd/tc_zd/storytext/219243/25182782/SIG=10nc0co2i/*http://fixthemnow.com"><span class="yshortcuts" id="lw_1194914563_17">fixthemnow.com</span></a>.</p> <p>BTW, yes, of course even eWEEK has ads from outside ad networks such as DoubleClick, recently bought by <span style="border-bottom: 1px dashed rgb(0, 102, 204); background: transparent none repeat scroll 0% 50%; cursor: pointer; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;" class="yshortcuts" id="lw_1194914563_19">Google</span>. Is this a risk? At some level yes, of course it is. Both DoubleClick and eWEEK have no history of problems in this regard that I can recall, and I wouldn't tell you to avoid any specific sites, except maybe <a href="http://us.rd.yahoo.com/dailynews/zd/tc_zd/storytext/219243/25182782/SIG=10l8fb4nf/*http://YNetnews.com"><span class="yshortcuts" id="lw_1194914563_20">YNetnews.com</span></a>.</p> <p> The point is that Web sites that have content relationships with outside sites need to scrutinize the content coming from those sites. They need accountability from those partners, and they need contingency plans for taking the content down in case there's a problem with it. And someone needs to investigate these malware ad attacks further to find out how legitimate sites can avoid them.</p> <p> <i>Security Center Editor <a href="http://us.rd.yahoo.com/dailynews/zd/tc_zd/storytext/219243/25182782/SIG=10ia4d1ba/*http://eWEEK.com"><span class="yshortcuts" id="lw_1194914563_21">eWEEK.com</span></a>'s <a href="http://us.rd.yahoo.com/dailynews/zd/tc_zd/storytext/219243/25182782/SIG=12fmnt31u/*http://www.eweek.com/category2/0,1738,1237860,00.asp?kc=EWYH104039TX1B0000665"><span class="yshortcuts" id="lw_1194914563_22">Security Center</span></a> for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's blog <a href="http://us.rd.yahoo.com/dailynews/zd/tc_zd/storytext/219243/25182782/SIG=1140f04pl/*http://blogs.eweek.com/cheap_hack/"><span class="yshortcuts" id="lw_1194914563_23">Cheap Hack</span></a> </i></p>My-Antivirushttp://www.blogger.com/profile/16717835825434216940noreply@blogger.com0tag:blogger.com,1999:blog-1804135263449939268.post-88740007816601424322007-11-10T22:59:00.000+08:002007-11-10T23:03:33.858+08:00Hacker Pleads Guilty to Spreading Botnets<p style="font-weight: bold;"><span style="font-weight: bold;">PCWorld 10/11/2007</span><br /><span style="font-weight: bold;">Website: <a href="http://www.pcworld.com">http://www.pcworld.com</a></span></p><p style="font-weight: bold;"> A hacker has pleaded guilty to infecting hundreds of thousands of computers with malware in order to steal money from Paypal accounts. He could spend 60 years in prison and face a US$1.75 million fine. </p> <p>John Schiefer, 26, admitted that he and some associates developed malware that allowed them to create botnet armies of as many as 250,000 computers. Schiefer was able to collect information sent from the infected computers, including usernames and passwords for Paypal accounts. He and his associates were then able to make purchases using the Paypal accounts. They also shared the password information with others. </p> <p>This is the first prosecution of a hacker for this type of activity, according to the United States Attorney's Office for the Central District of California. The Federal Bureau of Investigation pursued the case. </p> <p>Schiefer says he also found Paypal usernames and passwords using malware that could access usernames filed in a secure storage area on the computers. The malware would send that information to Schiefer, who used it to access the accounts. </p> <p>Schiefer also acknowledged fraudulently earning more than $19,000 from a Dutch Internet advertising agency that hired him as a consultant. He was supposed to install the company's programs on computers after receiving consent from computer owners. Instead, he and his associates installed it on 150,000 computers that were infected with his malware. </p> <p>Schiefer is scheduled to appear in the U.S. District Court in <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1194706170_0">Los Angeles</span> on Nov. 28 and be arraigned on Dec. 3. </p>My-Antivirushttp://www.blogger.com/profile/16717835825434216940noreply@blogger.com1tag:blogger.com,1999:blog-1804135263449939268.post-76399445605510934572007-11-10T22:46:00.000+08:002007-11-10T22:52:45.002+08:00Virus Definition Updates 10/11/2007<div class="post-body"> <div class="post-body"> <div class="post-body"> <p>AVG Anti-Virus Free Edition 7.5<br /><a rel="nofollow" target="_blank" href="http://www.grisoft.cz/softw/70/update/u7avi1198na.bin">Download AVG AVI:269.15.28.1</a><br /><a rel="nofollow" target="_blank" href="http://www.grisoft.cz/softw/70/update/u7avi1198u1170na.bin">Download AVG AVI:269.</a><a rel="nofollow" target="_blank" href="http://www.grisoft.cz/softw/70/update/u7avi1198u1170na.bin">15.28</a><a rel="nofollow" target="_blank" href="http://www.grisoft.cz/softw/70/update/u7avi1198u1170na.bin">.2</a><br /><a rel="nofollow" target="_blank" href="http://www.grisoft.cz/softw/70/update/u7avi1198u991na.bin">Download AVG AVI:269.</a><a rel="nofollow" target="_blank" href="http://www.grisoft.cz/softw/70/update/u7avi1198u991na.bin">15.28</a><a rel="nofollow" target="_blank" href="http://www.grisoft.cz/softw/70/update/u7avi1198u991na.bin">.3</a><br /><a rel="nofollow" target="_blank" href="http://www.grisoft.cz/softw/70/update/u7iavi1132na.bin">Download AVG </a><a rel="nofollow" class="dwnprg" target="_blank" href="http://www.grisoft.cz/softw/70/update/u7iavi1132na.bin">IAVI:1122</a><br />Version: -<br />Date: 10/11/2007<br /></p><div class="post-body"><div class="post-body"><div class="post-body"><div class="post-body"><div class="post-body"><div class="post-body"><div class="post-body"><p>AntiVir PersonalEdition Classic<br /><a rel="nofollow" target="_blank" href="http://dl.antivir.de/down/vdf/ivdf_fusebundle_nt_en.zip">Download AntiVir IVDF</a><br />Version: 7.00.00.197<br />Date: 9/11/2007<br /><br />Avast! 4 Home Edition<br /><a rel="nofollow" target="_blank" href="http://files.avast.com/iavs4pro/vpsupd.exe">Download Avast VPS</a><br />Version: <span class="important_note">071109-0</span><span class="important_note"></span><br />Date: 9/11/2007<br /><br />Symantec<br /><a rel="nofollow" target="_blank" href="http://definitions.symantec.com/defs/20071109-017-i32.exe">Download Norton VDU</a><br /><!-- NAVCEVER start --><!-- NAVCEVER start --><!-- NAVCEVER start --><!