How to avoid Malware meltdown

Will YOU lose the internet on Monday?

• Hundreds of thousands of PCs still at risk worldwide
• FBI 'ring-fenced' the virus late last year - but protection ends on Monday
• See below for advice on checking if your computer has been infected

Tens of thousands of Americans whose computers are infected with malware will lose Internet service on Monday - but the meltdown is preventable by following a few simple steps.

The impending crash will affect those whose computers have been infected with the nasty 'Alureon/DNS Changer bot' when the FBI takes down the servers at 12.01 a.m. on Monday, July 9.

To avoid the meltdown, users need to determine if their computer is infected with DNS Changer. Antivirus software will not have offered protection, and Mac computers are also at risk.

Cyber Threats Forecast for 2012

The year ahead will feature new and increasingly sophisticated means to capture and exploit user data, as well as escalating battles over the control of online information that threatens to compromise content and erode public trust and privacy. Those were the findings announced by the Georgia Tech Information Security Center (GTISC) and the Georgia Tech Research Institute (GTRI) in today's release of the Georgia Tech Emerging Cyber Threats Report for 2012. The report was released at the annual Georgia Tech Cyber Security Summit, a gathering of industry and academic leaders who have distinguished themselves in the field of cyber security.

SA Symantec Intelligence Report

Johannesburg - Symantec on Tuesday announced the results of the September 2011 Symantec Intelligence Report, which saw phishing attacks in South Africa increase once again.

The country is now positioned as the most targeted geography for phishing, with one in 133.1 emails.

This month’s analysis also reveals that a deluge of malicious email-borne malware has left a clear mark on the threat landscape for September. Approximately 72 percent of all email-borne malware in September could be characterised as aggressive strains of generic polymorphic malware, first identified in the July Symantec Intelligence Report. At the end of July, this rate was 23.7 percent, in August it fell slightly to 18.5 percent before soaring to 72 percent in September.

“This unprecedented high-water mark underlines the nature by which cyber criminals have escalated their assault on businesses in 2011, fully exploiting the weaknesses of more traditional security countermeasures,” said Paul Wood, Senior Intelligence Analyst, Symantec.cloud.

Further analysis reveals that the social engineering behind many of these attacks has accelerated with the adoption of a variety of new techniques, such as pretending to be an email from a smart printer/scanner being forwarded by a colleague in the same organisation has been detected.

“The idea of an office printer sending malware is an unlikely one, as printers and scanners were not actually used in these attacks, but perhaps this sense of security is all that is required for such a socially engineered attack to succeed in the future,” Wood said.

Although spam levels remained fairly stable during September, Symantec Intelligence observed the use of identified vulnerabilities in certain older versions of the popular WordPress blogging software on a large number of web sites across the internet. Spam emails containing links to these compromised web sites are being spammed out. It is however important to note that blogs hosted by WordPress itself seem to be unaffected.

Additional research reveals that JavaScript is becoming increasing popular as the programming language used by spammers and malware authors. Spammers use it to conceal where they are redirecting pages, and in some cases, to conceal entire web pages.

“For spammers, hosting simple JavaScript obfuscation pages on free hosting sites can increase the lifetime of that site before the site operator realises the page is being used for malicious activity,” Wood said. “JavaScript is popularly used for redirecting visitors of a compromised web site to the spammer's landing page. While some of these techniques have been common in malware distribution for some time, spammers are increasingly using them.”
Originally posted on iol scitech

How safe are our Windows PCs from malware?

What percentage of PCs in the United States are infected with malware? If you’ve been following the mainstream press recently, you might have read an alarming statistic: “Nearly half of personal computers in the U.S. are compromised by malware.”

That statement is an outright fabrication. It is not true. It is not even remotely accurate, based on objective data. The actual number varies, depending on where you are in the world, but for Windows users who have automatic updates turned on, the worldwide average is somewhere between 1% and 2%. In my opinion, if you practice the basics of online security, the likelihood that your Windows PC is infected by malware is a tiny fraction of 1%.

And yet that alarming and bogus 50% number was stated as if it were a fact in a feature story last week at CNNMoney.com. That story has so far been recommended by 371 people on Facebook. The same “fact” was repeated in a variety of other online sources, including thestreet.com, CNBC.com, businessweek.com, businessinsider.com, and boston.com, to name just a few.

