 |
|
 |
|
VPC Solutions 2007 News
Archive
June 5, 2007
Stealthy Attack Serves Malicious Code Only Once
The attack involves a website that has been hacked to host malicious code, an increasingly common trap on the internet. If a user visits one of the sites with an unpatched machine, it's possible that the computer can become automatically infected with code that can record keystrokes and steal financial data typed into forms.
ComputerWorld.co.nz
May 30, 2007
F-Secure Hit with Antivirus Vulnerabilities
F-Secure Corp. has patched several vulnerabilities in its security products, the most critical of which could be used to run unauthorized software on a victim's computer. The most critical of these bugs affects F-Secure's antivirus products. A flaw in the way the software unpacks files that have been compressed using the LHA archiving format, could allow an attacker to crash the system, or even run unauthorized software on the computer, F-Secure said in an advisory, published Wednesday.
ComputerWorld.com
May 29, 2007
Review: Vista, XP Users Equally At Peril To Viruses, Exploits
After a week of extensive testing, the CRN Test Center found that users of Windows Vista and Windows XP are equally at risk to viruses and exploits and that overall Vista brings only marginal security advantages over XP. One of Microsoft's big promises with Vista was a more secure operating system. But when stripped to the bare bones and thrown into the wild, wild Web, Vista's security failed to impress Test Center engineers.
Crn.com
May 25, 2007
Google-Dell Browser Tool 'Spyware,' Charges OpenDNS Founder
A year-old deal between Google Inc. and Dell Inc. produces search results dominated by paid ads instead of the normal links, the founder of OpenDNS said today as he called the Google tool "spyware" and claimed that it degrades users' experiences on the Web.
ComputerWorld.com
May 24, 2007
Flawed Symantec Update Cripples Chinese PCs
According to the Chinese Internet Security Response Team, users of Norton Antivirus, Norton Internet Security 2007 and Norton 360 who installed an antivirus signature update released by Symantec on May 17 could not reboot their PCs. The update reportedly mistook two Windows system files--'netapi32.dll' and 'lsasrv.dll'--as the Backdoor.Haxdoo Trojan horse. The two files were subsequently quarantined.
News.com.com
May 21, 2007
Google: Malware Runs Rampant on the Web
In its new report on Web-based malware, Google said that some of the most common malware sites were those that contained advertising, and that average computer users have no way to protect against these malicious threats. The Google report on malware found that a browser can be compromised just by visiting a Web page.
CIO-Today.com
May 15, 2007
Cyber
Security Bill Targets Botnets
Cyber Security Enhancement Act seeks criminal penalties for botnet attacks used to aid identity theft, denial-of-service attacks, and the spread of spam and spyware.
PCWorld.com
May 15, 2007
Vista
Security FAQ
Q: If a company has a good firewall installed, won’t that protect it from all these attacks?
Q: I think I understand the differences between a virus, a Trojan, and a worm. But what are all these other types of viruses I hear about: stealth viruses, polymorphic viruses, armored viruses, and cavity viruses?
ITManagement.EarthWeb.com
May 15, 2007
Viruses
Are No. 1 Problem For Small-Business Computing
Recently I spoke to David Delaune, a computer repair whiz and owner of Pearl City Computer Care. Shops such as David's are on the front lines of technology. Unlike computer manufacturers, these shops deal face to face with end users who bring in their broken PCs and fried hard drives for repair. Small businesses depend on guys like David to keep their enterprises going and he understands intimately what kinds of technology challenges his clients face.
StarBulletin.com
May 11, 2007
Google
Searches Web's Dark Side
One in 10 web pages scrutinised by search giant Google contained malicious code that could infect a user's PC. Researchers from the firm surveyed billions of sites, subjecting 4.5 million pages to 'in-depth analysis'. About 450,000 were capable of launching so-called 'drive-by downloads', sites that install malicious code, such as spyware, without a user's knowledge.
News.BBC.co.uk
May 9, 2007
Video
Sites Buoyed by Spyware-Driven Fraud
A study by spyware researcher Ben Edelman finds that spyware-driven traffic inflation is common, particularly at video sites. What's more, Edelman said that spyware also is being used to manipulate the popularity of YouTube videos.
