Tricky new malware challenges vendors

A tricky malicious program has become more prevalent in spam, but experts don't know what its creators plan to do with it. Many vendors are rating the malware - called "Warezov," "Stration" and "Stratio" - as a low risk. But they also say that it is tricky to deal with.

The malware is a mass-mailing worm that affects machines running Microsoft Corp.'s Windows OS. When the malware infects a computer -- usually after the user has opened an attachment containing the worm in a spam e-mail -- it sends itself out again to other e-mail addresses found on the computer. The code is then capable of downloading new versions of itself as frequently as every 30 minutes from a batch of Web sites.

Read the story HERE.

10 new Internet Explorer 7 Security Features

Microsoft has put a great deal of effort into making IE 7 more secure. Here are 10 of the new IE 7 security features and what they can do for you.

Read the article HERE.

==============================================
Old Windows Flaw Reappears in IE 7

The brand new Internet Explorer 7 browser is vulnerable to a browser window injection vulnerability that has plagued earlier versions of IE. Microsoft's freshly minted Internet Explorer 7 browser is vulnerable to a window injection vulnerability that has haunted earlier versions of IE since Dec. 2004, according to a warning from Secunia.

Read more HERE.

Vista's hardware intolerance

Windows Vista's licensing terms have raised eyebrows among PC enthusiasts. As previously reported, Windows Vista sports a new Software Protection Platform (SPP) aimed at curbing piracy. Among SPP's many features is a service that monitors PCs for evidence of significant hardware changes. New hard drive? New motherboard? Windows Vista will recognize and keep track of the hardware in your PC, much like its predecessor Windows XP did, and it will use that information to monitor licensing compliance.

Read more HERE.

Seagate to encrypt data on hard drives

Seagate has introduced a new hard drive security platform that it hopes will make data loss problems stemming from stolen and misplaced notebooks a thing of the past. Called DriveTrust, it works by encrypting all data on the fly using 128-bit AES encryption. Encryption and decryption is handled by a dedicated chip, which means that it won't need drivers to operate. Access to the drive's data can be limited either by a password, biometric means (e.g., fingerprint scanners), or a combination of both.

Read more HERE.

WinAmp Media Player - Critical Security Update

All WinAmp users should update to the latest WinAmp release to correct two critical security issues. Two vulnerabilities have been reported in Winamp, which can be exploited by malicious people to compromise a user's system.

WinAmp Media Player - Critical Security Update

http://www.kb.cert.org/vuls/id/449092
http://www.winamp.com/player/version_history.php#5.31
http://secunia.com/advisories/22580/

The vulnerabilities are reported in versions 2.666 through 5.3.
SOLUTION -- Update to version 5.31
http://www.winamp.com/player/

Source : Harry Waldron - Windows Security

$6,500 in Protection Coverage

Up to $6,500* in Identity Theft Coverage and Virus Protection Coverage is only available on PCs with a registered version of CA Internet Security Suite 2007 and Mobile Lifeline® properly installed. Up to $1,500 Virus Protection Coverage is only available on PCs with CA Internet Security Suite 2007 or CA Anti-Virus properly installed.

Read the Press Release HERE.

* Identity Theft and Virus Protection Coverage is only available in the United States. Identity Theft Coverage is not available to residents of New York and may not be available in other jurisdictions.

9 Reasons Not to Upgrade to Firefox 2.0

Firefox 2.0 has officially been released for download by Mozilla. Despite great fanfare, new features, and a growing user base, many problems are already surfacing with the new release of the Firefox browser. While some were already underwhelmed with the now-released product, and disputed the 2.0 badge, it seemed that the development was following the Mozilla Roadmap quite closely.

Read the story HERE.

MySpace Accounts Compromised by Phishers

Netcraft has discovered that the social networking site, MySpace, appears to have been compromised by phishers who have presented a spoof login form on the main site. This modified login form is designed to submit the victim's username and password to a remote server hosted in France.

Read the article HERE.

Bot nets likely behind jump in spam

A significant rise in the global volume of spam in the past two months has security analysts worried that bot nets are increasingly being used by spammers to stymie network defenses erected to curtail bulk e-mail.

Read more HERE.

Weekend Reading

Hacking Web 2.0 Applications with Firefox

AJAX and interactive web services form the backbone of “web 2.0” applications. This technological transformation brings about new challenges for security professionals. This article looks at some of the methods, tools and tricks to dissect web 2.0 applications (including Ajax) and discover security holes using Firefox and its plugins. The key learning objectives of this article are to understand the:

Read the article HERE.

==================================================================
Rutkowska: Anti-Virus Software Is Ineffective

Stealth malware researcher Joanna Rutkowska discusses her interest in computer security, the threat from rootkits and why the world is not ready for virtual machine technology.
Earlier this year, stealth malware researcher Joanna Rutkowska created a stir at the Black Hat Briefings when she demonstrated a way to infect Windows Vista with a rootkit and introduced Blue Pill, a new concept that uses AMD's SVM/Pacifica virtualization technology to create "100 percent undetectable malware."

Read the article HERE.

==================================================================
Viruses, phishing, and trojans for profit

Following the 2006 International Virus Bulletin Conference, Kelly Martin takes a look at the profit motives of the cyber criminals behind modern viruses, targeted trojans, phishing scams, and botnet attacks that are stealing millions from organisations and individuals.

Read the entire article HERE.

==================================================================
Phishing Domain Resale Market Booms

Internet addresses that appeal to identity thieves eager to rip off consumers are being posted by major domain resellers, a security company charged Friday. Finnish-based F-Secure has identified more than 30 registered domain names for resale on Cambridge, Mass.-based Sedo that would be of interest only to the legitimate holder of the trademark or to phishers.

Read the article HERE.

Office Genuine Advantage

Microsoft Office joins the validation program. If you don't like the mandatory antipiracy checks that Microsoft now enforces for Windows, brace yourself. The Microsoft Office productivity and collaboration suite is about to get a similar program.

The company's Office Genuine Advantage (OGA) program will require mandatory validation of Office software starting October 27, the software vendor quietly disclosed.

Read the article HERE.

Surprises Inside Microsoft Vista's EULA

Scott Granneman takes a look at some big surprises in Microsoft's Vista EULA that limit what security professionals and others can do with the forthcoming operating system.

Read more HERE.

==============================================
Which Vista Is the Right Vista?

Vista is finally — we think — arriving shortly. But, which, if any, Vista is the one you should buy for your home or company?
Eventually, we're going to see Vista come out. Yes, I know, even at this late date, Vista is still getting unexpected delays—it was set to go to manufacturing Oct. 25, but it's not going to make it—but it is on its way.

My question, though, is: What version will actually work for you come that day?

Read the article HERE.

IE7 : Yes or No ?

IE7: Are we right back where we started from?

