Monthly Archive for March, 2009
Malware authors are beginning to personalize virus attacks sent through e-mail, blasting out fake news alerts about shocking events that supposedly happened in or around the recipient's home town. This latest innovation comes compliments of the Waledac worm, widely seen as the successor to the Storm worm, a wily virus that used a seemingly bottomless bag of new tricks to fool people into clicking on links that launch the worm into action. On Monday, security firm Trend Micro began warning people to look out for bogus "Reuters breaking news" e-mails warning of explosion or other various calamities that have supposedly broken out in a city near you. The message content pulls data from so-called "geo-location" services that can use the recipient's Internet address to make a semi-accurate guess of their nearest town. For example, a user who lives in Fairfax, Va., might see this subject line in a missive sent
In the cyber underworld, more and more individuals are generating six-figure paychecks each month by tricking unknowing computer users into installing rogue anti-virus and security products, new data suggests. One service that exemplifies a very easy way these bad guys can make this kind of money is TrafficConverter.biz, one of the leading "affiliate programs" that pays people to distribute relatively worthless security software. Affiliates are given a range of links and Javascript snippets they can use to embed the software in hacked and malicious Web sites, or tainted banner advertisements online. Unsuspecting users who view one of these hacked sites or ads see a series misleading warnings saying their computers are infected with malware, and offering a free scan. Those who agree are prompted to download a program that conducts a bogus scan and warns of non-existent threats on the user's system. The software also blocks the user from visiting
Recently, several media outlets have been running a fascinating story about hackers making oodles of money selling iTunes gift cards activation codes at online auctions, supposedly after cracking the secret algorithm Apple uses to generate voucher codes for iTunes gift cards. But a blog post published today by one of the security industry's most prominent researchers suggests that the real hack here is far simpler: The crooks are merely using stolen credit cards to purchase and resell the iTunes gift cards. Joe Stewart, director of malware research at SecureWorks writes: This would be a pretty clever hack if it were true -- however, something just isn't quite right here. Nowhere in these articles does it explain one simple thing - how do they manage to generate activated iTunes gift voucher codes? When you purchase an iTunes gift card, it has to be activated before it will work, otherwise you will
Microsoft Corp. on Tuesday pushed out a set of three updates to fix at least eight security vulnerabilities in its Windows operating systems and other software. The patches are available through Windows Update or via Automatic Updates. Easily the most critical update addresses an image processing flaw present in every supported version of Windows that could be exploited merely by tricking a Windows users into viewing a booby-trapped image on a Web site or sent via e-mail. According to Eric Schultze, chief technology officer for St. Paul, Minn., based Shavlik Technologies, attackers could use this flaw to install and run malicious software on a victim's system even if the user wasn't logged on using the all-powerful administrator account. "With system privileges, the evil code can access, copy, or delete any files on the system, create or delete user accounts, change passwords, or install backdoors," Schultze said. "In other words, nasty
Sprint is warning several thousand customers that a former employee sold or otherwise provided their account data without permission. In letters sent via snail mail to some customers, Sprint urged recipients to contact customers service and change their existing personal identification number and security question. Turns out, a Sprint employee accessed "multiple customer accounts," between Dec. 2008 and Jan. 2009. "It appears this employee may have provided customer information to a third party in violation of Sprint policy and state law. We have terminated this employee. The information that may have been compromised includes your name, address, wireless phone number, Sprint account number, the answer to your security question, and the name of the authorized point of contact on your account." Sprint spokesman Matt Sullivan declined to say how many customers were sent the letters, but said it was less than one percent of its customer base. A woman who
Featured Advertiser
 | Dice.com is the #1 site for tech jobs. Search thousands of positions from top employers, get expert advice and talk with tech pros. Start your job search now. | |
| www.Dice.com |
Adobe Systems today released an update to plug a dangerous security hole that hackers first began exploiting in January. The update, available here, is for Adobe Reader and Acrobat programs on both Windows and Mac systems. Adobe said it expects updates for Adobe Reader 7 and 8, and Acrobat 7 and 8, to be available by March 18. If you've chosen to read PDF documents using the popular alternative to Adobe -- Foxit Reader -- you also need to update. On Monday, Foxit shipped an update that fixes at least three serious vulnerabilities in its Reader products. That update, which brings Foxit Reader to version 3.0, is available from this link.
Computer support forums are lighting up with queries from users wondering what to do about an alert on whether to trust a file called "PIFTS.exe". Meanwhile, someone at Symantec's support forum seems to be deleting posts from users inquiring about this alert almost as soon as they go up on the forum. Swa Frantzen, an incident handler with the SANS Internet Storm Center, writes today that PIFTS.exe appears to be related to a Norton update since it has a has a component in it that leverages the user's Internet connection to contact a Web page at norton.com, which is owned and operated by Symantec. A Security Fix reader sent this e-mail today about his experience with this alert: "Symantec's response has been odd. It has removed all chat threads on the subject, and seems to be deleting questions about PIFTS.exe wherever they may be posted. In short, it is Symantec's
For the past several months, some of the sharpest minds in the security community have teamed up to block cyber criminals from wresting control over what may be one of the largest armies of hacked computers ever built. While those efforts are ongoing and so far appear effective, all of that work could be undone thanks to the lax security of a single Web site. The scourge in question is the Conficker worm, a contagion that has infected tens of millions of Microsoft Windows machines since its birth in November. Experts figured out early on that Conficker was a two-stage threat because it tells infected systems to contact a list of 250 different domain names each day. If just one of those domains is registered by the virus writer, the thinking goes, it could be used to download an as-yet unknown secondary component to all infected systems, such as malicious
Micro-blogging service Twitter.com has fixed a vulnerability that until Wednesday night allowed users to create fake posts on other users' Twitter pages, or sign up fellow users for a deluge of potentially wallet-busting text messages. Twitter is designed to let people blog from their phones, by sending text (aka "short message service" or SMS) messages or "Tweets" that will then appear on the user's Twitter.com home page. Any Twitter users who are "following" or have syndicated that account will then receive updates on their Web sites about what that user is doing. Twitter users can choose to receive updates from other users via their own home page, through their phone, or both. The authentication weakness allowed anyone who knew your mobile number to spoof messages to your Twitter.com home page so that they appeared to have come from you, provided your mobile phone number was set up to post and/or
Featured Advertiser
 Visual Studio Team System helps teams of every size collaborate better for faster app development. Learn More at microsoft.com/defyallchallenges/team |
A report published this week by software vulnerability watcher Secunia promises to stoke the ever-smoldering embers of the debate over which major Web browser is more secure. In trying to draw conclusions from the data, though, I hope readers will look past the sheer numbers of security holes that each browser maker fixed this past year, to the metric that in my opinion matters most: How long did it take each browser maker to address security flaws once those vendors knew about them? Secunia's study (PDF) found that 115 security flaws were reported in 2008 for Mozilla's Firefox browser, almost four times as many flaws as other popular browsers. In contrast, Secunia said, 31 vulnerabilities were reported for versions of Microsoft's Internet Explorer, while Opera and Safari claimed at least 30 and 32 reported security holes in 2008, respectively. But the Secunia study also measured how nimbly Microsoft and Mozilla
