Spyware, Viruses, & Security forum

General discussion

NEWS - November 2, 2009

by Donna Buenaventura / November 1, 2009 9:01 PM PST
Microsoft Security Intelligence Report v7

Microsoft released the newest Security Intelligence Report, which focuses on trends in malicious software and other computer threats in the first half of 2009 (January through June). The report uses data collected from several hundred million Windows users and some of the busiest online services on the Internet, including Windows Live Hotmail and Bing.

Higlights in the SIR v7 include:
* Worm infections are growing
* Rogue security software continues to be a major threat

http://blogs.msdn.com/securitytipstalk/archive/2009/11/02/microsoft-releases-latest-findings-on-malware.aspx

Note: At the time of this entry, http://www.microsoft.com/security/portal/Threat/SIR.aspx do not have the latest report. You can get the report in the said blog
Discussion is locked
You are posting a reply to: NEWS - November 2, 2009
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - November 2, 2009
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Kaspersky: Gumblar update
by Donna Buenaventura / November 1, 2009 9:47 PM PST

From their Viruslist blog:

As expected, we can confirm more compromised machines. Our current count looks as follows:

7798 UNITED STATES
1765 INDIA
1332 ARGENTINA
1244 TURKEY
1094 RUSSIAN FEDERATION
1084 GERMANY
968 SPAIN
950 ISLAMIC REPUBLIC OF IRAN
881 REPUBLIC OF KOREA
878 MOROCCO
822 CANADA
815 PERU
792 JAPAN
712 THAILAND
689 AUSTRIA
678 ROMANIA
655 POLAND
654 ISRAEL
628 SWEDEN
599 ITALY

These numbers stand for unique hosts, some of them contain several user directories etc. which means that the real count is much higher than shown here. As mentioned before, each of these hosts are spreading a set of malicious files which are sent to a user depending on the computer's environment. We used the site www.virustotal.com to confirm current detection status of 41 AntiVirus Vendors who participate on that site. The result showed that currently only 3 out of 41 vendors detect the malicious *.php file which is injected at above locations. The malicious *.pdf file scored with 4/41 and the flash content was detected by 3 out of 41 vendors.

http://www.viruslist.com/en/weblog?weblogid=208187889

Collapse -
Rogue AV Haunts This Halloween
by Donna Buenaventura / November 1, 2009 9:48 PM PST
Collapse -
The Social Gaming Ecosystem Of Hell
by Donna Buenaventura / November 1, 2009 10:00 PM PST

Last weekend I wrote about how the big social gaming companies are making hundreds of millions of dollars in revenue on Facebook and MySpace through games like Farmville and Mobsters. Major media can't stop applauding the companies long enough to understand what's really going on with these games. The real story isn't the business success of these startups. It's the completely unethical way that they are going about achieving that success.

In short, these games try to get people to pay cash for in game currency so they can level up faster and have a better overall experience. Which is fine. But for users who won't pay cash, a wide variety of "offers" are available where they can get in-game currency in exchange for lead gen-type offers. Most of these offers are bad for consumers because it confusingly gets them to pay far more for in-game currency than if they just paid cash (there are notable exceptions, but the scammy stuff tends to crowd out the legitimate offers). And it's also bad for legitimate advertisers.

The reason why I call this an ecosystem is that it's a self-reinforcing downward cycle. Users are tricked into these lead gen scams. The games get paid, and they plow that money back into Facebook and MySpace in advertising, getting more users. Who are then monetized via lead gen scams. That money is then plowed back into Facebook and MySpace in advertising to get more users...

Here's the really insidious part: game developers who monetize the best (and that's Zynga) make the most money and can spend the most on advertising. Those that won't touch this stuff (Slide and others) fall further and further behind. Other game developers have to either get in on the monetization or fall behind as well. Companies like Playdom and Playfish seem to be struggling with their conscience and are constantly shifting their policies on lead gen.

The games that scam the most, win.

http://www.techcrunch.com/2009/10/31/scamville-the-social-gaming-ecosystem-of-hell/

Collapse -
Microsoft counters Windows 7 upgrade hack advice
by Donna Buenaventura / November 1, 2009 10:13 PM PST

Sweeps 'crapware' under carpet

Microsoft has wagged its finger at users to dissuade them from hacking upgrade versions of Windows 7 to get a full copy of the new operating system on their PC. Reacting to tips being served up online, Microsoft has warned that while it's technically possible to perform what's known as a "clean" install of Windows 7 on a PC, you'll be breaking the law.

