|
|
|
|
|
| Barracuda Flags Virus Sent Via Fake Microsoft Email Update |
(Mon, 13 Oct 2008)
|
Barracuda Networks has detected and begun blocking a malicious "backdoor" virus distributed through a socially engineered email made to look like it was coming from Microsoft.
 | | Barracuda Flags Virus Sent Via Fake Microsoft Email Update |  |
The virus, categorized by Barracuda Central as "Trojan. Backdoor Haxdoor," is delivered as an attachment to an email allegedly from the Microsoft Security Assurance team and utilizes several social engineering techniques, such as using Microsoft KnowledgeBase naming conventions for the file attachment, as well as the inclusion of a PGP signature block at the bottom of the email message.
The email informs the recipient "Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millenium, Microsoft Windows XP, Microsoft Windows Vista."
The bogus email also "strongly" recommends that the recipient install an "update" to protect your computer against security threats and performance problems." Once installed the malware "phones home" and leaves an outbound TCP connection open to await further instructions.
"The leverage of the Microsoft name, the inclusion of an apparent PGP signature block - frequently used by security professionals - and the routine nature in which users are accustomed to applying software updates make for a dangerous and potentially effective combination of social engineering techniques in this particular attack," said Stephen Pao, vice president of product management for Barracuda Networks.
"Unsuspecting users without the proper virus protections in place, could mistakenly install the malware."
 |
|
Category: SecurityProNews Insider Reports |
More...
|
|
| Click Forensics Launches Trademark Abuse Reporting |
(Mon, 13 Oct 2008)
|
Click Forensics has introduced a new feature for its advertisers, which allows them to identify, and track organizations that unlawfully use trademarked names for search marketing campaigns.
 | | Click Forensics Launches Trademark Abuse Reporting | |
The new feature produces updated reports on possible trademark abusers who use well-know brand names to generate Pay Per Click (PPC) traffic. Companies can use the new feature to take action to protect intellectual property and their own search marketing investments
Trademark infringement in PPC is a growing problem on content networks and major search engines such as Google, Yahoo! And MSN. Perpetrators regularly register domains containing well-known brand names and then display ads on them to generate traffic and PPC ad revenue. Internet users often see the results when mistyping a Web site URL and then find themselves on a different Web site with lots of ads and pop-ups.
The Trademark Use report works by flagging registered domains using trademarked names. Similar to a spam filter, Click Forensics for Advertisers generates regular updates on new sites committing click fraud, trademark infringement or those sending bad traffic to clients and members.
"The impact of trademark infringement in search advertising goes beyond consumer annoyance," said Paul Pellman, CEO of Click Forensics.
"It's affecting the advertising budgets of major brands as they're forced to spend more money to get the high-quality search traffic that is rightly theirs. We're helping to change that by giving brands a tool they can use to fight back."
|
|
Category: SecurityProNews Insider Reports |
More...
|
|
| Symantec Buys Message Labs |
(Mon, 13 Oct 2008)
|
Symantec said today it has agreed to buy MessageLabs for about $695 million in cash.
 | | Symantec Buys Message Labs | |
Symantec, the largest maker of computer security and data backup software, said it will pay 310 million pounds sterling and $154 million in US dollars.
The company says its purchase of MessageLabs will give it a stronger position in the rapidly growing Software-as-a-Service (Saas) market and strengthen its lead in the messaging security industry.
MessageLabs is the top provider of online messaging security globally with more than eight million end users at more than 19,000 clients ranging from small business to Fortune 500.
Symantec says it will capitalize on cross-selling and up-selling its existing Saas offerings of backup, storage and online remote access into the MessageLabs customer base.
"MessageLabs extends our investments in the Software-as-a Service segment and will allow us to offer our customers unprecedented choice from a single provider of message security solutions" said John W. Thompson, chairman and chief executive officer, Symantec.
"By combining MessageLabs with our Symantec Protection Network team, we have one of the strongest portfolios of cloud-based infrastructure services and a great foundation on which to grow."
|
|
Category: SecurityProNews Insider Reports |
More...
|
|
| Spam Down As Scammers Save Up For Christmas |
(Mon, 13 Oct 2008)
|
In general, malware and spam declined a bit in September. Don't get your hopes up. With the holiday season approaching, digital ne'er-do-wells will be ramping up production.
 | | Spam Down As Scammers Save Up For Christmas | |
MessageLabs released its Intelligence Report for September and Q3 2008. The amount of spam battering inboxes was actually down eight percent last month. MessageLabs credits the decline to scammer-haven ISP Intercage's boot from the Internet. Close to 80 percent of Intercage's clientele was thought to be malicious attackers.
