Spyware, Viruses, & Security forum

General discussion

NEWS - February 25, 2011

Microsoft's "Web Tracking Protection" submission accepted by the W3C

The W3C has accepted a submission from Microsoft on "Web Tracking Protection", and has now started the formal standardisation process, the next step in which will be a workshop at Princeton University on 28-29 April 2011. In a posting, the W3C states that due to significant public concern, the submission from Microsoft is timely, and that the "W3C had already decided to strengthen its focus on privacy."

That public concern focusses on behavioural targeting and other such techniques used by advertisers to compile profiles on users in order to serve precisely tailored advertising. Many advertising networks offer the option of opting out of such tracking and the submission from Microsoft is intended to develop a standardised framework for a more general ability to opt out of such tracking.

Continued : http://www.h-online.com/security/news/item/Microsoft-s-Web-Tracking-Protection-submission-accepted-by-the-W3C-1198023.html

Also : Microsoft Web Privacy Features Meet W3C Approval

From the MSDN's IEBlog: Web Tracking Protection: An Emerging Internet Standard that Helps Protect Consumers from Tracking
Discussion is locked
You are posting a reply to: NEWS - February 25, 2011
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - February 25, 2011
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Exxon, Shell Said to Have Been Hacked Via Chinese Servers

In reply to: NEWS - February 25, 2011

Computer hackers working through Internet servers in China broke into and stole proprietary information from the networks of six U.S. and European energy companies, including Exxon Mobil Corp., Royal Dutch Shell Plc and BP Plc, according to one of the companies and investigators who declined to be identified.

McAfee Inc., a cyber-security firm, reported Feb. 10 that such attacks had resulted in the loss of "project-financing information with regard to oil and gas field bids and operations." In its report, Santa Clara, California-based McAfee, assisted by other cyber-security firms, didn't identify the energy companies targeted. The attacks, which it dubbed "Night Dragon," originated "primarily in China" and occurred during the past three years.

The list of companies hit, none of which disclosed the attacks in filings with regulators, also includes Marathon Oil Corp., ConocoPhillips and Baker Hughes Inc., according to the people who worked on or are familiar with the companies' investigations and asked not to be identified because of the confidential nature of the matter.

Continued : http://www.businessweek.com/news/2011-02-24/exxon-shell-said-to-have-been-hacked-via-chinese-servers.html

Collapse -
US Cybercrime Complaints Fell 10 Percent Last Year

In reply to: NEWS - February 25, 2011

The U.S. agency that tracks complaints of criminal activity on the Internet reported Thursday that fewer people complained about Internet fraud in 2010 than in the previous year.

The Internet Crime Complaint Center (IC3) runs a Web site where victims can report details of any cyberfraud. It shares the data with law enforcement agencies to help them hunt down criminals. Last year it received 303,809 complaints, almost 10 percent fewer than the previous year's total of 336,655.

The IC3 is run by the U.S. Federal Bureau of Investigation and the National White Collar Crime Center. It released its annual report Thursday, based on data submitted in 2010.

The largest single source of complaints was from people who had been duped by criminals posing as buyers and sellers. International scammers, preying on eBay and Craigslist users, have made millions over the past decade. Just last week, a Romanian national, Adrian Ghighina, pleaded guilty to his role in a scam that took in $2.7 million by tricking eBay, Craigslist and AutoTrader.com users into paying for vehicles that were never delivered.

