PC Tools News
Younger Generation Most Vulnerable to Cyber Crime
8 May 2009 | SPAMfighter
According to PC Tools, a software company in Australia, younger Internet users, who are active digitally and surf on the Web primarily for socializing, are at the greatest risk of being fooled by cyber criminals. The Security Company states that the latest study reveals that youngsters between the age 18 and 32 years use the Web most for social interaction, with 67% frequently going to social-networking websites like Facebook and 59% routinely utilizing IM (Instant Messaging). When the youngsters are not socializing online, 57% of those within 18-32 years surf on the Net to conduct banking transactions.
Threat Update
Pirate Windows 7 copies loaded with trojans
13 May 2009 | PC Advisor by Ellen Messmer
Pirate copies of Windows 7 have been found with hard-to-detect trojans intended for cybercrime purposes, according to a security firm. Microsoft’s Windows 7 release candidate, made available last week, almost immediately was pirated through various channels, including Torrents and news groups, according to security company Damballa. A pirated version Damballa has seen had a malware Trojan packed into it that would give an attacker the ability to take control of a computer and download whatever additional malware they wanted.
Related News: Pirate Win 7 ruse used to build botnet (13 May 2009 | The Register by John Leyden)
Researchers release Win 7 rootkit exploit code
8 May 2009 | The Register by John Leyden
Security researchers have released a proof-of-concept rootkit for Windows 7, in the hopes that its availability will assist in the prompt development of an antidote. Indian security researchers Vipin Kumar and Nitin Kumar demonstrated the toolkit, dubbed Vbootkit 2.0, at the Hack In The Box security conference in Dubai last month. Initially the security boffins wanted to keep the code under wraps, in case malicious hackers latched onto the approach. They’ve since had second thoughts, prompting them to release the code for Vbootkit 2.0 under an open source licence, in the belief that its availability will assist the work of other security researchers.
Botnets and the Nuclear Option
8 May 2009 | Security Watch by Larry Seltzer
It’s not unheard of for bot software to include commands to incapacitate the system, although it’s unlikely that a botmaster would use the command. After all, the botnet is valuable. But Brian Krebs of the Washington Post tells a story of a recent episode in which the “nuclear option” was exercised and more than 100,000 systems were made unusable. The bot was mostly in Poland and Spain and the bot software is “Zeus” which specializes in stealing passwords and other valuable data from systems. Zeus contains a “kos” or “kill operating system” command which nukes key parts of the registry. (Krebs quotes someone else as saying that killing these registry keys makes it impossible to boot the operating system.
14 May 2009 | Computer World by Joshua Gliddon
According to Websense Security Labs, criminals are seeking to mislead web surfers by flooding the internet with URLs that include words like FaceBook, MySpace and Twitter. The fake domains, which have no connection to the legitimate websites, are designed to trick users into entering sensitive information, such as passwords, bank account details and PIN numbers, or into downloading malicious code. “These new threats illustrate that attackers will continue to target Facebook, MySpace and Twitter, along with other social networking sites, for three reasons,” said Charles Renert, senior director, advanced content research, Websense.
Cyber-crooks use Facebook to drive rogue anti-malware business
14 May 2009 | My Broadband
The 56th variant of a family of worms that use Facebook has emerged. It downloads and installs a fake antivirus – the Boface.BJ.worm – to defraud users
According to global IT vendor Panda Security, the 56th variant of the Boface family of worms has just appeared. Each of these variants has been designed especially to use Facebook to distribute and download malware. This is largely due to the enormous global popularity of this social network and the potential it offers for reaching numerous users. The BJ variant in particular uses Facebook to download and install rogue anti-malware and trick users into believing they are infected and consequently buy a fake antivirus.
New Mac OS X email worm discovered
7 May 2009 | ZDnet by Dancho Danchev
A newly discovered email worm dubbed OSX/Tored-A once again puts the spotlight on the potential worm-ability, and malware spreading tactics targeting Apple’s OS X. The worm propagates through emails harvested from infected hosts, and has a backdoor functionality allowing its author to perform the following actions if a successful remote connection is established – attempts to create a botnet, has keylogging functionality, and can also perform DDoS attacks as well as send spam. Despite the similarities of its features with the ones of OSX.Trojan.iServices.A (the iBotnet OS X malware), Tored is not currently spreading in the wild.