The long-awaited Internet Explorer 7 debuted last week — and a brand new flaw promptly debuted a day later. While Redmond argued that the vulnerability actually comes from Outlook Express, it still affects IE7. But Mike Mullins says it doesn't bode well for the browser update, whose security enhancements Microsoft has been touting.

Read the entire article HERE.

==================================================================
Review : Just Say Yes to Internet Explorer 7

IE7 is a considerable improvement over IE6, and with new features such as tabbed browsing, RSS support, improved security and an integrated search box, it's well worth the upgrade. Page 4 has a positive security review.

Read the entire article HERE.

==================================================================
All IE 7 and Firefox 2 Vulnerabilities

A nice clean presentation of the current situation.

Read the article HERE.

Wi-Fi Exploits Coming to Metasploit

The Metasploit Project [which has dominated security news for the last few days] plans to add 802.11 (Wi-Fi) exploits to a new version of its point-and-click attack tool, a move that simplifies the way wireless drivers and devices are exploited.

The controversial open-source project, created and maintained by HD Moore, of Austin, Texas, has added a new exploit class that allows modules to send raw 802.11 frames at one of the most vulnerable parts of the operating system.

Read the entire article HERE.

Combating spam: an intelligent approach

Spam is email's worst foe. Research indicates that up to 90% of all email arriving in mailboxes is spam. Spammers make a fortune from their trade, but few countries take legal action against the offenders. Some people believe that you can't beat spam, and you should just accept it as an unfortunate fact of life alongside other misfortunes like inflation or famine. We disagree, not least because spam can be dangerous as well as time-wasting if it's not handled correctly.

Read more HERE.

Software Releases

Acronis True Image 10 Home

With the newest version of Acronis True Image Home protecting your family photos, home videos, music collection and important documents has never been easier. Copy your entire PC, including the operating system, applications, user settings, and all data using our patented disk imaging technology. Backup your music, video, and digital photos! Backup your Outlook e-mails, contacts, calendar, tasks, notes, signatures, news folders, e-mail rules and user settings with just a few mouse clicks! Restore all the settings for Microsoft Office, iTunes, Windows Media Player and dozens of popular applications!

Acronis True Image 10.0 Home combines simplicity with flexibility to ensure that you are fully protected and can recover from unforeseen events such as viruses, unstable software downloads, and hard drive failures.

Visit the website HERE.

==============================================
eEye Introduces Personal freeware

Blink Personal is the first free security product available to consumers to combine multiple layers of technology that protect against identity theft, worms, trojan horses and other attack methods hackers use, into a single agent that is unobtrusive, integrated and deeply-layered with security functionality.

Read the entire article HERE.

==============================================
GRISOFT launch AVG 7.5 product line

GRISOFT is announcing a new version of the AVG Anti-Virus Free Edition. This new 7.5 version with improved performance and user interface is available. Users that are using AVG Free 7.1 will be provided with a specific dialog, within the next few weeks, with the opportunity to choose the right option fulfilling their needs. AVG Free 7.1 version will be discontinued on 15th of Jan 2007.

More information HERE.

==============================================
Inprotect 0.22.5 Released

A new revision of Inprotect has just been released, 0.22.5 in order to fix bugs and implement feature requests submitted by the development team and users. Existing users are recommended to upgrade. PHP, Perl and MySql based web interface for the Nessus security scanner and Nmap port scanner. The system presents scan results via a Email notification, a HTML interface, or exported to a PDF file.

Visit the website HERE.

Secunia reports another IE 7 vulnerability

Secunia today reported a new vulnerability in Internet Explorer 7 (IE7) that can be exploited during phishing attacks. The vulnerability reporting firm said that an anonymous tip lead them to the vulnerability, which allows the browser to display a popup with a spoofed address bar that has special characters appended to the URL. The vulnerability makes it possible to only display a part of the address bar, which could potentially fool users into believing in the pop-up's credibility.

Read the article HERE.

==============================================
New Internet Explorer KB articles

When a Web page that hosts Flash advertisements in an iframe object refreshes itself dynamically, Internet Explorer may stop responding
http://support.microsoft.com/default.aspx?scid=kb;en-us;924928

You receive a security warning in Internet Explorer 7 when you visit a Web page that is hosted on a secure Web site:
http://support.microsoft.com/kb/925014

How to use Reset Internet Explorer Settings:
http://support.microsoft.com/kb/923737

Source : Spyware Sucks

Zero Day Flaw Found in MySpace

A researcher has published proof-of-concept code on a zero-day vulnerability he found on MySpace.com -- and another variation on the cross-site scripting (XSS) theme. Called XSS fragmentation, the vulnerability consists of multiple chunks, or fragments, of JavaScript malware that can slip by a filter or firewall because individually they don't constitute a security risk. But when they are combined after hitting the site, they can then be dangerous.

Read the article HERE.

Microsoft Decries Vista PatchGuard Hack

Microsoft officials say they are unhappy that security software maker Authentium has decided to bypass the controversial PatchGuard kernel protection feature in its next-generation Vista operating system, and said that the tactic could lead to eventual problems for users of the company's software.

Authentium isn't the only party to contend that PatchGuard can be bypassed easily. A security researcher associated with the Metasploit Project has already published an essay of the Uninformed.org IT exploit research site that proposes several different techniques that could be used to circumvent PatchGuard.

Read the article HERE.

ZoneAlarm's Auto-Updater Causes Confusion

While I was out in San Diego for a security conference last month, I struck up a conversation with a guy from Check Point Technologies, which makes the popular ZoneAlarm line of firewall products. I asked him whether the company had considered adding an auto-update feature to help users stay on top of new versions of the software that it seems to ship about once every month or two. Turns out that sometime in June an update the company shipped to the (free and pay) 6.5.x versions of ZoneAlarm allows the program to silently download and install fixes on its own.

Read the article HERE.

Patchguard

Security Vendor Bypasses Vista PatchGuard

Security software maker Authentium says that it has created a new version of its flagship product that circumvents the PatchGuard kernel protection technology being added to Microsoft's next-generation Vista operating system.

The company, based in Palm Beach Gardens, Fla., maintains that it has built a version of its Authentium ESP Enterprise Platform that can bypass PatchGuard without setting off the desktop alarms produced by the security feature when the Vista kernel is compromised.

Read the article HERE.

==============================================
Will PatchGuard be Vista's Maginot Line?

Mikhail Penkovsky at Agnitum also points out that the API model itself opens up the kernel to attack anyway. Why is it so risky to use KPP [PatchGuard] to provide kernel security for computers running Vista x64 rather than a third-party security solution?

Here’s an analogy. Today, every house has a different lock on its front door; in the same way, you can use any security product you want to protect your computer. Now imagine if every house in your city were required to use the exact same lock on its front door. As soon as a burglar figures out how to crack that lock, he can freely enter and steal from any house. This is what 64-bit Windows security will look like with PatchGuard.