You'll be breaking the Microsoft End User License Agreement (EULA), meaning you're potentially running a pirated copy of Windows. Also, Microsoft has "reminded" small-and-medium-size businesses they cannot transfer licenses for Windows from old machines to new PCs.

Eric Ligman, global partner experience leading in Microsoft Worldwide partner group has blogged bluntly: "Bottom line is, no, OEM Microsoft Windows licenses do not have any transfer rights and live and die on the original computer they are shipped with and installed on, period.[...]

Last week's release of Windows 7 has delivered a fresh crop of advice.

http://www.theregister.co.uk/2009/10/29/windows_7_clean_install/

Collapse -
Facebook to share more user data with advertisers
by Donna Buenaventura / November 1, 2009 10:16 PM PST

In a language Canadians can understand

Facebook has rewritten its privacy policy to cut out legal jargon and has indicated it plans to broaden the types of user data it sells to advertisers.

The changes, announced by PR boss Elliot Schrage, suggest Facebook will give its paying customers more details about how their adverts perform. User data will be "anonymised", the new policy says.

"This information allows advertisers to do what is commonly called 'conversion tracking', which helps them measure the effectiveness of their ads and make them more relevant," Schrage wrote.

"Most advertisers already do this in other places on the web. Should Facebook provide this, we'll continue to respect your privacy by not sharing your information with advertisers, and we'll anonymize any information we receive."

Users who set their profile as viewable by everyone can also expect search engines to index wall posts and news feeds.

A third significant change signals Facebook's plan to exploit users' location.

http://www.theregister.co.uk/2009/10/30/facebook_privacy/

Collapse -
Case m00p
by Donna Buenaventura / November 1, 2009 10:45 PM PST

"m00p" was a virus-writing group that had more than 10 members from various countries. One of the gang members was sentenced in May last year.
Another alleged member of the gang pleaded not guilty on Friday in a London court. Trial will continue in November 2010.

http://www.f-secure.com/weblog/archives/00001804.html

Collapse -
BREDOLAB Revealed;Malware Conceals Itself as Boss's Letter
by Donna Buenaventura / November 1, 2009 10:51 PM PST

From F-Secure blog:

When BREDOLAB entered the threat landscape several months ago, it was initially thought of as a common downloader (that downloads executable files) designed for malware infection only. However, Trend Micro researchers noticed a sudden increase in its activities by August 2009. This made our researchers delved more on the inner workings and behaviors of BREDOLAB.

Our analysis then observed BREDOLAB's connections to two notorious malware families, FAKEAV and ZBOT/ZeuS. The samples always include the aforementioned malware in its download repertoire. Adding BREDOLAB in their long list of carriers, these malware families are mostly focused on information and financial theft.

BREDOLAB also exhibited certain similarities with another well-known botnet, PUSHDO in terms of downloading routines. This led our threat researchers to believe that the cybercriminals behind PUSHDO and BREDOLAB are the same.

Trend Micro's Senior Threat Researcher David Sancho has written an in-depth analysis of this new threat. Read it here: You Scratch My Back...BREDOLAB's Sudden Rise in Prominence.

http://blog.trendmicro.com/bredolab-revealed/

Malware Conceals Itself as Boss's Letter

Trend Micro threat analysts found spammed messages that pretend to be a letter coming from the "boss". It bears the subject "get back to my office for more details" and instructs users to read the attached ZIP file, which contains a letter. The ZIP attachment is, of course, not a letter but an .EXE file (info.exe) detected by Trend Micro as TROJ_CUTWAIL.GT.

http://blog.trendmicro.com/malware-conceals-itself-as-bosss-letter/

Also, Christmas Spam Spotted

With Christmas just right around the corner, spammers are already flooding users' inboxes with unwanted emails. No surprises there. Spammers are known to exploit the holidays for its malicious activities.