Continued : http://www.pcworld.com/businesscenter/article/220670/us_cybercrime_complaints_fell_10_percent_last_year.html

Collapse -
Internet disconnected upon removing virus

In reply to: NEWS - February 25, 2011

From the Bkis Global Task Force Blog:

Recently, the Internet community has puzzled about a "strange phenomenon" on their computers": the Internet is disconnected after their antivirus program removes malware. [Screenshot]

I found out that this phenomenon happens when a computer is infected with a virus named W32.Ndisvan.Trojan.
This virus, once installed, will create somes virtual network adapters with the name of the system's adapters plus a "-" mark at the end: [Screenshot: Fake Network Adapters]

The virus' aims are to filter the data going to or from network devices, download malwares and bypass antivirus softwares. At the same time, all these fake network adapters point to a network filter driver named "ndisvvan.sys" (Check carefully or you will mistake this driver for Windows' driver named "ndiswan.sys" - a letter "w" is replaced by two letters "v" in the fake network filter driver). Screenshot]

If by mistake you removed "ndisvvan.sys" upon deletion of virus file, you have accidentally "broken" the network filter driver link list. Then the data fails to reach the real network adapter. That's why your computer cannot connect to the network though it is still connected to the physical network equipment.

Continued : http://blog.bkis.com/en/internet-disconnected-upon-removing-virus/

Collapse -
Pharma Wars

In reply to: NEWS - February 25, 2011

How do you chronicle the struggle for control of an underground empire when neither combatant wants to admit that he is fighting or even that that a war is underway? That's the nature of a business-feud turned turf-war that is playing out right now between the bosses of two of the Internet's largest illicit pharmacy operations.

On Thursday, I wrote about an anonymous source using the pseudonym "Despduck" who shared a copy of the back-end database for Glavmed, a.k.a. "SpamIt", until recently the biggest black market distributor of generic pharmaceuticals on the Internet. The database indicates that Glavmed processed in excess of 1.5 million orders from more than 800,000 consumers who purchased knockoff prescription drugs between May 2007 and June 2010.

Despduck first proffered the Glavmed data through a mutual source in the anti-spam community, and claimed that the alleged owner of the pharmacy program, a Russian businessman named Igor Gusev, would soon be charged with illegal business activities. Sure enough, near the end of September 2010, Russian officials announced a criminal investigation into Gusev and his businesses. Shortly after those charges were brought, SpamIt.com was closed down. Consequently, the volume of spam flowing into inboxes around the world fell precipitously, likely because SpamIt.com affiliates fell into a period of transitioning to other pharmacy networks.

Continued : http://krebsonsecurity.com/2011/02/pharma-wars/#more-8257

Related : SpamIt, Glavmed Pharmacy Networks Exposed

Collapse -
ZeuS in the Mobile is back

In reply to: NEWS - February 25, 2011

Yesterday, Polish Security Consultant and blogger Piotr Konieczny wrote (Polish) about a new wave of ZeuS trojan attacks. This time, it took place in Poland and it was directed against customers of ING Bank.

The samples used in this attack run on a number of platforms: Trojan-Spy.Win32.Zbot.bbmf for Windows, Trojan-Spy.SymbOS.Zbot.b for Symbian and Trojan-Spy.WinCE.Zbot.a for Windows Mobile. Yes, this time ZeuS in the Mobile (ZitMo) targets users of Windows Mobile smartphones too.

This attack was very similar to the first ZitMo attack which happened at the end of September 2010. Users infected by the Windows versions of the Zbot trojan were also asked to enter their cell phone number and smartphone model for a 'certificate update'. After that, an URL with the link to the 'certificate update' (which is actually a ZeuS trojan for particular smartphone platform) was sent in a SMS to the infected customer. If users would have downloaded and installed this malicious file, their incoming SMS messages (with mTAN authentication codes also) would have been resent silently to a predefined cell phone number.

Continued : http://www.securelist.com/en/blog/11169/ZeuS_in_the_Mobile_is_back#readmore

Collapse -
A new wave of phishing scams target Telstra

In reply to: NEWS - February 25, 2011

In the last few days, SophosLabs witnessed a new wave of phishing spam campaigns targeting Telstra, the largest phone and internet service provider in Australia. Telstra supports more than 18 million customers for both fixed line and mobile phones.
[Screenshot: Telstra Phishing Email]

This makes it a worthy target for phishing attacks. This wave of scams includes two kinds of phishing messages: one uses the Telstra brand, while the other takes advantage of BigPond, which is a subsidiary of Telstra. [Screenshot: BigPond Phishing Email]

These two different phishing messages contain a link redirecting the recipient to similar fraudulent Telstra login pages. The pages attempt to steal customers' confidential information such as username, password, address and credit card details.

