iWay-Safety.com: Malware News & Views

Anti-virus software isn't the only computer security tool

Fri, 13 Jun 2008 01:37:58 GMT

... get in the habit of quickly installing all software program updates ... beyond that also consider:

Certified e-mail [?? Seems off the point since these services are directed at businesses not individuals]

Web page scanners ... tools using varying technologies to gauge the reputation of most Web pages. EG AVG's LinkScanner, ScanSafe's Scandoo, Trend Micro's TrendProtect, McAfee's SiteAdvisor [which I use] and Finjan's SecureBrowsing grade Web pages as safe, unsafe or questionable.

Browser security tools ... anti phishing filters

[In other words a toolbox instead of a tool.]

SANS OUCH! Newsletter - Volume 5, Number 5 May 2008

Thu, 12 Jun 2008 21:30:35 GMT

OUCH!

SANS Institute Security Newsletter for Computer Users

Volume 5, Number 5 May 2008

************************************************************************

In This Issue

1. Eight Surefire Ways to Become an Identity Theft Victim - 2. Malware

- - 3. Scams and Hoaxes - 4. Microsoft and Apple Security Updates - 5.

Security Newsbytes

************************************************************************

A formatted version of the OUCH newsletter can be found at https://www.sans.org/newsletters/ouch.

You can subscribe to OUCH on the same site. Send your comments to OUCH@sans.org.

************************************************************************

1. Eight Surefire Ways to Become an Identity Theft Victim

- --Practice unsafe surfing. When you purchase a new computer, go online without activating the firewall, or purchasing protective software.

Further expose yourself digitally by sharing a wireless connection with the entire neighborhood. Without digital encryption, you can share the contents of your hard drive with anyone on the street. For maximum risk, do some online banking on a public computer -- like the one at the library or a public cafe. Bonus points are added if your Social Security number is your user ID for any transactions.

- --Skimp on anti-virus and anti-spyware protection. Courting disaster online is easy. Invite malicious code to attack your computer simply by doing nothing. Antivirus programs can be pricey, and the maintenance of constantly downloading updates is time-consuming. Combine that with the security updates from Microsoft or Apple and it's enough to seriously annoy anyone.

- --Passwords are a pain! Make life easy for yourself by using the same password for EVERYTHING, and make it something easy to remember, like your first name or 'password'. Just in case, make sure you write it down on a yellow sticky and put it somewhere easy to see.

And don't forget to have your browser set to 'remember password' to make life easy for you - and the cyberthief.

- --Peek at junk email and open attachments from unknown sources. Open attachments from strangers, secret crushes, long-lost friends saying "what's up," or strangers hawking cheap drugs -- you'll never know unless you peek at that email. One of the many fun things that can happen when you open an attachment containing malicious code is infecting your computer with a Trojan horse or virus, which can easily lead to identity theft.

- --Stuff your wallet with juicy identifying tidbits. Wallets and purses are more than just handy cash-carrying devices. They often have credit cards, identification, insurance information and even Social Security cards. Obviously, more is better if you'd like to become the prey of fraudsters. Losing or misplacing a wallet or purse can cause more problems than just the hassle of replacing all those cards and buying a new bag. Armed with your date of birth, Social Security number and mailing address, there's no limit to the damage thieves could cause.

- --Make your checks payable to criminals. If you're like most people, you wouldn't post your checking account information on your front door, though you should if you'd like to be a victim of fraud. Similarly, checks reflecting the same information can be dropped casually into unsecured mailboxes. Statistically the chances of your mailbox being targeted by criminal elements are low, but not that low. According to the 2008 Identity Fraud Survey Report from Javelin Strategy and Research, almost 1 in 10 victims of identity theft who can pinpoint the scene of the crime say that it happened at the mailbox.

- --Opt out? Opt in! While you're mailing checks from the unlocked mailbox, go ahead and get credit card companies to send you all the pre-approved offers that the postman can cram into the box. Similarly, don't get credit card statements online; leave them on the side of the road so that they're more convenient for fraudsters who lack the technical knowledge or follow-through to launch complicated hacking schemes.

- --Nothing is too good to be true. Everyone wants to feel special and maybe more importantly, filthy rich. When reading an emailed proposition from an African business tycoon, an imperiled prince or downtrodden heiress offering millions of dollars in exchange for some small measure of assistance, it's difficult not to wish it were true. Falling for the story will undoubtedly lead to unpleasantness.

More information:

http://finance.yahoo.com/banking-budgeting/article/104894/7-Surefire-Ways-to

-Become-an-ID-Theft-Victim

************************************************************************

2. Malware

- --Zeus. A Trojan being spread by the so-called "Rock Phish" group of Russian criminals through phishing scams. Zeus is designed not only to trick victims into clicking on a link in a phishing email to give up personal information, but also to drop a Trojan on the victim's computer at the same time. The new attacks combine phishing and the Zeus Trojan to steal personal information and spread financial crimeware. Zeus can steal personal data such as usernames, passwords and Social Security numbers entered by the user while interacting with other websites.

