|
| |
| |
| |
Unpatched
PCs infected within 20 minutes
 An unpatched PC can expect to become infected by a
worm within 20 minutes of being connected
to an unprotected network, Government Computer News reports.
According to the SANS Institute, the
average survival time for an unprotected
networked computer dropped from 40 minutes
to 20 minutes over the last year.
“The actual time it will take for a
specific computer to be compromised
will vary widely depending on any filters
applied by the Internet Service Provider
and the configuration of the operating
system,” the institute said.
To help users protect themselves from
online attacks, SANS has published a
free survival guide called “Windows
XP: Surviving the first day.”
Click here to read the full story.
Click here to get the survival guide.
|
|
MyDoom
strikes again
 MyDoom.S, a new variant of the MyDoom worm discovered
on Tuesday, downloads malware from an
MP3-downloading site and a personal
Web site. Security experts claim that
hackers have compromised these sites
by exploiting scripting vulnerabilities
in their guestbooks, ZDNet UK reports.
Security company F-secure is trying
to close down the hacked sites but has
not yet managed to contact the US-based
site administrators or ISPs hosting
the threat. F-Secure warned that until
the sites are brought down and the security
holes closed, MyDoom.S will continue
to cause problems.
F-secure recommends that users protect
themselves by setting their firewalls
to block the URLs of the compromised
Web sites, www.richcolour.com and www.zenandjuice.com.
Click here to read the full story.
Click here to read our information on the MyDoom.S worm.
|
|
UK
police issue 'vicious' Trojan alert
 In a highly unusual move that underlines the seriousness
of the risk, Britain's top cybercrime
fighters have joined up with the banking
industry in warning of the latest attempt
to defraud online banking customers,
The Register reports.
The attacks, in the form of 'Trojan
horse' emails, contain details of a
fictitious order for Web hosting or
computer goods and thank the email recipient
for a non-existent order. In addition,
they also display the apparent cost
that will be charged to their credit
card. The email also contains a link
to one of a number of maliciously constructed
website in order to "view the order
in more detail".
These maliciously constructed sites
harbour a Trojan downloader routine
capable of dropping a keystroke logging
program onto vulnerable PCs. If a machine
becomes infected, the next time a customer
uses their PC to access their own online
banking site, the Trojan can potentially
record their secret passwords and PINs
used to log-on.
Click here to read the full story.
|
|
Three-quarters
choose easy to guess passwords
 Despite increased awareness about the need for secure
passwords, Internet users are still
leaving themselves vulnerable to hackers
by choosing easy to guess subjects such
as their cat or partner's name, silicon.com reports.
Over three-quarters choose passwords
relating to friends, family and memorable
dates, according to research into 1,000
internet users by Visa Europe.
The favourites are nicknames (21 per
cent), birthdays and anniversaries (15
per cent), pet names (15 per cent),
family members' names (14 per cent)
and memorable dates such as the Battle
of Hastings and England's World Cup
victory (seven per cent). Thankfully
very few people (two per cent) use 'password'
as their password.
To make matters worse a third of respondents
said they use the same password for
all their log-ins.
Click here to read the full story.
|
|
Phishing
on a viral scale
 The prevalence of some phishing attacks are beginning
to rival even high-level viral outbreaks,
The Register reports.
For example, email filtering firm MessageLabs
recently identified a new phishing attack
directed at a well-known US bank and
its customers. Within the first five
hours of its appearance, MessageLabs
had already intercepted over 125,000
phishing emails containing URLs to a
replica of the bank's website.
During the recent high profile MyDoom.O
outbreak MessageLabs intercepted approximately
23,000 copies within the first five
hours.
Paul Wood, chief information security
analyst at MessageLabs, said: "Phishing
has literally burst on to the scene,
a year ago it was practically unheard
of, now we're intercepting around 250,000
phishing-related emails or more every
month."
Click here to read the full story.
|
|
New
Trojan targets mobile phones
 Mobile phone users should beware of being bitten by
Mosquito, a Trojan masquerading as a
game but designed to send out premium-rate
SMS messages without the user's consent,
vnunet.com
reports.
One of the first examples of malicious
software aimed at mobile phone users,
the Trojan has been hidden in a pirated
game that describes itself as Mosquito
v2.0.
But while the mosquito-shooting game
is being played, the Trojan makes the
handset send out text messages at premium
rates.
The Trojan can affect phones running
the widely used Series 60 Symbian operating
system and users of Nokia's forums have
already complained at losing money because
of the virus.
