April 2006 - Posts

Microsoft Smokes Out Office Pirates

Microsoft shifted the focus of its anti-piracy technology from Windows-only this week and began piloting a program that sniffs out counterfeit copies of Office, the application suite that is, after Windows client software, the company's second-biggest money maker.

Dubbed Office Genuine Advantage (OGA), the pilot will be pointed at users running versions localized in Brazilian Portuguese, Czech, Greek, Korean, Simplified Chinese, Russian, and Spanish, said Microsoft Monday when it announced OGA as it also expanded the already-existing Windows Genuine Advantage (WGA) anti-piracy program.

TechWeb

Posted Sun, Apr 30 2006 6:58 by Don
Filed under:

VirusTotal Participation

Hi, this is Ziv Mador again from the Microsoft Anti-Malware team. This week, the folks over at VirusTotal added the Microsoft anti-malware engine to their service. VirusTotal is a free service that enables users to submit suspicious files to be scanned by several anti-malware engines. If you choose, files that are not identified as malicious are sent to the vendors who supply the anti-malware engines to this service to be analyzed. As of April 27, the Microsoft anti-malware scanner is included in the set of scanning engines used by VirusTotal. This scanner is based on the same technology found in Windows Live OneCare, the Windows Malicious Software Removal Tool, and Microsoft Antigen, and includes our full antivirus set of signatures. We are glad to be participating in this community opportunity.
http://blogs.technet.com/antimalware/archive/2006/04/28/426755.aspx

Posted Sat, Apr 29 2006 16:00 by Don
Filed under:

Trojan Demands Ransom from Victims

A new trojan is making its rounds on the Internet, freezing up victims' computers and then demanding a ransom be paid through Western Union. Called "ransomware," the viruses have been around in Russia for several months, but the first English variants appeared in March.

Sophos discovered the trojan and has named it "Troj/Ransom-A." According to the security firm, these types of viruses are fairly new. The company said it does not know at this time how the trojan is being spread, but it is investigating.

BetaNews

Posted Sat, Apr 29 2006 5:39 by Don
Filed under:

Debate Breaks Out Over 'Tag Spam'

The price paid for a high ranking Google's search list, can be counterproductive, because the often-deceptive methods to generate hits don't reflect real Web site content, according to a speaker at this week's Search Engine Meeting in Boston.

"You can try to trick Web sites by embedding tag spam," said Steve Arnold, a speaker at the meeting. "It can work when the robot comes to the page, but it's misleading. Why not just put the content up and let the content speak for itself?"

TechWeb

Posted Fri, Apr 28 2006 15:28 by Don
Filed under:

New SocketShield Stops Zero-day Exploits

A start-up security company on Friday unveiled a beta of zero-day exploit protection software that it claims will protect users' PCs until they can apply patches from the likes of Microsoft.

SocketShield, which can be downloaded free-of-charge from the Web site of Exploit Prevention Labs, is a signature-based monitor that detects and blocks vulnerability exploits, not the worm or virus or spyware or Trojan horse payloads that traditional anti-virus software sniffs out.

"We actually recognize and kill the exploits as they come in," said Roger Thompson, one of the company's co-founders and its chief technology officer. "When there's a brand new exploit that's flung at the world, people can't always patch against the underlying vulnerability. Sometimes there is no patch, sometimes you can't patch just because Microsoft wants you to."

TechWeb

Posted Fri, Apr 28 2006 15:26 by Don
Filed under:

Cleaning up a bad e-mail reputation

About a year ago, Publishers Clearing House set out to make sure its e-mail reputation was squeaky-clean.

The company, known for its sweepstakes and magazine subscription promos, stepped up its efforts to be a good e-mail citizen, and to make sure it didn't send out unwanted messages. It developed its own tools. It hired outside consultants. It signed up two full-time employees to oversee all of its e-mail delivery.

Quite an investment of time and money--but worth it, if it meant the company, which relies on mail to do business, avoided having its messages junked by spam filters.

CNet

Posted Fri, Apr 28 2006 5:56 by Don
Filed under:

Vista To Handcuff Firewall

Microsoft confirmed Thursday that it plans to turn off half the firewall in Windows Vista when the new operating system ships later this year because it doesn't think most users need all the firewall's functionality or can handle its management.

Although Vista's firewall will ship with both in- and outbound filtering capabilities, the latter will be disabled by default. Corporate users, however, can turn on outbound if they wish.

"Inbound filtering is on by default and outbound filtering for applications is configurable by enterprise administrators through Group Policy," said a Microsoft spokesperson.