More information:

http://www.scmagazineus.com/Rock-Phish-gang-adds-malware-download-to-attacks

/article/109240/

- -- RaceForTibet. Rootkit* malware that surreptitiously installs a keystroke logger on end users' PCs once they open a Flash movie file which uses a cartoon to mask its malware payload. The captured data is reportedly sent to a computer in China. The cartoon ridicules the effort of a Chinese gymnast and then displays images supporting a free Tibet.

The malware is being distributed as an attachment called RaceForTibet.exe.

More information:

http://www.itpro.co.uk/wireless/news/187935/tibet-supporters-targeted-by-tro

jans.html

* Rootkit: http://en.wikipedia.org/wiki/Rootkit

- -- OSX.RSPlug.A. A Mac Trojan that spreads by spam emails designed to lure users to pornography sites. Visitors are presented with a still image from a salacious video. Clicking on the image to play the video returns the following message: "Quicktime Player is unable to play movie file. Please click here to download new version of codec." After the linked page loads, malware is downloaded and launches an installer. The installer requires the user to enter the admin password. Once the password has been entered, the malware infection is complete. The Trojan alters network settings, redirecting webpages and funneling advertisements for porn sites to your Mac.

More information:

http://www.geekstogo.com/2007/10/31/osxrspluga-trojan-info-and-removal/

************************************************************************

3. Scams and Hoaxes

- --Economic Stimulus Refund Phishing Scam A number of phishing scam emails are currently targeting US taxpayers by offering bogus refund payments as bait. This email, purporting to be from the Internal Revenue Service (IRS), claims that the recipient is qualified to receive the 2008 Economic Stimulus Refund. The recipient is instructed to follow a link in the message in order to fill in an online form, ostensibly to allow the refund to be processed. The email includes the IRS logo and copyright notice and is from a seemingly genuine IRS email address. However, the email is not from the IRS.

More information:

http://www.hoax-slayer.com/economic-stimulus-refund-scam.shtml

- --United States District Court Subpoena Malware Email This seemingly official email purports to be a subpoena sent by the United States District Court. The message claims that the recipient must testify before a Grand Jury at a specified place and time. The recipient is instructed to follow a link in the message to download and print a complete copy of the subpoena document. However, the message is not from the United States District Court. In fact, the message is an attempt to trick recipients into installing information-stealing malware on their computers.

More information: http://www.uscourts.gov/newsroom/2008/alert.cfm

http://www.hoax-slayer.com/subpoena-phishing-scam.shtml

- --Visa Personal Password Phishing Scam An email claiming that recipients can protect their Visa credit card for online purchases by clicking a link in the message and creating a personal password. However, the message is just another phishing scam and was not sent by Visa. Those who fall for the ruse and click the link will be taken to a very sophisticated, but fraudulent, website that has been designed to closely resemble the genuine Visa website.

More information: http://www.hoax-slayer.com/visa-password-scam.shtml

- --Mail Server Report

According to this warning message, a dangerous virus is being distributed via emails with the subject line "Mail Server Report". The warning claims that opening attachments that come with the email will first display a message saying "It is too late now, your life is no longer beautiful" before destroying all files on the infected computer and stealing personal information. However these claims are untrue.

There is not, nor has there ever been, a virus like the one described in this bogus warning message.

More information: http://www.hoax-slayer.com/mail-server-report-hoax.shtml

************************************************************************

4. Microsoft and Apple Security Updates

Microsoft and Apple provide free security updates for their software products.

Windows: Microsoft issues patches for all Microsoft products on the second Tuesday of each month as well as out-of-cycle patches on any day of the month. The next scheduled release date is May 13th. Check manually too, once every two weeks, to make sure all of the updates have been installed.

More information: http://www.microsoft.com/athome/security/default.mspx

OS X: Updates are issued frequently, and their contents may differ depending on which processor is in your Mac (PPC or Intel).

More information: http://www.apple.com/support/downloads/

iPhones: Must be updated manually:

http://docs.info.apple.com/article.html?artnum=305744

************************************************************************

5. Security Newsbytes

- --Hannaford to Spend Millions on IT Security Upgrades After Breach Executives at Hannaford Bros. Co. have said that the grocer expects to spend millions of dollars on IT security upgrades in the wake of the recent network intrusion that resulted in the theft of up to 4.2 million credit and debit card numbers from its systems. The planned upgrades include the installation of new intrusion-prevention systems that will monitor activities on Hannaford's network and the individual systems at its stores, plus the deployment of PIN pad devices with encryption support in store checkout aisles. Hannaford also has signed on IBM to do around-the-clock network security monitoring.

