NEWS - December 20, 2005

Websense Security Labs is seeing a large increase in the number of websites and emails that use deception and/or browser vulnerabilities to install potentially unwanted software. The common theme among these threats is the use lures of possible spyware infections on your machine. In some cases, the scam actually reports fraudulent information regarding the security of your PC.

In many cases they also request money in return for cleaning the outlined security problems (we have seen as much as $500 per year).

Over the last 2 weeks, we have identified more than 1500 sites that have some (or all) of the following criteria:

They are hosted in Ukraine and Russia
The website domain names are registered in countries like Vanuatu and Mexico
IP netblocks hosting sites are often hosting other questionable sites such as fraudulent search engines
IP netblocks have been hosting malicious code such as Trojan horse downloaders, droppers, and hosts-file redirection software
Malicious code that modifies DNS settings has used these netblocks for DNS resolving
Downloaded code often includes several pieces of spyware, adware, and other potentially unwanted software
Removing the software often requires that you to fill out a survey
Several of the sites contain links to other sites that are hosting IE exploit code

Screenshots and other details in WebSense

Reevesnamepins.com, a company that manufacturers the plastic and metal name tags that police officers around the country wear on their uniforms, had its customer database hacked recently, exposing credit card and other personal data for a number of police departments.

A woman who answered the phone at ReevesNamepins confirmed that the company had recently experienced a security breach, but declined to provide further details and referred inquiries to the company's CEO, who could not be immediately reached for comment.

The discovery was made by investigators at CardCops.com, which monitors online sites and forums for evidence of stolen credit and consumer data. CEO Dan Clements said his company spotted the stolen credit card information while trolling an Internet relay chat (IRC) room dedicated to credit card fraud

http://blogs.washingtonpost.com/securityfix/2005/12/cop_nametag_com.html

Database

Personal Data for Law Enforcement, Security Professionals Exposed

Guidance Software -- the leading provider of software used to diagnose hacker break-ins -- has itself been hacked, resulting in the exposure of financial and personal data connected to thousands of law enforcement officials and network-security professionals.

Guidance alerted customers to the incident in a letter sent last week, saying it discovered on Dec. 7 that hackers had broken into a company database and made off with approximately 3,800 customer credit card numbers. The Pasadena, Calif.-based company said the incident occurred sometime in November and that it is working with the U.S. Secret Service on a more detailed investigation.

http://www.washingtonpost.com/wp-dyn/content/article/2005/12/19/AR2005121900928.html

Reuters
Published on ZDNet News: December 20, 2005, 4:24 AM PT

An alleged child porn offender in Germany turned himself in to the police after mistaking an e-mail he received from a computer worm for an official warning that he was under investigation, authorities said on Tuesday.

"It just goes to show that computer worms aren't always destructive," said a spokesman for police in the western city of Paderborn. "Here it helped us to uncover a crime which would otherwise probably have gone undetected."

more here
http://news.zdnet.com/2100-1009_22-6002302.html?tag=zdnn.alert

By Dawn Kawamoto, CNET News.com
Published on ZDNet News: December 20, 2005, 10:10 AM PT

A Santa Claus worm is attempting to trick America Online, Microsoft MSN and Yahoo instant-messaging users into clicking on a file that delivers unwanted software to a victim's computer.

The IM.GiftCom.All worm attempts to dupe IM users into thinking an acquaintance has sent them a link to a harmless Santa Claus file, according to a security advisory issued Tuesday by IMlogic.

People who click on the file will see an image of Santa, but what they are less likely to notice is a so-called rootkit being installed onto their system. A rootkit is a tool designed to go undetected by the security software used to lock down control of a computer after an initial hack. The malicious attacker can then distribute messages to the user's IM contacts, using a similar technique to lure the unsuspecting acquaintance to click on the link.

The Santa worm is the latest tactic to be used on IM networks, which in the past have included offers of movie clips to the latest release of "Star Wars."

more here
http://news.zdnet.com/2100-1009_22-6002790.html?tag=zdnn.alert

By Alorie Gilbert
Staff Writer, CNET News.com
Published: December 20, 2005, 11:48 AM PST

Yahoo plans to tighten security on its dating site after an outsider uncovered a method for breaking into members' accounts.

The main problem is that Yahoo Personals ads contain clues about key personal information--namely birth date and ZIP code--that members use to reset their passwords. If an intruder obtains that data, the only thing that would block him from changing passwords and accessing accounts are members' secret questions, such as "What's your pet's name?" "What is your favorite pastime?" and "What is your all-time favorite sports team?"

In the age of instant messaging and e-mail, answers to such questions are often easy to obtain with a bit of social engineering, said Bennett Haselton, a freelance programmer and Internet free-speech advocate in Seattle who discovered the vulnerability. "It's the kind of thing that you could ask someone without arousing their suspicion," Haselton said in an e-mail exchange.

more here
http://news.com.com/Yahoo+to+plug+security+hole+in+dating+site/2100-1002_3-6002882.html?tag=html.alert