Read the article HERE.

==============================================
Kernel Protection vs. Kernel Patch Protection (Patch Guard)

But even that all being said, I still think that PG is actually a very good idea. PG should not be thought as of a direct security feature. PG's main task is to keep legal programs from acting like popular rootkits. Keeping malware away is not it's main task. However, by ensuring that legal applications do not introduce rootkit-like tricks, PG makes it easier and more effective to create robust malware detection tools.

I spent a few years developing various rootkit detection tools and one of the biggest problems I came across was how to distinguish between a hooking introduced by a real malware and... a hooking introduced by some A/V products like personal firewalls and Host IDS/IPS programs. Many of the well known A/V products do use exactly the same hooking techniques as some popular malware, like rootkits! This is not good, not only because it may have potential impact on system stability, but, and this is the most important thing IMO, it confuses malware detection tools.

Read the article HERE.

Windows Defender for XP [unofficially] Released.

Windows Defender is a free program that helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software. It features Real-Time Protection, a monitoring system that recommends actions against spyware when it's detected and minimizes interruptions and helps you stay productive.

Windows Defender may be downloaded HERE.

Bot and Trojan Infections High - Rootkits Low

New statistics from Microsoft's anti-malware engineering team have confirmed fears that backdoor Trojans and bots present a "significant" threat to Windows users.

However, according to data culled from the software maker's security tools, stealth rootkit infections are on the decrease, perhaps due to the addition of anti-rootkit capabilities in security applications.

Read the article HERE.

New browser releases

Firefox 2 finally released

What can I say - if you want it, it's HERE.

==============================================
Opera Mini

Opera Software today announced that Opera Mini™, the free Web browser for mobile phones, is available for the popular BlackBerry™ and Palm® handsets. Opera Mini™ offers BlackBerry™ and Palm® Treo™ users a faster delivery of Web pages and overall better user experience.

Read the Press Release HERE.

Why Metasploit Publishes Hacker Tools

H.D. Moore, head researcher of hacker organization Metasploit, talks about why it's important to publish security exploits, the organization's relationship to the cops, and more.

The Metasploit Project takes penetration testing to a whole new level, not only finding vulnerabilities in applications, but also providing exploit code that so-called white hat and black hat hackers alike can use to test the real-world implications of these vulnerabilities.

Read the article HERE.

Is The Metasploit Hacking Tool Too Good?

The open source project already offers penetration testing tools and exploit code. Now it's going further, offering eVade-o-Matic, a tool to make it harder for to detect exploit code aimed at Web browsers. Has the group gone too far?

Next month, Moore will raise the already-high stakes when Metasploit releases a new piece of code--called eVade-o-Matic--that makes it harder for intrusion-detection systems and antivirus software to detect exploit code aimed at Web browsers. It's one thing to show people how to exploit software flaws; it's another to help attackers go unnoticed.

Read the article HERE.

Microsoft and SenderID

Microsoft is committed to working with the IT industry to help protect users and businesses from the blight of online threats. Sender ID, the leading e-mail authentication protocol, aims to help stop the spread of spam, phishing scams, malware and other online exploits in e-mail by helping address domain spoofing, a tactic used in over 95 percent of all exploits where the name in the "To:" line of the e-mail is forged.* Approved by the Internet Engineering Task Force (IETF) as an experimental Request for Comment (RFC) this past April, Sender ID gives customers greater certainty about the origin of an e-mail message and enables legitimate senders to more clearly distinguish themselves from spammers and online criminals.

Read the entire article HERE.

Wikipedia and the Trust Factor

Wikipedia represents one of the closest expressions ever seen of genuine anarchy -- a "self-regulating cooperative of free thinkers acting voluntarily for a greater common good." Their motto is "out of mediocrity, excellence."

Wikipedia has been around since 2001, which gives it whiskers in Internet terms. It is now the largest encyclopedia in the world with articles on more than 5 million subjects in 229 languages -- and an average of 1,515 new articles posted every day this month. It's also one of the most popular research tools on the Web; last month 33 million people used it.

Not bad for an organization with just one staff member. The rest of the work is done by thousands of nerdy anorak devotees -- self-confessed wiki-maniacs -- dedicated to the hubristic project of trying to assemble "the sum of all human knowledge."

Read more HERE.

Don't think you're SAFE

Don't think you're SAFE just because you only surf to SAFE sites. Any Web site can be a potential risk, although it can be said that he risk increases when the site is owned by a small business or the site does not have quality IT support.

Today we hit a prime example. A legitimate business Web site had been hacked, and anybody visiting was being attacked via several Web browser exploits. Ironically, the site in question is the public face of a development firm specialising in the creation of components for Joomla! and Mambo. A week ago the site was ok - today it is not. A nice little javascript and two iframe exploits have been added, which tries to infect visitors to the site with some lovely malware. Scanners variously detected:

Read the article HERE.

Pros and Cons of Switching From Windows To Mac

I have been using Microsoft software since the days when MS DOS 3.3 seemed like a pretty damn good upgrade. MS DOS 4.0 sucked but version 5 rocked! It took me a long time to be convinced that Windows 3.1 was a better program launcher than X-Tree Gold, but it happened eventually. Since then, I have been a sucker for every upgrade - 95, 98, NT 4.0, 2000, XP. (Notice I didn't mention ME. I'm not that much of a MS fan-boy.)

Read the entire article HERE.

==============================================
No Immunity for Macs

The fact of the matter is that despite Apple's work to maintain the image of Macs as secure devices, researchers are concentrating much more heavily on finding underlying security vulnerabilities in Mac software. As a result, we are seeing security patches for Apple software now on a regular basis.

Read the article HERE.

And an item from last week - if you missed it.

Firefox 2.0 debuts Tuesday

Firefox 2.0, the foremost rival to Microsoft Corp.'s Internet Explorer browser, is set for release Tuesday afternoon. The free 5-megabyte browser, available in 39 languages for Windows, Mac and Linux computers, will be downloadable from getfirefox.com .

Read the entire article HERE.

Microsoft blocks 'Black Hat' Vista hack

Microsoft has changed Windows Vista to prevent a hack that was demonstrated at a high-profile security event this summer, but the fix may spell trouble.

Read the entire article HERE.

Is Internet Explorer 7 Spying on Me?

Like many other people in the world today, I decided to install IE7 on my computer. Now, imagine my surprise when I was asked to validate my copy of Windows before I continued to install Internet Explorer! With the Windows Genuaine Advantage scandal still fresh in my mind, I was curious as to what the installer was doing when it was “validating” my copy of Windows.

There are definitely some disturbing things happening behind the scenes on your computer when you need to validate Windows during the installation of IE7. This entire issue deserves some media attention and further research.