-- NAVCEVER start -->Version: 91109q<br />Date: 9/11/2007<br />Supports the following versions of Symantec antivirus software:<br />Norton AntiVirus 2003 Professional Edition<br />Norton AntiVirus 2003 for Windows 98/Me/2000/XP Home/XP Pro<br />Norton AntiVirus 2004 Professional Edition<br />Norton AntiVirus 2004 for Windows 98/Me/2000/XP Home/XP Pro<br />Norton AntiVirus 2005 for Windows 98/Me/2000/XP Home/XP Pro<br />Norton AntiVirus 2006 for Windows 2000/XP Home/XP Pro<br />Norton AntiVirus 2007 for Windows XP Home/XP Pro/Vista<br />Norton AntiVirus for Microsoft Exchange (Intel)<br />Norton SystemWorks (all versions)<br />Norton Utilities for Windows 95/98 (all versions)<br />Symantec AntiVirus 3.0 for CacheFlow Security Gateway<br />Symantec AntiVirus 3.0 for Inktomi Traffic Edge<br />Symantec AntiVirus 3.0 for NetApp Filer/NetCache<br />Symantec AntiVirus 8.0 Corporate Edition Client<br />Symantec AntiVirus 8.1 Corporate Edition Client<br />Symantec AntiVirus 9.0 Corporate Edition Client<br />Symantec AntiVirus 10.0 Corporate Edition Client<br />Symantec AntiVirus 10.1 Corporate Edition Client<br />Symantec AntiVirus 10.2 Corporate Edition Client<br />Symantec Mail Security for Domino v 4.0<br />Symantec Mail Security for Domino v 5.0</p> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div>My-Antivirushttp://www.blogger.com/profile/16717835825434216940noreply@blogger.com0tag:blogger.com,1999:blog-1804135263449939268.post-26417657860413509332007-11-10T15:54:00.000+08:002007-11-10T15:57:33.079+08:00Malware Planted on MySpace Once Again<p style="font-weight: bold;"><span style="font-weight: bold;">News Factor Network 9/11/2007</span><br /><span style="font-weight: bold;">Website: <a href="http://www.newsfactor.com">http://www.newsfactor.com</a></span></p><p style="font-weight: bold;"> Attackers are piggybacking on the fame of R&B recording artist <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1194645181_0">Alicia Keys</span> to spread their malware over the Web. Keys' <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1194645181_1">MySpace</span> page has been infected with malicious software.</p>Exploit Prevention Labs discovered the attack, one of several targeted MySpace pages. French funk band Greements of Fortune and Glasgow rock band Dykeenies were also targets of the Web-based attack. <p>"When a visitor visits the infected page, they're first hit by an exploit which installs malware in the background if they're not fully patched against the latest security vulnerabilities, and next they're presented with a fake codec which tells them they need to install a codec to view the video," said Roger Thompson, CTO at Exploit Prevention Labs. "So even if they're patched, they can fall victim to the exploit." </p> <p> <b> One Hack After Another </b> </p> <p> Specifically, visitors to these MySpace pages are directed to <a href="http://us.rd.yahoo.com/dailynews/nf/bs_nf/storytext/56630/25150656/SIG=10jiedhjh/*http://co8vd.cn/s"><span class="yshortcuts" id="lw_1194645181_2">co8</span></a>vd.cn/s. This appears to be a Chinese malware site. If the visitors accept the code installation, the site installs malicious software. You can view a video demonstration of the attack on <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1194645181_3">YouTube</span>. </p> <p> The hack has some interesting characteristics, Thompson explained. "Perhaps most interesting, the bad guys are using a creative hack we haven't seen before: The HTML in the page contains some sort of image map, which basically makes it so you can click on anything over a wide area on the page and your click is directed to the malicious hyperlink," he said. "We tested it and even the ads were affected." </p> <p>MySpace officials could not immediately be reached for comment, but Thompson reported that the popular social-networking site fixed the pages in question within hours of the discovery. However, yet another hack was discovered just a few hours later, and a new image code has appeared that Thompson warned could be coming online soon. </p> <p> <b> Reviewing the History </b> </p> <p> MySpace is no stranger to malware writers. In March, <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1194645181_4">McAfee</span> reported the site is increasingly becoming an unhealthy breeding ground for the "scum of the Internet" by luring surfers to sexually explicit Web sites or trying to capture personal information from members that could lead to identity theft. </p> <p>The rock band attack theme remains popular. In March, it was the French rock band MAMASAID that was used as a vehicle to download Trojans to unsuspecting members' computers. The Trojan JS/SpaceStalk worked through a feature in QuickTime that opens links automatically when a movie is run. </p> <p> For its part in the security equation, <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1194645181_5">Apple</span> released an update to QuickTime earlier this week that fixed several security bugs. The 7.3 update plugs seven holes in the software, six of which could allow an attacker to run unauthorized software on a victim's PC. </p> <p> <b> Moving Forward </b> </p> <p>The Keys page hack on MySpace doesn't rely on QuickTime, but Thompson said the fact that the social-networking site is media-rich, with lots of sound and videos, makes the fake codec trick effective. The victim is likely to think he or she legitimately needs to download software to view the rich media. </p> <p> "What's not clear at this point is how they're doing it, and how widespread it is. Neither <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1194645181_6">Google</span> nor MySpace seems to be indexing the critical bit of html," Thompson concluded. "If you search for the exploit site, the only results seem to be victims, or people talking about victims."</p><p style="font-weight: bold;"><br /><span style="font-weight: bold;"></span></p>My-Antivirushttp://www.blogger.com/profile/16717835825434216940noreply@blogger.com1tag:blogger.com,1999:blog-1804135263449939268.post-53478436744745769672007-11-10T15:42:00.000+08:002007-11-10T15:54:28.529+08:00Need mobile spyware? Look on eBay<p style="font-weight: bold;"><span style="font-weight: bold;">InfoWorld 9/11/2007</span><br /><span style="font-weight: bold;">Website: <a href="http://www.infoworld.com/">http://www.infoworld.com</a></span></p><p style="font-weight: bold;"> San Francisco - Think your wife may be cheating on you? Wondering who your boss might be talking to? "Learn the truth. Spy today." </p><p>So reads an ad for <a href="http://us.rd.yahoo.com/dailynews/infoworld/tc_infoworld/storytext/93320/25154467/SIG=14v6r2q0v/*http://cgi.ebay.co.uk/BLUETOOTH-SPY-SOFTWARE-2007-MOBILE-PHONE-PRO-EDITION_W0QQitemZ230189582336QQihZ013QQcategoryZ45586QQssPageNameZWDVWQQrdZ1QQcmdZViewItem"><span class="yshortcuts" id="lw_1194648217_0">"Bluetooth Spy Pro-Edition,"</span></a> one of nearly 200 mobile phone spyware products currently <a href="http://us.rd.yahoo.com/dailynews/infoworld/tc_infoworld/storytext/93320/25154467/SIG=120k6clov/*http://search.ebay.com/bluetooth-spy_W0QQ_trksidZm37QQfromZR40"><span class="yshortcuts" id="lw_1194648217_1">listed for sale</span></a> on eBay.</p> <p>The software, which costs as little as $3.99, can be used to view photographs, messages, and files on the phone, listen into phone conversations, and even make calls from the phone being spied upon.