Like most phishing pages, they look very believable to the average user. Considering that companies are moving every service they can to the internet to reduce labour costs, this is to be expected, right?

Continued : http://nakedsecurity.sophos.com/2011/02/25/a-new-wave-of-phishing-scams-target-telstra/

Collapse -
The Ransomway

In reply to: NEWS - February 25, 2011

From WebSense Security Labs:

There are always different ways to make money. Cybercriminals know it, and their imagination is unlimited as far as we can tell. Sometimes they lure users into downloading a rogue AV as a treatment for an "infected computer", other times they literally extort users to pay to get their own data or computer access back. Let's have a look into the infamous malware called ransomware.

In general we can divide this sort of malware into three separate categories:

1. file encrypters
2. system lockers
3. application lockers

Even though their application varies, the aim is always the same. The victim has to pay, otherwise the data/access will be lost for ever.

File encrypters

The first group represents the most notorious extortion tactic from the real world - "pay now otherwise you will not see it again". It all started around 1989, when the first ransomware was introduced - PC Cyberg Trojan alias AIDS trojan horse. The basics have remained unchanged since. Once the trojan launches on a victim's computer, all custom data (files that are important from the user perspective) is encrypted and is therefore inaccessible to the user. With PC Cyberg the victim was asked to post the ransom to a PO Box in Panama; nowadays the criminals ask users to send either an SMS to a premium mobile number, or transfer money to online payment services such as Egold, Liberty Services or others. The payment varies from $20 up to $200 depending on the sophistication of the malware and greediness of the authors.

Continued : http://community.websense.com/blogs/securitylabs/archive/2011/02/24/the-ransomway.aspx

Collapse -
Apple invites bug researchers to scrutinize Lion OS

In reply to: NEWS - February 25, 2011

Apple is offering security experts a copy of the developer preview of Mac OS X 10.7, aka Lion, and asking them for feedback.

Several prominent Mac security researchers have reported that they received invitations to try out the Lion preview, which Apple issued Thursday.

"Apple has invited me to look at the Lion developer preview," said Dino Dai Zovi in a tweet yesterday. "I won't be able to comment on it until its release, but hooray for free access!"

Dai Zovi is the co-author of The Mac Hacker's Handbook.

Charlie Miller, an analyst with Baltimore-based consulting firm Independent Security Evaluators (ISE) and Dai Zovi's co-author, confirmed today that he had also received an invitation to try out Lion.

Continued : http://www.computerworld.com/s/article/9211599/Apple_invites_bug_researchers_to_scrutinize_Lion_OS

Related : Apple shares Mac OS X Lion with security experts

Collapse -
Google Aims To Take Out Content Farms

In reply to: NEWS - February 25, 2011

"A change to its search algorithm will "noticeably impact" more than 10 percent of all search queries."

In a move that will "noticeably" affect more than 10 percent of all search queries, Google announced a change to its search algorithm that's aimed at reducing the ranking of lower quality sites.

The official blog post didn't say the phrase "content farms" - sites such as Demand Media that churn out articles designed to attract traffic from search queries. However, many believe that content farms are indeed a key target of the change.

Danny Sullivan at SearchEngineLand writes:

'How can I say the Farmer Update targets content farms when Google specifically declined to confirm that? I'm reading between the lines. Google previously had said it was going after them. ... From Google's earlier blog post, content farms are places with "shallow or low quality content." ... That content is what the algorithm change is going after. '

Demand Media has strenuously objected to being labeled a content farm, and posted a response to the changes on its blog:

Continued : http://www.technologyreview.com/blog/editors/26441/

Related : Google tweaks search to promote "high-quality" sites

Popular Forums

Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.