Read the entire article HERE.

Weekend Reading

Privacy under attack, but does anybody care?

It's vanishing, but there's no consensus on what it is or what should be done. Someday a stranger will read your e-mail, rummage through your instant messages without your permission or scan the Web sites you’ve visited — maybe even find out that you read this story. Perhaps someone will casually glance through your credit card purchases or cell phone bills, or a political consultant might select you for special attention based on personal data purchased from a vendor. In fact, it’s likely some of these things have already happened to you.

Read the entire article HERE.

==================================================================
The Sexy Librarian

Talk about an interactive search engine. A new search site called Ms.Dewey features a sultry woman who makes wisecracks related to the keywords that are typed in. The search results appear as a long, scrolling list in a window that pops up on the upper right.

Read the article HERE.

==================================================================
Security: The importance of key management

It is difficult to pick up a newspaper these days without reading about another high-profile data security breach, whether it is the loss of a laptop or a tape. Stored data is finding its way outside the corporate perimeter and into the hands of malicious individuals. The implication is clear: Data is now mobile. No longer can IT assume that important data is only stored within the confines of the glass house. It is shared with business partners, replicated to multiple data centers, and copied onto different media types that may ultimately be transferred to a third party.

There are two parts to the data security conundrum: securing data in flight and securing data at rest. Data in flight refers to the secure transfer of data from point A to point B across either a corporate network (e.g., LAN or SAN) or over the Internet. Securing data at rest entails protecting data from tampering and access while it is stored on laptops, tapes, and disk systems.

This article focuses primarily on approaches that secure data at rest. However, several of these approaches partially address the issues of securing data in flight, too.

Read the article HERE.

Opera - my browser

Opera Says It Can Compete In Browser Battle

Even as Microsoft Corp.'s Internet Explorer 7 rolls out to users and Mozilla Corp.'s Firefox 2.0 nears completion, rival Opera Software remains convinced it can compete, a company executive said Thursday.

Chief Technology officer, Hakon Wium Lie was particularly critical of Microsoft's IE 7, which he said was "disappointing." The IE development team, said Lie, had been given the short end of the stick by Microsoft. "They haven't taken things seriously, and haven't given the necessary resources to IE 7. They could have built a new rendering engine, but instead they used [the engine that debuted with] IE 4. "That's like taking an old car and giving it a new paint job," said Lie.

Read the article HERE.

====================================================
Opera 9.1 will include Fraud Protection

As presented at the Opera Backstage event in London today, Opera 9.1 will include enhanced fraud protection. Today we display the name of the certificate owner in the right end of the address field when you're on a secure site. In 9.1 we will reuse that field to display more information about the trust level of the site you visit.

Read the article HERE.

====================================================
Opera browser patches buffer overflow

The patch is a relative rarity for Opera, which consistently has the lowest vulnerability count every year, but also has the lowest market share among the major Internet browser for the Windows operating system.

Read the article HERE.

====================================================
Opera for me

No web browser is ever going to be 100% secure; that's just the nature of the beast. Do a search for Firefox vulnerabilities and you'll see that they also have their share of problems.

This is best for people used to Internet Explorer and want a nice, simple, small browser. It's got an excelent GUI and some great features. It's also now free.

Surfing the net with Opera, as a limited user - not as an Admimistrator - is still [IMHO] the safest way to be online.

Microsoft Doesn't Need to Open PatchGuard

In an interview with BetaNews on Friday afternoon, Sophos senior security analyst Ron O'Brien suggested that, even though his company plans to participate with Microsoft's program to build a security services API for Windows Vista SP1 -- and perhaps because of that fact -- Microsoft does not need to create a bypass mechanism for its upcoming PatchGuard kernel lockdown service, as other vendors have recently insisted.

"Two of our largest competitors, McAfee and Symantec - which clearly have anti-virus products that compare to Sophos - have publicly complained that being locked out of the Vista kernel somehow prevents them from being able to innovate," O'Brien noted.

"I would say that the opposite is really true.

Read the article HERE.

Interview with a link spammer

You could be aiming at 20,000 or 100,000 blogs. Any sensible spammer will be looking to spam not for quality [of site] but quantity of links. When a new blog format appears, it can take less than ten minutes to work out how to comment spam it. Write a couple of hundred lines of terminal script, and the spam can begin.

Read the article HERE.

Spam Trojan Installs Own Anti-Virus Scanner

Veteran malware researcher Joe Stewart was fairly sure he'd seen it all until he started poking at the SpamThru Trojan—a piece of malware designed to send spam from an infected computer.

The Trojan, which uses peer-to-peer technology to send commands to hijacked computers, has been fitted with its own anti-virus scanner—a level of complexity and sophistication that rivals some commercial software.

Read the entire article HERE.

Lost USB Drive - Ask For Help

I shudder at the thought of losing my USB drive. “So,” I thought, “what could I do to help ensure that I get my lost USB drive back?” After some consideration, I came up with a few ideas.

Read the entire article HERE.

Top 10 open source Windows apps

Open source organizations are often non-profit and made up of volunteer developers who release free software because they believe users have a right to control their data.

See this excellent list HERE.

Internet Explorer Vulnerability Test

Secunia reports a [active scripting] vulnerability has been discovered in Internet Explorer, which can be exploited by malicious people to disclose potentially sensitive information.

Which says a lot for the "you wanted it easier and more secure" slogan at Microsoft's IE Website.

Test your browser HERE.

==============================================
Microsoft Security Response Center Blog

These reports are technically inaccurate : the issue concerned in these reports is not in Internet Explorer 7 (or any other version) at all. Rather, it is in a different Windows component, specifically a component in Outlook Express. While these reports use Internet Explorer as a vector the vulnerability itself is in Outlook Express.

Read more HERE.

Zombies blend in with the crowd

Hackers are trying harder to make their networks of hijacked computers go unnoticed. Cybercrooks are moving to new Web-based techniques to control the machines they have commandeered, popularly referred to as "zombies." Before, they used to send orders via Internet chat services, but with that method, they ran the risk of inadvertently revealing the location of the zombies and themselves.

The change in tactics makes it harder to identify zombies on a network, and it becomes tougher for security professionals to use the hackers' own tools to spy on them. In addition, the switch to Web-based control increases the threat of zombies to enterprises and other organizations, as that method can't be blocked as easily as the previous technique."

Read the entire article HERE.

Security Suites Compared

Eight of the biggest names in security go head to head in this round up of the best (and worst) of the apps that aim to keep you safe.

CA Internet Security Suite 2007
Kaspersky Internet Security 6
McAfee Total Protection
Norton Internet Security 2007
Panda Internet Security 2007
Trend Micro Internet Security 2007
Windows Live OneCare
ZoneAlarm Internet Security Suite 6.5

Read the review HERE.