Just recently, Trend Micro threat analysts found another spammed messages that claimed to be a 'replication specialist' and entice users to buy replica products like watches, handbags, and jewelries in a discounted price.

http://blog.trendmicro.com/christmas-spam-spotted/

Collapse -
Microsoft Security Essentials bundled with PCs
by Donna Buenaventura / November 1, 2009 10:55 PM PST

Not everyone may realize this, but it's worth noting that all Microsoft Signature PCs (name-brand computers sold at their online and retail stores) include Microsoft Security Essentials pre-installed.

Microsoft isn't making the mistake of competing with their own OEM customers in the PC business. However, for their new PC re-selling initiative, they are hand-selecting a number of PCs from major manufacturers (Dell, HP, Lenovo, Sony, Toshiba, Asus and Acer), and creating "Signature" editions.

These special editions are pre-built with standard Windows components (IE 8, etc.), but also include Windows Media Center, Internet TV for Media Center, Microsoft Security Essentials, Bing 3D Maps, Zune 4.0 and all the major Live components.

Consider the Toshiba NB205. If you buy it from Microsoft, you'll get Microsoft Security Essentials. If you buy the exact same PC from Toshiba at the same price, you'll get Norton Internet Security pre-installed.

More from Alex in http://sunbeltblog.blogspot.com/2009/10/microsoft-security-essentials-bundled.html

Collapse -
Pirate Bay clampdown prompted file sharing site spike
by Donna Buenaventura / November 1, 2009 11:21 PM PST

A true 'cloud computing' effort, reports McAfee

Attempts to shut down notorious torrent tracker site The Pirate Bay have spurred a four-fold increase in the number of file sharing websites during the third quarter of 2009.

At least some of these sites are primarily designed to distribute scareware and other types of malware rather than pirated content.

Net security firm McAfee reports that a 300 per cent increase in file sharing sites that offer music and films has been accompanied by a sharp increase in associated malware-themed scams. Some of the newly created sites are littered with ruses designed to trick users into downloading various strains of malware.

Filesharing fans began creating their own sites in support of The Pirate Bay community when the site came under legal attack in Sweden during August, leaving it temporarily unavailable, McAfee explains.

http://www.theregister.co.uk/2009/11/02/mcafee_security_report/

Collapse -
Microsoft Report Reveals Resurgence of Worms; Rogue Security
by Donna Buenaventura / November 1, 2009 11:24 PM PST
Software Still Top Threat

Press release by MS on SIRv7: http://www.microsoft.com/presspass/press/2009/nov09/11-02WormResurgencePR.mspx

Microsoft Report Reveals Resurgence of Worms; Rogue Security Software Still Top Threat

Microsoft Corp. today released the seventh volume of the Microsoft Security Intelligence Report (SIRv7), which indicates that worm infections in the enterprise rose by nearly 100 percent during the first half of 2009 over the preceding six months. Rogue security software remains a major threat to customers; however, 20 percent fewer customers were affected by rogue infections during the past six months.

In addition, the Zlob family of trojans, considered a top threat two years ago, has drastically declined due to Microsoft’s work to aggressively clean customer machines and customers’ diligence in applying software updates.

SIRv7 provides a deep, accurate view of the threat landscape country by country. For the first time, this report shares security best practices from countries that have consistently exhibited low malware infection. These best practices and security intelligence provide a valuable resource for business leaders who need to make accurate decisions based on the threats that are most pressing today.
Collapse -
IOBit Steals Malwarebytes' Intellectual Property
by Donna Buenaventura / November 2, 2009 5:12 AM PST

Malwarebytes.org got evidence that IObit steals Malwarebytes' intellectual property
http://www.malwarebytes.org/forums/index.php?showtopic=29681

Marcin got a request to everyone to help fight IObit:

Malwarebytes intends to pursue legal action against IOBit. We demand IOBit immediately remove all traces of Malwarebytes' proprietary research and database from their software. We also demand IOBit be delisted from Download.com due to Terms of Service violations. This is criminal: it is theft, it is fraud, and we will not stand for it.

What can you do to help? If you feel the same way we do about this theft, we encourage you to send an email to hosting services such as Download.com and Majorgeeks.com requesting that all IOBit software be removed.

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

GIVEAWAY

Turn up the volume with our Apple Byte sweeps!

Two lucky winners will take home the coveted smart speaker that lets Siri help you around your connected house. This sweepstake ends Feb. 25, 2018.