Click here to read the full story.
|
|
New
Bagle variant masquerades as price quotes
 A prolific new variant of the mass-mailing Bagle worm
began flooding e-mail accounts Monday
with bogus price quotes, CNET reports.
Like previous versions of Bagle, the
new Bagle.AQ worm spreads by sending
out messages with an infected attachment
compressed under the common Zip format.
Both the name of the attachment and
the body of the message are a variant
on "price" or "new price."
Bagle.AQ started spreading Monday morning
and quickly began bombarding some corporate
e-mail systems with thousands of infected
messages.
Click here to read the full story.
|
|
First
handheld Trojan emerges
 A malicious Trojan horse program has emerged for Pocket
PCs, but antivirus companies characterised
the threat as relatively low, ZDNet UK reports.
Backdoor.WinCE.Brador.A lets an attacker
gain full control of the handheld and
is the first such backdoor Trojan program
to emerge for Pocket PCs. However, such
backdoor programs are not capable of
propagating on their own and instead
must be sent as email attachments or
through similar means, making them less
dangerous.
Although there have not been many attacks
aimed at handhelds and cellphones, antivirus
companies and hardware makers have for
some time been developing security and
antivirus products for such gadgets.
"We can be sure that the computer underground
will snatch at the chance to attack
PDAs and mobile phones in the nearest
future," said Eugene Kaspersky, head
of Anti-Virus Research at Kaspersky
Labs.
Click here to read the full story.
Click here to read our information on the Backdoor.WinCE.Brador.A
Trojan.
|
|
Phishing
attacks up 19 percent in June
 There were almost 1,500 unique phishing attacks in
June, a monthly increase of 19 percent,
according to a report published by the
Anti-Phishing Working Group (APWG) on
Wednesday, ZDNet UK reports.
Most phishing attacks are emails pretending
to come from banks or financial institutions.
They usually ask the recipient to "confirm"
their personal details after clicking
on a hyperlink. The link directs the
victim to a fake or doctored Web site
that is often indistinguishable from
the original and is designed to collect
information that can be used for fraud
and identity theft.
Jack Clark, technology consultant at
antivirus firm McAfee, said the number
of phishing attacks is expected to keep
growing because more people are using
the Internet and the phishers have started
making money from the scam.
Click here to read the full story.
|
|
Phishing
for campaign donors
 An Internet security company says some e-mails asking
for donations to U.S. presidential candidates
are scams trying to steal unwary consumers'
credit card numbers, ZDNet reports.
Researchers for e-mail filtering company
SurfControl say they found two examples
of suspect e-mails last weekend, both
purporting to be from Democrat John
Kerry's campaign.
Like other common "phishing" schemes,
which involve e-mail requests that seem
to be from trusted sources such as eBay
or Citibank, the Kerry messages asked
potential donors to go to an outside
Web site to give money. Those Web sites,
one registered in India, the other in
Texas, were not affiliated with the
Kerry campaign.
Click here to read the full story.
|
|
Trojan
poses as Berg video
 The people behind the recent Hackarmy Trojan attacks
have sunk to a new low in their bid
to hijack people's PCs, according to
a vnunet.com article.
Hackarmy has been posting messages to
newsgroups to entice users to click
on files that will infect their PCs
with a Trojan programme, thus allowing
hackers to hijack the infected PC.
The latest message, posted to thousands
of newsgroups, claims that American
civilian Nick Berg, who was kidnapped
while working in Iraq and beheaded in
May by militants linked to Al Qaeda,
is still alive.
A file supposedly containing a video
clip proving Berg is alive in fact contains
the same Trojan as the earlier 'suicide
note' from Arnold Schwarzenegger and
Osama Bin Laden 'death' photographs.
Click here to read the full story.
|
|
Mozilla
puts bounty on bugs
 A string of high-profile flaws in browser software
prompted the Mozilla Foundation to announce
on Monday that it would offer $500 for
every serious bug found by security
researchers, ZDNet reports.
"Recent events illustrate the need for
this type of commitment," Mitchell Baker,
president of the Mozilla Foundation,
said in a statement. "The (program)
will help us unearth security issues
earlier, allowing our supporters to
provide us with a head start on correcting
vulnerabilities before they are exploited
by malicious hackers."
The Mozilla Foundation directs development
of the Mozilla and Firefox browsers
and the Thunderbird e-mail client.
