Monthly Archive for August, 2009
Apple has long maintained that Mac users don't need to worry about viruses and other malicious software. So it's hardly surprising that many media outlets have seized upon revelations that Snow Leopard, the newest version of Apple's OS X operating system, detects and warns users about certain types of malicious software designed to attack Macs. Snow Leopard went on sale Friday and I haven't had a chance to fiddle with it yet (I'm hoping to tackle this over the weekend). By most accounts this anti-malware feature is fairly limited, with the caveat that it could quite easily be expanded to accommodate future security threats to the Mac platform. A blog entry from computer security firm Sophos includes a clever video showing the performance of the Snow Leopard feature alongside the company's own security software built for the Mac. Graham Cluley, a senior technology consultant at Sophos, said Snow Leopard's ability
Phishing attacks have fallen out of favor among cyber crooks who make a living stealing personal and financial information, according to a report released this week by IBM. Instead, attackers increasingly are using malicious Web links and password-stealing Trojan horse programs to filch information from victims, the company found. The analysis from X-Force, IBM's security research and development division, notes that Trojan horse programs are taking the place of phishing attacks aimed at financial targets. The company found that throughout 2008, phishing volume was, on average, 0.5 percent of overall spam volume. In the first half of 2009, however, phishing attacks fell to an average of 0.1 percent of spam volume. The targets of phishing attacks also changed, IBM says: In the first half of 2009, 66 percent of phishing schemes targeted the financial industry, down from 90 percent in 2008. I looked at the number of phishing sites tagged
The British government plans to suspend the Internet accounts of residents suspected of downloading pirated music and films, according to news reports. But the latest figures on the geographic location spam-spewing zombie PCs suggest the U.K. government might do better to start by disconnecting the nation's most notorious uploaders. The Associated Press reports that plans announced Tuesday by the British Treasury Minister include blocking access to download sites, and temporarily suspending users' Internet accounts. The story didn't say how many of Britain's estimated 48.7 million Internet users are suspected of being serial music and movie downloaders. But Security Fix reviewed the 8.8 million Internet addresses around the globe that are on Spamhaus.org's composite block list -- which tracks connections that show strong signs of being spam relays -- and found that roughly 60,000 U.K. systems currently are blasting junk e-mail to the rest of the world on behalf of spammers.
Microsoft expanded its anti-piracy program this week, shipping a new software update that checks whether Office users are running a licensed or pirated version of the productivity suite. Windows users who have Automatic Updates turned on probably have by now noticed at least one new update available from Redmond. The patch represents the next phase of the Office Genuine Advantage (OGA) anti-piracy pilot program Microsoft launched last year. Microsoft says the update is being gradually rolled out to different countries, so the update will not be available to everyone at the same time. The program checks against Office XP, Office 2003, and Office 2007 installations. Even users who have Automatic Updates set to download and install patches for them will need to approve a license agreement before the OGA patch will fully install. That's a good thing, too, because according to Microsoft, this patch cannot be removed once it is
A confidential alert sent on Friday by a banking industry association to its members warns that Eastern European cyber gangs are stealing millions of dollars from small to mid-sizes businesses through online banking fraud. Unfortunately, many victimized companies are reluctant to come forward out of fear of retribution by their bank. According to the alert, sent by the Financial Services Information Sharing and Analysis Center (FS-ISAC), the victims of this type of fraud tell different stories, but the basic elements are the same: Malicious software planted on a company's Microsoft Windows PC allows the crooks to gain access to the victim's corporate bank account online. The attackers wire chunks of money to unwitting and in some cases knowing accomplices in the United States who then wire the money to the fraudsters overseas. As grave as that sounds, the actual losses from this increasingly common type of online crime almost certainly
An industry group representing some of nation's largest banks sent a private alert to its members last week warning about a surge in reported cybercrime targeting small to mid-sized business. The advisory, issued by the Financial Services Information Sharing and Analysis Center, recommends that commercial banking customers take some fairly rigorous steps to secure their online banking accounts. For example, the group recommends that commercial banking customers "carry out all online banking activity from a standalone, hardened, and locked-down computer from which e-mail and Web browsing is not possible." Such a system might be a virgin install of Windows with all the proper updates, using something like Microsoft steady state. Even smarter would be a Mac, or some flavor of Linux, or even a Live CD distribution of Linux (after shutdown, all changes are erased). Why take such extreme precautions? The alert indicates that the sophistication, stealth, and sheer volume
Security researchers increasingly are finding that sites designed to trick the visitor into installing malicious software will serve different malware depending on whether the visitor arrives at the page using a Microsoft Windows PC or a Mac. Trend Micro researcher Ivan Macalintal recently found a new variant of the dreaded DNS changer Trojan that checks to see which operating system the visitor's Web browser appears to be riding on, and then offers the appropriate Windows- or Mac-based installer. The malware was masquerading as a pirated version of Foxit Reader and several anti-virus applications. This follows a similar finding last month by McAfee, which spotted the same tactic being used at sites that try to trick the user into installing a browser plug-in supposedly needed to view online videos: The bogus plug-in was offered as a ".exe" file for Windows visitors, and a ".dmg" installer file for those who browsed the
Those of you who use Twitter know how quickly one can accumulate unknown "followers," people who sign up to receive updates on their Twitter pages whenever you post a Tweet. Unfortunately, it's not uncommon to find that a number of those unknown followers aren't really people at all, but fake profiles designed to draw visitors away from your profile to adult Web sites and other dicey online destinations. A new service called TwitBlock makes this task of separating spam from fan an interesting and fun - if not always accurate - exercise (hat tip to Mashable). TwitBlock uses OAuth, an open authentication protocol that allows users to approve an application to act on their behalf without sharing their password. More information on using OAuth is available here. The criteria by which TwitBlock rates the spamminess of a Twitter follower is explained here. TwitBlock is still in alpha mode, meaning it
A federal grand jury has indicted three individuals for allegedly hacking into credit and debit card payment processing giant Heartland Payment Systems last year, as part of an investigation the Justice Department is calling the largest identity theft case ever prosecuted. According to indictments returned Monday in a New Jersey federal court, the government believes the same individuals were involved in a string of high-profile data breaches between October 2006 and May 2008, including intrusions at Hannaford Brothers Co., and 7-Eleven, Inc. In total, the government alleges the hackers stole data on more than 130 million credit and debit cards from Princeton, NJ-based Heartland. Read the full story, at this link here. A copy of the indictment is available here.
Security Fix took a mini-vacation last week, but that's all it takes to fall behind in important software security updates. Here's a quick pointer to some recent updates that have recently happened. The last time I wrote about Java updates was at Update 13, but as several readers have pointed out, the latest version is now Update 16. Near as I could tell, Updates 14 and 16 did not include security updates. Indeed, Java maker Sun Microsystems says users who have Java SE 6 Update 15 have the latest security fixes and do not need to upgrade to version 16 to be current on security fixes. However, Update 15 shipped fixes for a number of serious security holes, so if you've got an earlier version of this program installed, take a few minutes to update. Don't know whether you have Java or what version you may have? Visit this link.