DarkReading.com
April 27, 2007
Experts
Warn of .doc Attacks
Security experts
at Infosecurity Europe 2007 are warning of hack
attacks and data theft being made easier by the
use of hidden executables and a high-tech variant
on the microdot spying technique.
PCAuthority.com.au
April 25, 2007
Rogue
Software Floods Anti-Spyware Market
Malware
writers are flooding the market with rogue anti-spyware
applications in an attempt to steer consumers away
from genuine security software and make money from
selling bogus applications. Download service Snapfiles
told vnunet.com that the rogue applications outnumber
genuine software by a factor of four to one.
Computing.co.uk
April 19, 2007
Undetected
Warezov Worm on the March Again
I came
in this morning to find nine e-mails with a subject
of 'Mail server report' sitting in my inbox. They're
of course malware, with the same type of subject
and message body as previous malware blasts. Thing
is, I immediately recognized them - but the anti-spam
and antivirus at my work network and my desktop
didn't. They all made it through to my inbox no
questions asked. What's more, I uploaded the .zip
file attachment - Update-KB4901-x86.zip - to Virustotal.com,
a site I've been using more and more lately. Virustotal
runs anything you upload through 31 different antivirus
scanners. None of them caught this variant.
Blogs.PCWorld.com
April 13,
2007
New
Storm Surges Through I.T. World
The latest
Storm worm variant is another indication that antivirus
software is no longer an adequate means to protect
consumers from malicious threats, as researchers
are finding many Storm worm infections caused simply
by users running the e-mailed Storm executables
and inadvertently infecting their PCs with the new
Storm virus.
Business.NewsFactor.com
April 12, 2007
Consumer
Alert: Massive Virus Outbreak
A huge
virus surge of a new Storm Worm variant is flooding
e-mail inboxes and evading many antivirus programs.
In my tests of 31 programs, only four reported a
virus. Postini, an e-mail security company, says
that over the last 24 hours it has seen about 55
million virus e-mails, about 60 times the daily
average. The first e-mails had romance-themed subjects:
'A kiss so gentle,' or 'I dream of you,' for instance.
The latest batch attempts to fool readers--with
subjects like 'Worm Alert!' or 'Virus Alert!'--into
thinking they are already infected and need to apply
a supplied patch--an attached virus.
PCWorld.com
April 11, 2007
FTC
Wants To Jail Spyware Distributors
Federal
Trade Commissioner William Kovacic told a Senate
Commerce Committee hearing that most spyware distributors
were 'vicious organised criminals.' According to
News.com, Kovacic said that the only thing that
would deter them is withdrawing their freedom.
TheInquirer.net
April 4, 2007
ANI
Attack Update: Rootkits, ‘Hot Britney pics’ Spam
The ongoing Windows animated cursor (.ani) flaw
attack just keeps getting worse. The latest reports
indicate that an e-mail spam run promising hot photographs
of Britney Spears is the latest lure to infect Windows
users with backdoor Trojans and keystroke loggers.
Blogs.ZDNet.com
April 2, 2007
Zero-day
ANI Exploit Creates Problems for Windows Users
F-Secure® Corporation warns computer users of
the recently discovered Windows Animated Cursor
Handling vulnerability, also known as the ANI exploit.
The exploit was first discovered on Friday. It is
related to the cursor animation files used by Windows.
Over the weekend the amount of attacks using this
exploit have intensified. Majority of the attacks
have been traced back to different Chinese hacker
groups. Microsoft has not yet released a patch against
the vulnerability. For now, the best way for end
users to protect themselves is to use an antivirus
product to block the malicious ANI files.
Home.Buisnesswire.com
April
2, 2007
The
'Evil Side' Of The Web
The war against
computer viruses may no longer be winnable, with
criminals and espionage agencies spreading their
attacks, experts have warned at the world's biggest
computing fair. 'If the growth in malware continues
at the current pace, makers of antivirus software
may not be able to withstand the onslaught,' Eugene
Kaspersky, the respected Russian expert on computer
security, said at the Cebit expo in Hanover, Germany.