Criminals fail to spread Apple Mac email worm
11 May 2009 | IT PRO by Asavin Wattanajantra
A month after security researchers detected the first active Mac botnet, a new worm has been detected which tries to pick up email addresses from infected Mac computers. The previous malware was designed to spread through trojans – it had found its way onto computers due to pirated software downloaded through peer to peer networks. In contrast, new worm ‘Tored’ is email-aware and would have spread through Mac computers using email addresses. Sophos security consultant Graham Cluley said on his blog that comments in the worm’s coding revealed that it was also aimed at creating a botnet. (Comments by Sophos)
Spammers harvesting emails from Twitter
13 May 2009 | ZDNet by Dancho Danchev
Spammers are no strangers to the ever-growing Twitter. From commercial Twitter spamming tools, to re-tweeting trending topics for delivering their message, a new crafty search technique can provide spammers with fresh and valid emails harvested from Twitter’s users in real-time. Basically, the search query consists of common phrases such as “email me at” and “contact me at” in a combination with a domain of a spammer’s choice. The result? A flood of valid and fresh email addresses of Twitter users unaware that their emails will not only get indexed by public search engines, but also, that the output can be syndicated for spamming purposes.
Related News: Spammers Harvesting E-mail Addresses From Twitter (13 May 2009 | Security Watch by Larry Seltzer)
Other
Patch Adobe’s PDF bug pronto, experts warn 14 May 2009 | Computer World by Gregg Keizer
Hacks and Website Attacks
XSS flaws poke ridicule at entertainment industry 8 May 2009 | The Register by John Leyden
Hackers Break into University Health Records 9 May 2009 | Network World by Ellen Messmer
Adobe plagued by 16 month old XSS bug 14 May 2009 | The Register by Dan Goodin
Phishing Scams
Ford customers, beware of e-mail hoax 14 May 2009 | Detroit Free Press by Brent Snavely
Facebook users be aware of ponbon.im, 121.i., 151.im phishing attack 14 May 2009 | International Business times
Social Security Administration spoofed in phishing scam 11 May 2009 | SC Magazine US by Angela Moscaritolo
Phished Facebook accounts become spammers tool 8 May 2009 | IDG News Services by Robert McMillan
WorldPay Customers Targeted by Malware Distributors 9 May 2009 | Softpedia by Lucian Constantin
Phishers Target Central Missouri with Emotional Phishing E-mail 9 May 2009 | SPAMfighter
Industry News
Yet another reason why Macs need security software
8 May 2009 | CNET News by Jon Oltsik
As expected, my blog this week about Macintosh security generated a lot of comments. Some were personal in nature (author’s note: I really do know the difference between a Trojan and a virus but typos happen), some were quite thought-provoking. I did receive some interesting data from a colleague from IBM. According to the X-Force 2008 Trend & Risk Report (PDF) released early this year, Mac OS X Server and Mac OS X top the list of operating systems with the most disclosed vulnerabilities for 2008. Each accounts for 14.3 percent, and has been in the top five in each of the last three years. Rounding out the top five were: Linux Kernel at 10.9 percent, Sun Solaris at 7.3 percent, and Microsoft Windows XP at 5.5 percent.
Microsoft slapped for Windows only Office patch
13 May 2009 | The Register by Dan Goodin
Microsoft has defended its decision to release a Windows-only security patch for its Office program after a researcher warned it put Mac users of the software at risk. Swa Frantzen, in a blog item posted to the SANS Institute’s Daily Handler’s Diary, said a bulletin Microsoft issued Tuesday violated the company’s own position on “responsible disclosure,” which admonishes security researchers to publicly divulge vulnerabilities only after a software maker has had time to fix them. What’s more, he said the move would make it easier to attack Office for the Mac.”
