Spyware, Viruses, & Security

General discussion

NEWS - November 23, 2010

by Donna Buenaventura / November 22, 2010 4:52 PM PST

Agnitum Launches Free Outpost Internet Security Suite

From Agnitum Blog:

We are pleased to announce the availability of Outpost Security Suite Free 7.0, the first comprehensive full-functional Internet security suite to protect PC users from the full range of cyberthreats at no charge.

Right out of the box, OSS Free provides robust, easy-to-use OS Windows protection with optimal default settings to address web-borne threats including known and zero-day viruses, spyware, hacker attacks and intrusions, spam, and more. The product?s acclaimed proactive protection, coupled with efficient detection and disinfection, make OSS Free a great option for web users everywhere.

Benefits of OSS Free
The first fully-functional free security suite including anti-spam, etc.
The latest technology ? based on Outpost Security Suite Pro 7.0.4
VB100 certified antivirus for all modern Windows versions
Best-of-breed award-winning personal firewall
Leak-test and self-defense certified by www.Matousec.com
Automatic optimal configuration out of the box
Lightweight solution that doesn?t slow systems down
Full compatibility with Windows 7, Vista, XP, 2000 ? both 32- and 64-bit.

Read more at http://www.agnitum.com/news/2010-11-22-oss-free-7-0.php

Post a reply
Discussion is locked
You are posting a reply to: NEWS - November 23, 2010
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - November 23, 2010
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
iPad, MobileMe,iTunes: security expert says Apple is failing
by Donna Buenaventura / November 22, 2010 6:28 PM PST

Apple doesnt take iPad and MobileMe security seriously enough according to a leading US cyber-security expert. John Bumgarner, CTO at the security research think-tank, the US Cyber Consequences Unit, spoke to Electricpig about Apple, MobileMe, the iPad and iTunes and wasn?t at all complimentary. Read on to find out why he believes MobileMe and iTunes are almost open goals for hackers...

Bumgarner says we're about to see a rush of attacks targeting Apple: "We will see a lot more malware targeting Apple-centric product lines because Apple's technology footprint has increased and will continue to rise sharply as more people purchase their products globally. Increases in market share make an attractive target for cyber-criminals."

He continues: "Apple needs to start taking secure software development more seriously than they have done previously. The three primary targets for digital mischief are iTunes, MobileMe and, of course, the iPad."

Bumgarner is particularly critical of the newly-updated MobileMe. He says: "Apple's cloud services like MobileMe contain vast amounts of unencrypted personal and corporate information, which can be exploited for identity theft or worse."

http://www.electricpig.co.uk/2010/11/23/ipad-mobileme-itunes-security-expert-says-apple-is-failing/

Collapse -
Virus infecting Stony Brook computers
by Donna Buenaventura / November 22, 2010 7:04 PM PST

Students, staff and faculty using computers on the Stony Brook University networks should be on the lookout for a virus that disguises itself as security software called ThinkPoint, according to a post on the university's Division of Information Technology site on Monday.

The malware, which presents itself as legitimate by using the Windows logo and a Microsoft Security Essentials alert, pretends to scan the users computer for security threats.

According to the post, the virus "provides a long list of infections to trick users into thinking their PC is in danger," then indicates that it cannot remove all the infections and prompts the user to purchase the "full" version ThinkPoint.

The Division of Information Technology recommends that users do not click anything if ThinkPoint appears on their screen and seek assistance from a computer support technician, and urges users to ignore the virus' ploys. [...]

http://www.sbstatesman.com/virus-attacking-stony-brook-computers786

Collapse -
Piracy 'hitting consumers where it hurts'
by Donna Buenaventura / November 22, 2010 7:08 PM PST

Pirated computer software is currently costing legal resellers and the local computer industry millions of rands a month through lost revenue -- and leaving thousands of unsuspecting computer owners up the creek without support.

Microsoft South Africa's Charl Everton says her company alone is currently busy investigating more than 60 computer dealers suspected of selling fake or illegally licensed software ? and that's "just the tip of the iceberg," she says.

Overall, the trade in counterfeit goods is costing South Africa millions of rands annually in lost revenue, says Mandla Mnyatheli, chief director of company and IP enforcement with the Department of Trade and Industry (DTI).

"The exact impact of counterfeiting is hard to quantify, but there's no doubt this trend has been increasing. We have an urgent challenge in South Africa to stem this tide," said Mnyatheli.

The Deputy Minister of Trade and Industry, Thandi Tobias-Pokolo, is spearheading a nationwide campaign to raise awareness of the scourges of piracy and counterfeiting, says Mnyatheli. All relevant enforcement agencies and government departments in the security cluster will be part of this campaign.

The biggest problem with piracy, though, says Everton, is that there is growing evidence that many local criminal organisations are now involved in counterfeiting to some degree -- which effectively means that people who buy pirated goods are funding organised crime.