MyBroadband.co.za
March 23,
2007
Spyware
Hits U.S. Soldier's Computers, Redirects Pay
U.S. Defense Department officials have launched
an investigation into recent computer hackings of
servicemembers’ home computers that compromised
personal information and led to the redirection
of funds from their military pay accounts.
MalaysiaSun.com
March 22, 2007
Attackers
Target Gamers with Spyware
Online players
of the video game Omerta have more than the rival
gangsters in the computer game to worry about. According
to anti-spyware vendor Sunbelt Software, of Clearwater,
Fla., cyber-thieves have been spreading spyware
disguised as software from Omerta Game Ltd. Sunbelt
Software President Alex Eckelberry warned users
to be wary of any software for the game that's not
from Omerta. Attackers are trying to trick users
into downloading piece of malware called ProAgent
that captures and logs keystrokes on a computer,
he said.
eWeek.com
March
20, 2007
QuickTime
Flaw Could Download Spyware
ITPro.co.uk
A flaw in Apple's QuickTime file format could
allow spyware to be downloaded to collect personal
information from users. According to Didier Stevens,
who works as an independent security researcher,
the flaw can allow a QuickTime movie to execute
a piece of Javascript code that in turn downloads
spyware onto a victim's computer.
March
14, 2007
Researcher:
Cingular, Travelocity Tied to Spyware Outfits
Just weeks after reaching a settlement with New
York's attorney general, AT&T Inc.'s Cingular division
and Travelocity.com LP are again being accused of
having ties to spyware companies. On Tuesday, antispyware
advocate Benjamin Edelman posted research showing
how Travelocity and Cingular ads placed by spyware
and adware programs have cropped up recently. The
findings appear to show that the two companies have
broken agreements they reached with the New York
Attorney General in late January, under which they
agreed to work with adware providers that followed
strict terms of service.
ComputerWorld.com
March 9, 2007
How
Not To Fall Victim To Internet Fraud
The
banks, which are promoting March as Fraud Awareness
Month, defend this harsh message by saying that
their internet banking anti-fraud protections are
sufficiently sophisticated that generally the only
way for criminals to breach them is with the unwitting
help of customers. Broadly speaking, online criminals
can use only one of two ways to get at your cash:
1. Steal your internet banking username and password
using spyware, and 2. Dupe you into handing over
those details, or paying them for services or goods
they never intend to send.
Stuff.co.nz
March 3, 2007
Over 50% of Infections in February Were Spyware
& Trojans
Spyware and trojans were
the malware responsible for most infections in February,
according to PandaLabs. As in January, spyware accounted
for 33% of the infections detected by ActiveScan.
Meanwhile, trojans have increased two points in
comparison to January, causing 25% of infections.
FinancialMirror.com
March 2,
2007
Storm
Worm Crashes February Malware Charts
An
email worm disguising itself as a news message about
the February storms in Europe topped the malware
charts for February. Storm Worm made up 50.3 per
cent of all malware tracked by Sophos, making it
the number one threat seen by the security company.
ITWeek.co.uk
March 2, 2007
Microsoft
OneCare Bombs Out In Antivirus Test
Microsoft's
Windows Live OneCare antivirus software came in
last in an evaluation of 17 antivirus programs in
the AV Comparatives Web site's bi-annual software
roundup. It runs its On-Demand tests every February
and August to test how well antivirus software detects
known threats.
InternetNews.com
March 1, 2007
Symantec
Incorrectly Flags Yahoo Mail As A Virus
Yahoo's e-mail service is not infected with a
computer virus, despite a warning from Symantec
that says it is. Starting sometime on Tuesday (in
the US), accessing the beta version of Yahoo Mail
on a PC with Symantec's updated antivirus software
caused alarm bells to go off. The security software
reported finding the 'Feebs' worm on the Yahoo Web
pages.
ZDNet.com.au
February
19, 2007
Millions
Vulnerable to New Hack Attack
Security
firm Symantec and the Indiana University School
of Informatics have discovered a new type of security
threat that could leave up to 50 percent of home
broadband users susceptible to attack. Called 'drive-by
pharming,' the threat is focused on home routers,
which can be reconfigured and directed to a malicious
Web site if default settings and passwords are being
used.