It hit my radar when I saw the number quoted in a tweet from Mark Russinovich, a Technical Fellow at Microsoft and one of the smartest people I know.

My first reaction was “Oh really?”

My second reaction was to do some research. It took me less than 15 minutes to knock down this story, which is just the latest example of a depressing truism: If you give the mainstream press a computer story, you can usually count on them to get it wrong. If you give them a sexy press release with a provocative number, you can cinch the deal.

This case starts with a press release from Staples, dated April 5, 2011. Here’s the part that sucked in that CNN staff writer:

A common misconception uncovered in the IT IQ survey is that we falsely presume our computers are well-protected from the viruses, spyware, and other malware that put our personal information at risk and decrease performance. 83 percent of the survey respondents stated that they are somewhat or very confident their computer is free of malware. Yet, nearly half of personal computers in the U.S. are compromised by malware.* 

That asterisk was in the original. It leads to this footnote at the bottom of the press release:

*According to findings released by PandaLabs in February 2011. 

There’s no link to that study, but it took only seconds to find the original report from Panda Security:

According to data gathered by the free online antivirus Panda ActiveScan, 50 percent of scanned computers were infected with malware, mostly Trojans. 

So, the sample consists of people from around the world who were suspicious that their computers were infected and went to an online virus scanner? That’s a far cry from “nearly half of all computers in the U.S.” (Amusingly, a commenter on the Panda blog points out that the sample is “highly flawed,” and a response from Panda Security acknowledges that fact: “The data are taken from our online scanner ActiveScan. … Some people may think that the result is biased because some of those users suspect that they could be infected, which in fact is true.”)

Update 19-Apr: In response to this post, a spokeperson for Panda Security just contacted me. The company has edited the misleading headline on the press release to more accurately reflect its contents. The original headline read “In January, 50 percent of computers worldwide were infected with some type of computer threat.” The revised headline reads: “In January, 50 percent of computers scanned by Panda ActiveScan worldwide were infected with some type of computer threat.”

So why does Panda want to publish such an alarming and yet admittedly incorrect number? Because they’re trying to scare the crap out of you so they can sell antivirus software. Why does Staples want so spread that frightening but bogus statistic? Because they’re trying to scare the crap out of you so they can sell their EasyTech services. The original press release isn’t even subtle about it: “Our certified EasyTech associates are highly trained with expertise in diagnostics, repair, virus/malware removal and data back up solutions to name a few.”

The best numbers I’ve seen from an independent source (i.e., one that isn’t trying to sell a security product) are in Microsoft’s annual Security Intelligence Report. The Malware Trends section of the most recent report contains telemetry data drawn from more than 600 million Windows computers worldwide by a number of different Microsoft security tools and services, including the Malicious Software Removal Tool (which is included with automatic Windows updates every month), the free Microsoft Security Essentials and Windows Defender programs, and Microsoft’s enterprise security software.

According to the most recent data, covering a one-year period that ended in mid-2010, the five worst locations in the world (in terms of active malware infections that had to be cleaned) were Turkey, Spain, Korea, Taiwan, and Brazil. The infection rates for those regions varied from quarter to quarter, but they ranged from 30 to 60 infections per 1000 computers—worldwide, the number is roughly 10 infections cleaned per 1000 PCs. That’s about 1% on average, and about 6% in the worst cases. Update: Although the MSRT doesn’t remove every species of malware, it covers every widespread family—more than 150 in all—so I expect its figures to be representative of general infection rates.

If you use Windows and you have automatic updates turned on, you’re in that sample. If you’re even moderately cautious about how you use the Internet, your risk of infection is probably well below the midpoint of that sample.

Obviously, the rate of malware infection is unknown (and probably considerably higher) for people who refuse to update their computers. But those people are unlikely to pay a tech at Staples to clean up their PC.

Originally Posted on ZDNET

Google Warning - Two Million user's computers have been infected by a virus

Google has started warning more than two million internet users that their PC has been infected with a virus.
The malicious software hijacks Google browser searches and redirects people to websites containing fake security programs that pay the scammers for traffic.
Those affected by the virus will be greeted with a yellow warning at the top of their search results.