TechWeb

Posted Thu, Apr 27 2006 17:33 by Don
Filed under:

Sometimes Those Error Messages Actually Mean Something

From the F-Secure blog, Sometimes a support issue can lead to the detection of malware. As an example, this case of a blue screen error points to a rootkit as its cause.

Removing spyware from a computer is becoming an increasingly difficult task. Look2Me, a displayer of pop-up advertisements, is a good example of a persistent malware application that just won't go away. It uses some interesting techniques to remain installed.

Look2Me hooks into the winlogon process as a notification package. If the user tries to unregister the notification package, it is immediately reinstated. Look2Me also removes the administrator group's debug privileges and thereby disables the user from interfering. This, along with some other tricks, makes manual removal close to impossible.

Posted Thu, Apr 27 2006 8:13 by Don
Filed under:

Patched Oracle database still at risk, bughunter says

Oracle's latest update fails to tackle a database flaw that has already been exploited, a security researcher has warned.

Last week, the business software maker issued its quarterly Critical Patch Update, addressing more than 30 flaws in its software. However, the update for Oracle 10g Release 2 does not plug a hole that allows published attack code to run, according to a message sent to the Full Disclosure security list on Wednesday by David Litchfield, a researcher at Next Generation Security Software.

CNet

Posted Thu, Apr 27 2006 6:05 by Don
Filed under:

97 Percent Fail Spyware Sniff Test

Just 3 out of 100 Internet users are able to sniff out sites ready to drop spyware or adware onto their computers, security company McAfee said Wednesday.

In an online quiz run by McAfee's recently-acquired SiteAdvisor, a service that alerts users of possible spyware- and adware-infecting sites via search results at Google, Yahoo, and MSN, 97 percent of more than 14,000 consumers were fooled by one or more malicious sites.

"We know it's not easy to judge a site's safety just by looking at it, but that's the point: Bad sites are often very good at providing an aura of safety," said Chris Dixon, head of SiteAdvisor development, in a statement. "No matter how knowledgeable or perceptive you are, you can't rely on your instincts alone."

TechWeb

Posted Thu, Apr 27 2006 6:03 by Don
Filed under:

How To Stop Internet Identity Theft

Internet identity theft is one of the fastest-growing crimes in the U.S. today. For five straight years, the Federal Trade Commission (FTC) ranked it as one of the most-reported types of fraud. Despite the increasing awareness of identity theft among consumers and financial institutions, the identity-theft racket shows no signs of slowing. Reported losses from identity theft, currently responsible for over 40 percent of all fraud complaints, approached nearly $300 million last year.

"True identity theft is a problem that goes far beyond simple credit-card fraud, against which consumers are fully protected, thanks to zero-liability laws and other regulations," said Dave Collett, a spokesperson for MasterCard. "ID theft is when a person's entire identity is taken over. For that to happen, a fraudster would need far more information than just what is found on a credit or debit card."

Newsfactor

Posted Wed, Apr 26 2006 7:09 by Don
Filed under:

Microsoft Security Bulletin Re-Release

Issued: April 25, 2006

Summary

The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

  * MS06-015

Bulletin Information:

* MS06-015

 - Reason for Revision: This bulletin has been re-released to
    advise customers that revised versions of the security update
    are available for all products listed in the "Affected Software"
    section. Customers who have already applied the MS06-015 update
    who are not experiencing the problem need take no action. For
    additional information, see "Why did Microsoft reissue this
    bulletin on April 25, 2006." in "Frequently asked questions
    (FAQ) related to this security update" section.
 - Originally posted: April 11, 2006
 - Updated: April 25, 2006
 - Bulletin Severity Rating: Critical
 - Version: 2.0
        
Support:

Technical support resources can be found at:
http://go.microsoft.com/fwlink/?LinkId=21131
Posted Wed, Apr 26 2006 4:18 by Don
Filed under:

Bots increasingly behind cybercrime

Online fraudsters and data thieves are more frequently using bot networks to get home and business PCs to do their bidding, with some estimates of the number of infected systems as high as 47 million.

An article in USA Today delves into three arrests in the last year of the people who allegedly created and controlled bot networks, known as bot masters or bot herders: Jeanson James Ancheta, who plead guilty in January to computer intrusion charges; Farid Essebar, the alleged creator of the Zotob worm; and Christopher Maxwell, charged with creating a bot network to grow an adware affiliate network.