</p> <p>Security experts are <a href="http://us.rd.yahoo.com/dailynews/infoworld/tc_infoworld/storytext/93320/25154467/SIG=12jp4plt8/*http://www.avertlabs.com/research/blog/index.php/2007/11/07/shopping-for-spyware/"><span class="yshortcuts" id="lw_1194648217_2">concerned</span></a> because while these products aren't illegal, installing them without authorization to spy on someone else most definitely is.</p> <p>And that's exactly what some of these products seem to be advertising. "You can now easily find out who your partner, business associates, friends have been in contact with," reads the Bluetooth Spy ad. "Whether you are suspicious of an affair or would just like information that will help progress your career, you can now do all of the following using your mobile phone, and the person you are targeting will not suspect a thing. Guaranteed!"</p> <p><a href="http://us.rd.yahoo.com/dailynews/infoworld/tc_infoworld/storytext/93320/25154467/SIG=14q5qkm1p/*http://cgi.ebay.com/BLUETOOTH-SPY-MOBILE-CELL-PHONE-SOFTWARE-EDITION_W0QQitemZ180177321246QQihZ008QQcategoryZ115054QQssPageNameZWDVWQQrdZ1QQcmdZViewItem"><span class="yshortcuts" id="lw_1194648217_3">Another spellcheck-free ad</span></a> claims that "You will now be able to establish who your freinds associates and husband/wife have been conversating with, you can read messages, even download them to your own phone or laptop, view their information and pictures."</p> <p>This type of mobile spy software has been available for several years now, sold by companies like Flexispy and Neo-Call. Typically, however, it is much more expensive, and these companies are generally careful to promote only their legal uses such as monitoring corporate equipment, said Mikko Hyppönen, CTO with F-Secure. But the software is often used for nefarious purposes, such as industrial espionage and spying, Hyppönen said.</p> <p>According to him, <span style="border-bottom: 1px dashed rgb(0, 102, 204); background: transparent none repeat scroll 0% 50%; cursor: pointer; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;" class="yshortcuts" id="lw_1194648217_4">eBay</span> shouldn't be selling this software; it is simply too dangerous.</p> <p>Another security expert said that this type of software may even be harmful to the buyer. "You're certainly at a higher risk with the software of there being additional functionality that is not advertised and potentially malicious," said Craig Schmugar, virus research manager at <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1194648217_5">McAfee</span>'s AVERT labs. "In general, when you see the advertising claims made and the types of pages represented, you should approach them with some skepticism."</p> <p>This software can be installed via a Bluetooth connection and typically runs on both Windows Mobile and Symbian operating systems, McAfee said.</p> <p>eBay representatives could not immediately be reached for comment on this story.</p><p style="font-weight: bold;"><br /><span style="font-weight: bold;"></span></p>My-Antivirushttp://www.blogger.com/profile/16717835825434216940noreply@blogger.com1tag:blogger.com,1999:blog-1804135263449939268.post-5864360432900287722007-11-07T19:52:00.000+08:002007-11-07T20:02:50.686+08:00Apple Patches QuickTime Holes, Microsoft Warns Of Macrovision Driver Flaw<p style="font-weight: bold;"><span style="font-weight: bold;">InformationWeek 6/11/2007</span><br /><span style="font-weight: bold;">Website: <a href="http://www.informationweek.com">http://www.informationweek.com</a></span><br /></p><p> Apple on Monday released QuickTime 7.3 for <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1194413840_0">Mac OS X</span> and Windows XP SP2 to patch <a href="http://us.rd.yahoo.com/dailynews/cmp/tc_cmp/storytext/202803125/25113558/SIG=11n7k66p5/*http://docs.info.apple.com/article.html?artnum=306896"><span class="yshortcuts" id="lw_1194413840_1">seven vulnerabilities</span></a> in its multimedia software.</p>All seven of the vulnerabilities have the potential to allow arbitrary code execution by an attacker if the user visited a site with certain maliciously crafted movie or image files, or a maliciously crafted Java applet. <p> Apple updated QuickTime to version 7.2 in July, when it fixed eight security problems with the software. </p> <p> <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1194413840_2">Microsoft</span> meanwhile <a href="http://us.rd.yahoo.com/dailynews/cmp/tc_cmp/storytext/202803125/25113558/SIG=120k8qubj/*http://www.microsoft.com/technet/security/advisory/944653.mspx"><span class="yshortcuts" id="lw_1194413840_3">warned Monday</span></a> that a flaw it the Macrovision secdrv.sys driver in Windows Server 2003 and <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1194413840_4">Windows XP</span> is actively being exploited. An attacker making use of the vulnerability potentially could gain elevated privileges to the affected system. </p> <p> "This vulnerability does not affect <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1194413840_5">Windows Vista</span>," Microsoft said. "We are aware of limited attacks that try to use the reported vulnerability. Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary." </p> <p> Macrovision, which provides Microsoft with digital rights management (DRM) technology, is offering a <a href="http://us.rd.yahoo.com/dailynews/cmp/tc_cmp/storytext/202803125/25113558/SIG=11iqhprp6/*http://www.macrovision.com/promolanding/7352.htm"><span class="yshortcuts" id="lw_1194413840_6">driver update</span></a> to address the vulnerability. </p> <p> Microsoft expressed concern that the vulnerability had been made public rather than first disclosed to the company in private. </p> <p>"We continue to encourage responsible disclosure of vulnerabilities," Microsoft said. "We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed." </p> <p> Microsoft said that it plans to address the issue as part of its regularly scheduled patch plan. </p>My-Antivirushttp://www.blogger.com/profile/16717835825434216940noreply@blogger.com0tag:blogger.com,1999:blog-1804135263449939268.post-7555973853718558572007-11-07T19:50:00.000+08:002007-11-07T19:52:27.676+08:00Microsoft to patch software driver vulnerability<p style="font-weight: bold;"><span style="font-weight: bold;">InfoWorld 6/11/2007</span><br /><span style="font-weight: bold;">Website: <a href="http://www.infoworld.com">http://www.infoworld.com</a></span></p><p style="font-weight: bold;"> San Francisco (IDGNS) - <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1194352258_0">Microsoft</span> has warned that a faulty driver used for copy protection could allow a hacker to gain high-level access to a PC.