Monthly Archive for December, 2008
On Wednesday, Security Fix warned readers about a newly-discovered security hole in Internet Explorer 7. I'm posting this again because Microsoft now says the flaw affects all supported versions of IE, and because security experts are warning that a large number of sites are being compromised in an effort to exploit this vulnerability and install malware on vulnerable systems. The SANS Internet Storm Center reports that hackers are breaking into legitimate Web sites and uploading code that could install data-stealing software on the machine of a user who visits the site using Internet Explorer. SANS's chief technology officer Johannes Ullrich estimates that thousands of sites have been seeded with this exploit to date. For example, Web security firm Websense reports that hackers have compromised the Chinese Web site for ABIT, the maker of motherboards that power many home computers. So far, the exploits appear to be only stealing online gaming
The cover story for the January 2009 issue of Popular Mechanics magazine is a piece I wrote about ways marketers, or even stalkers, can track people through technologies many of us use every day. Here's a snippet from that piece: "Free Web services aren't free," says Gregory Conti, a computer science professor at the United States Military Academy at West Point. "We pay for them with micropayments of personal information. Users aren't entirely oblivious to the fact that information is being collected, and they're doing a cost-benefit analysis, but they're not thinking long-term." Even those who take the time to read a Web site's privacy policy may not realize how many companies have access to their data. That's because most Web sites pull advertisements, snippets of code and other content from a number of third-party sources, any one of which may track the visitor and use the data in a
One month after the shutdown of hosting provider McColo Corp., spam volumes are nearly back to the levels seen prior to the company's take down by its upstream Internet providers. But according to one noted fraud expert, spam wasn't the only thing that may have been routed through the Silicon Valley based host: New evidence found that retail fraud dropped significantly on the same day. It is unclear whether the decrease in retail fraud is related to the McColo situation, but in speaking with Ori Eisen, founder of 41st Parameter, he said close to a quarter of a million dollars worth of fraudulent charges that his customers battle every day came to a halt. Eisen, whose company provides anti-fraud consulting to a number of big retailers and banks, told me at least two of the largest retailers his company serves reported massive declines in fraud rates directly following McColo's termination.
A federal court has frozen the assets of several businesses accused of conspiring to trick more than one million consumers into purchasing and installing "scareware," which uses fake security alerts to frighten consumers into paying for bogus computer security software. According to the complaint by the Federal Trade Commission, two companies -- Innovative Marketing, Inc. and ByteHosting Internet Services, LLC -- embedded extra computer code in online ads, which they placed on Web sites on behalf of legitimate companies. The code would then redirect viewers to other sites that warned of security and privacy threats on the visitor's computer. "These sites would then claim to scan the consumers' computers for security and privacy issues," the FTC said. "The 'scans' would find a host of purported problems with the consumers' computers and urge them to buy the defendants' computer security products for $39.95 or more. However, the scans were entirely false."
Microsoft said it is investigating reports that a new exploit is going around that takes advantage of an unpatched security hole in Internet Explorer 7. The SANS Internet Storm Center, which tracks hacking trends, said today that while the exploit does not appear to be widely in use at the moment, that situation is likely to change soon, since instructions showing criminals how to take advantage of this flaw have been posted online. SANS emphasizes that this vulnerability is not one that was fixed in the massive bundle of patches that Microsoft issued yesterday. It is not clear what steps users can take to protect themselves against this threat, other than to browse the Web with something other than IE, such as Mozilla Firefox or Opera. This appears to be the type of vulnerability that could be used to give attackers complete control over an affected system merely by convincing
Microsoft has an early holiday present for Windows users: A batch of eight software updates that plug at least 28 security holes in the widely-used operating system and other Microsoft products. Six out of eight of the update bundles earned a "critical" rating, meaning Microsoft views these flaws as so serious that attackers could use them to break into vulnerable machines without any help from victims, save perhaps for convincing those users to visit a malicious or hacked Web site. A critical update for Internet Explorer fixes at least four flaws in the popular browser (both IE6 and IE7). Another patch bundle addresses five vulnerabilities that can be exploited through ActiveX controls, a feature specific mainly to IE. Microsoft also issued patches to fix a pair of flaws in the way Windows handles "Windows Metafile" or WMF image files, vulnerabilities that once again could be exploited when an unpatched Windows
Law enforcement agencies worldwide are losing the battle against cyber crime at a time when criminals are increasingly using the global economic downturn to make headway in recruiting more computers and computer users to further illegal online activities, a scathing new report from security vendor McAfee concludes. McAfee's annual "Virtual Criminology Report" (PDF) notes that the number of compromised PCs used for blasting out spam and facilitating a host of online scams has quadrupled in the last quarter of 2008 alone, creating armies of spam "zombies" capable of flooding the Internet with more than 100 billion spam messages daily. In an increasing number of cases, those missives are playing on public fears over the battered economy, pitching recipients on too-good-to-be-true job offers aimed to enlist them in cybercrime operations, McAfee said. "Cybercriminals are cashing in on the fact that the economic downturn is causing people worldwide to increasingly turn to
Security experts are warning Internet users to be aware of a disturbing evolution in malicious software that can turn a single infected computer into a vehicle for stealing data from nearby systems, regardless of what operating system or security software those computers may be running. The evolution comes compliments of the DNSChanger family of malware, which usually comes disguised as a codec or browser plug-in that a user is told he or she needs to install in order to view Web-based videos. As its name suggests, the malware alters the domain name system (DNS) server settings on infected systems, effectively routing the victim's Web searches and other online activities through servers that the attackers control. DNSChanger can install on a Mac or Windows computer. The added feature in the latest version of DNSChanger is that it installs its own DHCP server on the victim's machine. DHCP stands for "dynamic host
The hijacking of the nation's largest e-bill payment system this week offers a glimpse of an attack that experts say is likely to become more common in 2009. Atlanta based CheckFree acknowledged Wednesday that hackers had, for several hours, redirected visitors to its customer login page to a Web site in Ukraine that tried to install password-stealing software. While this attack garnered few headlines, there are clues that suggest it may have affected a large number of people. CheckFree claims that more than 24 million people use its services. Avivah Litan, a fraud analyst with Gartner Inc., said CheckFree controls between 70 to 80 percent of the U.S. online bill pay market. Among the 330 kinds of bills consumers can pay through CheckFree are military credit accounts, utility bills, insurance payments, mortgage and loan payments. A spokeswoman for Network Solutions, the Herndon, Va., domain registrar that CheckFree used to register
Hackers on Tuesday hijacked the Web site CheckFree.com, one of the largest online bill payment companies, redirecting an unknown number of visitors to a Web address that tried to install malicious software on visitors' computers, the company said today. The attack, first reported by The Register, a security news Web site, began in the early morning hours of Dec. 2, when Checkfree's home page and the customer login page were redirected to a server in the Ukraine. CheckFree spokeswoman Melanie Tolley said users who visited the sites during the attack would have been redirected to a blank page that tried to install malware. Tolley added that CheckFree regained control over its site by 5 a.m. on Dec. 2. The company said it was still having the malware analyzed by experts. "The degree of exposure to users is dependent on how current their anti-virus software is and what browser they used
