NEWS - January 11, 2006

Responding to the rising cybercrime threat, the Federal Trade Commission on Tuesday unveiled an online tool designed to help consumers avoid becoming victims of Internet scams.

At the Web site, www.onguardonline.gov, consumers can take interactive quizzes designed to enlighten them about ID theft, phishing, spam and online-shopping scams.

If the user selects a wrong answer, the program explains why that particular misconception about Internet security can lead to trouble.

http://www.newsfactor.com/news/FTC-Launches-Site-To-Fight-Net-Crime/story.xhtml?story_id=0230028NLQ1C

Spammers appear to have found a new target of choice for 2006 - bombarding internet message boards with unprecedented ferocity.

The amount of message board spam has been escalating dramatically since mid-2005, according to experts and a search of Google shows a number of frequently recurring domains are appearing in bogus comments on message boards all over the internet.

Among the most common domains appearing on message boards as spam, there is a definite trend.

Domains such as 888.typo7.com, e-casinoroom.com, HobbyWorkshop.com, onlinepokerment.com, TopSitesRanking.com and g4h5.com all appear in bogus postings which reference online gaming. Many of the actual sites link through to more than one established poker site.

Typical comments often start with some fairly random text, such as "Good guess Smith" or "I agree with John", which looks like an attempt to appear part of an existing conversation on the board. They then include little more than links through to the websites, backed up with crude testimony such as "This is a great poker site", despite the fact none of the above offer any kind of gaming on their own domain.

A second trend is also apparent with these domains. The Whois information for every single one of those websites named above reveals the same registrant in each case - Moniker Privacy Services, part of domain name registrar Moniker.com, based in Florida in the US.

http://software.silicon.com/security/0,39024655,39155545,00.htm

By Joris Evers, CNET News.com
Published on ZDNet News: January 11, 2006, 5:20 PM PT

Symantec has released an update to its popular Norton SystemWorks to fix a security problem that could be abused by cybercriminals to hide malicious software.

In the PC-tuning application, a feature called the Norton Protected Recycle Bin creates a hidden directory on Windows systems. The feature is meant to help people restore modified or deleted files, but the hidden folder might not be scanned during scheduled or manual virus scans, Symantec said in an advisory released Tuesday.

"This could potentially provide a location for an attacker to hide a malicious file on a computer," Symantec said. The Cupertino, Calif., security provider is not aware of any attempts by hackers to conceal malicious code in the folder. "This update is provided proactively to eliminate the possibility of that type of activity," it said.

more here
http://news.zdnet.com/2100-1009_22-6026203.html?tag=zdnn.alert

A Time to Patch
(Blog) by Brian Krebs

A few months back while researching a Microsoft patch from way back in 2003, I began to wonder whether anyone had ever conducted a longitudinal study of Redmond's patch process to see whether the company was indeed getting more nimble at fixing security problems...

http://blogs.washingtonpost.com/securityfix/2006/01/a_timeline_of_m.html