"All indications are that local criminal syndicates are following the global trend of branching out into counterfeit software as a low-risk, high-profit sideline to other activities like hijacking and drug trafficking," she said.

Everton was speaking as part of Microsoft's worldwide 'Consumer Action Day' ? a drive across 70 countries to protect consumers and increase awareness of the risks of counterfeit software.

http://www.itweb.co.za/index.php?option=com_content&view=article&id=39030:piracy-hitting-consumers-where-it-hurts&catid=69

Collapse -
WikiLeaks promising even bigger leak of secret files
by Donna Buenaventura / November 22, 2010 7:14 PM PST

WikiLeaks is promising to release its largest cache of classified files yet.

In a post on Twitter last week, the WikiLeaks organization wrote: "Next release is 7x the size of the Iraq War Logs. Intense pressure over it for months." An hour later, the group followed with: "The coming months will see a new world, where global history is redefined." [...]

The volunteers at the site, which lacks a home base so as to avoid being shut down, are continuing their work even as Swedish officials prepare an international arrest warrant for WikiLeaks spokesman Julian Assange on rape charges. Assange has denied the charges.

http://www.zdnetasia.com/wikileaks-promising-even-bigger-leak-of-secret-files-62204575.htm

Related news: Security researcher: I keep getting detained by feds

Collapse -
Study: Fifth of Facebook users exposed to malware?
by Donna Buenaventura / November 22, 2010 7:19 PM PST

Security software manufacturer BitDefender today released some statistics gleaned from Safego, a Facebook application that it offers to users of the social-network to keep an eye on their vulnerability to malware. The big finding: 20 percent of Facebook users are exposed to malicious posts in their "news feeds" of friends' activity, generally defined as posts that, when clicked on, result in "the user's account being hijacked and in malware being automatically posted on the walls of the respective user's friends."

The numbers were derived from Safego's analysis of news feed items viewed by the 14,000 Facebook users who have installed the app. Considering Facebook has 500 million users around the world, that's a small sample, but it's also a sample of users who, by virtue of installing the app in the first place, indicate that they're relatively security-minded. The "average" Facebook user may well be even more likely to see malicious posts, in theory.

Over 60 percent of attacks come from notifications from malicious third-party applications on Facebook's developer platform, the study found. Within that, the most popular subset of "attack apps" (21.5 percent of total kinds of malware) were those that claim to perform a function that Facebook normally prohibits, like seeing who has viewed your profile and who has "unfriended" you. 15.4 percent lure in users with bonus items for Facebook games like free items in FarmVille; 11.2 percent offer bonus (yet bogus) Facebook features like free backgrounds and "dislike buttons," 7.1 percent promise new versions of well-known gaming titles like World of Warcraft; 5.4 percent claim to give away free cell phones; and 1.3 percent claim to offer a way to watch movies for free online.

Beyond "app attacks," BitDefender found that an additional 16 percent of malware viewed on Facebook entices users to watch some kind of shocking video...

http://news.cnet.com/8301-13577_3-20023626-36.html

Collapse -
Karagany Isn?t a Doctor, but Plays One on Your PC
by Donna Buenaventura / November 22, 2010 7:27 PM PST

A Trojan that pulls a sly performance of now-you-see-me-now-you-don't disguises itself on an infected system as the Adobe Updater, a real program that's installed alongside such mainstay applications as the Adobe Reader. This method of hiding in plain sight means the downloader, Trojan-Downloader-Karagany, may remain active on an infected system for an extended period of time, reinfecting PCs even after the more obvious payloads have been cleared up.

During the initial infection, subtlety is this Karagany's strong suit. When executed, it pulls an act I find slightly more interesting than the conventional file copies itself from one place to another, then deletes the original behavior that is so common among contemporary malware.

In this case, the malware app (which uses an Adobe icon) does copy itself to another location -- the \Application Data\Adobe folder under the currently logged-in user's account, using the filename AdobeUpdater.exe -- but leaves behind a benign program afterward, in exactly the same place as the original, and with the same filename as the original.

Details with video clip at http://blog.webroot.com/2010/11/22/karagany-isnt-a-doctor-but-plays-one-on-your-pc/

Collapse -
Google sued for scanning emails of non-Gmail users
by Donna Buenaventura / November 22, 2010 7:31 PM PST

Electronic Communications Privacy Act violation alleged

A Texas man has fired a legal broadside against Gmail in a federal lawsuit that claims the Google service violates the Electronic Communications Privacy Act of 1986.

Keith Dunbar of Bowie County, Texas, claims that emails he sent from a non-Gmail service to Gmail users were scanned by Google algorithms without his consent. The algorithms are designed to serve Gmail users targeted ads based on the content of messages they receive.