</p>The problem lies with a driver called secdrv.sys, which is part Macrovision's SafeDisc software included with Windows Server 2003 and <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1194352258_1">Windows XP</span>. The software, which can block unauthorized copying of some media, also ships with <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1194352258_2">Windows Vista</span>, but that OS is not affected. <p> Microsoft said it knows of "limited attacks" that try to use the vulnerability, in an attack known as an elevation of privilege. The vulnerability could allow a hacker with local access to a machine to elevate his access rights and gain administrator rights, for example, allowing him to install software.</p> <p> Microsoft said it was concerned that the vulnerability had been disclosed before it had a chance to fix it, which puts people at greater risk. "We continue to encourage responsible disclosure of vulnerabilities," it said.</p> <p> Macrovision <a href="http://us.rd.yahoo.com/dailynews/infoworld/tc_infoworld/storytext/93146/25101225/SIG=11iqhprp6/*http://www.macrovision.com/promolanding/7352.htm"><span class="yshortcuts" id="lw_1194352258_3">has issued an update</span></a> for the driver. Microsoft said it also <a href="http://us.rd.yahoo.com/dailynews/infoworld/tc_infoworld/storytext/93146/25101225/SIG=120k8qubj/*http://www.microsoft.com/technet/security/advisory/944653.mspx"><span class="yshortcuts" id="lw_1194352258_4">plans to issue a fix</span></a> as part of its monthly patch cycle.</p> <p> Danish security vendor Secunia said the vulnerability was first reported as a zero-day about two weeks ago, meaning the problem was being exploited by hackers as it became known.The company <a href="http://us.rd.yahoo.com/dailynews/infoworld/tc_infoworld/storytext/93146/25101225/SIG=11e5egro6/*http://secunia.com/about_secunia_advisories/"><span class="yshortcuts" id="lw_1194352258_5">rated the vulnerability</span></a> as "less critical," it's second lowest risk ranking for a vulnerability.</p>My-Antivirushttp://www.blogger.com/profile/16717835825434216940noreply@blogger.com1tag:blogger.com,1999:blog-1804135263449939268.post-24692072228119874152007-11-02T16:51:00.000+08:002007-11-02T16:54:20.723+08:00Mac Users Targeted with Nasty Malware<span style="font-weight: bold;">News Factor Network 1/11/2007</span><br /><span style="font-weight: bold;">Website: <a href="http://www.newsfactor.com/">http://www.newsfactor.com</a><br /><br /></span><p> So much for Mac users avoiding bugs, worms, and other security nuisances. A Trojan targeting Macs is on the loose, and it's hanging out on porn sites, according to security researchers.</p>The incident was first reported by Intego, a Mac security software vendor. Sunbelt Software, the SANS Institute's Internet Storm Center (ISC), Sophos, and McAfee have confirmed the Trojan. Dubbed "OSX.RSPlug.a," the Trojan changes the Mac's Domain Name System (DNS) settings to redirect unsuspecting users to different sites. <p>"The whole Trojan is relatively simple and works almost exactly the same as its brother for Windows," said ISC analyst Bojan Zdrnja in a warning the center posted on Thursday. "The bad guys are taking Mac seriously now. This is a professional attempt at attacking Mac systems, and they could have been much more damaging." </p> <p> <b> Porn Opens the Door </b> </p> <p> The family of malware that is targeting Macs is called "Puper." It's been plaguing Windows users since 2005. One of the most notable cases of Puper attacks was exploits on infected <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1193943290_0">MySpace</span> pages. </p> <p> In the Mac attack, people who are searching for porn on the Internet may find it. But they may also find a nasty payload when they encounter a popup window instructing them that QuickTime needs to install new software so they can view the videos. If the user tries to install the codec, a script then creates a scheduled task to change the Mac's DNS to point to a malicious server. </p> <p>"In effect, instead of getting valid entries for Web sites like you would expect, you're now getting whatever this malicious site decides to point you to. That could be a phishing site, that could be more malicious files, you can no longer trust that the URL you expected to get will be what is delivered to you," Allysa Myers, part of the computer search research team at <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1193943290_1">McAfee Avert Labs</span>, wrote on the company's blog. </p> <p> <b> Mac Malware Short List </b> </p> <p> The OSX/RSPlug.a Trojan is on a very short list of malware that's been specifically designed to target <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1193943290_2">Mac OS X</span>, according to Graham Cluley, senior technology consultant for Sophos. The motive of this particular Trojan could be for the purposes of phishing, identity theft, or simply to drive traffic to alternative Web sites, he said. </p> <p> The good news is the Trojan doesn't exploit a vulnerability in Leopard, Tiger, or any <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1193943290_3">Apple</span> code. This Trojan exploit depends on a user to take actions to open the door to the nasty payload. </p> <p>"This is not a red alert, but it is a wake-up call to Mac users that they can be vulnerable to the same kind of social engineering tricks as their Windows cousins," Cluley said. "The truth is that there is very little Macintosh malware compared to Windows, but clearly criminal hacker gangs are no longer shy of targeting the platform." </p> <p> <b> Keeping It in Perspective </b> </p> <p>In February 2006, in the wake of the discovery of the first Mac OS X worm, Sophos released research that showed 79 percent of computer users believed Macs would be targeted more in the future. However, over half of those polled said they did not believe the problem would be as great as for Windows. Still, Sophos experts are urging Macintosh users to keep the threat in perspective. </p> <p>Cluley said the latest version of Mac malware is making headlines because it is so rare. A Trojan like this for Windows would be unlikely to generate as many column inches because such Trojans are encountered every day. Nevertheless, he said, it obviously makes sense for Mac users to ensure that they are protected. </p> <p>"People have been predicting that as soon as financially motivated malware came to the Mac neighborhood, its denizens could no longer be so smug about security issues," <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1193943290_4">McAfee Avert Labs</span>' Myers wrote. "This is a very simple piece of malware, and yet it works. Time will tell if this family will wreak as much havoc as it has on Windows."</p>My-Antivirushttp://www.blogger.com/profile/16717835825434216940noreply@blogger.com0tag:blogger.com,1999:blog-1804135263449939268.post-34127527159180128522007-11-02T16:44:00.000+08:002007-11-02T16:51:14.630+08:00Fortress Mac Is Gone<p style="font-weight: bold;"><span style="font-weight: bold;">eWeek 1/11/2007</span><br /><span style="font-weight: bold;">Website: <a href="http://www.eweek.com/">http://www.eweek.com</a></span><span style="font-weight: bold;"><a href="http://www.pcmag.com"></a></span></p><p style="font-weight: bold;"> Several pornography sites are loading a Trojan disguised as a video codec required to view content on Macs—the first Mac-targeted malware exploit to be spotted in the wild and validation of security researchers' long-maintained prediction that, sooner or later, the rationale for Mac security smugness would rub off.