According to the company, the malware found its way onto computers via fake anti-virus software.
Then, when a Google search is entered it is sent to servers, controlled by the cyber criminals, which modify and redirect the traffic.

Writing on Google's blog, security engineer Damian Menscher said: 'The malware appears to have gotten onto users' computers from one of roughly a hundred variants of fake anti-virus, or 'fake AV' software that has been in circulation for a while.'
Google uncovered the mass scam while carrying out routine maintenance at a data centre.

Customers affected by the malware are issued with instructions on how to remove the virus from their computer.
Google's swift response is further evidence that large internet firms are vulnerable to cyber crime.
Apple has long boasted of the Mac's immunity to viruses and malware - but online security experts recently warned that the computers are facing an increased threat from criminals because of their popularity.
They said that Macs are now a more attractive target for hackers due to the rising number of people who choose them over a PC.

Originally posted on dailymail

Surf Safer With IE9

Throughout the beta testing phase of Internet Explorer, and the days and weeks leading up to its official launch, much has been made of the blazing performance of IE9's hardware accelerated graphics, and the overall immersive experience of the new browser. Another facet of IE9, though--which has received less attention--is the improved security of the browser. Here are four features of IE9 that make it safer and more secure:

1. Tracking Protection. If you are concerned with the privacy of your online browsing activities, Microsoft's hybrid approach to the "do not track" dilemma seems to be the best option currently on the table. Microsoft combines Tracking Protection Lists in IE9--which essentially blacklist specific sites to block them from gathering tracking data--with the more proactive approach of alerting sites to your privacy wishes using information in the HTTP header of your Web traffic. Between the two approaches, unwanted tracking of your browsing session should be minimized.

2. SmartScreen Application Reputation. You have probably seen at one time or another the Microsoft warning that "this type of file may harm your computer" when downloading files from your browser. The problem is that the warning is too generic and applies to virtually all downloads. With IE9, Microsoft strives to reduce the number of frivolous warnings, and provide more information for downloads that are truly potential threats. The SmartScreen Application Reputation protection assesses the reputation of a given file or download based on whether it has been signed by its author, the established reputation of the author, and the number of times it has been previously downloaded by others to determine the relative trust the file should be given.

3. Browser Segregation. When you use the pinned sites feature of IE9 and Windows 7 to access a website, the site opens in its own browser session, independent of the desktop browser. The browser session segregation means that session cookies are not accessible by other tabs or windows in the main desktop browser, and are safe from any compromise or abuse from other sites.

4. Stripped Down. Another function of running a site as a pinned site in IE9 and Windows 7 is that the browser session opens without any browser helper objects (BHO) or add-on toolbars that might be installed in the desktop browser. With fewer extraneous apps running within and alongside the browser session, the potential attack surface is minimized and there are fewer opportunities for malicious exploits to attack.

There are other features and functions of Internet Explorer 9 that provide a safer and more secure Web surfing experience. IE9 also includes protection such as DEP and ASLR which have been proven to be vulnerable, but still provide additional layers of protection that can prevent the vast majority of Web-based attacks.

Orignal posted on yahoo.news

Rogue Utilities

This week the Rogue Blog reports a strong surge in a different type of rogue, one that pretends to be a system utility. Typical scareware pretends to be antivirus software, "finds" all kinds of threats, and demands that you pay before it will clean up the pretend problems it found. Utility-style scareware follows a similar pattern. It pretends to find errors on your system such as disk fragmentation or file system integrity problems. Naturally the scan is free; naturally you have to pay if you want to fix the alleged system problems.

The Rogue Blog post pointing out this trend includes numerous screenshots and identifies many of the culprits by name. UltraDefragger, ScanDisk, and WinHDD are among the real-sounding names used by current fraudulent system utilities.

How can you distinguish a fake optimization tool from a real one? If you see a report from a utility that you never installed and never launched, it's probably a fraud. If the utility comes advertised in a spam message, Sunbelt suggests you avoid it. The rogues invariably display dire warnings about system problems, but don't reject every warning. A legitimate disk utility might do the same if your system is truly failing.

Here's an odd one: apparently these rogue utilities will often tell you that you must update your browser to a version earlier than what you're actually running. If you're careful you can avoid getting burned. Don't ever rely on a third-party system utility that you didn't install or launch, as it's almost certainly a fraud.

