DP's Security Bits

New legislation proposed by Senator Chuck Schumer (D, NY) and backed by heavyweights from both major parties, seeks to criminalize both the practitioners and the dupes of "social engineering".

That's just a fancy way of smooth-talking someone out of some information they shouldn't normally impart, but it has been the most effective technique for fraudsters, hackers and private eyes over the years.

Schumer's bill, the proposed Consumer Telephone Records Protection Act of 2006, makes disclosing a subscriber's phone records an offence. It specifically outlaws making false statements or providing phoney documentation to a phone provider in order to obtain the records, and accessing an account over the net without the subscriber's authorization.

The Register

Businesses have been warned to brace themselves for a possible traffic spike next week caused by the Kama Sutra worm.

The virus, dubbed Nyxem.E among other names, was first reported on Jan. 16. It is thought to have infected more than half a million PCs. Security vendor IronPort warned Thursday that these machines are now hard-coded to propagate the virus on Feb. 3.

Companies are unlikely to be directly affected if they are running up-to-date antivirus software, because the major antivirus vendors have now released patches. But IronPort warned that companies could experience secondary effects, as the virus tries to propagate itself by harvesting e-mail addresses on an infected machine.

CNet

Netscape on Wednesday released its latest browser, version 8.1, which adds features designed to better protect Web surfers against online scams such as spyware and phishing.

Netscape 8.1 offers built-in spyware and adware protection that scans files that Web users try to download as well as those that are sent to them without their interaction, according to a representative for Netscape, a division of Time Warner's America Online subsidiary. The updated browser will also let consumers run complete memory and disk scans.

Other security features include an updated blacklist of potential phishing sites and a security center people can access to see if they need to take action on their computer.

CNet News

A coalition of tech companies, consumer groups and other organizations hopes to do to companies that spread spyware and adware what "America's Most Wanted" has done to fugitives--stop them in their tracks by publicizing their misdeeds.

The newly formed Stop Badware Coalition will publish the names of companies that it deems are the worst offenders and show how they make money through unethical marketing practices and fraud.

Russian antivirus guru Eugene Kaspersky has hit out at some of the myths that cloud what he sees as the real issues facing the IT security industry.

Speaking in Moscow, the head of Kaspersky Lab said companies' own agendas and some well-worn stereotypes about cybercrime stand in the way of reasoned discussion. He also criticized those who put too much faith in statistics which, taken out of context, are often dangerously misleading.

For example, figures for the past year released recently by Computer Economics show the effect of cybercrime has diminished.

But Kaspersky said: "These stats are not complete. This is often just damage to IT infrastructure, not the actual costs."

CNet

An anti-spyware watchdog group has lodged official complaints against 180solutions and one of its partners, dealing a blow to the adware industry's efforts to police itself.

The Center for Democracy and Technology, a Washington-based public advocacy group, filed a pair of complaints with the Federal Trade Commission on Monday. The complaints charge 180solutions and free Web hosting provider CJB.net with engaging in unfair and deceptive business practices.

CNet

Enterprises should expect to see the same level of malicious traffic in 2006, even as online criminal groups shift to stealth attacks and cyber-extortion instead of massive, global malicious code attacks, said David Mackey, director of security intelligence at IBM.

The Armonk, New York, company has released its IBM Security Threats and Attack Trends report for 2005.

The report details the top threats of the last year, and makes predictions about prevalent security trends in 2006.

Full Story at eWeek

Several Trojan horses that target mobile phones have been discovered since the start of the year, but the threat level remains low.

Symantec, which sells software to protect mobile devices, has since the beginning of the month identified nine new Trojan horses that target the Symbian operating system. The pests crash phones, attempt to install other malicious software or try to wirelessly transmit personal data to other gadgets, according to Symantec.

Symbian OS is the most popular operating system for smart phones, including those sold by market leader Nokia. Two-thirds of all smart phones shipped in the third quarter of last year ran the Symbian OS, according to recent Gartner research.

CNet

Unless you're in the antivirus business, it's probably not worth celebrating. But 20 years ago this month, the first PC virus was discovered.

Dubbed Brain.A, the virus got onto computers via floppy disk and infected the boot sector of PCs, according to Finnish antivirus maker F-Secure, which devoted a blog post and news release to the occasion on Thursday.

"While the virus 'Brain' itself was relatively harmless, it set in motion a long chain of events leading up to today's virus situation," F-Secure said.

Those attacks inflicted average damages of $24,000 on businesses and other institutions even as antivirus software security tools have become standard, the survey found.

Though 98 percent of respondents said they used antivirus software, nearly 84 percent said they had suffered a virus attack in the 12-month period covered by the survey.

MSNBC