News.Yahoo.com
February
14, 2007
Hackers
Two-Timing on Valentine's Day
Hacker's
second strike disables antivirus and security tools;
uses rootkit functions to conceal its presence.
Nurech.B worm spreads through Valentine's Day e-card
spoofs with subject lines like 'Happy Valentine's
Day' or 'Valentines Day Dance'.
Biz.Yahoo.com
February 13, 2007
Microsoft
Patches 12 Vulnerabilities, 6 Of Them 'Critical'
If you're an IT manager, Microsoft's latest monthly
Patch Tuesday release will be good job security,
but it could really mess up your love life. The
software company took care of 20 vulnerabilities
by releasing 12 patches Tuesday -- six for what
the company called 'critical' bugs, six for 'important'
bugs. The patch clears up five zero-day vulnerabilities,
according to Symantec.
InformationWeek.com
February 13, 2007
Zhelatin
Mutants Storm Virus Charts
The Zhelatin
virus is challenging Bagle and Warezov for the dubious
honour of number one virus after eight new variants
were detected in the past four days, security experts
have warned. Kaspersky Lab said that Zhelatin.s,
.t and .u were detected on 8 February, while Zhelatin.v
was detected on 9 February. Four more variants,
.w to .z, were detected during the weekend of 10-11
February.
ITWeek.co.uk
February
10, 2007
This
Valentine Be Aware of Those Viruses Messages
Security experts are warning PC users to be on
guard against viruses masquerading as Valentine's
Day messages, which could damage computers. 'Computer
users should keep a wary eye on any romantic messages
received by e-mail, as many of them could contain
malicious code,' said US security firm PandaLabs
after detecting an increase in a worm it dubbed
Nurech.A. The worm hides in e-mails with subjects
like: 'Together You and I,' 'Til the End of Time
Heart of Mine.' People who open an attached file
such as postcard.exe can end up infecting their
computers.
ExpressIndia.com
February 9, 2007
Wow:
Microsoft’s Windows Vista Already Hacked
'The marketing propaganda touting Microsoft's
new Vista operating system as 'the most secure version
of Windows yet' has done nothing to stop both white
and black hat hackers from discovering Vista vulnerabilities.
Unless you simply enjoy acting as an experimental
Microsoft guinea pig, it's best to wait before trying
to run Windows Vista,' Dave Moore reports for The
Norman Transcript.
MacDailyNews.com
February 7, 2007
Antivirus
expert: 'Ransomware' on the rise
Online
criminals are turning away from threatening companies
with massive cyberattacks in favor of encrypting
a victim's data and then demanding money to decrypt
it, an antivirus expert has claimed.
News.Zdnet.com
February 2, 2007
Super
Bowl Stadium Site Packed Trojan Horse
Hackers
reprogrammed the Web site for the Super Bowl stadium
so it would automatically load a malicious script,
Web security firm Websense said. This script would
attempt to exploit a pair of known Windows security
holes and install programs that would put the PC
under the attacker's control. 'Assuming you're not
patched, a Trojan downloader with a backdoor and
a password stealer gets installed on your computer
without you knowing it,' said Dan Hubbard, vice
president of security research at San Diego, Calif.-based
Websense.
News.Zdnet.com
February 2, 2007
Windows
Defender Lets Spyware Slip onto Vista PCs
Users who put their faith in Vista's new security
features and Microsoft's Windows Defender antispyware
product may find themselves under attack from spyware
all the same, according to the results of a study
by Webroot, a leading antispyware vendor and Microsoft
competitor.
PCWorld.com
January 30, 2007
Windows
Vista Is More Secure, But Not Secure Enough
Windows Vista may be hailed as Microsoft's most
secure operating system to date, but the platform
contains weaknesses in its default anti-malware
capabilities, one security vendor has concluded.
ScMagazine.com.au
January 29,
2007
Fake
Anti-Virus Vaccines Plague Web Sites
Fake
anti-virus vaccines, which pose as legitimate software
designed to identify and destroy online viruses,
are running amok in cyberspace. AhnLab, Korea's
leading anti-virus program developer, Monday said
the number of fake programs has risen rapidly over
the past few years.