Addresses on Intercage's network range were being used to host command and control channels for botnets," said Mark Sunner, Chief Security Analyst, MessageLabs. "In disrupting these botnets, the level of spam activity toward the end of September was severely impaired. But we don't expect this dip to last long. This time of year is notorious for increased levels of spam activity as spammers ramp up for the holiday season."
MessageLabs doesn't want you to get too excited though. Spammers will no doubt regroup in time to hammer out their holiday campaigns. Besides, if spam and malware went away completely, what would become of all these security companies?
Here are some other fun statistics:
45.9 percent of all intercepted web-based malware was a new kind.
On average, 3,660 malicious websites are created daily, an increase of almost 22.8 percent between August and September.
70 percent of spam in September was from new or previously unknown sources, which was actually an eight percent decline from August. Spam overall was down 1.1 percent in Q3, compared to the same period in 2007.
Email-borne viruses from new sources also declined by 0.4 percent, while links to malicious sites declined by over 11 percent.
Technically, phishing was up slightly in September-by 0.16 percent-but when judged in proportion to other threats like viruses and Trojans, phishing attacks were down by as much as 45.7 percent, reaching the lowest levels since Q2 2006.
Hong Kong, with almost 80 percent of email there being spam, is the most spammed country in the world.
Manufacturing is the most spammed industry sector with 79.7 percent of email being spam, and Real Estate showed the sharpest increase, rising by over four percent to 71.7 percent.
Matching other declines, Automotive spamming decreased the most, dropping by almost 15 percent to 68.9 percent.
|
|
Category: SecurityProNews Insider Reports |
More...
|
|
| Careful, YouTube Can Be a Puper |
(Mon, 13 Oct 2008)
|
A Trojan horse Puper isn't what it sounds like-if you're like me, you thought Of course that's how they got out! When security researchers start using phrases like "porn-spewing malware," they don't make it sound much better.
 | | Careful, YouTube Can Be A Puper | |
McAfee's Rahul Mohandas warns of popular sites like YouTube being used to spread malware to unsuspecting (trusting) users of these sites. User-generated content provides the perfect vector for spreading computer viruses and other nasty wares.
Mohandas specifically warns of attackers setting up fake profiles-especially in the guise of sexy young women-to encourage visitors to click on links to malicious sites. On YouTube, for example, Mohandas points to "jessica's" profile, which promises a "hot teen video" if the visitor clicks on the link.
The website the link leads to prompts visitors to download a codec in order to view the video, but instead installs the Puper Trojan.
So it seems once again the advice in real life serves us well in the online world: If she carries her own Trojans, she's trouble.
|
|
Category: SecurityProNews Insider Reports |
More...
|
|
| Security Expert Warns Of Rigged Election |
(Mon, 13 Oct 2008)
|
Security vulnerabilities in electronic voting machines threaten to skew results in the upcoming national election, says a Republican security expert. Stephen Spoonamore has come forward as a whistleblower willing to testify in an Ohio court case stemming from the 2004 Presidential elections.
 | | Security Expert Warns Of Rigged Election | |
Spoonamore, former CEO of Cybrinth, specialist in data management and remote electronic monitoring, and card-carrying member of the GOP, explains in a series of YouTube videos how Diebold e-voting machines can be hacked and manipulated to change vote tallies. The videos were posted by Velvet Revolution, an activist group with the aim of exposing voter fraud and returning to paper ballets.
The voting machines, according to Spoonamore, communicate with central government systems in the same way mobile phones connect with each other. The machine sends a signal to a tower, is filtered through third-party, corporate-owned computers identifying both sender and receiver, and then the votes-which are anonymous and without any type of paper trail-are then forwarded to the government receiver.
The inherent problem is that third party wireless intercept of information. Spoonamore says without a doubt tabulations can be intercepted and changed before they are sent on to officials. More specifically, as was the case in Ohio in 2004, tabulations were funneled through servers in Chattanooga, TN, owned by SmarTech. Coincidentally, the Bush Administration has used these servers for sending and receiving email to avoid public scrutiny.
Spoonamore, who has helped develop security solutions for MasterCard, American Express, Bloomberg, Boeing, NBC, News Corp., the Dept. of Energy, the US Navy, and the Dept. of State, is on record, in a sworn affidavit, explaining how easily these voting machines can be hacked and manipulated.
In that affidavit, dated September 18, 2008, he mentions the involvement of Mike Connell, president of GovTech Solutions and New Media Communications, and a web designer and IT consultant for high-level Republicans. Connell was served with a subpoena on Sept. 22, compelling his testimony about vote-tampering in Ohio in 2004.