Related News: Microsoft slammed over ‘irresponsible disclosure’ (14 May 2009 | PC Advisor by Gregg Keizer) Microsoft claims PowerPoint flaw being actively exploited (13 May 2009 | TechSpot News by Justin Mann); Microsoft puts Mac users at risk with patch policy, says research (13 March 2009 | Computer World by Gregg Keizer); Patches bring zero-day relief from PDF and PowerPoint flaws (13 May 2009 | The Register by John Leyden); Microsoft delivers mega PowerPoint Patch (13 May 2009 | Computer World by Gregg Keizer)
Microsoft patches huge Windows 7 RC bug
11 May 2009 | Computer World by Gregg Keizer
Just days after it launched Windows 7 Release Candidate (RC), Microsoft has released a fix for a major flaw that slipped through testing. The patch, which Microsoft describes as an “Important” update when it appears in Windows Update, was released Thursday. Depending on Windows 7’s Automatic Updates setting, the fix may have already been downloaded and installed. According to the accompanying support document, the problem affects only the English-language version of the 32-bit edition of Windows 7 RC.
Related News: First Windows 7 bug discovered (10 May 2009 | PC Authority by Phil Muncaster); Windows 7 RC Gets a Nasty Bug, Microsoft Issues Patch (9 May 2009 | Computer World by Gregg Keizer)
Apple fixes OS with massive round of patches
13 May 2009 | IT PRO by Asavin Wattanajantra
Apple has released the latest update to its operating system as well as a massive bundle of security fixes, including some for its Safari browser. It released the updates on what is traditionally Microsoft’s patch day, which only released one security update – although for very serious flaws. The Mac OS X 10.5.7 update fixes flaws in Mac OS X 10.5 Leopard as well as previous versions and is supposed to help stability, compatibility and security. There are over 60 vulnerabilities the update fixes, some which would have led to applications unexpectedly terminating, or even allow an attacker to execute commands.
Will Windows 7 Overcome Anti-Virus Fear and Loathing?
12 May 2009 | eWeek by Andrew Garcia
For many years, I chose not to use AV on my personal systems, choosing vigilance about my downloads, e-mail attachments, and application and OS updates over relying on a third-party solution to keep me free from infection. However, once drive-by-downloads and hijacked Websites became more prevalent, I lost faith in my ability to avoid such covert trouble. I caved in and installed AV on most of my systems, and began a journey of frustration and lost productivity. We all know that security solutions are typically major resource hogs. (Sophos, ScanSafe, Symantec, Panda, BitDefender, Kaspersky)
One in Three Web Users Refuse to Shop Online
12 May 2009 | PC Advisor by Carrie Ann Skinner
A third of web users refuse to shop online, says the Office of Fair Trading (OFT). According to research into internet shopping, 20 percent of internet users that avoid online retailers blame security fears, while 15 percent said they did not trust companies that sell online. Of those that do shop online, 72 percent said they still had concerns about buying goods on the internet. “Online retailing is the future for many businesses and increasingly important to the economy
Brits still fall for phishing scams
14 May 2009 | Web User News
A quarter of online banking customers would open emails that claim to be from their bank, despite advice from security experts. Almost 10 per cent would even act on an email’s instructions if it warned about urgent security issues with their bank. According to financial-comparison site Money.co.uk, a third of Brits surveyed admitted they don’t know how to identify the fake emails that cyber-criminals use to steal online banking details. Online banking fraud losses totalled £52.5m in 2008 – a 132 per cent increase from 2007 losses, according to figures from APACS, the UK payments association.
Related News: 10% of UK PCs infected after surfing adult sites (14 May 2009 | PC Advisor by Carrie-Ann Skinner)
In China, $700 puts a spammer in business
11 May 2009 | IDG News Services by Robert McMillan
It’s a great deal, if you’re a spammer. You pay US$700 to use a server in China that lets you send all the spam you like. It’s called bulletproof hosting, and to the people who fight spam and cybercrime it’s becoming a big problem. Cybercriminals use these services not just to host servers, but also to register Internet domain names that they use for spam and online attacks. In a three-month period this year, researchers at the University of Alabama at Birmingham traced more than 22,300 domains, all used to send online pharmaceutical spam, to just six bulletproof computers hosted in China, said Gary Warner, director of research in computer forensics at the university.