Your antivirus software or security suite should protect you from rogues of any kind, providing you keep it up to date. And when you go shopping for disk tools do a little research to make sure they're legitimate. Check PCMag.com for reviews, to start, and Google the name to see if others are reporting problems. If you're still not sure, a visit to the Rogue Blog should clear up any confusion.

Originally posted on Yahoo News

Tech Scams to Avoid This Holiday

The holiday shopping season is a great time to get tech products at discounted prices, but it also creates a golden opportunity for the Web's scam artists. The FBI, McAfee, the Better Business Bureau and F-Secure are all warning about cybercriminals who will try to take you for a ride this holiday season. Here are their most pertinent warnings and tips for staying safe:

The Infamous Free iPad 

Bogus free iPad offers started popping up immediately after Apple's tablet went on sale, and they've since been banned from Facebook. Still, you might see similar offers around the Web, McAfee says, prompting you to buy other products as a condition of getting the free iPad. By now, you should realize it's too good to be true.

Gift Card Scams 

That free $1,000 gift card offer you saw on Facebook? Bogus, of course. McAfee says that cybercrooks lure people into giving away their personal information or taking quizzes in exchange for these cards, which never arrive. The information is then sold to marketers or used for identity theft.

The FBI also says to use caution when purchasing gift cards through auction sites or classified ads. These can be fraudulent, and you won't get your money back. Buy directly from retailers instead.

Bogus Auctions and Classifieds 

Here's a particularly tricky scheme pointed out by the FBI: On auction and classified sites, fraudsters use their own order forms to get payment details from holiday gift buyers. Then, they charge the victim's credit card and use a stolen credit card to buy the actual item, which is sent directly to the victim. In other words, you'll still get the product, but you might be liable for receiving stolen goods. To avoid this scam, be sure to use legitimate payment services like Paypal instead of providing money directly to the seller.

The feds also warn of a related scam for free or reduced-price shipping offered on auction and classified sites. The fraudsters provide fake shipping labels to the victim, and the product ends up being intercepted in transit, never delivered to its destination.

Malicious websites

For cybercriminals, spamming Google with bogus holiday gift pages is a yearly tradition. These pages could be loaded with malware or payment forms intended to steal your identity. F-Secure has created a list of what it thinks will be the highly targeted search terms this year, including Kinect for Xbox, Call of Duty: Black Ops, Amazon Kindle and Apple iPad.

Visit retailers' websites directly when possible, use Internet security software if you must and always check for "https" in the URL bar before ordering online to ensure that the page is secure.

Wi-Fi Hackers 

Public Wi-Fi networks will get a workout this holiday season as people travel, McAfee notes. This is especially true with Google offering free Wi-Fi on domestic flights from three major airlines. Check out our security tips from Google's free Wi-Fi offer at airports last year, most of which are still relevant in the skies. Number one tip: Avoid shopping and paying bills over a public network.ls over a public network.

Related articles

• Latest McAfee warns of "The 12 scams of Christmas" (helpwithdebtnow.com)
• Bogus iPads Top 12 Scams of Christmas (cultofmac.com)

Originally posted on PCWorld

Identity Theft Misconceptions

A recent survey by Kindsight revealed some misconceptions by internet users what they perceive as identity theft risks.

Anyone living in the modern world can't help but be aware that identity theft is real, and that it's a real problem. But how well do people understand what their own risks are? Not surprisingly, virtually all of those questioned had some understanding of identity theft. However, many had only a limited understanding of just what kinds of behavior put them at risk.

It appears that many consumers still are not entirely sure of what type of activities to avoid, and what they can do to protect their identities online. Five key misconceptions about cybersecurity emerged:

Misconception #1 I’m safe because I never shop online 
Misconception #2 I’m safe because I have anti-virus protection 
Misconception #3 I’m safe because the website is secure 
Misconception #4 I’m safe because it’s easy to recognize fake sites 
Misconception #5 Facebook is safe enough; no need to worry

Cybercriminals are becoming more sophisticated and always looking for new and better ways to steal your identity online.