Times.Hankooki.com
January 25, 2007
Anti-Spyware Rival Slams Microsoft's Windows Defender,
Vista
A Microsoft security rival on Thursday
blasted the anti-spyware technology that the Redmond,
Wash., developer will include with Windows Vista
as 'ineffective,' 'slow,' and 'weak.' 'We applaud
Microsoft for the substantive improvements in Vista,'
says Gerhard Eschelbeck, the CTO of Webroot Software.
'However, we want to make sure that users understand
the Vista operating system's limitations, and caution
them that Microsoft's default malware blocking application
and antivirus programs may not fully protect them.'
InformationWeek.com
January
24, 2007
Thwart
the 3 Biggest Internet Threats of '07
The
same Internet connection that lets you reach out
and touch millions of Web servers, e-mail addresses,
and other digital entities across the globe also
endangers your PC and the information it contains
about you. Here's how to stymie the three gravest
Internet risks. 1)Internet Explorer - 2)Phishing
and identity theft - 3)Malware
ComputerPartner.nl
January 22, 2007
Why
Antivirus Technology Is Ineffective
Antivirus
technology is a crock. It fails to prevent computers
from getting infected with viruses, and this failure
contributes to many other security woes that plague
the world's computers. Because viruses spread, hackers
find it easier to compromise computers, identity
theft is better enabled, and computer fraud is easier
to perpetrate. Virus-infected computers become a
resource for hackers to exploit. Some hackers assemble
and control networks of thousands of such computers
and use them to distribute huge volumes of spam,
mount sophisticated phishing attacks, and launch
targeted "denial of service" attacks on companies
BusinessWeek.com
January 19,
2007
New
Malware Attack Takes the World by 'Storm'
Finnish antivirus firm F-Secure Corp. reported
in its blog that a Trojan horse program called Small.DAM
went on a tear early Friday morning European time.
'The heavy seeding through spam was quickly obvious
on our tracking screens,' F-Secure reported. 'The
[malware] was spread throughout the world very rapidly.'
SearchSecurity.com
January 16,
2007
Trojans
and Spyware Account For 57% of Malicious Code Detected
in 2006
Adware and spyware, responsible
for nearly 40 percent of detections in total, topped
the 2006 ranking. Both types of malware are advertising-related,
as they collect private data from infected users,
including information on websites viewed or online
stores used. The data is then used to tailor advertising
to users’ preferences. This activity is of dubious
legality, since it is carried out without the user’s
consent.
Net-Security.org
January 16, 2007
Five-Star
Cyber Worm Poses A Major Threat
SHANGHAI
Internet security experts are advising computer
owners to upgrade their browsers and be on the alert
for what could be one of the most devastating cyber
worms ever to attack Chinese-language programs.
Hundreds, perhaps thousands, of local computers
have been infected along with millions of machines
in China, the United States and Europe, according
to estimates by security experts.
ShanghaiDaily.com
January 8, 2007
ID
Thieves Dupe Users With Saddam Execution Video
Trojan horses piggybacked on messages that claim
to include video clips of Saddam Hussein's execution
are circulating, Finnish security company F-Secure
said Monday. The tactic is typical of hustlers and
cybercriminals, said F-Secure, which called the
appearance of the malicious Hussein spam 'a non-surprising
move.
InformationWeek.com
January 8, 2007
Searching
for Spyware in All the Wrong Places?
A
security vendor released a report today about malicious
programs that 'prevent users, whose computers have
become infected, from using popular search engines
such as Yahoo!, Google and MSN to locate a cure'.
I thought at first they meant the malware actively
filtered the search results to strip out references
to its own filenames. That would be HUGE! But this
is not what they meant....
AppScout.com
January 2, 2007
First
Worm of New Year Strikes
An email worm
disguised as a New Year's greeting is spreading
rapidly across the internet. The worm-laden messages
are titled 'Happy New Year' and contain an attachment
called either postcard.exe, or postcard.zip...
ITWeek.com.uk
|
|
|
 |
|
 |
|
|
|