More information:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&;arti

cleId=9079652

- --Microsoft Reports 300% Increase in Trojan Downloaders Computer users are increasingly at risk of being lured to websites that surreptitiously download malicious software onto their machines, but stolen or lost laptops still represent most of the security breaches reported, according to the latest six-month Microsoft Security Intelligence Report. Exploits, malicious software, and hacking accounted for 13% of all security breach notifications recorded in the second half of 2007, while 57% of the breaches publicly disclosed involved lost or stolen equipment. Malicious software attacks via Trojan downloaders and droppers increased by 300% during the same time period.

More information:

http://www.news.com/8301-10784_3-9925077-7.html?tag=nefd.only

- -- Firefox and Safari Updates Tackle "Alternative" Browser Bugs Mozilla has updated its Firefox web browser in response to the discovery of a vulnerability which allows miscreants to take control of vulnerable systems. Apple has pushed out an update for both the Windows and Mac versions of its Safari web browser. The more serious Mac flaws, if left unchecked, create a means for hackers to crash browsers or inject malicious code into vulnerable systems.

More information:

http://www.mozilla.org/security/announce/2008/mfsa2008-20.html

http://support.apple.com/kb/HT1467

************************************************************************

Permission is hereby granted for any person to redistribute this in whole or in part to any other persons as long as the distribution is not being made as part of any commercial service or as part of a promotion or marketing effort for any commercial service or product. Readers are invited to subscribe for free at https://www.sans.org/newsletters/ouch

PC World: Vista's Despised UAC Nails Rootkits

Mon, 09 Jun 2008 20:58:17 GMT

It can spot [all] rootkits [used in the tests] before they install. While only six of 30 rootkits could run on the OS, the testers had to turn off UAC to get even that far. Vista's UAC itself spotted everything thrown in front of it. [That alone got me to turn UAC back on although rootkit authors simply may not be interested in engineering for Vista.]. When testing Windows XP, of 30 rootkits thrown at XP anti-malware scanners, the best of the all-purpose suites was Avira AntiVir Premium Security Suite, which found 29 active rootkits. The anti-rootkit tools fared better with four achieving perfect scores but all failed to remove any of the rootkits they had found.

SANS Spyware Mini-Quiz

Fri, 21 Mar 2008 01:58:51 GMT

SANS Institute Security Newsletter for Computer Users
Volume 4, Number 11 November 2007
************************************************************************
A formatted version of the OUCH newsletter can be found at https://www.sans.org/newsletters/ouch. You can subscribe to OUCH on the same site. Send your comments to OUCH@sans.org.
************************************************************************
Spyware Mini-Quiz
(1) Approximately how many computers on the Internet are infected with spyware?
a. 25%
b. 45%
c. 60%
d. 80%
(2) What is the single best thing you can do to protect your computer against spyware?
a. Disable Active-X in Internet Explorer
b. Protect your computer with a firewall
c. Install anti-spyware and keep it updated
d. Only browse websites that you know and trust
************************************************************************
Answers
(1) d. While expert opinions vary, most sources agree that 80% is a reliable estimate.
(2) c. Antispyware is as important as antivirus software for protecting your computer.

Copyright 2007, SANS Institute (http://www.sans.org)

How to help avoid browser hijacking

Mon, 30 Jan 2006 18:44:23 GMT

Micorsoft Security At Home: "Browser hijacking" is a common type of online attack in which hackers take control of your computer's Internet browser and change how and what it displays when you're surfing the Web. [Included are: info for determining whether your browser has been hijacked; more importantly, preventing hijacks; and what you can do to restore a browser that's been hijacked. Once again the same basic steps apply: use your common sense about downloading executable code from "strangers"; keep your operating system up to date especially with security fixes, your MANDATORY protective / detective tools (anti mal/spy/ad ware) as well - same thing for your browser of course.]

Is Firefox still safer than IE?

Sun, 15 May 2005 00:43:53 GMT

Windows Secrets 5/12/05 (free) Newsletter: [Good review of recent security status of Internet Explorer versus Firefox browsers.]

MasterCard Shuts Down 1,400 Phishing Sites

Sat, 14 May 2005 02:59:18 GMT

MasterCard International Inc. said Tuesday that it has shut down nearly 1,400 phishing sites and more than 750 sites suspected of selling illegal credit-card information since launching an ID-theft-prevention program in June (2004). The program also has led to the discovery and protection of more than 35,000 MasterCard account numbers that were in jeopardy of being compromised.

Microsoft To Offer PC Health Service Called OneCare

Sat, 14 May 2005 02:21:46 GMT

Microsoft is launching a PC "health service" that promises to deliver automated protection, maintenance and machine tune-ups in a single package. Windows OneCare initially is being distributed to company employees as part of a testing and development process before public beta availability later this year. The subscription service will be continually updated in an effort to address safety issues such as worms, viruses and spyware.

Micorosoft also is focused on broader PC health issues, including: the protection of digital photos, music, financial data and software, as well as system performance. Windows OneCare will provide updated antivirus, antispyware and two-way firewall protection. The package offers periodic disk cleanup, hard-drive defragmentation and file repair. Automated file backup also is offered, along with the option to back up all files on the system or only those that have changed since the last time the action was performed.

