Monthly Archive for January, 2009
A glitch in a computer security program embedded deeply into Google's search engine briefly prevented users of the popular search engine from visiting any Web sites turned up in search results this morning. Instead, Google users were redirected to page that warned: "This site may harm your computer." Calls and e-mails sent to Google were not returned as of publication. I will update this blog if and when I hear back from them about the cause and length of this incident. The problem, which appears to have been corrected by the time of publication, was related to Google's "Stop Badware" program, which is designed to keep Internet users from visiting sites that Google's bots have found try to install malicious software when users browse the sites. I first learned of the blockage just before 10 a.m. ET, when my wife complained that Google was telling her that OfficeDepot.com was trying
A Ukrainian Web hosting provider that, according to published reports, has long served as home base to a prolific and invasive family of malicious software has been taken offline following abuse reports from Security Fix to the company's Internet provider. Since at least 2005, and perhaps earlier, an entity known as UkrTeleGroup Ltd. has hosted hundreds of Web servers that control a vast network of computers infected with some variant of "DNSChanger," according to security software vendor McAfee, which monitors worldwide malware. DNSChanger is a Trojan horse program that changes the host system's settings so that all of the Internet traffic flowing to and from the infected computer is sent through servers controlled by the attackers. In a report issued last month, McAfee said it found more than 400 DNS servers on UkrTeleGroup's network that appeared to be set up to to re-direct Web traffic for systems infected with DNSChanger.
I'm writing this to set the record straight on some statements made earlier this month by Jeff Jones, a security strategy director at Microsoft. In analysis published on his Technet Security Blog and at cio.com, Jeff picked apart research I conducted in 2007, which found that Microsoft's Internet Explorer browser was unsafe for 284 days in 2006. According to Jones's analysis, Firefox users were instead more "at risk" than their IE counterparts in 2006 -- albeit just by a single day -- 285 days in 2006, he concludes. What Jones neglected to mention was that in my analysis I only examined the longevity of unpatched browser vulnerabilities that by each company's definition earned the most dangerous security ratings. In the case of Internet Explorer, for example, I counted only flaws that Microsoft said were "critical," for one or more versions of the browser or closely-tied component of the Windows operating
It's been a while since we published our last Security Fix Pop Quiz, a periodic exercise to see whether you've updated your computer with the proper security updates. Usually when we do these quizzes I focus on the latest updates for third-party software programs, patches designed to guard against attackers who try to install malicious software using known security holes in these widely-used applications. This time around, however, I want to give readers more perspective about why applying these updates are so critical, by looking through the lens of the criminal masterminds behind "Grum," one of this year's largest spam botnets, or groupings of hacked Microsoft Windows PCs typically used to relay junk e-mail. But what exactly is it that makes this malware family so successful? Put simply, it observes the old adage, "If at first you don't succeed, try, try again." Indeed, Grum is incredibly tenacious: the Web sites
Job search giant Monster.com quietly disclosed this week that its user database was illegally accessed, resulting in the theft of an unspecified number of Monster user IDs and passwords, names, phone numbers and e-mail addresses. The company said it opted not to notify users by e-mail out of concern that those messages would be "used as a template for phishing e-mails targeting our job seekers and customers." "We believe placing a security notice on our site is the safest and most effective way to reach the broadest audience," the company said in a statement posted on its homepage. "As an additional precaution, we will be making mandatory password changes on our site." In 2007, a Trojan horse program that anti-virus giant Symantec Corp. named Infostealer.Monstres began using hijacked Monster.com employer accounts to hoover up data on Monster.com users, ultimately gathering information on roughly 1.6 million users. Not long after that,
Some of the most prolific and recognizable malware disbursed by Russian and East European cyber crime groups purposefully avoids infecting computers if the program detects the potential victim is a native resident. But evidence from the Conficker worm -- which by some estimates is infecting more than one million new PCs each day -- shows that trend may be shifting. According to an analysis by Microsoft engineers, the original version of the Downadup (a.k.a. "Conficker") worm will quit the installation process if the malware detects the host system is configured with a Ukrainian keyboard layout. However, the latest variant has no such restriction. Stats collected by Finnish computer security firm F-Secure show that Russia and Ukraine had the second and fifth-largest number of victims from the worm, 139,934 and 63,939, respectively, as of Tuesday, Jan. 20. In the past, attackers from the infamous rogue anti-spyware families -- such as Antivirus
A company that makes security software for Mac computers is warning that copies of Apple's iWork productivity software that are available for download from peer-to-peer (P2P) file-sharing networks may be infected with a Trojan horse program. The malicious software appears to be designed to enlist infected systems in a bot army that is targeting Web sites with so much junk traffic they can no longer accommodate legitimate visitors. In an alert issued today, Intego said some pirated versions of the $79 iWork software suite circulating on BitTorrent trackers are infected with what it calls OSX.Trojan.iServices.A. Intego said the Trojan is bundled so that it runs when the user installs the pirated iWork software. iServices.A then opens up a "backdoor" on the victim's computer, effectively alerting the virus writer that a new system is infected and potentially allowing the attacker to upload new software to or perform other actions on the
President Barack Obama's administration has sketched out a broad new strategy to protect the nation's most vital information networks from cyber attack and to boost investment and research on cyber security. The key points of the plan closely mirror recommendations offered late last year by a bipartisan commission of computer security experts, which urged then president-elect Obama to set up a high-level post to tackle cyber security, consider new regulations to combat cyber crime and shore up the security of the nation's most sensitive computer networks. The strategy, as outlined in a broader policy document on homeland security priorities posted on the Whitehouse.gov Web site Wednesday, states the following goals: * Strengthen Federal Leadership on Cyber Security: Declare the cyber infrastructure a strategic asset and establish the position of national cyber advisor who will report directly to the president and will be responsible for coordinating federal agency efforts and development
Apple today released a security update for its QuickTime media player. The new version, QuickTime 7.6, is available for both Mac and Windows systems. This release fixes at least seven security vulnerabilities. All seven are serious enough that Apple says they could be used to run software of the attacker's choice on a vulnerable system simply by convincing the user to view a specially-crafted movie or streaming media file. It's important for QuickTime users (particularly Windows users) not to let too much grass grow under their feet before applying this update. Because it is so widely installed (and probably so infrequently updated), QuickTime has drawn the attention of hackers who write and sell automated exploit toolkits. These are software kits that attackers typically stitch into the fabric of hacked Web sites. When a user visits such a site, the toolkit checks to see which if the browser plug-ins may still
