Monthly Archive for March, 2009
It's still not clear what, if anything, millions of Microsoft Windows systems infected with the much-hyped Conficker worm will do in the next 12 hours, when the systems are expected to seek out new instructions from the worm's author(s). If anything significant does happen, however, it will disproportionately affect PCs and networks in Asia, Europe and South America, and comparatively few systems in North America, new research suggests. Researchers at IBM's Internet Security Systems say they found a way to decode the encryption that masks the data shared by peer-to-peer communications software planted on all systems infected by Conficker.C. As a result, ISS has been able to begin charting the location of infected systems across the globe. According to ISS, only 6 percent of the known infections are located in North America, let alone the United States. In contrast, nearly 45 percent of infections are in Asia, while Europe accounts
Experts have discovered a security hole in the computer code that powers the Conficker worm, an aggressive contagion that has spread to more than 12 million Microsoft Windows systems worldwide. The security community is treading lightly with this news, because while the discovery could make it easier to isolate infected systems, it could also give criminals a way to quietly hijack millions of systems. Conficker spreads mostly by exploiting a security vulnerability in Microsoft Windows systems, one that the software giant issued a patch to fix last October - just days before the first version of Conficker struck. Experts have known for some time now that Conficker applies its own version of that patch shortly after infecting a host system. This tactic not only prevents other malicious software from infiltrating the host via that vulnerability, but it also makes it difficult to for system administrators to find potentially infected systems
Today marks the fourth anniversary of the launch of Security Fix. A heartfelt "thank you" to all of our faithful readers who make this blog come alive with their thoughtful comments and participation. I tried to explain how important this audience has become to me in an interview I did recently with BeatBlogging.org. It seems silly to try to paraphrase what I said, so here's a quote about you -- the reader -- from that interview. Readers are more inclined to speak their minds, interact with others, and generally contribute to a more well-rounded discussion and story if they get a sense that the author is accountable and responsive. I do try to be responsive. So if there is something I'm missing that you'd like to see more (or less!) of, please don't hesitate to let me know.
Featured Advertiser
 | There's a lot of talk about vulnerabilities in Safari, but what does it mean? | |
| www.community.norton.com >> Read more |
When it comes to criminal hackers, establishing motive is usually a no-brainer: In a majority of cases, computer worms and viruses are little more than tools that bad guys use to make money. But every so often, a prolific and sophisticated worm or virus emerges that isn't so obviously connected to a financial scheme. Almost every time this happens, people start to get nervous and spin wild theories about the threat, until the hype surrounding said threat starts to reach a fever pitch. This is exactly what's happening with the latest version of the worm dubbed "Conficker," a contagion that has infected millions of PCs worldwide. Computers already infected by the worm are supposed to be automatically updated with some unknown software component on April Fools Day. That's more or less the sum of what computer experts know about the rhyme or reason behind this worm, but it hasn't stopped
Hackers who sympathize with radical Islamic groups increasingly are using hijacked accounts at online file-upload and distribution services to disseminate large files, such as videos of attacks on Western forces in the Middle East, new research suggests. Services like RapidShare, Ziddu, and MegaUpload allow users to share large files, yet each places certain restrictions on non-paying users, such as limiting the number, speed, and size of files that free users can upload and download. But according to analysts at iDefense, a security intelligence firm owned by Verisign, hackers from various online jihadists forums have in recent months begun posting lengthy lists of hacked premium RapidShare account usernames and passwords to help fellow members avoid those limits. The same forums have latched onto obscure programs that allow Rapidshare users to effectively circumvent file size limits by splicing up large files into smaller chunks that the programs then reassemble after the constituent
Legendary bank robber Willie Sutton was made famous for allegedly explaining why he robbed banks with the answer: "Because that's where the money is." So why do cyber crooks attack Web browsers? Because that's where the user is. But maybe a more accurate answer is: "Because that's where the vulnerabilities are." At least, that was the answer given by a 25-year-old German computer science student known only as "Nils," who last week proudly showcased three brand new exploits for remotely hijacking the most popular Web browsers, including Firefox, Safari and the last beta release of Microsoft's Internet Explorer 8. Nils was competing in the "Pwn2Own" contest at the CanSecWest security conference in Vancouver. That contest, sponsored by 3Com's TippingPoint, awarded contestants $5,000 per browser bug. The first person to crack any of the browsers was allowed to keep the laptop it was running on (TippingPoint purchases information about unpatched security
Data such as your Social Security number, mother's maiden name and credit card balance are not as difficult for ID thieves to find as most people think. I've recently learned that cyber crooks are providing cheap, instant access to detailed consumer databases, offering identity thieves the ability to find missing data as they compile dossiers on targeted individuals. Security Fix spent the past week testing services offered by two Web sites that sell access to a wealth of information on consumers. Each site offers free registration, but requires users to fund their accounts via Webmoney, a PayPal-like virtual currency that is popular in Russia and Eastern Europe. I enlisted the help of a half-dozen volunteers who agreed to let me try to find their personal and financial data on these sites. For a payment of $3 each, I was able to find full Social Security numbers on four of the
A major distribution network for rogue anti-virus products has been shut down following reports by Security Fix about massive profits that the network's affiliates were making for disseminating the worthless software. On Monday, Security Fix profiled TrafficConverter2.biz, a program that pays affiliates handsome commissions for spreading "scareware" products like Antivirus2009 and Antivirus360. Scareware tries to frighten consumers into purchasing fake security software by pestering them with misleading and incessant warnings about threats resident on their systems. According to a message posted at TrafficConverter2.biz and its sister sites, the program's credit card payment processor pulled the plug on them shortly after our story ran. TrafficConverter2.biz is currently unreachable, but a message posted to the home page earlier this morning reads: On March 18th, in the evening, with no warnings, the German Merchant Processing was cut off. Merchant was at the bank personally (without intermediaries), proved and with the arrangements on the
If you watch television, chances are you've seen the jingles where the young guy sings a campy song about his troubles with identity theft, in a bid to pitch a site called freecreditreport.com. Well, now the Federal Trade Commission is getting in on the act, running a series of hilarious public service announcements to point out that such services often are not free at all, and instead pointing consumers to annualcreditreport.com, a site mandated by Uncle Sam and probably the only place online consumers can truly go to get a free copy of their credit reports from each of the three major credit reporting bureaus. Here's my favorite annualcreditreport.com PSA from the FTC: If you haven't seen any of the freecreditreport.com commercials that the FTC is lampooning, it may make more sense if you take a gander at them over at YouTube. Here's one more from the FTC: Looking for
Security experts are warning that some new "scareware" programs, software that tries to frighten consumers into purchasing bogus security products, also encrypt the victim's digital documents until he or she agrees to pay a $50 ransom demand. Newer versions of scareware family Antivirus2009 warn users in a fake Windows alert that files in the "My Documents" folder are corrupt. The program then directs the victim to download a program called "FileFixerPro" to fix the supposedly corrupt files. In fact, this version of Antivirus2009 encrypts or scrambles contents of documents in that folder, so that only users who pay $50 for a FileFixerPro license can get the decryption key needed to regain access to the files in their My Documents folder. A number of security forums have chronicled the rise of this nasty development in scareware evolution. This thread, over at the "devshed" Web development forum, includes cries for help from