Security Tips for PDF users

The good thing about Adobe's PDF format is that nearly everybody uses it--and if you just need to read those documents, it's free. Sadly, the program's very popularity is what attracts the bad guys. Hackers, say the security experts, look for a "target-rich environment," and with tens of millions of users, Acrobat and Reader fit the bill.


So what can you do to stay secure? I wish I had advice that went beyond the conventional wisdom, but I don't. I contacted security experts at Adobe and Symantec, and they both said pretty much the same thing. Marc Fossi, Manager, Research and Development, Symantec Security Response said this:

1. Consumers should make sure to keep their software up-to-date with all the most recent versions and security patches at all times. An easy way to do this is to ensure that applications are configured to retrieve updates automatically whenever there is a live Internet connection.

 2. Using a full security software suite that includes antivirus and intrusion prevention capabilities can also protect against these types of threats.

Sure, Symantec is in the business of selling security software, so naturally they'll tell you to use their product. But in this case, put aside your skepticism and do what the man says. Newer security programs really do filter out lots of malware. And while it may seem utterly obvious, I'll repeat this old chestnut: Don't open attachments from people you don't know.

If you're running version 9 of Reader, you'll be prompted to download a security patch within the next few weeks. Do it.

New "Attack Page" Scam in Firefox and Chrome

F-Secure reported a new malware campaign takes advantage of the "malicious site" warnings commonly displayed by both Firefox and Chrome to trick unsuspecting users into downloading a rogue antivirus application

The attack happens when Web surfers visit a page offering "SecurityTool," a known malware application that purports to be antivirus software. On both Firefox and Chrome, a fake warning page then pops up that mimics the messages those browsers normally give users who visit suspect sites.

On Firefox, the warning alert is titled, "Reported Attack Page!" while on Chrome the page reads, "Warning: Visiting this site may harm your computer!" Both such warnings invite users to "Download Updates." Users who click the download button then end up with a file called "ff_secure_upd.exe" on Firefox or "chrome_secure_upd.exe" on Google's browser; either way, what they really get is the rogue antivirus file and an invitation to pay a license fee for supposed protection.

Firefox users with scripts enabled, in fact, don't even have to click the "Download Updates" button--rather, they'll just be prompted to click "OK" to download "Firefox secure updates." Clicking "Cancel" only results in a repeated warning that updates need to be downloaded, F-Secure reported.

In addition to the "scareware," a hidden iFrame that's also part of the attack loads a Phoenix exploit kit from a different site, the security researcher noted, thereby exposing users to further exploitation. This latest attack is very similar to one uncovered in July, through which SecurityTool used a similar technique purportedly prompting Firefox users to update their Adobe Flash Player. In that case, the attack presented users with a fake version of the Firefox "Just Updated" page, which is typically shown when users open the browser for the first time after an update is downloaded.

On the fake version, however, the message warned that Adobe Flash Player hadn't yet been updated, and it prompted the user to download a file that is in fact the rogue antivirus software, according to F-Secure. The new "Reported Attack Page!" alert, however, relies particularly heavily on Firefox users' uncertainty as to what genuine warning pages look like. In fact, such pages never request that users download updates; rather, they give the option of either leaving the site or overriding the block and continuing to load the page. F-Secure's blog post includes an authentic Firefox block page for users who want a reliable visual image.

Originally posted at Yahoo News

Major Microsoft Patches

Microsoft said it will deliver a record 16 security updates next week to patch a whopping 49 vulnerabilities in Windows, Internet Explorer (IE), Office and SharePoint. Andrew Storms, director of security operations for nCircle Security, called the massive update "daunting, again."

Four of the 16 updates were tagged with Microsoft's "critical" label, the highest threat ranking in its four-step scoring system. Another 10 were marked "important," the second-highest rating, while the remaining pair were labeled as "moderate."

Nine of the updates could be exploited by attackers to inject malicious code into vulnerable PCs, Microsoft said in its usual bare-bones advance notification of the updates scheduled for release October 12. Microsoft often labels remote code executable bugs -- the most dangerous -- as important when the vulnerable components are not switched on by default or when other mitigating factors, such as defensive measures like ASLR and DEP, may protect some users.