==============================================
Stop Viruses for Free!

For those of you that prefer individual utilities for your protection here is a comparison of 3 free anti-virus programmes. The interesting fact about them is that all three start with the first letter of the alphabet, their names being Avira PersonalEdition Classic, AVG Free Edition and Avast! Home Edition.

Read the article HERE.

==============================================
Active Virus Shield

It's a shame they forgot the most important "A" - Active Virus Shield.
The opening line from the link above is "I am not going to hide myself from the truth, but plainly admit it: Avira AntiVir is my favorite, but that doesn't mean it's the best one here."

Yes it is - and I used it for many years. Sadly, AVS does not play well with others so it had to go.

Active Virus Shield, on my Essential Software list, is now my first choice of FREE anti-virus software. Why ? Because it uses the Kaspersky Lab engine. There is none better - IMHO.

The programme may be downloaded HERE.

==============================================
BitDefender 10 awarded certification

BitDefender, [we are now moving to the second letter in the alphabet] which rates second in response time has announced that BitDefender 10 was awarded VB100% certification from Virus Bulletin for its ability to detect 100% of the viruses on the WildList.

Read the article HERE.

Opera Web Browser Vulnerability

A vulnerability has been reported in Opera Web Browser, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error when processing overly long URLs. This can be exploited to cause a heap-based buffer overflow by passing an overly long URL (more than 256 bytes) in a tag.

The vulnerability is reported in versions 9.0 and 9.01 on Windows and Linux. Version 8.x is reportedly not affected.

Secunia Advisory: HERE

Update to version 9.02 HERE.

Internet Explorer 7 Available Now

The long awaited IE7 has been officially released. Get it now from the Microsoft website. After over a year and a half, IE7 has been released to the public as of Monday afternoon.

Download it directly from http://www.microsoft.com/ie.

Read the entire article HERE.

Apple Says iPods Shipped With Virus

Apple Computer this week warned customers that some Video iPods sold over the past five weeks were shipped with a computer virus capable of infecting computers running Microsoft Windows and exposing them to attacks by hackers.

Ed Felten, director of the Center for Information Technology Policy at Princeton University, said many Windows users who have this virus on their machines may not have noticed, as it silently installs itself when the users merely plugs the device into their computer.

Read the article HERE.

==============================================
McAfee releases iPod virus removal tool

McAfee has released a new version of its McAfee Stinger utility to detect and remove specific viruses, including the W32/RJump.worm and W32/QQPass.worm, another Windows-based virus that can be found on other MP3 devices.

According the McAfee, the W32/RJump.worm, which was discovered June 20, 2006, recently re-appeared on video iPod devices released by Apple late September.

McAfee Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system.

McAfee AVERT Stinger

Practical Onion Hacking

On October 4th one of our readers sent in a very worrying analysis of what appeared to be "traffic modification" (in his words) on the part of the Tor network.

"Clearly Tor's designers have done a pretty good job: I couldn't find any weakness in Tor itself that violate the tenets set out at http://tor.eff.org/ (basically that end-to-end traffic analysis is always possible, but the traffic analysis should [be] difficult to everything but a global Echelon). So instead, I attacked the data which Tor carries the most of: web traffic."

Read the entire article HERE.

Download the [PDF] paper HERE.

Patches Available for Bluetooth Flaw

Security flaws present in the software components that power wireless communications over Bluetooth on a number of popular laptop models could let attackers compromise vulnerable machines.

Read the article HERE.

The False Promise of Browser Security

All Web browsers are insecure to some degree, because they all must work with flawed code in the operating systems. There are some indications of progress, such as frequent patches from Microsoft and Mozilla to close security holes. Still, these actions may be too little too late if a zero-day exploit is the attack weapon.

Read the article HERE.

Mozilla Firefox 2 and 3

Firefox 2 Release Candidate 3 is a preview release of the next generation Firefox browser and is being made available for download to users who want to get a sneak peek at the next version of Firefox. Please note that at this time, users should not expect all of their extensions, plugins and themes from previous versions of Firefox to work properly. A quote from Mozilla engineer Mike Schroepfer at ComputerWorld - "If there are no showstoppers, RC3 will be it" - indicates that this may well be the real thing.

Release notes and download link HERE.

==============================================
Firefox accepting suggestions for version 3

The Firefox web browser has come a long way since the project was announced as a fork from the open-sourced Mozilla project. Version 1.0 was released in 2004 and quickly won critical acclaim for its speed, compatibility with web standards, and features. In a couple of years, Firefox managed to reach a milestone that its predecessor never quite reached: hitting 10 percent market share worldwide. Version 2 of the browser recently hit Release Candidate 2, but the team is already making plans for 3.0. The Mozilla organization has set up a feature brainstorming web site that allows everyone to enter their favorite wish lists for the open source browser.

Read the article HERE.

Apple more secure than Windows ?

With exploit code for an OS X vulnerability released recently and a compromised Australian university Mac server caught hosting malware in August, it may be time Apple admitted its platform is no more secure than any other.

Read the article HERE.

MySpace Predator Caught By Code

Wired News editor and former hacker Kevin Poulsen wrote a 1,000-line Perl script that checked MySpace for registered sex offenders. Sifting through the results, he manually confirmed over 700 offenders, including a serial child molester in New York actively trying to hook up with underage boys on the site, and who has now been arrested as a result.

MySpace told Congress last June that it didn't have this capability.

Read the article HERE.

Encrypted email service protects users

TrustedPear cannot be spammed, and cannot spam. Typically, spammers and phishers exploit a person’s email address, or a block of addresses from certain Internet service providers. TrustedPear™ doesn’t use public email addresses. Thus, no phishing exploit can be sent to a TrustedPear user.

Read the article HERE.

Set up a phishing site for $30

The marketplace for phishing toolkits, which can allow technophobe criminals to quickly and easily set up spoofed versions of banking Web sites, is booming, with kits changing hands for as little as US$30.

The kit makers publish and test against signature detection as part of their advertising portfolio - 'not detected by antivirus, not detected by heuristics, not detected by signatures'.

Read the article HERE.

Would you like fries with your spyware?

McDonalds recently ran a contest for winning a free MP3 player for text messaging a code. It appears that 10,000 people won an MP3 player and couple free songs. What they didn't account for was winning some free spyware with their player. It seems that McDonalds didn't think to carefully choose the vendor that supplied their McDonalds branded MP3 player very well.

This story is early in its bad media cycle so it will be interesting to see how badly it gets spun and how McDonalds will deal with the issue.

Read the entire article HERE.

What first - the customer or public image?

Within the last two weeks two incidents occurred that appear to reflect certain organizations' fear of public disclosure to the point of putting their customers at risk. In the first incident, Microsoft's license verification process (WGA) failed for a short time causing end user device connectivity issues. In the second, Cisco's Remote Operations Services (ROS) network, which is connected to customer networks, was infected by a worm. Let's take a look at each incident.