</p>"[Users infected by visiting questionable Web sites] began using Macs as most malware target the Windows operating system. Well, soon enough, it may not matter which OS you are using," said Symantec's Joji Hamada in a Nov. 1 <a rel="nofollow" href="http://www.symantec.com/enterprise/security_response/weblog/2007/11/the_double_attack_windows_atta.html">posting</a>. <p>Sunbelt Software and Intego, a maker of Mac security software, are warning that a mother lode of spam has been posted to many Mac forums in an attempt to trick users into visiting sites with rigged porn photos. The photos are from reputed porn videos. If Mac users click on the stills to view the videos, they're taken to a site that informs them that the QuickTime Player is unable to play the movie file. They're then instructed to click to download a new codec. </p> <p>Sunbelt reports that the fake codec is a variant of <a rel="nofollow" href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Trojan.DNSChanger&threatid=93648">Trojan.DNSChanger</a>, malware that's been plaguing Windows users for some time. <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1193960646_0">Symantec Security Response</span> has confirmed the finding and has added detection for the threat as OSX.RSPlug.A. </p> <p>Intego says that after the page loads, a disk image (.dmg) file downloads to users' Macs. If users have checked "Open 'Safe' Files After Downloading' in the General preferences of their Safari browser—or similar settings in other browsers—the disk image mounts. The .dmg file contains an installer package that then launches. </p> <p> </p> <p>Otherwise, if users wish to install the codec, they double-click the .dmg file, then double-click the package file, which is named install.pkg. </p> <p>If users continue with the installation, a Trojan program installs. Installation requires an administrator's password, which grants the Trojan full root privileges. No video codec is actually installed. If users return to the purported porn site, they just receive the download anew. </p> <p>The Trojan uses a sophisticated method, via the scutil command, to change the Mac's DNS server. When the new, malicious DNS server is active, it hijacks some Web requests, leading users to phishing Web sites that are after account information for sites such as <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1193960646_1">eBay</span>, PayPal and some banks, or simply to pages displaying ads for other porn sites. "In the first case, users may think they are on legitimate sites and enter a user name and password, a credit card, or an account number, which will then be hijacked. In the latter case, it seems that this is being done solely to generate ad revenue," Intego said in its <a rel="nofollow" href="http://www.intego.com/news/ism0705.asp">release</a>. </p> <p>Running <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1193960646_2">Mac OS X 10.4</span>, the GUI has no way to display the changed DNS server. Running Mac OS X 10.5, it can be seen in the Advanced Network preferences, Intego officials said. However, Trojan-installed DNS servers are dimmed and can't be removed manually. Intego said it's now testing previous versions of <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1193960646_3">Mac OS X</span> and that they're likely vulnerable as well, given that they all have the scutil command. </p> <p>The malware also installs a root crontab that checks every minute to ensure that its DNS server is still active. Since changing a network location could change the DNS server, this added touch ensures that, in such a case, the malicious DNS server remains the active server, Intego officials said. </p> <p> </p> <p>Heise Security's Juergen Schmidt told eWEEK that this malware is related to the security company's recent findings on <a href="http://us.rd.yahoo.com/dailynews/zd/tc_zd/storytext/218572/25047040/SIG=12e4av5dd/*http://www.eweek.com/article2/0,1759,2209676,00.asp?kc=EWYH104039TX1B0000665">holes in Leopard's firewall</a>. If a user were to install the fake video codec, it could install a backdoor on a Leopard system that can let in remote attackers, even if the Leopard firewall has been configured to block all incoming connections, if there isn't a hardware firewall in front of the Leopard system. </p> <p>Schmidt noted that this Trojan also provides different versions of itself, perhaps according to the country in which the user is located to provide country-specific spoofing. "Repeated downloads of the disk image show that there are several different versions," he said. </p> <p><b>To see an eWEEK Labs' walk-through of Leopard, click here.</b> </p> <p>Tom Ptacek, founder of Matasano Security, told eWEEK that the threat to Macs is real, although it's not a huge one—just the same old scenario Windows users face every day. </p> <p>It is an interesting story, however, given that it's the first <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1193960646_4">OS X</span> malware to be "weaponized." Unlike prior OS X malware, which was all about ego, this one's out to make money, Ptacek said—again, same old, same old in the world of Windows. </p> <p>Unsurprisingly, there are more than a few I-told-you-sos ensuing in security circles. "For years, we've heard snorts of derision from Mac users about the poor security of PCs. Yet that supercilious attitude (as we know from our history books) is patently dangerous, because it creates a false sense of security. Now, Mac users will need to be a bit more careful out there ('cause when Joey wants his pr0n, he wants it now!). On the heels of the poorly-secured release of Leopard, we now find that there is no perfect protection against human stupidity social engineering, even for a Mac user," said Alex Eckelberry, Sunbelt president, in an Oct. 31 <a href="http://us.rd.yahoo.com/dailynews/zd/tc_zd/storytext/218572/25047040/SIG=10ia4d1ba/*http://eWEEK.com"><span class="yshortcuts" id="lw_1193960646_5">eWEEK.com</span></a>'s <a href="http://us.rd.yahoo.com/dailynews/zd/tc_zd/storytext/218572/25047040/SIG=12fmnt31u/*http://www.eweek.com/category2/0,1738,1237860,00.asp?kc=EWYH104039TX1B0000665">Security Center</a> for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at <a href="http://us.rd.yahoo.com/dailynews/zd/tc_zd/storytext/218572/25047040/SIG=110cifkuc/*http://securitywatch.eweek.com">eWEEK's Security Watch blog.