Phishers Dodge Content Filtering

Sat, 14 May 2005 02:05:17 GMT

According to Netcraft, some fraudsters are replacing text content on their phony sites with similar-looking images, "making it much more difficult for automated systems to detect the presence of keywords such as 'PayPal' and 'credit card.'"

In an online alert, Netcraft illustrated how a phisher could simply embed text within an image to hide it from filters. The text would still be readable by a possible victim, but not by a computer.

Adware Targets Kids

Sat, 14 May 2005 01:06:28 GMT

Mainstream children's Web sites host a glut of adware Symantec, a security firm said this week, proof that spyware makers are targeting kids in an attempt to slip by parents and get their software onto home computers.

Over a three-month period, said Kraig Lane, a group product manager in Symantec's consumer division, his lab took new PCs out of the box, connected them to the Internet without monkeying with any of the default settings in Windows XP SP2, then surfed well-known sites in several categories, ranging from kids and sports to news and shopping. Interacting with each site's features, but not explicitly looking to accumulate files by downloading. Then they ran spyware detection software and counted up what kind of security risks and how many files had been installed on the machines ....

SANS "Ouch" Newsletter ( Vol. 2 Num. 3) Excerpts

Thu, 10 Mar 2005 20:25:26 GMT

What To Avoid This Month

I. Email from people trying to get you to divulge private details
These are often trying to steal your identity (and your money)
I.1 Washington Mutual Bank - 'Unauthorized Access to Your Washington Mutual Account'
I.2 SouthTrust Bank - 'Notification From SouthTrust Online Banking'
I.3 Huntington Bank - 'Huntington Bank Security Update Notification'
I.4 Paypal - 'Unauthorized Access...'
I.5 MSN - 'Microsoft Network customer data verification'
I.6 KeyBank - 'SECURE YOUR ACCOUNT NOW'
I.7 Google - Email Lottery International

Details About Things To Avoid

I. Email from people trying to steal your identity (and your money)
I.1 Washington Mutual Bank - 'Unauthorized Access To Your Washington Mutual Account'
The Bait: An email sent to you for Unauthorized Access to your account.
What it tries to make you do: Click on the link within the email.
Where you can see how it actually appears:
http://www.antiphishing.org/phishing_archive/02-24-05_Wamu/02-24-05_Wamu.html

I.2 SouthTrust Bank - 'Notification From SouthTrust Online Banking'
The Bait: Email stating that your account may have been accessed by someone else.
What it tries to make you do: Click on the suspect link.
Where you can see how it actually appears:
http://www.antiphishing.org/phishing_archive/02-22-05_SouthTrust/02-22-05_SouthTrust.html

I.3 Huntington Bank - 'Huntington Bank Security Update Notification'
The Bait: New payment security for the bank.
What it tries to make you do: click on the link within the email.
Where you can see how it actually appears:
http://www.antiphishing.org/phishing_archive/02-18-05_Huntington/02-18-05_Huntington.html

I.4 Paypal - 'Unauthorized Access...'
The Bait: An email that alerts you to unauthorized access to your PayPal account.
What it tries to make you do: Click on the link it provides
Where you can see how it actually appears:
http://www.antiphishing.org/phishing_archive/02-17-05_Paypal/02-17-05_Paypal.html

I.5 MSN - 'Microsoft Network customer data verification'
The Bait: Email sent to you to verify your information on your account.
What it tries to make you do: Click on the link within the email
Where you can see how it actually appears:
http://www.antiphishing.org/phishing_archive/02-15-05_MSN/02-15-05_MSN.html

I.6 KeyBank - 'SECURE YOUR ACCOUNT NOW'
The Bait: Create a secure code for access to KeyBank.
What it tries to make you do: Click on the picture link
Where you can see how it actually appears:
http://www.antiphishing.org/phishing_archive/02-08-05_Key/02-01-05_Key.html

I.7 Google - Email Lottery International
The Bait: Google Lottery Winner
What it tries to make you do: Reply to the email and take money from you.
Where you can see how it actually appears:
http://www.hoax-slayer.com/google-lottery-scam.html

IV. Avoiding Phishing Scams: Tips from Fraud.org:
Information, tips and contact information for avoiding and reporting phishing.
http://www.fraud.org/tips/internet/phishing.htm

V. Email Worm Spoofing: Spoofing Explained:
Easy-to-understand information on how worms use spoofing to spread.
http://www.hoax-slayer.com/email-worm-spoofing.html

Firefox Patch Fixes Vulnerabilities And Prevents Crashing

Wed, 09 Mar 2005 20:45:23 GMT

It's time to update the millions of Firefox 1.0 browsers that have been downloaded over the past 11 weeks. The Mozilla Foundation on Thursday released its first security update to Firefox, comprising a series of patches intended to prevent spoofing and phishing attacks and fix glitches that cause the browser to crash. The security update, Firefox 1.0.1, can be downloaded immediately at www.mozilla.org. The update covers a handful of security vulnerabilities and approximately 40 other fixes related to browser performance based on user feedback to Mozilla. The security vulnerabilities range from "moderately critical" in nature to not critical. None of them are highly critical, and there are no known exploits for any of the vulnerabilities.