Read the article HERE.

Weaknesses of Anti-virus programmes

The moment the First Programmer created the First Program, the probability of attempts being made to attack it increased by one. Robert will describe how anti-virus programs detect the presence of a virus in the system and how to perform an attack against a system using an anti-virus program.

Read the article HERE.

MySpace phishing scam targets music fans

Con-men have developed a phishing attack targeting MySpace music fans that highlights the evolving use of social engineering techniques in money-making spam emails.

Junk emails featuring the attack have been spammed out to thousands of computer users around the globe in the last week, to trick them into visiting one of a series of bogus websites that pose as an online music store. The emails typically pose as MySpace contact emails, increasing the chances that prospective marks will be duped by the messages.

MySpace boasts an estimated 43m users, far more than any online bank, so even though their spam emails are being distributed indiscriminatingly they are far more likely to reach users of the targeted service.

Read the article HERE.

The future of malware: Trojan horses

Worms, viruses or Trojan horses spammed out in general are not a grave concern anymore, security experts say. Instead, especially for organizations, targeted Trojan horses have become the nightmare scenario.

Read the article HERE.

Weekend Reading

IE7 Installation and Anti-Malware Applications

A few people have asked why we recommend temporarily disabling anti-virus or anti-spyware applications (which I’ll refer to together as anti-malware) prior to installing IE7, so here’s a little insight to the situation.

Read the entire article HERE.

==================================================================
How to Block IE 7 from Auto-Installing

The final version of IE 7.0 will be available anytime this month on Microsoft IE Website. Like other Microsoft Security Updates and Patches, Internet Explorer 7 will also be distributed via Automatic Updates for Windows XP SP2 and Windows Server 2003 SP1 users.

If you have disabled Automatic Updates on your Windows system, you will be prompted to download and install IE 7 when you perform a manual scan for updates using the Express install option on the Windows Update or Microsoft Update sites.

Read the article HERE.

==================================================================
Getting Started with Linux

We have developed this course for one basic reason: To bring the newcomer to Linux to the point where you can, using Linux, do everything that you do with MS Windows and much more. Due to the fact that Microsoft, enjoying an illegal monopoly, has its operating system installed on 90% of the world's computers, this course is mainly aimed at people who want to migrate to Linux from Microsoft products.

Start your new [ safe ] online experience HERE.

==================================================================
Terrorism toolbar

It’s a “terrorism” toolbar made by Conduit (formerly EffectiveBrand) and distributed by an apparent security firm run by a fellow who advertises himself as “Internet Anthropologist”.

Read the article HERE.

Disk encryption with Microsoft's Vista

Microsoft’s Vista operating system promises perfect protection but there are always some risks. Until now, it has been all too easy to hack into Windows-based systems. Anyone who starts the PC using boot media such as a Linux live CD can just prise protective mechanisms such as the NTFS-based EFS (Encrypting File System) out of the way, as EFS doesn’t encrypt all the data saved on the hard disk. Numerous pre-boot and system files, as well as temporary data, remain accessible this way.

Read the article HERE.

For Sale - Certifications!

In the past, there's been a lot wrong with the IT Certification process. I'm sure just about everyone knows some [edited] that can't do anything but is really great at dropping buzzwords and creating really complex sounding explanations for everything. Certification will never be perfect - that's nothing new.

Read the article HERE.

Cool new tool [toy]

OK, I admit, I'm a hopeless toy junkie. But sometimes, something comes across my desk that I think is so simple and obvious, I wonder why no one ever did it before. The new USB to IDE/SATA Bridge Adapter from Granite Digital is one of those things. For $40, all in, you get a well designed, high speed, bridge that lets you connect any IDE or SATA drive you happen to have lying around to any computer. Without opening up anything, and without worrying about one of those chintzy cases causing thermal drive failure.

Read the article HERE.

Security expert: User education is pointless

Forget about teaching computer users how to be safe online.

Users are often called the weakest link in computer security. They can't select secure passwords, and they write down passwords and give them out to strangers in exchange for treats. They use old or outdated security software, can't spell the word "phishing," and click on all links that arrive in e-mail or instant messages, and all that appear on the Web.

That's the reality. Read the article HERE.

Security vs. usability : No one's winning

Usability of security software is partly to blame for low protection levels in many computers, according to international security experts. University of Auckland computer scientist Peter Gutmann said many security standards were written 10 years ago and have mostly just been tweaked since then. There is also a mindset within the general population that computers are relatively new and people are unaccustomed to the importance of information security.

Read the article HERE.

Mighty Key - the new secure USB?

Anything labeled a "must-have" from a security company that we've never heard of is flips on our huckster radars, and a new startup called Atomynet purports to sell its new "Mighty Key" portable security solution.

Well, it doesn't help that their device is still only a mock-up, and yet they have "feedback" on the company's website, which, incidentally, reads like it was written by a D-average middle schooler.

Read the article HERE.

Cybercrime flourishes in hacker forums

Criminals covet your identity data like never before. What's more, they've perfected more ways to access your bank accounts, grab your Social Security number and manipulate your identity than you can imagine.

Want proof? Just visit any of a dozen or so thriving cybercrime forums, websites that mirror the services of Amazon.com and the efficiencies of eBay. Criminal buyers and sellers convene at these virtual emporiums to wheel and deal in all things related to cyberattacks — and in the fruit of cyberintrusions: pilfered credit and debit card numbers, hijacked bank accounts and stolen personal data.

Read the article HERE.

SentryBay claims key-logger killer

Security firm SentryBay has thrown down the gauntlet to virus writers and hackers by claiming to have developed a platform that is impervious to key-logger software.

EntryProtect aims to prevent corporate data theft and unauthorised access to enterprise applications by preventing the logging of user names, passwords, credit card numbers, social security numbers and all other personal identifiers.

Read the article HERE.

Your Favorite Security Technology is Dead

I grew up in Battle Creek, Michigan. The winters could get bone-chilling cold. Having a warm coat and a good set of thermals was essential. Nonetheless, you would have been nuts to walk out the door without your gloves and hat on as well. Wool socks and a scarf didn’t hurt either.

The way some organizations seem to be protecting their systems today is like sauntering out into the winter chill with their coat on but nothing else. Now, it might be a great coat, but it’s just not made to keep your hands toasty and your head warm. Ditto for firewalls and antivirus. Both are essential, but they were not designed to block exploits inside network traffic or recognize and block a fraudulent Web site. It doesn’t make much sense to curse your coat for a cold head and hands, nor should you spite your AV or firewall for not preventing every possible bad thing from happening to your systems.

Read the article HERE.