</a></p><p style="font-weight: bold;"><br /><span style="font-weight: bold;"></span></p>My-Antivirushttp://www.blogger.com/profile/16717835825434216940noreply@blogger.com0tag:blogger.com,1999:blog-1804135263449939268.post-48206698839731901822007-11-02T16:40:00.000+08:002007-11-02T16:44:40.916+08:00Researchers dig for hidden links in spam<p style="font-weight: bold;"><span style="font-weight: bold;">InfoWorld 1/11/2007</span><br /><span style="font-weight: bold;">Website: <a href="http://www.infoworld.com/">http://www.infoworld.com</a></span></p><p style="font-weight: bold;"><span style="font-weight: bold;"><a href="http://www.pcworld.com/"></a></span></p><span style="font-weight: bold;">San Francisco (IDGNS) - Filtering spam messages is a thankless job for software. For every 100 spam e-mails, one message usually gets through, an irritating pitch with links to Web sites selling questionable drugs or sketchy Rolexes.</span> <p> The links contained within spam are one indicator in determining whether it should be blocked. Often after a large spam run, the addresses of spammy Web sites will be added to blocklists that are used by antispam software to cull future messages with those links.</p> <p> To get around it, spammers construct e-mails with links that can't be identified by filters but still are valid in the messages, said Christopher Fuhrman, a professor of software engineering in the Department of Software and IT Engineering at the University of Quebec.</p> <p> Spammers do this by "munging" the HTML -- adding backslashes, taking out tags -- so that the message and its links are still readable by the rendering engines of browsers or e-mail clients but appear as a garble of nonsense to filters. The technique is also known as obfuscation.</p> <p> It's a trial-and-error process because spammers don't read HTML Web standards. "Spammers just want to get the cash," Fuhrman said.</p> <p> Tamper with the HTML too much, and the message won't render at all. Too little, and filters snare the message.</p> <p> So spammers aim for a narrow gap: Most browsers and e-mail clients can render a certain amount of munged HTML, although the tolerances vary depending on the application.</p> <p> Fuhrman theorizes that spammers test their messages using <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1193856884_0">Microsoft</span>'s widely used Outlook program, which uses the same HTML rendering engine as its IE (Internet Explorer) browser.</p> <p> So Fuhrman and one of his graduate students, Hicham El Alami, are writing a program to use that IE's rendering engine as a way to "parse" messages, or extract the links.</p> <p> Services such as <a href="http://us.rd.yahoo.com/dailynews/infoworld/tc_infoworld/storytext/93028/25032371/SIG=10p61j92j/*http://www.spamcop.net/">SpamCop</a> already do this. SpamCop -- part of IronPort Systems, a subsidiary of Cisco -- has a Web-based service that uses algorithms to parse links out of spam messages submitted by users.</p> <p> Those algorithms are hard to write, although SpamCop's is pretty good, Fuhrman said. Fuhrman and El Alami are interested in creating an alternate way to do that same parsing without needing to consistently tweak an algorithm to keep up with new tricks used by spammers.</p> <p> It's hard to write a parser that will read links the same way IE's rendering engine does since Microsoft's source code is secret, Fuhrman said. So a better idea would be just to use that engine as part of a program to parse messages. A variety of tools exist to manipulate IE's rendering engine through APIs, Fuhrman said.</p> <p> The links that IE's engine renders would be reported to a blocklist service. Fuhrman wrote a model version of his idea that works in Java, but El Alami is now working on one for .NET, Microsoft's application development framework.</p> <p> "I want to ultimately get it as a Web-based engine so that users can paste spam, and when it comes out, it will reveal the links," Fuhrman said.</p>My-Antivirushttp://www.blogger.com/profile/16717835825434216940noreply@blogger.com0tag:blogger.com,1999:blog-1804135263449939268.post-44583740585432434272007-11-02T16:37:00.000+08:002007-11-02T16:40:27.912+08:00Storm Worm Sent 15 Million Pump-And-Dump E-Mails Last Month<p style="font-weight: bold;"><span style="font-weight: bold;">PCWorld 30/10/2007</span><br /><span style="font-weight: bold;">Website: <a href="http://www.pcworld.com">http://www.pcworld.com</a></span></p><br /><p> The Storm Worm botnet network may be shrinking in size, but it has managed to send out 15 million <a href="http://us.rd.yahoo.com/dailynews/pcworld/tc_pcworld/storytext/139103/25022118/SIG=11p2rasnr/*http://blogs.pcworld.com/staffblog/archives/005722.html">annoying audio spam messages</a> in October, according to antispam vendor, MessageLabs.</p> <p>It's hard to believe that the Storm messages were effective. Recipients had to first click on an attachment-- usually given a misleading name like beatles.mp3 or Britney.mp3-- to hear the stock pitch, which featured a warbly robotic woman advising people to invest in online car seller, Exit Only.</p> <p>This kind of scam, called "pump-and-dump", tries to nudge up the price of penny stocks by a cent or two, giving the spammers a way to make a quick buck by selling the stock before it crashes. Spammers have been delivering their messages in different formats, including.pdf and Excel files, over the past few years as part of a cat-and-mouse game with spam blockers. This latest move to MP3 spam is the latest development in this battle, observers say.</p> <p>Spam watchers say that pump-and-dump schemes are the hottest and most lucrative area for spammers today.</p> <p>The spam run began on Oct. 17, and lasted about 36 hours, using infected computers in the Storm Worm network to send out the mails, MessageLabs said in a statement released Tuesday. The spam sounded strange and warbly because the voice in the message was "synthesized using a very low compression rate of 16K Hz to keep the overall file size small, at around 50 KB, to avoid detection," the company said.</p> <p>Storm is thought to have landed on as many as 15 million PCs over the past year, but recently its network of infected PCs has been shrinking. University of California, San Diego, researchers recently pegged it at about 160,000 computers, only 20,000 of which are accessible at any one time.</p> <p>Exit Only said it was not involved in sending the spam. Its stock was trading around US$0.41 on Oct. 18, the day after the Storm spam started. On Tuesday it closed at $0.20.</p>My-Antivirushttp://www.blogger.com/profile/16717835825434216940noreply@blogger.com1tag:blogger.com,1999:blog-1804135263449939268.post-14704262437772293032007-11-02T16:04:00.000+08:002007-11-02T16:37:09.257+08:00Virus Definition Updates 2/11/2007<div class="post-body"> <div class="post-body"> <p>AVG Anti-Virus Free Edition 7.5<br /><a rel="nofollow" target="_blank" href="http://www.grisoft.cz/softw/70/update/u7avi1188o.bin">Download AVG AVI:269.15.18.1</a><br /><a rel="nofollow" target="_blank" href="http://www.grisoft.cz/softw/70/update/u7avi1188u1170o.bin">Download AVG AVI:269.