Microsoft promises free anti-spyware, new version of IE

Fri, 04 Mar 2005 18:10:28 GMT

The company, by midyear, plans to release a test version of a new Internet Explorer browser that better protects users from scams and malicious code while surfing the Web, Chairman and Chief Software Architect Bill Gates said in a keynote address at the RSA Conference 2005 in San Francisco.

Microsoft bought anti-spyware software maker Giant Company Software in December and released a beta of Windows AntiSpyware in January. In addition to its free consumer product, Microsoft will offer a for-pay anti-spyware product for corporate users that will support enterprise needs for management and deployment, said Amy Roberts, a director in Microsoft's Security Business and Technology Unit. Roberts would not say when the enterprise anti-spyware product will be available.

Winpatrol

Fri, 04 Mar 2005 02:47:19 GMT

Scotty the Windows Watch Dog sniffs out malicious “mysteryware” and parasites that may assault your computer. WinPatrol puts you back in control of your computer so you’ll know what programs are and should be running at all times.

Microsoft Malicious Software Removal Tool

Thu, 03 Mar 2005 01:48:50 GMT

On January 11, Microsoft made available the Malicious Software Removal Tool, a free tool designed to check for and help remove infections by critical viruses and worms. In its initial release, the tool checks for the existence of malicious software (malware) on computers running the Windows 2000, Windows XP, or Windows Server 2003 operating systems.

Top 10 "Most Unwanted" Spyware Named

Sun, 12 Dec 2004 00:28:59 GMT

Webroot, which makes end-user and enterprise editions of Spy Sweeper, used its relationship with Internet service provider EarthLink to tally the most prevalent spyware, then selected the worst based on its knowledge of how each works and the damage it can cause. We use the P-I index," said Richard Stiennon, Webroot's vice president of threat research. "P is for prevalence, I is for insidiousness." Each of the ten spyware programs cited by Webroot was spotted at least 50,000 times in the scans that the Boulder, Colo.-based vendor does free of charge on its own Web site, or in conjunction with EarthLink.

Some of the software in Webroot's top 10 may be familiar to users, but most is a blur of anonymous titles that don't impart their potential impact.

Among the former is Gator (also known as GAIN), long infamous because it's bundled with the popular Kazaa peer-to-peer file sharing software. Gator/GAIN, said Webroot, made the top 10 list because it spews banner ads based on your surfing habits.

Others on the list, however, are unknown to all but the most dedicated follower of spyware. They include such programs as PurityScan, which puts up pop-up ads and tricks users into installation by claiming to find and delete porn on the PC; CoolWebSearch, which can hijack searches, browser home page, and IE's settings; and Perfect Keylogger, a spy that records all visited sites, keystrokes, and mouse clicks to, for instance, divine passwords, account numbers, and other sensitive information.

The rest of the list is fleshed out with the likes of n-CASE and KeenValue (adware), TIBS Dialer (software the usurps the modem and dials toll numbers, typically porn pay-by-the-minute phone sites), Transponder and ISTbar/AUpdate (spyware posing as browser assistants), and Internet Optimizer, which hijacks Web errors and re-directs them to its own site.

Study shows most attacks come from exploited PCs beloging to DSL or cable customers.

Sat, 13 Nov 2004 12:49:43 GMT

CipherTrust, the e-mail security company, in a survey this month of more than 4 million pieces of e-mail, found that nearly all of the phishing attacks came from about 1000 machines, mostly customers of DSL or cable modem services. Close to 28 percent of the IP addresses used in the phishing attacks during the two-week survey were from U.S. computers. Another 17 percent of the IP addresses were South Korean, and another 8 percent were Chinese.

User Education Is A Flawed Strategy For Protecting Computer Users From Internet Scams

Fri, 29 Oct 2004 18:56:23 GMT

One of the "Internet's foremost experts in Web usability" (according to Business Week) and the man who ranks number six on ZDNet's "The Web's Ten Most Influential People" calls for a change in policy to thwart Internet scams, saying, "User education is not the answer to security problems." Jakob Nielsen says a strategy relying on user education puts the burden on the wrong shoulders. The only real solution, according to Nielsen, is to make security a built-in feature of all computing elements.

Home PCs not protected

Wed, 27 Oct 2004 23:45:34 GMT

In findings, from a detailed survey of 329 consumers that included inspections of each of their home computers, released Monday by America Online and the National Cyber Security Alliance (NCSA), a picture emerges of consumers increasingly using their home PCs for sensitive, online transactions without adequately protecting themselves from cybercrime.