"No consent from non-Gmail account holders is given prior to Google using the content of non-Gmail account holders for the purpose of delivering targeted ads and other related information to Gmail account holders," the complaint, filed in US District court in Texarkana, Texas, stated. "Google does not inform non-Gmail account holders that it scans the content of their emails for the purpose of delivering targeted text ads and other related information to Gmail account holders."

The complaint is seeking class-action status so other non-Gmail users may also joint the action. It seeks damages of $100 a day for each violation or $10,000, whichever is greater, and the disgorgement of profits made by Google as a result of the Gmail scanning.

"We haven't received a formal complaint and can't comment on specifics," a Google spokesman wrote in an email on Monday. "To be clear though, Gmail -- like most webmail providers -- uses automatic scanning to fight against spam and viruses. We use similar technology to show advertisements that help keep our services free. This is how Gmail has always worked."

Indeed, internet law expert Eric Goldman, a professor at Santa Clara University School of Law, told InformationWeek that there were numerous calls to investigate Google for such behavior in 2004. "Frankly, after all the furor died down a half-decade ago, I had assumed everyone had moved on long ago," he told the publication.

http://www.theregister.co.uk/2010/11/23/gmail_privacy_lawsuit/

Collapse -
Google 'Instant Previews' hit Google Analytics with fake tra
by Donna Buenaventura / November 22, 2010 7:35 PM PST

Google's new "Instant Previews" search tool is skewing traffic stats for sites using Google Analytics, creating page views before pages are actually viewed.

Rolled out across Google's search engine earlier this month, Instant Previews lets searchers, yes, preview sites before they visit them. Users click on a small icon that appears beside a search result, and this launches an image of the site in question on the right-hand-side of Google's results page.

As Google pointed out when "Instant Previews" was launched, Google is -- in some cases -- fetching these previews in real time. Soon after the tool's launch, webmasters posting to Google's help forums noticed that these pre-fetches were skewing Google Anayltics numbers. And as noticed by Search Engine Land, a Google employee later confirmed this with a post of his own.

The employee confirms that these real-time fetches are executing JavaScript used by Google Analytics, the company's own web analytics tool, and this is skewing traffic numbers. But he indicates that a fix is on the way. "We're working on a solution for this, to prevent Google Instant Preview on-demand fetches from executing Analytics JavaScript," the Google employee says. "I'm not sure about the timeframe, but I'll drop a note here when I have more to share. Thanks for your patience."

http://www.theregister.co.uk/2010/11/22/google_instant_previews_skew_web_analytics/

Related news: Instant Previews: A Pawn for Malicious Intent

Collapse -
Anonymizer Labs Develops 'Anonymizer Nevercookie' to Contend
by Donna Buenaventura / November 22, 2010 7:42 PM PST
With the Evercookie Threat

Introducing Anonymizer Nevercookie?, a FREE Firefox plugin that protects against the Evercookie API. The plugin extends Firefox?s private browsing mode by preventing Evercookies from identifying and tracking users.

Evercookie is a new, more persistent cookie form that enables the storage of cookie data in a number of different locations, such as Flash cookies and various locations of HTML5 storage. This allows websites to track user behavior even when users have enabled private browsing. Because an Evercookie stores data in locations outside of where standard cookies are stored, an Evercookie can rebuild itself unless users go through a number of steps to completely clear and reset their local storage.

Anonymizer Nevercookie simplifies this process and eliminates the manual steps required to completely remove Evercookies. And it does so without also removing all of the necessary cookies that a user actually wants to keep, such as those for browsing history and remembered logins. When Anonymizer Nevercookie is engaged along with Firefox?s private browsing mode, it quarantines an Evercookie and removes it after the browsing session.

Anonymizer Nevercookie was developed by Geoffrey Abbott, Lead Researcher at Anonymizer Labs.

http://nevercookie.anonymizer.com/

NOTE: The plugin is currently in BETA. Use at your own risk.
Collapse -
Mozilla Fixes Site Error-Handling Bug
by Donna Buenaventura / November 22, 2010 7:49 PM PST

Mozilla has fixed a bug in the way that its Bugzilla Web site and others handled certain errors, which could have been exploited to execute a man-in-the-middle attack against an unsuspecting user.

The bug was related to the way that the sites responded to certain requests from client machines when the clients specify an incorrect HTTP host header. The Bugzilla site holds a wild card SSL certificate that also is valid on Mozilla.org, and as a result when the sites respond to the request with the incorrect header, clients can be redirected to a non-HTTPS site for an error message.

"As a result, a network attacker can divert a client connection bound for any *.mozilla.org site to one of these servers and cause the client to receive an incorrect redirect. This is already a breach of the integrity that SSL is supposed to provide. But what is worse, since the redirect is to http://, the attacker can substitute arbitrary content and thereby perform XSS," Matt McCutchen wrote in an explanation of the certificate problem on Bugzilla.

