June 2009 - Posts
McAfee has published an in-depth and informative study on "the most dangerous search terms" that could lead to malware infected sites. Some of the riskiest terms include "free" "music", "lyrics", or "screensavers". For example, some folks may search for "free mp3 music" only to soon discover these sites that there is truly nothing free other than spyware or other malicious agents.
As search results are returned, be careful with the sites listed as malware writers can sometimes manipulate search engine ranking statistics to appear more prominently in the return order. Check the spelling, domain names, and look for any warnings that the site might be potentially dangerous. Keep your Firewall, AV, ASW, and other defenses updated and active.
Finally, recognize that there are "no free lunches" on the Internet. Avoidance and careful use of the facilities will complement good technical protection and allow for improved safety from those who wish to take advantage of others.
McAfee Study - Most dangerous search terms
QUOTE: The scammers—from solo operators to organized criminals—have quickly realized that the same search engines that enable legitimate businesses to reach more consumers can also be used by criminals to separate more victims from more of their money.
UNIX Turns 40
QUOTE: Forty years ago this summer, a programmer sat down and knocked out in one month what would become one of the most important pieces of software ever created. In August 1969, Ken Thompson, a programmer at AT&T subsidiary Bell Laboratories, saw the month-long departure of his wife and young son as an opportunity to put his ideas for a new operating system into practice. He wrote the first version of Unix in assembly language for a wimpy Digital Equipment Corp. (DEC) PDP-7 minicomputer, spending one week each on the operating system, a shell, an editor and an assembler.
These ATM attacks are professionally written and attack the Diebold software environment installed on ATM machines. So far, it appears that these attacks are occurring only in Eastern European nations.
Data-sniffing trojans burrow into Eastern European ATMs
QUOTE: Security experts have discovered a family of data-stealing trojans that have burrowed into automatic teller machines in Eastern Europe over the past 18 months. The malware logs the magnetic-stripe data and personal identification number of cards used at an infected machine and provides an intuitive interface for retrieving the information using the ATM's receipt printer, according to analysts from SpiderLabs, the research arm of security firm Trustwave. Since late 2007 or so, there have been at least 16 updates to the software, an indication that the authors are working hard to perfect their tool.
Card-sniffing trojans target Diebold ATM software
20,000 sites hit with drive-by attack code
This mass injection attack does not seem related to Gumblar. The location of the injection, as well as the decoded code itself, seem to indicate a new, unrelated, mass injection campaign.
This is the best guidelines seen related to understanding and mitigating this new vulnerability, which hackers are actively exploring
Understanding Microsoft's KB971492 IIS5/IIS6 WebDAV Vulnerability
QUOTE: Most systems are likely not vulnerable, but unless the flowchart below leads to "You are not vulnerable", we strongly recommend seeking local expertise to help assess your situation properly.
1. What is WebDAV?
2. How do I know if I'm vulnerable or not?
3. I'm vulnerable — What do I do?
4. How do I disable WebDAV?
5. What will this break?
6. Web Protocol Checks
Microsoft's new Bing Search engine is now operational
Bing - Image Search
More Posts « Previous page