That case involves controversial strategist and Bush campaign advisor Karl Rove, who has also been subpoenaed. Why four years later? An Ohio judge finally lifted a stay that was on the case in an effort to avoid litigants' attempts to delay it until after the 2008 elections this November. Spoonamore's testimony was heralded as a catalyst for this event.
Spoonamore can't say Connell was directly involved with vote-tampering, but swears Connell knows who was. Until the subpoena, Connell has refused to testify. Most disturbing about Spoonamore's claims is that there is already a plan in play to swing the Presidential race to John McCain, who he claims will win by 3 electoral votes and 51% of the popular vote. If these claims were made someone less credible, it would be fodder for conspiracy theory.
Why haven't you heard about this all over the news? Good question and not one easily answered. In 2006, former ABC producer and investigative journalist Rebecca Abrahams resorted to a blog post to detail apparent voter fraud in 2004, because ABC lawyers killed the story in fear of lawsuits from Diebold.
Abrahams also posts an interview with a person she calls "Diebthroat," a temporary contractor who worked for Diebold. Diebthroat explains how shortly before a Georgia election in 2002, the president of Diebold instructed him to install a patch in voting machines in specific Georgia counties. Diebthroat said the patches were said to be for fixing the clocks, but the clocks on all machines continued to be broken after the installs. Diebthroat was surprised at the level of access Diebold employees had to the voting machines, before and during Election Day, and at the outcome of the election as traditionally Democrat counties went strongly for Republican candidates.
Diebthroat's story is remarkably similar to former Diebold contractor Chris Hood's, who claims Diebold president Bob Urosevitch himself performed maintenance on the machines. Hood also talks about, in this video posted by Velvet Revolution, being tasked to install broken clock patches on machines shortly before the elections. VR says the video was supposed to air on a major news network two weeks before the 2006 elections, but was pulled.
Sure enough, you won't find another major news outlet anywhere near this story. Searches for his name on Google News, Yahoo News, Ask, and MSN brought back only a handful of Internet sites few have ever heard of.
Spoonamore, whose says his love of American democracy outweighs his loyalty to the Republican party, complains Diebold's machines are not just vulnerable to Diebold employees, but also to foreign agents. Both Hood and Spoonamore say the flaws that existed in the machines before still exist. Hood goes so far as to say they were purposefully left in play.
Hat tip to Raw Story for document links
|
|
Category: SecurityProNews Insider Reports |
More...
|
|
| P2P Sites Spreading Obama/McCain Malware |
(Mon, 13 Oct 2008)
|
Beware of downloading campaign videos via peer-to-peer networks like LimeWire and FrostWire. A large percentage of them may be carrying something worse than mudslinging.
 | | P2P Sites Spreading Obama/McCain Malware | |
Security company Webroot is warning those keen on following this grotesque circus of an election that hackers are exploiting trusting users of Gnutella-based file sharing networks. What appear to be campaign John McCain and Barack Obama campaign videos were found to be often seeded with malware.
In one test, of 34 search results for "Obama Speech" on FrostWire, 14 of the results produced contained active malware. Of the 19 search results for "McCain Speech," five were found out.
Two lessons there: Obama speeches are more popular, and more hip to target.
"Peer-to-peer networks pose some of the greatest security risks on Internet," said Paul Piccard, director, Threat Research, Webroot. "Because P2P networks lack the security measures found in enterprise networks or trusted Web sites, users of these networks may put themselves or their companies at increased risk by downloading malicious content or leaking confidential data."
The most common malware variant found in the campaign videos was W32/Zipwire, acquired via a zip file titled with variations like "Democratic Convention 2008 -- Barack Obama Acceptance Speech.zip." Within, as one might expect is an executable file that, when run, infects the host machine with rogue antivirus applications. These phony antivirus apps detect fake security issues in order to entice users to buy fake solutions.
Webroot also found password stealers and backdoors downloadable via these campaign files.
|
|
Category: SecurityProNews Insider Reports |
More...
|
|
| EvilFingers Srike Again At Googles Chrome |
(Mon, 13 Oct 2008)
|
Security researchers at EvilFingers.com, who identified the first security vulnerabilities in Google's beta web browser, Chrome, have delivered a proof of concept demonstrating malicious agents could exploit a memory exhaustion denial-of-service attack.
 | | EvilFingers Srike Again At Google's Chrome | |
At the EvilFingers website, the researchers described it this way:
The Google chrome browser is vulnerable to memory exhaustion based denial of service which can be triggered remotely.The vulnerability triggers when Carriage Return(\r\n\r\n) is passed as an argument to window.open() function. It makes the Google Chrome to generate number of windows at the same time thereby leading to memory exhaustion. The behavior can be easily checked by looking at the task manager as with no time the memory usage rises high. The problem lies in the handling of object and its value returned by the javascript function. Once it is triggered the pop ups are started generating. The Google Chrome browser generate object windows continuously there by affecting memory of the resultant system. Probably it can be crashed wihin no time. User interaction is required in this. In English, once exploited the flaw allows an attacker to popup enough browser windows to stall the browser, increasing memory usage to maximum almost immediately. An experienced user, though, should have time to save tabs and close out before the memory suck is complete-but not much time.