Nine of Tuesday's Windows updates will apply to Windows 7 -- including all three of those marked critical -- while Windows Server 2008 R2 will also receive nine updates, two of them critical. While Microsoft has touted Windows 7 as its most-secure OS ever, and wants Windows XP users to ditch the nine-year-old software for the new edition, fewer of next week's updates apply to the aged operating system than to Windows 7. XP will be affected by eight of the 13 bulletins, and just two of the three pegged as critical. The critical IE update will affect IE6, IE7 and IE8. Microsoft did not reply to questions about whether it will also update IE9, which was released as a beta three weeks ago.

Originally posted at PCWorld

EEye Digital launches Zero Day Tracker site

Until a patch is released, a security hole--known as a zero-day vulnerability--in effect makes your computer a sitting duck for anyone who writes an exploit for it and bothers to distribute it via e-mails and drive-by downloads on Web sites.

EEye Digital Security launched a Web site yesterday that lists current zero-day vulnerabilities and offers an archive on ones that have been patched. The Zero Day Tracker compiles information on publicly disclosed security holes and provides details on them including what software they affect, how severe they are, the potential impact and suggestions for workarounds and other protection techniques.

Marc Maiffret, co-founder and chief technology officer of eEye, describes the free site as a "one-stop shop" for zero-day information. "For the longest time the only company that would notify you about zero-days was Microsoft, and recently Adobe has started doing that," he said. "But there are still many other companies that have zero-day vulnerabilities that go unreported."

How good is Microsoft's free antivirus software?

Microsoft has officially unveiled its long-awaited consumer antivirus offering. Formerly code-named “Morro,” it’s now been christened Microsoft Security Essentials, and it will enter public beta testing next week. If you have a licensed copy of Windows XP (Service Pack 2 or above), Windows Vista, or Windows 7, you’ll be able to download and install the software at no additional charge. No subscription is required for ongoing definition updates, either. The final release is scheduled for this fall.

The public beta will be limited to 75,000 downloads, Microsoft says, and the targets are global. The initial beta release is limited to the United States, Israel (where a core development team is based), and Brazil. Next month, the beta will open up for users in China. It’s no coincidence that Microsoft is rolling out early in Brazil and China, which are large-scale vectors of malware infections because of the sheer number of Windows users running without antivirus protection. According to Microsoft, barriers to adoption of paid security software are especially high in developing markets, where internet access is slower and credit cards are unavailable to a large percentage of the population.

Microsoft Security Essentials requires validation, which means it won’t be available to anyone using a pirated copy of Windows. But it won’t require registration or personal information of any kind. In an interview last week, Theresa Burch, director of product management for Microsoft Security Essentials, confirmed that decision in no uncertain terms: “We collect no information from you at all,” she told me. No Windows Live ID, nothing. You agree to the EULA, validate, download, and you’re done.”

Originally posted on ZDNet

Ika-tako Virus Replaces Your Files With Octopus Photos

It’s always frustrating to find that your computer has been infected with a virus, especially one that can potentially wipe your files. However one hacker decided that he would bring a little humor to viruses by replacing any infected file with a particularly cute sea creature anime. The Ika-tako virus (which is Japanese for Squid-Octopus) as it has been named first came to shore in May via Japanese file sharing Website Winny.

Since then, it has reportedly gone on to infect somewhere between 20,000 and 50,000 computers, according to Asahi.com. The virus disguises itself in music files, which users then download. Once the file is played, the malware runs through the computer’s hard drive, infecting anything from family photos to important OS files. The infected files are swapped with the squid, octopus or sea urchin pictures and removed, then supposedly sent to the hacker's server.

The good news is that the hacker, Masato Nakatsuji, was found and arrested. It’s not the first time this guy has been arrested for malware creation either--he was convicted for crafting a similar virus back in 2008, but had used images from the copyrighted anime cartoon Clannad.

He reportedly told police this time that he wanted to see “how much my computer programming skills had improved since the last time I was arrested.” This time, he was arrested on the grounds of property destruction, a first for police in Tokyo. At least he handmade the images himself this time I guess. 

Unfortunately there is no known fix for the virus just yet, so bad news for those already infected, unless police can get into the server he set up. However, considering he had thousands of people’s information stored on the server, it shouts to me that there was a bigger motive behind this virus that just practicing his computer skills.