Click here to read the full story.
|
|
Microsoft
patches three critical flaws
 Microsoft on Friday released a patch for Internet Explorer
designed to close three critical holes
in the browser, including one that paved
the way for the Download.Ject Trojan
horse, CNET reports.
To stop Download.Ject Microsoft offered
a work-around earlier this month, and
the software maker has also worked with
law enforcement to shut down the Russian
server that had been the source of malicious
code.
The new patch finally closes this hole
and Microsoft encouraged all IE users
to update their browsers.
The patch also addresses two other publicly
known flaws in IE, both related to image
processing and both rated as critical
because they could allow malicious code
to be run on a vulnerable system.
Click here to read the full story.
Click here to get the patch.
|
|
Travellers
afraid to book online
 A recent survey sponsored by IT services firm LogicaCMG
reveals that one in five of 1,700 Brits
quizzed in the online survey would hesitate
about booking trips online because of
mistrust of the ability of travel companies
to keep their financial and personal
details secure.
According to The Register, no more than around one
in 10 said a simpler transaction process
might encourage them to use online sites
instead of high street travel agents.
The online travel market is expected
to reach 17 per cent of the total UK
travel market by 2007, according to
the Association of British Travel Agents.
LogicaCMG says that more needs to be
done to boost consumer confidence if
the online travel market is to reach
its potential.
"Over a million UK consumers have already
been victims of security breaches whilst
carrying out online transactions. Because
of fears about Internet security, more
consumers are using the Internet for
researching than actually booking their
travel online," says Dave Martin, principal
security consultant at LogicaCMG.
Click here to read the full story.
|
|
One
man behind 70 percent of all viruses
 According to a six-month malware round-up published
by Sophos, the Netsky and Sasser viruses
make up 70 percent of infections during
out current calendar year, ZDNet UK reports. This means that 1 person –the
German youngster Sven Jaschan, the self-confessed
author of the two pieces of malware
- is one of the most “successful” virus
authors – ever.
Heini Zachariassen, COO at BullGuard
Ltd. said: “It is interesting to note
that a single youngster with a computer
can cause such havoc with infections
and generate enormous amounts of e-mail
traffic. The fact that he was caught
is a very good sign and will hopefully
put a serious dent into the confidence
of all virus writers”
The Sophos report states that the Sasser
worm cames out on top with 26.1 percent
of infections, while Netsky.P, Netsky.B
and Netsky.D fill the next three slots.
The only viruses in the top ten not
written by Sven Jaschan are: MyDoom.A
(fifth place), Zafi.B (sixth place),
Sober.C (ninth place) and Bagle.A (tenth
place).
Sven Jaschan was taken into custody
by the German police in May following
a tip-off. The tip-off seemingly came
as a response to the reward offered
by Microsoft to anyone with information
which could lead to the capture of the
Sasser author. Mr. Jaschan subsequently
confessed to German police that he was
responsible for programming both the
Netsky and Sasser worms.
Click here to read ZDNet UK story.
Click here to read the report.
|
|
MyDoom
worm opens backdoor
 After its release on Monday the new MyDoom worm was
quickly dying out om Tuesday. However,
MyDoom.M leaves behind significant potential
for collateral damage from infected
and unrepaired PCs, ZDNet reports.
Besides propagating itself, the worm's
main purpose apparently was to open
a ’back door’ so that infected PCs could
be used to host other malicious programs,
according to researchers at security
giant Symantec.
The first of those parasites, dubbed
the Zindos.A worm, was released Tuesday
and according to a Symantec report,
Zindos.A is programmed to probe random
IP addresses in search of ports left
open by Zincite.A, the destructive part
of the payload left by MyDoom.M. Once
Zindos finds a vulnerable PC, it installs
itself and promptly launches a denial-of-service
attack against the Microsoft.com domain.
But the risk of a major infection by
the new MyDoom worm isn’t as big as
with the original MyDoom attack. Natasha
Staley, an information security analyst
at MessageLabs, said the company intercepted
just 599,641 messages containing MyDoom.M
in its first 24 hours. This is less
than half the number of infected messages
caught during the 24 hours of the original
MyDoom attack and is likely to keep
falling as the week continues.
Click here to read the full story.
Click here to read more.
|
|
Search
engines slammed
 A pesky new variant of the MyDoom worm slammed four
popular search engines Monday and continued
to clog e-mail accounts around the world,
CNET reports.