While 77% of the survey respondents believed they were safe from online threats, two-thirds lacked current anti-virus software and did not use any firewall protection. More than half said they did not understand the difference between the two. Yet 84% stored personal data on their home PCs, and 72% routinely used the Internet for sensitive transactions, such as banking and medical data exchanges.

Watch Out For Security Freeware Gotchas

Thu, 21 Oct 2004 22:21:07 GMT

Security freeware is pretty popular. The price is right and everyone needs more security. What's the catch? But just because software is free doesn't exempt it from the requirements of paid software. Folks who write security tools should practice secure coding. Authors of security freeware should be accessible and accountable for the product they provide; in security-speak, the software should have readily identifiable, non-repudiable origins. Folks who make security software available should have competent, security-savvy staff to support and maintain it.

So if you are considering security freeware, remember the five Ws. Who wrote the software? Can you identify and trust the developer? What does the software do? When should you use security freeware? Why are you choosing freeware over commercial ware? Where do you intend to use security freeware?

SANS "Ouch" newsletter for "unsophisticated end users"

Tue, 19 Oct 2004 16:22:32 GMT

A new free SANS newsletter has gotten rave reviews from unsophisticated end users - they really appreciate the plain non-technical writing and the cool examples. It's called OUCH! More than 500 security awareness professionals from around the US and the world helped them get it right. If you want to redistribute it to your users, that' allowed. The newsletter includes a pointer to a great phishing quiz for anyone who thinks he or she can spot a phishing email. To subscribe go to the newsletter page at the SANS portal and choose it.

FTC Goes After Spyware Operations

Mon, 11 Oct 2004 20:31:08 GMT

The Federal Trade Committee has filed a complaint in federal court asking that two Internet advertising and software firms be shut down. The activities of New Hampshire resident Sanford Wallace and his two firms -- Seismic Entertainment Productions and SmartBot.Net -- are some of the most egregious in the spyware field, Ari Schwartz, associate director of the Center for Democracy and Technology, told NewsFactor.

The operation of the spyware distributed by Wallace is very complicated, Schwartz explained. In addition, it has operated in different ways over the months. Perhaps the worst allegation is that of direct fraud. Some consumers assert that they were asked to pay US$30 to stop the pop-up ads repeatedly appearing on their computers. Those pop-ups originated from the same web of companies and advertisements originating them. Spy Wiper and Spy Deleter are two of the software programs marketed by Wallace's firms. In some cases, said Schwartz, pieces of software were downloaded to consumer computers without their knowledge or purchase. The company used security holes in Internet Explorer to take control of some operations on computers of users who clicked on particular ads.

The case is the first in the spyware arena to target a company for downloading code to a user's machine without permission. There are no laws against spyware at the national level.

Are Spyware Warnings, Themselves, Just More Spyware?

Thu, 23 Sep 2004 20:27:22 GMT

Ken Colburn of Data Doctors answers: The 'warnings' that you are referring to are nothing more than an aggressive advertising campaign to try to scare you into buying a product (a.k.a. 'Scare-ware').

There are no programs currently available that can actually check your computer for Adware and Spyware through a pop-up window, and even if they could, I would not trust them. The majority of anti-spyware programs are actually very questionable in their tactics to get you to buy. Many of them make it look like they are scanning your system and come up with concocted results to make you think that you are infected, because they know that virtually everyone online has some form of Adware or Spyware in their system.

A Web site known as Spyware Warrior currently lists 96 different spyware removal programs that are of questionable nature because of false-positives, poor results, or deceptive advertising. Some are actually spyware programs in disguise! In general, the best anti-spyware tools are free and have gained popularity through word of mouth, not pop-up ads. The two that I always recommend are Ad-aware Personal Edition and Spybot Search and Destroy.

Spam's Unsubscribe Link Downloads Nasty Things to PC

Thu, 23 Sep 2004 19:30:47 GMT

MessageGate has determined that spam featuring the domain xcelent.biz has gone beyond the usual rudeness of using a click on an unsubscribe link to confirm a warm body on the other side of the email inbox.

This badboy actually downloads an EXE file which takes advantage of a known bug in IE - namely that it treats any link containing the "IMG" tag as a valid image file, and, as the US-CERT tells us, "a drag and drop operation on an IMG element with an executable source file will copy the executable file without presenting a download dialog."

Mozilla Fixes Browser Bugs

Fri, 17 Sep 2004 16:45:50 GMT

The Mozilla Foundation has fixed 10 security bugs in its open-source Mozilla and Mozilla Firefox browsers and Thunderbird e-mail reader, with the release of new versions of all three products this week. Some of the vulnerabilities could allow attackers to run malicious code on a user's PC via a malicious e-mail, a specially crafted vCard, or a malformed graphic on a Web site, project leaders say.

Microsoft deactivates ActiveX

Tue, 14 Sep 2004 22:26:51 GMT

The company announced that the coming Windows XP Service Pack 2, which is focused on security, will allow consumers to block both pop-up ads and ActiveX scripting.