Originally posted at PCWorld

Trojan Monitors Your Porn Surfing Habits

In an era where online privacy seems like an oxymoron, is it so bad to have your browsing history publicly available? Or to pay less than $20 to have these details removed from the Internet? Several Trojan horses spreading around the Internet these days spam your entire address book with bogus messages and attempt to delete your computer’s security software.

But the Kenzero Trojan out of Japan goes further than pretending to be a legitimate program: Hackers behind the program not only post your browser history, favorites, illegally-downloaded porn, and clipboard content to a public Website, they demand payment of about $18 to remove the personal details of your browsing history.

Kenzero is a Trojan of the “ransomware” variety, where a malicious program masquerading as a game registration window takes your personal details then attempts to extort money out of you. The Trojan then posts that you’ve been downloading illegal Hentai (explicit anime) games, and that instead of just being out $20, you’ll find that scammers have sold your credit card information to the highest bidder. How does Kenzero spread? Mostly via the Winny file-sharing network, which has approximately 200 million users).

Though if you’re illegaling downloading computer games, why would you give personal details to a pirated piece of software? It's food for thought. While you’re mulling that, there’s even a paper [PDF] on similar Japanese scams being presented at the upcoming Association for Computing Machinery Computer and Communications Security conference.

Originally posted at PCWorld

zero-day hole in Flash Player

Adobe Systems on Monday warned of a zero-day hole in Flash Player that reportedly is being exploited in the wild and could allow an attacker to take control of a computer.

 The critical vulnerability affects Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Mac, Linux, Solaris, and Android. It also affects Adobe Reader 9.3.4 and earlier version for Windows, Mac, and Unix and Adobe Acrobat 9.3.4 and earlier versions for Windows and Mac. Adobe is not aware of any attacks exploiting the hole against Adobe Reader or Acrobat, the company said in its security advisory. 

Adobe is finalizing a fix for the hole and expects to provide an update for Flash Player for Windows, Mac, Solaris, and Android during the week of September 27, the advisory said. Updates for Adobe Reader are expected during the week of October 4. Adobe is moving up the date of its next quarterly security update for Adobe Reader and Acrobat and will also release a patch the week of October 4 for a critical zero-day hole in Adobe Reader and Acrobat that was disclosed last week and is being exploited in attacks on. As a result, there will be no updates on October 12, which was the next scheduled quarterly release date. In the meantime, Microsoft has a tool that can help block the attacks on Adobe Reader and Acrobat on Windows machines. Read more:

Searching for free stuff online can be costly

It's common knowledge that you can catch computer viruses on porn Web sites. But did you know it's also risky to surf the Web searching for free movies or music?

A study from McAfee to be released on Tuesday finds that adding the word "free" when looking for entertainment content in search engines greatly increases the chances of landing on a site hosting malware. For instance, searching for free music ringtones increases the chances of hitting a malicious site by 300 percent, according to the report, "Digital Music & Movies Report: The True Cost of Free Entertainment." (PDF) Searching for "lyrics" for a particular artist is twice as risky on average as searching for "ringtones" for the same artist for the first five pages of results, the report found. And including the term "MP3" increases the riskiness of music searches in general.

There has been a 40 percent increase in the number of Web sites that are delivering infected MP3 files or that seem to be built for purposes of financial fraud or delivering malware, according to the report. Meanwhile, McAfee found malware associated with a number of Web sites around the world advertising free downloads of sports games, movies, and TV shows. Twelve percent of sites that distribute unauthorized content are distributing malware, and 7 percent of sites offering unauthorized content have associations with cybercrime organizations, the report concluded. "The sites often look very professional and attempt to lure the user with the idea of a 'trial period' or even some nominal fee that is much less than what may ultimately be charged," the report says. "Once the user agrees, they have to authorize their computer to access and interact with computers that are involved in a wide range of schemes--from money laundering to stealing credentials such as user names and passwords. In addition, with this access, your computer is profiled--with all of its software versions, user agents, and any other date--and this information can be provided to third parties for malicious purposes. (This is often called 'fingerprinting.')"

To reduce the chances of landing on malicious sites, McAfee recommends avoiding the use of the word "free" in searches for entertainment content, avoiding clicking on links in banner ads on content sites that aren't well established, not clicking on links posted in forums and on fan pages, keeping security software up to date, and using safe search plug-ins like McAfee Site Advisor that warns of potentially risky sites. Read more:

"Here You Have" worm is a Windows Problem

Every time a virus like the current "Here You Have" worm comes around, people shake their heads, wring their hands and wonder how "computer security" can be improved.

