Monthly Archive for November, 2008
Apple and Mozilla have each issued updates to fix a large number of critical security flaws in their respective Safari and Firefox Web browsers. The Apple update, which brings Safari to version 3.2, is reportedly causing many users to experience frequent browser crashes. According to an article Friday at MacFixIt, some of the problems seem related to several Safari plug-ins, including "Concierge" bookmarks manager, "PithHelmet" ad-blocking software, and "AcidSearch" search enhancement software. Other problems with this update may be related to a new anti-phishing feature built into Safari 3.2 (Firefox and Microsoft's Internet Explorer have had this feature for more than two years now). MacFixIt and other forums suggest those having trouble with the Safari update should disable the phishing filter and see if that helps. If not, check to see if removing any installed add-ons fixes the problem. While the Safari update fixes more flaws in the version built
Yesterday, we published a story about Web hosting firm McColo being knocked offline after being accused by the computer security community of serving as a gateway to organizations engaged in spam activity. In trying to get a sense of the activity attributed to McColo, I put together a flow chart, or mind map, showing McColo's relationship to various sites associated with botnet activity, spam, pharmacy domains, etc. I created the flow chart with the excellent and gratis FreeMind software. I've included a screen shot for those who don't have or want this software installed (click on the image to enlarge it). For those who do have FreeMind installed, check out this file, which allows you to click any arrow in the graphic and view some of the source data for those citations. Others can view the source material at the end of this post. The upper right-hand section of the
The volume of junk e-mail sent worldwide plummeted on Tuesday after a Web hosting firm identified by the computer security community as a major host of organizations engaged in spam activity was taken offline. (Note: A link to the full story on McColo's demise is available here.) Experts say the precipitous drop-off in spam comes from Internet providers unplugging McColo Corp., a hosting provider in Northern California that was the home base for machines responsible for coordinating the sending of roughly 75 percent of all spam each day. In an alert sent out Wednesday morning, e-mail security firm IronPort said: In the afternoon of Tuesday 11/11, IronPort saw a drop of almost 2/3 of overall spam volume, correlating with a drop in IronPort's SenderBase queries. While we investigated what we thought might be a technical problem, a major spam network, McColo Corp., was shutdown, as reported by The Washington Post
A U.S. based Web hosting firm that security experts say was responsible for facilitating more than 75 percent of the junk e-mail blasted out each day globally has been knocked offline following reports from Security Fix on evidence gathered about suspicious activity emanating from the network. For the past four months, Security Fix has been gathering data from the security industry about McColo Corp., a San Jose, Calif., based Web hosting service whose client list experts say includes some of the most disreputable cyber-criminal gangs in business today. On Monday, Security Fix contacted the Internet providers that manage more than 90 percent of the company's connection to the larger Internet, sending them information about badness at McColo as documented by the security industry. On Tuesday afternoon, I heard back from Global Crossing, one of McColo's major Internet providers. Their spokesman declined to discuss the matter, except to say that Global
Express Scripts, the nation's third largest pharmacy benefits management company, is offering a $1 million reward for information leading to the arrest and conviction of the individual(s) responsible for trying to extort money from the company. The St. Louis-based firm said last week that in early October it received a letter that included the names, birth dates, Social Security numbers and in some cases prescription data on employees from 75 of its customers. The authors also threatened to expose millions of consumer records if the company declined to pay up, Express Scripts said. Express Scripts handles roughly 500 million prescriptions a year for about 50 million Americans. Since the company has said it has no intention of paying the ransom, the attackers appear to be trying new tactics. Express Scripts said the extortionists have now moved on to directly contacting companies who use their services, by sending letters to the
Microsoft today released a pair of security updates to plug at least four security holes in its Windows operating systems and other software. The software patches are available through Windows Update or via Automatic Updates. One of the patches earned Microsoft's most dire "critical" rating, while the other carries the less severe "important" label. Microsoft assigns a critical rating to vulnerabilities that hackers can exploit to break into vulnerable systems without any help from the victim. Important updates address flaws that usually require the victim to help the exploit along in some key way. The critical update involves at least three flaws in a key component of Windows called Microsoft XML Core Services. This vulnerability is present in every supported version of Windows, as well as certain versions of Office. The second patch addresses an important flaw in the Microsoft Server Message Block (SMB), a component of Windows used to
Update, 1:20 p.m.: A major correction is in order for this story: A spokesman for Visa just contacted me to say that the new deadlines actually apply to all non-U.S. retailers except those in Europe. The spokesman said Visa Europe is its own association and is subject to a different set of timetables. I will update this story with exactly what the European timetables are when I hear back from Visa Europe. Update, Nov. 15, 1:15 p.m. ET: Visa Europe sent me a lengthy response about their PCI requirement timelines. Stanley Skoglund, Senior Vice President Policy Compliance, said: "Visa Europe has the same philosophy as Visa Inc as regards PCI DSS; everybody in the payment chain must adopt PCI DSS. "However there are regional differences in the compliance validation regimes and these differences reflect the individual nature of the markets and merchant segments involved". I have included their entire statement
One of the nation's largest processors of pharmacy prescriptions said Thursday that extortionists are threatening to disclose personal and medical information on millions of Americans if the company fails to meet payment demands. St. Louis-based Express Scripts said that in early October it received a letter that included the names, birth dates, Social Security numbers and in some cases prescription data on 75 of its customers. The authors threatened to expose millions of consumer records if the company declined to pay up, Express Scripts said in a statement. The company's chief executive George Paz said Express Scripts has no intentions of paying the extortion demand and said his company is working with the FBI to track down the person or persons responsible for the scam. Express Scripts is among the largest pharmacy benefit management firms, companies that process and pay prescription drug claims. It handles roughly 500 million prescriptions a
A single response from 12 million e-mails is all it takes for spammers to turn annual profits of millions of dollars promoting knockoff pharmaceuticals, according to an unprecedented new study on the economics of spam. Over a period of about a month in the Spring of 2008, researchers at the University of California, San Diego and UC Berkeley sought to measure the conversion rate of spam by quietly infiltrating the Storm worm botnet, a vast collection of compromised computers once responsible for sending an estimated 20 percent of all spam. The teams at Berkley and UCSD conducted the experiment by impersonating a key component of the Storm worm network used to hand off instructions from the worm's master control servers to the "worker bots" -- the tens of thousands of infected end-user systems that do all the spamming. This allowed them to redirect a subset of the spam to virtual
Cyber criminals are blasting out massive amounts of spam touting a video of President-elect Barack Obama's victory speech. Recipients who click the included link are taken to a site that prompts visitors to install an Adobe Flash Player update. The bogus update, however, is actually a data-stealing Trojan horse. The messages, with such subject lines as "election results winner," and "the new president's cabinet?", and "fear of a black president," direct recipients to a site featuring a picture of Obama beneath an official U.S. government seal and the domain name america.gov (the real domain names used to host these fraudulent sites appear to differ from message to message). Beside Obama's visage is an embedded video player that reads "loading player." A few seconds after the site loads, the visitor is prompted to download the malware, disguised as "adobe_flash9.exe". Anti-virus firm Sophos says this piece of malicious software represents as much