Google patched the early flaw within 24 hours and sent out a patched version within a few days. According to ZDNet, is expected to patch this one just as quickly.
If you're keeping score at home, that's two flaws in Google Chrome found within a month. The beta status of the browser is reassuring, indicating Chrome is a work in progress. Then again, Gmail was in beta for years. Data is showing though, after much hype at the debut, many of those testing Chrome have retuned to their previous browsers.
|
|
Category: SecurityProNews Insider Reports |
More...
|
|
| Brad Pitt Most Dangerous Man On Internet |
(Mon, 13 Oct 2008)
|
Brad Pitt may be pretty, but he's also the guy most likely to give you something
on your computer. He and Justin Timberlake are considered the most dangerous men on the Internet, according to a recent McAfee report.
 | | Brad Pitt Most Dangerous Man On Internet | |
Searching for "Brad Pitt," "Brad Pitt downloads," and Brad Pitt wallpaper, screen savers and pictures carries an 18 percent chance of contracting malware. Screen savers in particular are dangerous, with over half of the Websites returned in searches pegged by McAfee as having malicious downloads with spyware, adware, and viruses.
In recent years, Paris Hilton had been potentially the most infectious celeb, but was overtaken by Pitt this year as her popularity wanes. Britney Spears has also fallen off the list, replaced by ex-boyfriend Justin Timberlake. The most dangerous women celebs this year are Beyonce, Heidi Montag, and Mariah Carey.
"Cybercriminals employ numerous methods, yet one of the simplest but most effective ways is to trick consumers into infecting themselves by capitalizing on Americans' interest in celebrity gossip," said Jeff Green, Senior Vice President of McAfee's Product Development & Avert Labs.
"Tapping into current events, pop culture or commonly browsed sites is an easy way to achieve this. And because of Americans' obsession with following celebrities' lifestyles, they are an obvious target. We have to take precautions in casually navigating the Web since many subtle sites may be rife with malware for consumers' computers."
McAfee of course recommends its own SiteAdvisor site for testing URLs before visiting.
The list of most dangerous celebrities and most dangerous searches is as follows:
1. Brad Pitt - screensavers
2. Beyonce - especially ring tones
3. Justin Timberlake - downloads
4. Heidi Montag - wallpaper
5. Mariah Carey - screensavers
6. Jessica Alba - downloads
7. Lindsay Lohan - downloads
8. Cameron Diaz - images
9. George Clooney, Rihanna - George Clooney wallpaper, Rihanna pictures
11. Angelina Jolie - downloads, risky links
12. Fergie - screensavers
13. David Beckham, Katie Holmes - wallpaper and screensavers, screensavers
15. Katherine Heigl - pictures.
|
|
Category: SecurityProNews Insider Reports |
More...
|
|
| Study Shows People Too Hasty With Popup Warnings |
(Mon, 13 Oct 2008)
|
Student behavior in a study on popup warnings at North Carolina State University bodes ill for the rest of the population: most were so eager to remove popup obstacles to their tasks, they didn't care how they got rid of it. If in the wild, such impulsive behavior could have earned them some malware.
 | | Study Shows People Too Hasty With Popup Warnings | |
While trying to complete search tasks set for them by researchers, the students were interrupted with various popup warnings. Some were facsimiles of local Windows operating system warnings, and others were decoys served from an exterior source with very subtle differences from the Windows warnings.
Ideally, a person would carefully examine the warnings, decide their origins, and then close the window if from external source rather than hitting the OK button. But 63 percent of the time the students clicked on the OK button, not taking the time to notice how the cursor arrow changed to a hand, usually a clear sign the popup was Internet-based.
The students viewed any popups as a distraction from their tasks and moved too quickly to eradicate them, showing that the general population has been conditioned to react this way toward popup warnings. If so, the public is opening itself up to viruses and spyware.
"This study demonstrates how easy it is to fool people on the Web," says study co-author Dr. Michael S. Wogalter, professor of psychology at NC State.
Wogalter hinted that companies and other credible sources could incorporate unique features into their legitimate messages before dismissing it as easy to impersonate. Instead, he suggests computer learn to slow down and examine everything popping up on their screen carefully before clicking.
"Be suspicious when things pop up," he said. "Don't click OK - close the box instead."
|
|
Category: SecurityProNews Insider Reports |
More...
|
|
|
|
|
|
|