SecurityFocus

Posted Tue, Apr 25 2006 15:33 by Don
Filed under:

Internet Explorer "object" Tag Memory Corruption Code Execution

Secunia Advisory: SA19762
Release Date: 2006-04-25

Software:Microsoft Internet Explorer 6.x

Description:
Michal Zalewski has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error in the processing of certain sequences of nested "object" HTML tags. This can be exploited to corrupt memory by tricking a user into visiting a malicious web site.

Successful exploitation allows execution of arbitrary code.

The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. Other versions may also be affected.

Solution:
Do not visit untrusted web sites.
Posted Tue, Apr 25 2006 12:35 by Don
Filed under:

U.S. remains spam king, China close second

The latest spam report from Sophos shows that the U.S. remains the spam capital of the world, but China is now a close second.

The report on the so-called dirty dozen of the world's worst spammers shows the U.S. is still in the top spot, sending 23.1% of all spam from January to March 2006. However this is a dramatic reduction from two years ago, when the U.S. sent out over 50% of all spam. China reigns in a close second, sending 21.9% of all spam. Ultra high bandwidth South Korea comes in a distant third, followed by various European countries.
SecurityFocus
Posted Tue, Apr 25 2006 6:55 by Don
Filed under:

Symantec Scan Engine Multiple Vulnerabilities

Secunia Advisory: SA19734
Release Date: 2006-04-24

Description:
Three vulnerabilities has been reported in Symantec Scan Engine, which can be exploited by malicious people to disclose potentially sensitive information, bypass authentication and conduct man-in-the-middle (MITM) attacks.

1) A design error in the authentication mechanism used by Symantec Scan Engine can be exploited to gain access to the web-based administrative interface via specially-crafted XML requests sent to the server using its proprietary protocol.

2) Symantec Scan Engine uses a static private DSA key for SSL communications between the server and the administrative control application. This key cannot be changed and can potentially be exploited in a man-in-the-middle attack to decrypt all communications between the Scan Engine and an administrative client.

3) Symantec Scan Engine does not properly restrict access to files within the installation directory. This can be exploited by unauthenticated users to download any file located under the directory, such as the configuration file, the scanning logs, and the current virus definitions via HTTP requests.

The vulnerabilities have been reported in version 5.0.

Solution:
Update to version 5.1.
Posted Mon, Apr 24 2006 9:34 by Don
Filed under:

Unpatched Mac flaws may put users at risk

Apple Computer is investigating several unpatched and potentially serious security flaws in Mac OS X that have been publicly disclosed, the company said Friday.

Tom Ferris, a security researcher in Mission Viejo, Calif., published late on Thursday information on seven flaws in Apple's operating system that potentially put Mac users at risk of a cyberattack. The most serious of the flaws could let attackers surreptitiously run malicious code on users' PCs, Ferris said in an interview via instant messaging.

CNet

Posted Sat, Apr 22 2006 17:37 by Don
Filed under:

How To Uninstall A Microsoft Patch

It's been a tough 10 days for Microsoft, which has seen three of the five security bulletins released April 11 face resistance from users once they discovered the patches broke more than they fixed.

Microsoft has addressed one of the patch problems by promising to re-release MS05-015 next Tuesday; this critical patch for Windows Explorer has caused grief for a large number of users.

But others, like those facing empty Outlook Express address books, have no way around their problems other than removing the offending patch.

TechWeb

Posted Sat, Apr 22 2006 6:35 by Don
Filed under:

Rootkits To Mask Most Malware By 2008

Rootkits that hide malicious software from anti-virus and anti-spyware tools are growing in number and sophistication, and will pose an unprecedented risk to users by 2008, security company McAfee said this week.

In the opening quarter of 2006, said McAfee in the first of a trilogy of reports on rootkits, its Avert Labs spotted more rootkit components in worms, Trojan horses, and spyware than in all of 2005. During the past three years, the use of rootkits in malicious code has soared by more than 600 percent.

TechWeb

Posted Sat, Apr 22 2006 6:33 by Don
Filed under:

Feds Issue Security Alert On Firefox

The U.S. Computer Emergency Readiness Team is advising people to upgrade to the latest versions of the Firefox Web browser and the Thunderbird email program to plug numerous critical security holes.

Issued this week, the warning from the agency within the Department of Homeland Security said failing to use the latest versions would leave computers open to malware that could enable an attacker to commandeer a PC. US-CERT said some of the vulnerabilities involved the way Firefox and Thunderbird handle URLs or images.

"By taking advantage of one or more vulnerabilities in Mozilla products, an attacker may be able to take control of your computer," US-CERT said.

TechWeb

Posted Fri, Apr 21 2006 6:20 by Don
Filed under:
More Posts Next page »