How to Buy Parental-Control Software
14 May 2009 | PC Magazine by Larry Seltzer
The Internet is an integral part of life for modern kids. They use it for schoolwork, communication, watching videos, playing games—everything! And they’re probably more adept at navigating its sea of content than their parents are. Yet parents feel the need to keep an eye on their children’s online life to ensure that the children don’t make bad decisions. Parental-control software helps parents stay in the loop, and several of the best programs cover a lot of the same ground. Here are the top features that you’ll want to consider before purchasing your software.
Security experts pool ideas at European conferences
11 May 2009 | Virus Bulletin
Last week saw two major gatherings of top security and anti-malware experts from across the globe, as the third annual CARO conference was held in Budapest, Hungary, followed by a well-attended meeting of the AMTSO testing standards group, which saw the ratification of several significant documents. The CARO meeting focused on the major issue of vulnerabilities and exploits, with insights into the latest research and discoveries shared with an audience made up of leading technical staff from most of the major players in the anti-malware industry.
Netbooks approach a fifth of all laptop sales
13 May 2009 | VNUNet by Phil Muncaster
Netbooks continued to grow in popularity in the first quarter of 2009, and now represent nearly 20 per cent of the worldwide laptop market, according to new figures from market research firm DisplaySearch. The Quarterly Notebook PC Shipment and Forecast Report found that Acer led the mini-laptop category with a market share of 30.5 per cent, shipping twice as many as its nearest rival, Asus. HP continued to dominate the overall notebook PC category, improving its market share to 24.1 per cent with 7.3 million units shipped. Netbooks were most popular in Europe and Latin America, while penetration was lowest in China, Japan and North America.
Security Manager’s Journal: Parting the clouds at the RSA conference
11 May 2009 | Computer World by Mathias Thurman
Other than various one- or two-day seminars, I attend two main conferences each year, the RSA Conference and Interop. I like RSA because its focus is on security. And I like Interop because its focus isn’t on security. That is, because information security requires fairly comprehensive knowledge of all facets of IT, Interop is valuable in allowing me to round out my knowledge. At the RSA conference, I feel like the proverbial kid in a candy store. So many topics, so many interesting tracks, coupled with discussions from industry experts. All the sessions are so tantalizing, it’s nearly impossible to decide which to attend.
Cadets Trade the Trenches for Firewalls
10 May 2009 | NY Times by Corey Kilgannon and Noam Cohen
The Army forces were under attack. Communications were down, and the chain of command was broken. Pacing a makeshift bunker whose entrance was camouflaged with netting, the young man in battle fatigues barked at his comrades: “They are flooding the e-mail server. Block it. I’ll take the heat for it.” These are the war games at West Point, at least last month, when a team of cadets spent four days struggling around the clock to establish a computer network and keep it operating while hackers from the National Security Agency in Maryland tried to infiltrate it with methods that an enemy might use.
Twitter’s popularity soars, but new users growing bored
11 May 2009 | Telegraph by Claudine Beaumont
According to analysts at Nielsen Online, Twitter’s audience retention rate — the number of users who return the following month — is running at around 40 per cent, compared to a 60 per cent retention rate for other online social networking sites such as Facebook and MySpace. There are some suggestions that new users, attracted to the service by celebrity endorsements from the likes of Oprah Winfrey and Ashton Kutcher, do not find the benefits of Twitter immediately obvious, and so do not return after initial sign-up.
Online banking fraud levels jump
8 May 2009 | The Thrifty Scot by Peter
According to a recent survey the level of online banking fraud in the UK has jumped as a result of a software application that allows fraudsters to track keystrokes made on a computer. The device that fraudsters are using is known as keylogging, and with this they can track the keystrokes made on a keyboard, and can then pick up on account information and passwords to access others’ accounts. The UK’s payment clearance association, APACS, has said that as a result of fraudsters using sophisticated methods such as this to gain information about others’ accounts the level of online banking fraud more than doubled in 2008.