New Zone Alarm to warn of viruses

Tue, 14 Sep 2004 22:23:11 GMT

Security software maker Zone Labs updated its desktop firewall adding new features that aim to stop viruses, the company said. The antivirus features will be offered in a commercial version of its basic free product, Zone Alarm, and as part of a comprehensive security suite.

WinZip offers fix for security flaw

Tue, 14 Sep 2004 22:19:39 GMT

But users of the popular compression tool will need to upgrade to version 9 of the software.

First Windows CE Virus Emerges

Fri, 10 Sep 2004 22:44:33 GMT

The first known virus aimed at Microsoft's Windows CE operating system was sent to several anti-virus firms by its author over the weekend to prove that Pocket PCs and Smartphones are vulnerable to attack.

ISPs Given Thumbs Down For Virus, Hacker Control

Fri, 10 Sep 2004 22:17:30 GMT

U.S. residential Internet users are much more satisfied with the spam protection from their Internet service providers, but remain unhappy with their ISPs' defenses against hackers and viruses.

WormRadar.com

Mon, 06 Sep 2004 02:41:44 GMT

The site offers a summary of all worm and probe activity detected by WormRadar nodes around the world, and is refreshed about every 30 minutes.

Microsoft: Spyware could bungle SP2 update

Sat, 04 Sep 2004 19:47:09 GMT

Though Microsoft's new security update package is all about protecting systems from worms, viruses and spyware, it can't do much about what's already on computers — and that could pose a problem. The company is warning users of the Windows XP operating system to check for spyware before downloading Service Pack 2.

Study: Unpatched PCs compromised in 20 minutes

Sun, 22 Aug 2004 15:06:07 GMT

According to the researchers, an unpatched Windows PC connected to the Internet will last for only about 20 minutes before it's compromised by malware, on average. That figure is down from around 40 minutes, the group's estimate in 2003. Don't connect that new PC to the Internet before taking security precautions, researchers at the Internet Storm Center warned (The Center is part of the SANS Institute).

The center said in its analysis that the time it takes for a computer to be compromised will vary widely from network to network. If the Internet service provider blocks the data channels commonly used by worms to spread, then a PC user will have more time to patch. "On the other hand, university networks and users of high-speed Internet services are frequently targeted with additional scans from malware like bots," the group stated. "If you are connected to such a network, your 'survival time' will be much smaller."

[Of course, unless you happen to know the right (Windows) configuration changes to make and already have protection tools available, you connect to the Internet to download them as well as the latest software patches. As an alternative, you can hurry to your local store and purchase the tools. Why aren't the pc's delivered with the required patches installed by seller? [see also item on Dell et. al. ] Some new systems do come with trial versions of protection tools but how many users take of these steps before doing anything else?]

Computer Security for the Home and Small Office

Fri, 20 Aug 2004 16:16:16 GMT

[A review by Andrew Murphy of the book "Computer Security for the Home and Small Office" by Thomas Greene, The Register's security guru. What may be more interesting are the comments and give and take that follow. For example, how do you characterize an "average" computer user and do they or do they not "care" about "security?"]

How [Daniel Gray] (Finally?) Beat Spyware

Tue, 17 Aug 2004 03:46:40 GMT

Removing spyware isn't rocket science. But you have to be persistent. I made a lot of missteps and wasted plenty of time along the way. In hindsight, it's clear that I took three key steps ... [I say "ditto". NB: I use Spyhunter instead of Spybot.]

Mydoom, Zindos, And Doomjuice Worm Removal Tool v4.0

Tue, 03 Aug 2004 02:00:35 GMT

This tool helps to remove the Mydoom.A, Mydoom.B, Mydoom.E, Mydoom.F, Mydoom.G, Mydoom.J, Mydoom.L, Mydoom.O, Zindos.A, Doomjuice.A, and Doomjuice.B worms from infected systems.

How To Detect, Delete New MyDoom (MyDoom Part II or Zindos)

Wed, 28 Jul 2004 19:07:28 GMT

Machines infected with MyDoom Part II are being used to launch a denial-of-service (DoS) attack on Microsoft.com. Unlike MyDoom, Zindos doesn't require any human interaction and isn't delivered as a file attached to e-mail. Instead, it's a pure network threat, said Oliver Friedrichs, the senior manager of Symantec's security response team. "Zindos is fully automated. If your computer is infected [with MyDoom] and you're connected to the Internet, you could get infected by this new threat."

5 tips for spurning spyware and browser hijackers

Fri, 16 Jul 2004 13:36:49 GMT

Is your Web browser behaving strangely? Maybe some other search program appears when you try to do a search on Google or MSN® Search. Or, even though you've reset your home page, some other site displays. If this is happening to you, you may have inadvertently downloaded spyware.