Microsoft Fixes Record 26 Security Holes

Microsoft today issued a record-breaking number of security updates, fixing at least 26 separate security holes in its Windows operating system and other products, including 16 vulnerabilities in Microsoft Office and Office components. By my count, this is the largest number of flaws Microsoft has fixed in one go outside of a Service Pack.

Read the entire article HERE.

==============================================
What got patched, what didn't get patched...

Keeping track of what isn't patched and resolved:
(and these days I'm keeping as much of an eye on that as the patched stuff

Read more HERE.

Windows XP SP1 support comes to an end

Is anyone out there still running Windows XP Service Pack 1 (SP1)?

[ YES - ME !!! - much to the amazement of some - see Readers Comments in link.
And, as is seems that we have no choice now, better check "Microsoft's tips on upgrading".]

If there is, then you should know that support for the operating system is officially coming to an end October 10. While Microsoft only guarantees support for a service pack 12 months after the following service pack's launch, SP1 was supported for over two years considering SP2's August 2004 release.

Read the article HERE.

[ The next Service Pack for Windows XP - SP3 - isn't due for release until late 2007 ]

Free software - Acronis 7 and KeyScrambler

KeyScrambler 1.1

Users of Internet Explorer and Firefox will enjoy increased computing security for the anti-keylogger tool protects all logins, not just one or two sites, and does so by encrypting the user’s keystrokes at the kernel driver level, before keyloggers can record them. "We’re offering the Personal edition absolutely free because we believe every user deserves at least this much protection from keyloggers," says Qian Z. Wang, the CEO of QFX Software.

Visit the website HERE.

==============================================
Acronis True Image 7.0 for Free!

Register now and receive Acronis True Image 7.0 for Free!

Filling in the form will get you an e-mail with a link to a page with your account password to the site. Going to the link will get you a serial number via e-mail. You can then log-in to your account and download the software. It is not the newer version 9 but it is free.

Source : Donna's SecurityFlash

A look at Firefox 2.0 RC2

The official release of Firefox 2.0 is right around the corner and the second release candidate (RC2) was made available last week. Release candidates provide insight into the features and functionality that will be available in the final release. Much has changed since the Firefox 2.0 alpha builds were made available to the public early this year.

Read more HERE.

Top 10 Web 2.0 Attack Vectors

Web 2.0 is the novel term coined for new generation Web applications - start.com, Google maps, Writely and MySpace.com are a few examples. The shifting technological landscape is the driving force behind these Web 2.0 applications. On the one hand are Web services that are empowering server-side core technology components and on the other hand are AJAX and Rich Internet Application (RIA) clients that are enhancing client-end interfaces in the browser itself.

This technological transformation is bringing in new security concerns and attack vectors into existence. Yamanner, Samy and Spaceflash type worms are exploiting “client-side” AJAX frameworks, providing new avenues of attack and compromising some of the confidential information.

Read the entire article HERE.

Tracking down hi-tech crime

If every hour a burglar turned up at your house and rattled the locks on the doors and windows to see if he could get in, you might consider moving to a safer neighbourhood. And while that may not be happening to your home, it probably is happening to any PC you connect to the net.

Read the article HERE.

Internet Explorer 7 in toolbar mayhem

I've read many articles about Internet Explorer's 7's new security features and coupled with the imminent release of Vista this got me interested. I recall seeing a rather funny screenshot (which I found on the internet) which showed Internet Explorer 6 in Windows XP stuffed full of spyware/toolbars/etc. I wanted to see if IE7 was any better than that screenshot of IE6, how would it cope with a user that simply clicked 'yes/allow/next/accept' to everything that was presented to them.

In addition, I wanted to see how the User Account Control reacted to this, and in the end, could I restore IE7 to it's former glory.

Read the article HERE.

USB Hacksaw

The USB Hacksaw is an evolution of the popular USB Switchblade that uses a modified version of USBDumper, Blat, Stunnel, and Gmail to automatically infect Windows PCs with a payload that will retrieve documents from USB drives plugged into the target machine and securely transmit them to an email account.

Read more HERE.

McAfee Spam Test Results

Over 97% of users got at least one question wrong. This means that almost all of us are leaving ourselves wide open to being ravaged by spam. Submitting your email address to just one spammy site can result in receiving over 1000 spam mails a week.

Read the results and take the test HERE.

Insecurity in Open Source

Debates over what methods result in the best software often pit those who favor an open-source approach against proponents of proprietary, or closed-source, development. Conventional wisdom holds that open-source software should have fewer security flaws than proprietary software. With more eyes able to look at the underlying source code, bugs should be found and squashed much faster

Read the article HERE.

Google Search peers into everything

Want to know which programs have security issues that need to be fixed? Using Google Code Search, finding likely candidates is a snap. Security professionals warned developers on Thursday that they need to be aware that their open-source repositories can now be easily mined, allowing attackers to target programs that are likely to be flawed. While Google could previously be used to look for specific strings, now the search engine riffles through code that much better.

Read the article HERE.

==================================================================

More fun with Google Code Search

Google Source Code Bug Finder

==================================================================
Personalised search with Google

OK, so this is way off topic - but - who doesn't like to see their name in lights. Create your own personalised search page HERE or view the new Vanishorg Google page HERE.

Weekend Reading

Security 'hit-list' for 2007 revealed

Laptop security and mobile viruses should be top of the IT agenda next year, says the SANS Institute. VoIP and the contentious issue of mobile phone viruses also feature on one organisation's 'hit-list'.

Read the article HERE.

==================================================================
Parents struggle to monitor safety as kids

Snooping through the family computer, a woman discovered that her 13-year-old daughter and some girlfriends had posted profiles on the Internet site MySpace. Word spread, and soon the other moms had ordered the youngsters to delete their profiles.
But that didn't deter the River Dell Middle School students. As more adults try to keep electronic tabs on their offspring - in many cases out of concern for their safety - teenagers are finding new ways to protect their privacy. In an era when businesses and governments routinely employ what some consider Big Brother-like surveillance, parents eavesdropping on their children's online activities has become a game of cat-and-mouse.

Read the article [Sept. 6,2006] HERE.

ChatChecker Lite

ChatChecker Lite is an easy-to-use parental control system for instant messaging. The free ChatChecker Lite service lets you capture and record instant message conversations on one PC in your home. Once installed, you can login from any web connection to review instant messaging activity within the last 24 hours and set up or change your watch-word alerts.

Visit the website HERE.

==================================================================
Virus writers are funny

In February of this year, Virus Bulletin published one of my articles in which I was speculating about the meaning of a message that a certain virus was displaying. When executed, the virus randomly (a one in 1,983 chance) chose whether or not to display the message “GeNeTiX is EVIL!”

Read the article HERE.

==================================================================
The sad state of computer security

I teach computer security for a living. Last week, a class of mine asked which vendor had the best security. I responded that they all are pretty bad. If you aren't using OpenBSD or software by D.J. Bernstein, then every other product in the world is pretty bad in comparison.