More on attack scenario at http://threatpost.com/en_us/blogs/mozilla-fixes-site-error-handling-bug-112210

Collapse -
E-mail computer hacker jailed after international scam
by Donna Buenaventura / November 22, 2010 10:04 PM PST

A computer hacker who accessed personal data and photos from his mother's front room in a major e-mail scam has been jailed. Father-of-five Matthew Anderson, 33, of Drummuir, Moray, who was part of an international gang, was caught after a Scotland Yard investigation.

He sent millions of worldwide e-mails which released a virus when opened, allowing remote control of computers. Anderson was jailed for 18 months at Southwark Crown Court.

He admitted the Computer Misuse Act crime. He was able to access private images, wills and confidential medical reports and CVs.

http://www.bbc.co.uk/news/uk-scotland-north-east-orkney-shetland-11818671 via Sophos.

Also see: 'Warpigs' VXer pleads guilty

Collapse -
Malicious Video Spreads via Multiply
by Donna Buenaventura / November 22, 2010 10:06 PM PST

Trend Micro researchers recently discovered attacks on the social networking site Multiply. The cybercriminals behind the said attack created new Multiply user accounts then sent malicious personal messages to other site users.

The personal message contains a greeting with the target?s Multiply user name and a video that the recipient is supposed to watch. Clicking the play button redirects users to the malicious URL http://yourtube.{BLOCKED}loring.com/video2/video.php?q=1289224873.

The page then asks the recipient to download a codec to view the video.

These sorts of attacks have been occurring for some time. Users should avoid downloading new codecs to watch videos posted online, as these are frequently malicious.

Screenshots in http://blog.trendmicro.com/malicious-video-spreads-via-multiply/

Collapse -
Cross-Border Korean Shelling Leads to FAKEAV
by Donna Buenaventura / November 22, 2010 10:08 PM PST

News outlets all over the world are talking about the recent cross-border clash between North and South Korea. The shelling, one of the worst incidents between the two countries in years, is naturally being used by the usual criminals behind fake antivirus malware.

Within hours of the incident, certain Korea-related search terms were already poisoned.

Note that the Google preview of the page shows the supposed content of the page. However, if the user clicks on the offered search result, they see these (familiar) pages.

http://blog.trendmicro.com/cross-border-korean-shelling-leads-to-fakeav/

Collapse -
RIM denies reports that Indian official snooped for it
by Donna Buenaventura / November 22, 2010 10:15 PM PST

Research In Motion denied reports in Indian media that it had received information from an Indian government official questioned by police Monday during an investigation into the leaking of information to telecommunications companies.

Ravi Inder Singh, a senior official in the country's Ministry of Home Affairs, was taken in for questioning on Monday, Delhi police sources said.

Special Commissioner of Police P.N. Aggarwal said on Tuesday that Singh had not been arrested, and investigations were still going on in the case. He declined to comment on the line of investigation.

RIM is currently in difficult negotiations with the Indian government, which has been demanding that law enforcement agencies be given the ability to intercept communications on RIM's network.

The government has given RIM until January to provide total access to communications on its BlackBerry Messenger service. It has also demanded access to RIM's corporate email and communications service, BlackBerry Enterprise Server

http://www.computerworld.com/s/article/9197779/RIM_denies_reports_that_Indian_official_snooped_for_it

Also see: RIM sidesteps BlackBerry ban in India

Collapse -
Network card rootkit offers extra stealth
by Donna Buenaventura / November 22, 2010 10:19 PM PST

Security researchers have demonstrated how it might be possible to place backdoor rootkit software on a network card.

Guillaume Delugr?, a reverse engineer at French security firm Sogeti ESEC, was able to develop proof-of-concept code after studying the firmware from Broadcom Ethernet NetExtreme PCI Ethernet cards.

He used publicly available documentations and open source tools to develop a firmware debugger. He also reverse-engineered the format of the EEPROM where firmware code is stored, as well as the bootstrap process of the device.

Using the knowledge gained from this process, Delugr? was able to develop custom firmware code and flash the device so that his proof-of-concept code ran on the CPU of the network card. The technique opens the possibility of planting a stealthy rootkit that lives within the network card, an approach that gives potential miscreants several advantages over conventional backdoors.

Chief among these is that there will be no trace of the rootkit on the operating system, as it is being hidden inside the network interface card. [...]

Delugr? gave a presentation on his research at the hack.lu conference last month. A write-up of his research, along with slides on his presentation and a demo, was published on Sunday here.

http://www.theregister.co.uk/2010/11/23/network_card_rootkit/

Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Tech for the holiday

Find recipes for July 4 with these foodie apps

The Fourth of July means fireworks, fun and food. If you're planning on a barbecue this weekend, we've got the apps to help you find holiday-inspired recipes.