The new version, variously dubbed MyDoom.M
or MyDoom.O, was first detected early
Monday morning and quickly went on a
tear, flooding many mailboxes with hundreds
of messages. It has also slowed Google,
Yahoo, AltaVista and Lycos to a crawl,
because once it infects a PC, the virus
automatically performs Web searches
on those search engines.
E-mail screening company MessageLabs
said it had intercepted more than 23,000
copies of the variants in the first
five hours of their existence. Tens
of thousands of PCs have been infected
by the worm, The biggest impact, however,
has been on the search engines. Google,
Lycos and AltaVista were sporadically
out of service, while Yahoo has been
slow.
Click here to read the full story.
|
|
What
XP Service Pack 2 will mean for you
 Last week we told you that Service Pack 2 for Windows
XP will be released in August. Many
of you may rightly have asked yourself:
why is that important? And: What will
it do for me? In this week’s Newsletter
we go through the highlights in Service
Pack 2 and explain what it will do for
you and the security of your computer.
XP taking security seriously.......?
Service packs are usually simply compilations
of past updates, making the process
of bringing an OS up-to-date faster
and more transparent. Service Pack 2
for Windows XP is going to offer much,
much more than that. The SP will completely
overhaul the way XP manages security
threats and in many ways constitutes
something closer to a completely new
Operating System than a Service Pack.
So why was it necessary? Following the
Blaster worm in mid-2003 the top brass
at Microsoft decided that something
out of the ordinary had to be done about
the security problems in XP. Central
to the improvements in the resulting
Service Pack is the Windows Security
Center(WSC).
The Windows Security Center
The Security Center was not intended
for use in XP at all – but was to have
been included in the next generation
Windows Operating System- Longhorn.
The purpose of the Security Center is
not, as the name suggests, to provide
security as such, but to give an overview
of the security systems on a pc and
inform the user whether these a)
exist b) are updated, and c)
enabled.
The XP intrusion firewall, which is
included in all XP Operating Systems
already, will be changed to be enabled
by default, as very few seem to have
realised that it is there and even fewer
actually use it.
Further changes are implemented in Internet
Explorer. There will be a popup killer
and an information bar informing users
of security concerns as they arise and
an add-on manager to provide an overview
of the plug-inns which have been downloaded
and installed.
Blocking pop-ups
Lastly, the Service Pack will put further
emphasis on certificates and digital
signatures - a long running battle between
those who believe that this is the way
ahead and the puzzled consumer who does
not have the time/can't be bothered,
to read and verify such information
for every download made.
So how do you get hold of it? Like all
other Windows updates it will be be
available, when released, through "Automatic
Updates". As it is a 100Mb update the
download can be stopped and resumed
at any time so it doesn't completely
hog slower connections for hours on
end.
|
|
Criminals
blackmail average PC users
 While criminal gangs are more widely associated with
threatening denial of service attacks
unless they get a kickback of thousands
of pounds, it seems some are taking
a more small-scale approach to extortion:
now average PC users are being targeted,
ZDNet UK reports.
Instead of £50,000, the criminals are
making demands by email of a mere £50.
Unless they're paid off, they threaten
to tell the police about the child pornography
they've installed on your machine.
There's no pornography there, obviously,
but the threat and the small amount
of money involved will no doubt get
a few people who haven't been exposed
to the usual internet scams to reach
for their wallets.
A spokeswoman for the National Hi-Tech
Crime Unit (NHTCU) said in the first
instance, anyone getting one of these
scams should report it to their ISP
and block the email address. Reporting
it to local police is also a good move,
according to the NHTCU.
Click here to read the full story.
|
|
Spammer
charged with 144 counts
 A bulk e-mailer in Florida has been charged with electronically
breaking into a massive data warehouse
and stealing gigabytes of personal information
on Americans, CNET reports.
Scott Levine, 45, of Boca Raton was
indicted by a federal grand jury in
Arkansas for allegedly breaking into
Acxiom's servers and downloading 8.2
gigabytes of data in what the U.S. Justice
Department called one of "the largest
cases of intrusion of personal data
to date."
Levine has been charged with 144 counts
related to computer crime. The charges
include conspiracy, unauthorized access
of a protected computer, access device
fraud, money laundering and obstruction
of justice for allegedly trying to conceal
evidence and erase hard drives.
Acxiom did not reply to questions about
how many Americans were affected by
the alleged disclosure.
Click here to read the full story.
|
|
| |
|
| |
|
| |
|
|
| |
|
