CNET también está disponible en español.

Ir a español

Don't show this again

Security

This week in phishing

Microsoft files 117 lawsuits against people who it charges created phishing Web sites designed to look like pages hosted by the software giant.

Microsoft filed 117 lawsuits this week against people who it charges created phishing Web sites designed to look like pages hosted by the software giant.

The suits are being brought against operators of Web sites that feature trademarked logos or images used by Microsoft on its official Web pages and products.

Every one of the sites named in the lawsuits, which were online sometime between October 2004 and March 2005, has already been taken down, said Aaron Kornblum, Internet safety enforcement attorney at Microsoft. One of the primary goals of the legal attack is tracking down the individuals responsible for creating the fraudulent sites, he said.

Meanwhile, Microsoft acknowledged that a security patch issued in January for its Windows 98 and Windows ME operating systems may cause performance issues for customers who have downloaded the update. Microsoft's KB891711 update, which was released to address a vulnerability related to cursor and icon format handling, fails to adequately protect users of Windows 98, Windows 98 SE and Windows ME.

Symantec offered a mea culpa of its own, reporting that glitches in its antivirus software that could allow hackers to launch denial-of-service attacks on computers running the applications. Symantec detailed two similar vulnerabilities found in its Norton AntiVirus software, which is sold on its own or bundled in Norton Internet Security and Norton System Works.

The flaws, which could lead to computers crashing or slowing severely if attacked, are limited to versions of the software released for 2004 and 2005. One flaw essentially causes Symantec's software to crash when it is asked to inspect a file specifically designed to exploit the flaw. The file could be submitted either remotely from outside a system or internally by someone with physical access to a computer, Symantec said.