Monthly Archive for February, 2009
Microsoft Corp. is warning computer users that attackers are now exploiting a previously unknown security hole in the company's Excel spreadsheet software to break into vulnerable systems. The vulnerability, which appears to be present in all supported versions of Microsoft Excel and Microsoft Office (including Office 2004 and Office 2008 for Mac), could be exploited merely by convincing a user to open a booby-trapped Excel file hosted on a hacked or malicious Web site, or sent as an attachment in an e-mail message. Microsoft reports that it is "aware only of limited and targeted attacks that attempt to use this vulnerability," and that it is working on shipping a fix for the flaw. Symantec researchers report on the company's blog more or less supporting Microsoft's claim that this flaw is not yet widely being exploited. But that should not deter readers from following this tried-and-true advice: If you didn't ask
Identity fraud was the top complaint consumers lodged last year with the Federal Trade Commission, followed by gripes about harassing and abusive debt collectors, the agency reported today. Of the 1,223,370 complaints the FTC received last year, 313,982 - or 26 percent - were related to identity fraud. The biggest chunk of those complaints related to credit card fraud (20 percent), while employment fraud and fraud related to government documents/benefits each accounted for 15 percent of identity fraud complaints. Phone or utilities fraud made up 13 percent, while 15 percent of complaints related to bank and loan fraud complaints. Debt collectors have always generated a large volume of complaints, but this is the first year that the FTC has included the industry as a category in its top complaints listing, FTC spokeswoman Claudia Bourne Farrell said. In November 2008, nationwide debt collection agency Academy Collection Service and its owner agreed
Adobe Systems Inc. has shipped an update for its ubiquitous Flash player that fixes at least five security flaws. A few of the flaws are critical, meaning users could have malicious software installed on their system merely by visiting a Web page that features a booby-trapped Flash movie. Many readers will need to apply two different versions of this patch: One is designed for Internet Explorer, and another updates the Flash player in Firefox, Opera and Safari. This can be accomplished by visiting this update link twice, once with IE, and then again with Firefox or whichever other browser you're using. The patch plugs security holes in Flash player 10.0.12.36 and earlier. Updates are available for Flash versions made for Windows, Mac OS X, and Linux. Not sure which version of Flash you have installed, or want to make sure the fix worked? Visit this link to find out. Adobe
Adobe Systems Inc. has found itself in the midst of a public relations maelstrom of the sort once reserved only for Microsoft Corp., as security experts chastise the company for not moving fast enough to address a critical security hole in its products even as third-party software makers offer makeshift fixes for the flaw. On Feb. 19, experts at Shadowserver.org, a volunteer-led security group, let the world know that bad guys were attacking an unpatched security flaw in Adobe Acrobat and Reader to break into systems when users opened booby-trapped .PDF files. The Shadowserver guys said one way to mitigate this threat was to disable the rendering of Javascript within these programs. Later that day, Adobe released its own advisory, which acknowledged that the flaw existed in all supported versions of its products, and on all operating systems. The company said it planned to ship an update to fix the
A crazy number of readers have written in asking what they should do about unsolicited instant messages coming in from their Gmail accounts. The messages are from a site called ViddyHo urging them to "check out this video." I hope most readers will recognize the link provided in this chat invite for what it is: An invitation to give your Gmail credentials over to criminals. A quick check of the ever-sobering Google Trends feature would telegraph that this is a scam that has ramped up extremely quickly. Ryan Narine, security evangelist for security firm Kasperksy Lab Americas, said crooks may be after Google accounts because those accounts offer several tempting targets all in one place. "These types of phishing attacks are not new but it's interesting that Google is the target of a multi-pronged phishing attack at the same time," Narine said. "Google Accounts, in some cases, are tied to
A relatively unknown data-stealing Trojan horse program that has claimed more than a quarter-million victims in the span of a few months aptly illustrates the sophistication of modern malware and the importance of a multi-layered approach to security. When analysts at Sterling, Va., based security intelligence firm iDefense first spotted the trojan they call "Tigger.A" in November 2008, none of the 37 anti-virus products they tested it against recognized it. A month later, only one - AntiVir - detected it. That virtual invisibility cloak, combined with a host of tricks designed to elude forensic malware examiners, allowed Tigger to quietly infect more than 250,000 Microsoft Windows systems, according to iDefense's read of log files recovered from one of the Web servers Tigger uses to download code. iDefense analyst Michael Ligh found that Tigger appears designed to target mainly customers or employees of stock and options trading firms. Among the unusually
Hackers are exploiting an unpatched security hole in current versions of Adobe Reader and Acrobat to install malicious software when users open a booby-trapped PDF file, security experts warn. Adobe issued an advisory Thursday warning that its Reader and Acrobat software versions 9 and earlier contain a vulnerability that could allow attackers to take complete control over a system if the user were to open a poisoned PDF file. Adobe said it doesn't plan to issue an update to plug the security hole until March 11. Meanwhile, the folks at Shadowserver.org, a volunteer-led security group, said it has seen indications that this vulnerability is being used in targeted attacks. Shadowserver warns that this exploit is likely to be bundled into attack kits that are sold to cyber crooks who specialize in seeding hacked and malicious Web sites with code that tries to install malware. "These types of attacks are frequently
Govtrip.com, which handles travel reservations for at least a dozen U.S. government agencies, last week was infected with a virus that tried to install malicious software when users visited the site, causing some agencies to block employees from accessing it, Security Fix has learned. Sometime on Feb. 11, hackers changed the Govtrip.com Web site to redirect visitors to a site that installed malicious software. A number of agencies, including the departments of Agriculture, Energy, Health & Human Services, Interior, Transportation, and Treasury, use the site exclusively to book travel arrangements. Govtrip.com also is used to reimburse workers via direct deposit, which means that many federal employees' checking account information is stored there as well. On Thursday, Feb. 12, the Federal Aviation Administration began urging employees to avoid visiting the site. Rather, employees seeking to make travel arrangements were given instructions on how to book travel arrangements manually, FAA spokeswoman Laura
 Visual Studio Team System helps teams of every size collaborate better for faster app development. Learn More at microsoft.com/defyallchallenges/team |
Verizon.net is home to more than twice as many spam-spewing zombies as any other major Internet service provider in the United States, according to an analysis of the most recent data from anti-spam outfit Spamhaus.org. Verizon, however, says it plans to put measures in place to prevent it from being used as a home to so many spammers. Security Fix examined the latest stats from Spamhaus's "composite block list," (CBL) which relies on intelligence relayed by large spamtraps and e-mail infrastructures around the world. The list only is comprised of Internet addresses that have been observed to be sending spam, worms and viruses, or participating in other malicious activity. Spamhaus currently includes 225,454 U.S. based Internet addresses on its CBL. Of those, nearly one-quarter -- almost 56,000 -- are assigned to Verizon.net. Comcast, which according to Spamhaus is home to the next-largest concentration of malicious hosts among U.S. ISPs, has