The assumption, for many, is that malware like this is simply part of having a computer. Thank goodness for the PC security industry, working hard to protect us with expensive software! The fact, however, is that malware like this does not go hand-in-hand with having a networked computer--it goes hand-in-hand with Windows. Microsoft Windows is the reason our culture gets threatened again and again by malware; if the world ran Linux instead, it wouldn't be a problem. Here's why.

1. Users Are Dumb
There's no point denying it -- humans are extremely gullible, forgetful, distracted, and yes, just plain stupid sometimes. That is simply a fact of life, and no "helpful reminders" or even automated warning systems are going to keep them from being stupid. Offer them pictures of cute puppies or porn, and they'll go wherever you want them to.

This is only a problem, however, because of Windows. Rather than protecting foolish users from themselves by minimizing the potential consequences--which is what a good operating system should do--Windows gives them all administrator access by default. That means that they pretty much have the keys to the castle at all times--which, in turn, means that viruses do too.

As I've said before, it's like giving terrorists high-level government positions. With Linux, on the other hand, users do not have "root" privileges by default. So, even if a Linux system is compromised--which is rare--the virus won't have the access it would need to do damage systemwide; rather, just the user's local files and programs would typically be affected. That's much less motivating for evil-doers.

 2. It's a Monoculture
So Windows gives each and every user the keys to his or her local castle, which--thanks to the Internet--is linked to every other castle on the planet. Since the majority of those also run Windows, imagine the fun viruses can--and do--have! It's a simple matter of frolicking from one castle to another--again and again and again--taking the keys, and then watching the email servers fall! It's a worm's dream come true.

That, of course, is why Linux isn't popular with worm developers. With the diversity of environments that Linux includes--Ubuntu, Debian, Fedora, and so on, not to mention all the many shells, packaging systems, mail clients and even underlying architectures-- reaching more than a relatively small part of the Linux community is much more difficult. Much less gratifying for worms.

 3. Closed Access
Less applicable in the present case, and yet still a factor in Windows' relative insecurity, is the fact that its code is closely guarded by Microsoft. No matter how many developers Redmond has, it simply can't compare with the countless users around the globe constantly scrutinizing Linux's open code for vulnerabilities. Microsoft developers also don't typically tell anyone about the problems they've found until a solution has been created, leaving the door open to exploits until that happens.

I'm certainly not saying that Linux is perfect, and any business user, in particular, should still enable firewalls, minimize the use of root privileges, and keep the system up to date. They could even implement a virus scanner for Linux, such as ClamAV.

The difference, though, is that such extra measures are not simply an accepted part of computing in the Linux world--they're additional steps you can take, if you want extra peace of mind. Malware is primarily a Windows problem. Use Linux, and you can mostly forget all about it.

Originally posted at Yahoo News

Firefox patches DLL load hijacking vulnerability

Mozilla has joined Apple in being among the first to fix the DLL load hijacking attack vector that continues to haunt hundreds of Windows applications. The open-source group released Firefox 3.6.9 with patches for a total of 15 vulnerabilities (11 rated critical), including the publicly known DLL load hijacking flaw that exposes Windows users to remote code execution attacks.

The majority of the 15 vulnerabilities in this Firefox patch batch could be exploited to launch drive-by download attacks from booby-trapped Web sites. According to Firefox, the DLL load hijacking issue only affects Windows XP users:

 Firefox could be used to load a malicious code library that had been planted on a victim’s computer. Firefox attempts to load dwmapi.dll upon startup as part of its platform detection, so on systems that don’t have this library, such as Windows XP, Firefox will subsequently attempt to load the library from the current working directory. An attacker could use this vulnerability to trick a user into downloading a HTML file and a malicious copy of dwmapi.dll into the same directory on their computer and opening the HTML file with Firefox, thus causing the malicious code to be executed. If the attacker was on the same network as the victim, the malicious DLL could also be loaded via a UNC path. The attack also requires that Firefox not currently be running when it is asked to open the HTML file and accompanying DLL.


Originally posted zdnet