Viral Art: A Gallery of Security Threats
9 May 2009 | Information Week by Cora Nucci
Visually, online threats such as viruses, worms, and trojans can be as beautiful as they are menacing to individual PC users, enterprises, and IT security professionals. With 94 % of IT professionals expecting to suffer a security breach, and Windows 7 already showing signs of vulnerability to hackers, it’s fair to say we’re under siege from attackers. But what does the enemy look like? What color is spyware? What shape and form identify varying strains of malware, worms, and trojans? Artists Alex Dragulescu and Julian Hodgson accepted a commission from MessageLabs, now part of Symantec (NSDQ: SYMC), and set to work to find out.
10 May 2009 | PC World by Gregg Keizer
Spammers have turned back the clock and are recycling a years-old tactic by planting their messages in images, a security researcher warned last week. Image spam, which hit a peak in late 2006 and early 2007, has made a comeback, said Holly Stewart, the threat response manager of IBM Internet Security System’s X-Force team. After barely registering during most of 2008, image-based spam accounted for about 25% of all spam by the end of last month.
Microsoft dumps notorious ‘WGA’ name, keeps anti-piracy tech in Windows 7
7 May 2009 | Computer World by Gregg Keizer
Microsoft has renamed its anti-piracy technology and, starting with Windows 7, will downplay the components that enraged users in the past, a company manager said today. Windows Genuine Advantage, or WGA for short, has been dumped as the moniker for the company’s anti-counterfeit software. It will be replaced by the new Windows Activation Technologies (WAT), said Alex Kochis, director of the company’s Genuine Windows group. The name change came from a realization that users had a better grasp of product activation, the key-based process that Microsoft requires for its operating systems.
Related News: Microsoft outlines Windows 7 anti-piracy measures 8 May 2009 | PC Authority by Staff Writers
Gotcha!
Exclusive: Steve Jobs’ Amazon.com Account Hacker, Hack Claims
14 May 2009 | Cult of Mac
A hacker claims to have broken into Steve Jobs private Amazon.com account. The hacker is trying to sell details of Jobs Amazon.com account to journalists, including Jobs purchase history for several years and his credit card number. According to the hacker, who identifies himself as orin0co, Jobs is an avid online shopper. Jobs has purchased 20,000 items from Amazon.com in the last 10 years, the hacker says. That’s 2,000 items a year, or more than 5 items a day, every day. I got myself a hold of this information, the hacker wrote in an email sent from a secure Hushmail account.
Related News: Hacker claims whaling expedition harpooned Steve Jobs (14 May 2009 | The Register by Dan Goodin)
Meet Francis, a failed phisher
7 May 2009 | Computer World by Paul McNamara
The subject line alone was enough to unmask this criminal mastermind: “This message it is confidential.” This message it is really not from the IRS. We’ve all seen cruder and more laughable specimens, but this one caught my eye because it showed up minutes after a call from my wife informing me that our refund check had arrived. That the real tax man would be sending a confirmation e-mail was conceivable for the split second it took me to hop from the phony sender address — about@irs.taxrefund.gov — to the stilted “This message it is …”
PC Tools Blogs
7 May 2009 | ThreatExpert Blog by Sergei Shevchenko
Peter Singer, a leading US defense analyst, who headed Barack Obama’s defense policy team during last year’s presidential campaign, believes that the world is on the brink of a “robotics revolution” in military combat that will have profound social, psychological, political and ethical effects. The US had invaded Iraq in 2003 with just over a handful of unmanned aerial drones, and no unmanned ground vehicles, he said. Today it used more than 7,000 drones in the air, and more than 12,000 unmanned ground vehicles capable of combat.
9 May 2009 | ThreatFire Research Blog
The Anti-Malware Testing Standards Organization finished up its meeting in Budapest, Hungary this week. PC Tools was in attendance at this meeting as well, seeing three new papers passed and contributing to others in progress. The AMTSO website has changed a bit, but the goals and our commitment to contributing to these standards and meeting challenges around anti-malware testing methodologies has not. Our second year of active participation should witness more outbound efforts by the organization.