HSRemove: A removal tool for Home Search Assistant

Fri, 16 Jul 2004 13:12:21 GMT

This hijack has spread rapidly and is not removable by any of the known tools including Hijack This!, Ad-Aware, Spybot, CSWhredder and so on. This tool may somve your problem. Symptoms include an odd home page similar to res://.dll/index.html#37049 and popup ads as well as certain words on websites linking to their search engine. http://www.majorgeeks.com/download4286.html

Some Corporate Web servers infecting visitors' PCs

Thu, 15 Jul 2004 03:00:16 GMT

Security researchers warned Web surfers on Thursday to be on guard after uncovering evidence that widespread Web server compromises have turned corporate home pages into points of digital infection. The researchers believe that online organized crime groups are breaking into Web servers and surreptitiously inserting code that takes advantage of two flaws in Internet Explorer that Microsoft has not yet fixed. Those flaws allow the Web server to install a program that takes control of the user's computer. Late Thursday (24 June), Microsoft advised customers to increase their browser security to the highest settings, although that could cause some Web site functions to stop working.

Pop-up program reads keystrokes, steals passwords

Thu, 15 Jul 2004 02:56:24 GMT

Trojan horse installed through pop-up ad has watch list of banking sites. Victims visit sites, type in passwords, hand info to hackers.

Microsoft Releases "download.ject" Virus Removal Tool

Thu, 15 Jul 2004 02:00:45 GMT

Microsoft Corp. released a tool on Tuesday for removing a particularly pesky computer virus — but was not yet able to offer a software patch to prevent the infection from spreading

Microsoft haunted by old IE security flaw

Thu, 01 Jul 2004 02:33:57 GMT

Microsoft haunted by old IE security flaw. IE vulnerability patched six years ago resurfaces in newer releases and could allow hackers to change content on Web sites. Security company Secunia issued a bulletin warning of the flaw in versions 5.01, 5.5 and 6.0 of Internet Explorer (IE). The problem had been fixed six years ago, when it appeared in versions 3.0 and 4.0 of the IE browser. Through a flaw in IE, victims can pick up a program through a pop-up ad that is used to read keystrokes and steal passwords when people visit any of nearly 50 banking sites.

Vulnerabilities in IE have become so common that some security researchers are recommending that people adopt alternate browsers. [CNET News.com - Security]

World's First Mobile Virus Is Not Lethal, Yet

Fri, 18 Jun 2004 18:45:44 GMT

A group of underground virus writers has showed off what is believed to be the world's first worm that can spread on advanced mobile phones, but security software companies say the virus had no malicious code attached.The worm is designed to work in smartphones running on Symbian and Series 60 software, Symantec said on its Web site. This software is used to power millions of Nokia phones, such as the popular 6600 model. [How much sensitive / essential information do you keep in your cellphone? Do you have a backup copy?]

Five of the Best Free Internet Security/Privacy Utilities

Mon, 07 Jun 2004 23:39:49 GMT

Spybot - Search & Destroy 1.2

Sygate Personal Firewall 5.5

Ad-aware 6.0

AVG Free Edition

Zone Alarm

Apple patches vulnerability in Safari

Mon, 31 May 2004 22:03:28 GMT

Apple Computer Inc. issued an update on Friday [5/21] to fix a reported security hole in its Safari Web Browser. The venerability, which was classified as "Extremely Critical" by security firm Secunia, allowed the execution of malicious code on the users computer.

Yahoo Adds Anti-Spyware Feature to Browser Toolbar

Mon, 31 May 2004 21:42:51 GMT

Internet media company Yahoo Inc. unveiled a feature on Wednesday for its Web browser toolbar aimed at making it easier for users to remove unwanted "spyware" programs that snoop on Web surfing habits and other activities.

Home users hit by Sasser worm

Sun, 23 May 2004 20:24:31 GMT

Up to 80% of those hit have been home users and students, [Network Associates] reports.

Microsoft Reveals 'Important' Windows Flaw

Wed, 12 May 2004 20:44:23 GMT

NewsFactor - Microsoft (Nasdaq: MSFT) is reporting a security vulnerability in the Windows XP and Server 2003 operating systems that could allow hackers to commandeer PCs by drawing users to a malicious Web site that contains a remote execution link. [Yahoo! News - Technology]

Intego warns of second Mac OS X Trojan Horse

Wed, 12 May 2004 20:40:23 GMT

MacCentral - For the second time in just over a month, Macintosh security company, Intego has issued an advisory warning customers of a Trojan Horse (AS.MW2004.Trojan) on Mac OS X. The latest advisory, posted to the company's Web site on Wednesday, warns of a Trojan Horse downloaded from the LimeWire peer-to-peer network -- the file had an icon that appeared to be an installer for Microsoft Office 2004. Microsoft warned users of downloading from sources other than them and analysts even question using the term "Trojan" for the advisory. [Yahoo! News - Technology] [Social engineering again and delicious irony - file sharing and, apparently, a lure of MS Office for free.]