</a><a rel="nofollow" target="_blank" href="http://www.grisoft.cz/softw/70/update/u7avi1188u1170o.bin">15.18</a><a rel="nofollow" target="_blank" href="http://www.grisoft.cz/softw/70/update/u7avi1188u1170o.bin">.2</a><br /><a rel="nofollow" target="_blank" href="http://www.grisoft.cz/softw/70/update/u7avi1188u991o.bin">Download AVG AVI:269.</a><a rel="nofollow" target="_blank" href="http://www.grisoft.cz/softw/70/update/u7avi1188u991o.bin">15.18</a><a rel="nofollow" target="_blank" href="http://www.grisoft.cz/softw/70/update/u7avi1188u991o.bin">.3</a><br /><a rel="nofollow" target="_blank" href="http://www.grisoft.cz/softw/70/update/u7iavi1114o.bin">Download AVG </a><a rel="nofollow" class="dwnprg" target="_blank" href="http://www.grisoft.cz/softw/70/update/u7iavi1114o.bin">IAVI:1104</a><br />Version: -<br />Date: 1/11/2007<br /></p><div class="post-body"><div class="post-body"><div class="post-body"><div class="post-body"><div class="post-body"><div class="post-body"><div class="post-body"><p>AntiVir PersonalEdition Classic<br /><a rel="nofollow" target="_blank" href="http://dl.antivir.de/down/vdf/ivdf_fusebundle_nt_en.zip">Download AntiVir IVDF</a><br />Version: 7.00.00.163<br />Date: 2/11/2007<br /><br />Avast! 4 Home Edition<br /><a rel="nofollow" target="_blank" href="http://files.avast.com/iavs4pro/vpsupd.exe">Download Avast VPS</a><br />Version: <span class="important_note">071102-0</span><span class="important_note"></span><br />Date: 2/11/2007<br /><br />Symantec<br /><a rel="nofollow" target="_blank" href="http://definitions.symantec.com/defs/20071101-016-i32.exe">Download Norton VDU</a><br /><!-- NAVCEVER start --><!-- NAVCEVER start --><!-- NAVCEVER start --><!-- NAVCEVER start -->Version: 91101p<br />Date: 1/11/2007<br />Supports the following versions of Symantec antivirus software:<br />Norton AntiVirus 2003 Professional Edition<br />Norton AntiVirus 2003 for Windows 98/Me/2000/XP Home/XP Pro<br />Norton AntiVirus 2004 Professional Edition<br />Norton AntiVirus 2004 for Windows 98/Me/2000/XP Home/XP Pro<br />Norton AntiVirus 2005 for Windows 98/Me/2000/XP Home/XP Pro<br />Norton AntiVirus 2006 for Windows 2000/XP Home/XP Pro<br />Norton AntiVirus 2007 for Windows XP Home/XP Pro/Vista<br />Norton AntiVirus for Microsoft Exchange (Intel)<br />Norton SystemWorks (all versions)<br />Norton Utilities for Windows 95/98 (all versions)<br />Symantec AntiVirus 3.0 for CacheFlow Security Gateway<br />Symantec AntiVirus 3.0 for Inktomi Traffic Edge<br />Symantec AntiVirus 3.0 for NetApp Filer/NetCache<br />Symantec AntiVirus 8.0 Corporate Edition Client<br />Symantec AntiVirus 8.1 Corporate Edition Client<br />Symantec AntiVirus 9.0 Corporate Edition Client<br />Symantec AntiVirus 10.0 Corporate Edition Client<br />Symantec AntiVirus 10.1 Corporate Edition Client<br />Symantec AntiVirus 10.2 Corporate Edition Client<br />Symantec Mail Security for Domino v 4.0<br />Symantec Mail Security for Domino v 5.0</p> </div> </div> </div> </div> </div> </div> </div> </div> </div>My-Antivirushttp://www.blogger.com/profile/16717835825434216940noreply@blogger.com1tag:blogger.com,1999:blog-1804135263449939268.post-66234373725062167492007-10-30T10:40:00.000+08:002007-10-30T10:57:12.071+08:00FTC: More spyware-fighting tools needed<p style="font-weight: bold;"><span style="font-weight: bold;">InfoWorld 29/10/2007</span><br /><span style="font-weight: bold;">Website: <a href="http://www.infoworld.com/">http://www.infoworld.com</a></span></p><p><span style="font-weight: bold;"> San Francisco (IDGNS) - Organizations and law enforcement agencies fighting spyware are making progress, but new tools in an antispyware bill stalled in the U.S. Congress could improve the efforts, a member of the U.S. Federal Trade Commission said Monday.</span> </p><div class="lrec"><script language="javascript">if(window.yzq_d==null)window.yzq_d=new Object(); window.yzq_d['T8VwNNGDJHI-']='&U=13bfmioks%2fN%3dT8VwNNGDJHI-%2fC%3d612212.11288333.12149311.2498248%2fD%3dLREC%2fB%3d4987455'; </script><noscript></noscript></div><p>One of the spyware bills passed by the House of Representatives earlier this year, the <a href="http://us.rd.yahoo.com/dailynews/infoworld/tc_infoworld/storytext/92975/25008150/SIG=136pb6rmu/*http://www.infoworld.com/article/07/06/08/Some-say-spyware-bill-too-broad-others-say-too-weak_1.html">Spy Act</a>, would give the FTC authority to impose civil fines on companies that distribute spyware to consumers' computers. The bill, along with the Internet Spyware Prevention (or <a href="http://us.rd.yahoo.com/dailynews/infoworld/tc_infoworld/storytext/92975/25008150/SIG=1206fmslv/*http://www.infoworld.com/article/07/03/16/HNspywarebill_1.html">I-SPY</a>) Act, have <a href="http://us.rd.yahoo.com/dailynews/infoworld/tc_infoworld/storytext/92975/25008150/SIG=12jrq5f75/*http://www.infoworld.com/article/07/05/25/Spyware-bill-uncertain-in-senate_1.html">stalled in the Senate</a> since passing the House in May and June.</p> <p> The FTC has the authority to collect profits from spyware operations and collect money for consumer redress, but it lacks the authority to impose other fines, as it does when going after spammers, said Commissioner Jon Leibowitz, speaking at a spyware forum in <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1193695320_0">Washington, D.C</span>.</p> <p> Assigning a dollar figure to consumer harm is tricky in many spyware cases, especially when the spyware delivers pop-up advertisements to computers, Leibowitz said. It's sometimes difficult to get courts to assign large consumer damages to pop-up cases, he said.</p> <p> In some cases, spyware damages are assessed by judges "who don't even use computers," said Dave Koehler, with the FTC's Bureau of Consumer Protection.</p> <p> The Spy Act would allow the FTC to fine spyware vendors up to $3 million for hijacking computers, delivering unwanted adware, and other violations, and $1 million for collecting personal data without permission, in addition to going after the vendor's profits and seeking consumer redress.</p> <p> Additional authority to impose civil fines would give the FTC "an enormous deterrent," Leibowitz said.</p> <p> "Right now, companies know that the worst they can do is lose their profits," he added. "They're not going to get fined on top of that."</p> <p> The FTC has brought several spyware actions against companies. In February, the agency settled <a href="http://us.rd.yahoo.com/dailynews/infoworld/tc_infoworld/storytext/92975/25008150/SIG=124g9tou0/*http://www.infoworld.com/article/06/04/04/77122_HNnyspyware_1.html">a case against adware distributor DirectRevenue</a>. In that case, DirectRevenue settled for $1.5 million, based on its profits, but the founders of the company had received more than $20 million in venture-capital funding, Leibowitz said.