Read the entire article HERE.

Panda Software’s Weekly Virus Report

The creators of Spamta seemingly don’t let up. According to PandaLabs, new variants of this worm are appearing at a rate of about 10 a day. The variants are similar to each other, with the only difference being the message used as bait and in some cases, the message displayed when the worms are run.

Read the report HERE.

Windows Vista Build 5744 Released

Today Microsoft released what is expected to be the final build of Windows Vista to leave Redmond before the final RTM (Release to Manufacturing) code.

Read more HERE.

Symantec and McAfee Drivel

That is it. I have had about my belly full of Symantec and McAfee drivel. The PR crud they are both putting into the public realm is annoying to say the least.

Or so says Nick Whittome - "The Naked MVP"

==============================================
PatchGuard and Symantecs Complaints

But here’s the $64,000 question: How many of you have installed “security” products from Symantec, McAfee, and others… only to find your system is much slower than before you installed it? I bet it’s a lot. Would you believe that your system is less secure too?

Robert McLaws: Windows Vista Edition

==============================================
Symantec AntiVirus Kernel Vulnerability

Local exploitation of a design error vulnerability in Symantec Corp. AntiVirus can allow an attacker to execute arbitrary code with kernel privileges.

Read the advisory HERE.

Understanding Phishing Attacks

Markus Jakobsson is a computer science professor at Indiana University and has done some excellent work on understanding phishing attacks. I’ve blogged about some of Markus’ research in the past and I thought I’d share some information about some recent work of his that focuses on the question: What causes people to fall for phishing attacks?

To understand many of these risks, you have to understand what is and isn’t easy for phishers to do. That requires knowledge of technology, various operating procedures, and the tools phishers can use, among other things.

Read the article HERE.

Phishtank

This week saw the launch of Phishtank, a free, community-based service that puts the "phun" back into phish reporting. The service was created by OpenDNS, a start-up that hopes to offer consumers and businesses a safer and speedier domain name system (DNS) resolution service (DNS is what translates Web site names into numeric addresses that are easier for machines to process).

Check out Phishtank's homepage and you'll see some of the more recent submissions, along with links to screenshots of the phishing site, as well as a form you can use to see whether a phish you've received has already been submitted. I submitted a couple that I'd received over the past two days; turns out they'd already been sent in.

Read more HERE.

Microsoft to release 11 Security Patches

Microsoft reported that it will release a total of 11 updates for its Windows operating system and Office productivity suite as part of its monthly security bulletin for October. Microsoft did not release specific details of any of the problems it is hoping to fix with the security updates, or the number of bulletins that would be related to critical issues. However, the Redmond, Wash., company has said previously that its October patch release will include a fix for the so-called SetSlice flaw discovered in the Internet Explorer browser.

Read the article HERE.

Windows Vista Piracy Protection

Windows Vista will ship with anti-piracy technology that will lock down the OS if it has not been activated within 30 days of first use, Microsoft announced today. If the OS is not activated, Windows will switch to a reduced functionality mode that will cripple the OS.

Read the story HERE.

Russian hackers jailed for eight years

Three Russian hackers convicted of running denial of service attacks against UK bookies have each been sentenced to eight years imprisonment and fined $3,700.

Read the article HERE.

IE Used to Launch IM and Questionable Clicks

Last month, a particular Instant Messaging attack was infecting users via Yahoo Instant Messenger and causing all kinds of problems. This month, we've discovered a variant that's linked to a sophisticated piece of possible clickfraud (depending on how you define it). We often hear about Botnets in relation to this kind of scam - indeed, a common tactic which we've seen a number of times is to hijack the infected drones' homepage and fill it full of clickable adverts that bring in a return for the Botnet owner. Here, we have an attacker going one step further and doing away with the complicated aspect of the Botnet altogether, substituting it for a more straightforward scheme involving the worm mentioned above as a launchpad. Effectively, we have a Botnet without bots, and the potential for financial fraud is in some ways more severe, because of the ease with which this particular attack spreads. First, let's take a look at the technical aspects of this attack...

Read the report HERE.

Unofficial patches available for IE6 exploit

A buffer overflow [CVE-2006-3730] in an ActiveX control for Internet Explorer 6 for Microsoft Windows XP with SP2 installed can crash the web browser and allow remote code execution.

A test is available to see if your web browser is susceptible to the vulnerability.
If your web browser is vulnerable it WILL crash when the test is performed.
Click here to test your web browser.

Microsoft is working on a patch, currently scheduled for an October 10 release, as part of its regular Patch Tuesday update cycle. "We are aware of Web sites attempting to use the reported vulnerability to install malware. Our investigation into these Web sites shows that, in most cases, attempts to install malicious software by exploiting this vulnerability fail. This is due to specific technical factors related to the vulnerability."

Read the Microsoft Security Advisory (926043) HERE.

A patch is available from Determina.
Click here to visit Determina's web site for more information.

ZERT has updated ZProtector to protect against this vulnerability.
Click here to download ZProtector. zip file.

The Truth About Claimed Firefox Exploit

A colorful duo of young hackers at the Toorcon security conference presented evidence Saturday that suggested a previously undocumented flaw in Mozilla's Firefox Web browser is actively being exploited to compromise machines of users cruising the Web with the browser.

Both speakers lectured at length about ways to cloak your identity online to engage in criminal activities, ranging from creating botnets to installing spyware on users' machines. They ardently urged those in attendance to use their knowledge to "ruin things" as much as possible for Internet users.

Read the article HERE.

Another Rise in IM Attacks

Instant messaging security firms are reporting a dramatic rise in the number of attacks. Akonix Systems said the month of September holds the dubious distinction of having the most attacks in any month this year at 64. The September figure follows a disastrous August in which Akonix reported a 200 percent increase in the number of IM vulnerabilities.

Read the report HERE.

AVG 7.5 security portfolio released

GRISOFT, the supplier of AVG security software, today announced the global launch of AVG 7.5 security portfolio with the most comprehensive product line ever released. The extended security offerings for home, SMBs and enterprise users comprise improved and new products, including AVG Internet Security 7.5, an all-inclusive security suite.

Read the press release HERE.

TrashMail - Free disposable email addresses

Create a new email address on trashmail.net. All mails to this address will be forwarded to your real email address for a number of times you can set up. When the limit is reached, the Trashmail.net email address will be automatically deleted. All following mails (like spam, newsletter, etc) will be rejected at Trashmail.net.

Visit the website HERE.

The Importance of Updating Antivirus Definitions

It is often said that an antivirus (AV) product is only as good as its most recent signature update; however, that's not strictly true. Even if your AV definition set is months out of date, it will still protect you from some of the worst viruses and worms of all time.

Read the article at Symantec HERE.