</p> <p> While participants in the spyware forum said there continue to be many challenges, including a growing trend of foreign spyware vendors, the cost of spyware to U.S. consumers seems to be falling. Consumer Reports estimated that spyware cost U.S. consumers $2.6 billion in 2006, but only $1.7 billion in 2007, noted Ari Schwartz, deputy director of the Center for Democracy and Technology, a supporter of <a href="http://us.rd.yahoo.com/dailynews/infoworld/tc_infoworld/storytext/92975/25008150/SIG=10p7ik43u/*http://stopbadware.org/">StopBadware.org</a>, a consumer-protection effort aimed at spyware and other malicious code.</p> <p> The drop in the cost of spyware can be attributed to a number of factors, Schwartz said. Antispyware technology is getting better, the FTC has taken action against spyware vendors, and <a href="http://us.rd.yahoo.com/dailynews/infoworld/tc_infoworld/storytext/92975/25008150/SIG=10odhk3cp/*http://StopBadware.org"><span class="yshortcuts" id="lw_1193695320_1">StopBadware.org</span></a> has distributed a <a href="http://us.rd.yahoo.com/dailynews/infoworld/tc_infoworld/storytext/92975/25008150/SIG=11fue0qnh/*http://www.stopbadware.org/home/clearinghouse">list of malicious Web sites</a>, he said. In addition, some states have taken action against spyware, and cybersecurity groups' public education programs seem to be working, he said.</p> <p> But Ron Teixeira, executive director of the <a href="http://us.rd.yahoo.com/dailynews/infoworld/tc_infoworld/storytext/92975/25008150/SIG=111k2jgl7/*http://www.staysafeonline.info/">National Cyber Security Alliance</a> (NCSA), noted that consumers may know more about spyware, but they aren't always acting on their knowledge. A <a href="http://us.rd.yahoo.com/dailynews/infoworld/tc_infoworld/storytext/92975/25008150/SIG=12fbpq3e6/*http://staysafeonline.org/pdf/McAfee%20NCSA%20NewsWorthy%20Analysis_Final.pdf">survey</a> released by the NCSA and McAfee earlier this month found 78 percent of respondents' computers didn't have all three of what the NCSA calls the "core protection" software: anti-virus, antispyware, and firewall.</p> <p> "We're not seeing a huge increase in the actual behavior change," he said.</p><p style="font-weight: bold;"><br /><span style="font-weight: bold;"></span></p>My-Antivirushttp://www.blogger.com/profile/16717835825434216940noreply@blogger.com0tag:blogger.com,1999:blog-1804135263449939268.post-65373455882317752662007-10-30T10:34:00.000+08:002007-10-30T10:40:34.354+08:00Attack code out for critical Kodak bug in Windows<p style="font-weight: bold;"><span style="font-weight: bold;">InfoWorld 27/10/2007</span><br /><span style="font-weight: bold;">Website: <a href="http://www.infoworld.com">http://www.infoworld.com</a></span></p><p style="font-weight: bold;"><br /><span style="font-weight: bold;"></span></p><p style="font-weight: bold;"> San Francisco (IDGNS) - A hacker has released attack code that could be used to exploit a critical bug in some versions of the Windows operating system. </p><span style="border-bottom: 1px dashed rgb(0, 102, 204); background: transparent none repeat scroll 0% 50%; cursor: pointer; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;" class="yshortcuts" id="lw_1193690796_0">Microsoft</span> <a href="http://us.rd.yahoo.com/dailynews/infoworld/tc_infoworld/storytext/92973/25007135/SIG=122e04t1s/*http://www.microsoft.com/technet/security/Bulletin/MS07-055.mspx">patched</a> the flaw, which affects older versions of Windows, on Oct. 9. When the Image Viewer tries to open a maliciously encoded TIFF file, it can be tricked into running unauthorized software on the PC. <p> A sample of the exploit was posted Monday to the <a href="http://us.rd.yahoo.com/dailynews/infoworld/tc_infoworld/storytext/92973/25007135/SIG=116omo45p/*http://www.milw0rm.com/exploits/4584">Milw0rm Web site</a>. The code has not yet been used in online attacks, according to Symantec, which issued an alert Monday.</p> <p> Symantec recommends that Windows users install the MS07-055 update as quickly as possible.</p> <p> Microsoft took the unusual step of issuing its own security update for Kodak's software, because the image viewer (formerly known as the Wang Image Viewer) had shipped in <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1193690796_1">Windows 2000</span> systems by default.</p> <p> Still, many Windows users are not affected by the problem. <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1193690796_2">Windows XP</span> and <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1193690796_3">Windows Server</span> 2003 users should not have the software installed on their PCs, unless they downloaded it directly or upgraded from Windows 2000. <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1193690796_4">Windows Vista</span> users are not affected by the bug.</p> <p> Also, users would have to open the TIFF file using the <span style="border-bottom: 1px dashed rgb(0, 102, 204); cursor: pointer;" class="yshortcuts" id="lw_1193690796_5">Kodak Image Viewer</span> for the attack to work. Because most PCs are set to automatically open TIFFs using some other piece of software, it is unlikely that an attack would succeed.</p> <p> "Its not a huge deal, though, we don't think," said Marc Maiffret, chief technology officer with eEye Digital Security, via instant message. "You probably have some other program that defaults to open TIFFs like QuickTime or Photoshop."</p> <p> The sample attack code affects the Korean language version of Windows, but it could be easily modified to affect other versions of the software, Maiffret said.</p>My-Antivirushttp://www.blogger.com/profile/16717835825434216940noreply@blogger.com1tag:blogger.com,1999:blog-1804135263449939268.post-58527144489774714692007-10-27T20:01:00.000+08:002007-10-27T20:05:43.399+08:00PDF files used to attack computers: security firm<span style="font-weight: bold;">Reuters 27/10/2007</span><br /><span style="font-weight: bold;">Website: <a href="http://www.reuters.com">http://www.reuters.com</a><br /><br /></span><span style="font-weight: bold;">HELSINKI (Reuters) - Emails containing malicious PDF files have been putting computers at risk since Friday, Finnish security software firm F-Secure said on Saturday.</span><br /><br />"The emails sent in bulk looked like credit card statements, and contained an attachment called 'report.pdf'," its chief research officer Mikko Hypponen said in a statement.<br /><br />When such PDF files are viewed on vulnerable machines, they start downloading software from servers in Malaysia or Sweden, which are now being cleaned, he said. "There will be more such attacks."<br /><br />"We are worried about this case, as PDF attachments are typically not filtered at email gateways."<br /><br />A security update for Acrobat Reader, which opens PDF files, was made available a few days ago, but many users have not updated the program yet, Hypponen said.My-Antivirushttp://www.blogger.com/profile/16717835825434216940noreply@blogger.com0