12 total posts
Kaspersky: Gumblar update
From their Viruslist blog:
As expected, we can confirm more compromised machines. Our current count looks as follows:
7798 UNITED STATES
1094 RUSSIAN FEDERATION
950 ISLAMIC REPUBLIC OF IRAN
881 REPUBLIC OF KOREA
These numbers stand for unique hosts, some of them contain several user directories etc. which means that the real count is much higher than shown here. As mentioned before, each of these hosts are spreading a set of malicious files which are sent to a user depending on the computer's environment. We used the site www.virustotal.com to confirm current detection status of 41 AntiVirus Vendors who participate on that site. The result showed that currently only 3 out of 41 vendors detect the malicious *.php file which is injected at above locations. The malicious *.pdf file scored with 4/41 and the flash content was detected by 3 out of 41 vendors.
Rogue AV Haunts This Halloween
Festive search words are a favorite with scammers as a lure to what they have to offer, as David Marcus had just recently warned about the Halloween-themed threats.
In a recent research, we have found that search results for "scary halloween pumpkin designs" could lead users to a hijacked webpage hosting rogue security products.
The Social Gaming Ecosystem Of Hell
Last weekend I wrote about how the big social gaming companies are making hundreds of millions of dollars in revenue on Facebook and MySpace through games like Farmville and Mobsters. Major media can't stop applauding the companies long enough to understand what's really going on with these games. The real story isn't the business success of these startups. It's the completely unethical way that they are going about achieving that success.
In short, these games try to get people to pay cash for in game currency so they can level up faster and have a better overall experience. Which is fine. But for users who won't pay cash, a wide variety of "offers" are available where they can get in-game currency in exchange for lead gen-type offers. Most of these offers are bad for consumers because it confusingly gets them to pay far more for in-game currency than if they just paid cash (there are notable exceptions, but the scammy stuff tends to crowd out the legitimate offers). And it's also bad for legitimate advertisers.
The reason why I call this an ecosystem is that it's a self-reinforcing downward cycle. Users are tricked into these lead gen scams. The games get paid, and they plow that money back into Facebook and MySpace in advertising, getting more users. Who are then monetized via lead gen scams. That money is then plowed back into Facebook and MySpace in advertising to get more users...
Here's the really insidious part: game developers who monetize the best (and that's Zynga) make the most money and can spend the most on advertising. Those that won't touch this stuff (Slide and others) fall further and further behind. Other game developers have to either get in on the monetization or fall behind as well. Companies like Playdom and Playfish seem to be struggling with their conscience and are constantly shifting their policies on lead gen.
The games that scam the most, win.
Microsoft counters Windows 7 upgrade hack advice
Sweeps 'crapware' under carpet
Microsoft has wagged its finger at users to dissuade them from hacking upgrade versions of Windows 7 to get a full copy of the new operating system on their PC. Reacting to tips being served up online, Microsoft has warned that while it's technically possible to perform what's known as a "clean" install of Windows 7 on a PC, you'll be breaking the law.
You'll be breaking the Microsoft End User License Agreement (EULA), meaning you're potentially running a pirated copy of Windows. Also, Microsoft has "reminded" small-and-medium-size businesses they cannot transfer licenses for Windows from old machines to new PCs.
Eric Ligman, global partner experience leading in Microsoft Worldwide partner group has blogged bluntly: "Bottom line is, no, OEM Microsoft Windows licenses do not have any transfer rights and live and die on the original computer they are shipped with and installed on, period.[...]
Last week's release of Windows 7 has delivered a fresh crop of advice.
Facebook to share more user data with advertisers
In a language Canadians can understand
The changes, announced by PR boss Elliot Schrage, suggest Facebook will give its paying customers more details about how their adverts perform. User data will be "anonymised", the new policy says.
"This information allows advertisers to do what is commonly called 'conversion tracking', which helps them measure the effectiveness of their ads and make them more relevant," Schrage wrote.
"Most advertisers already do this in other places on the web. Should Facebook provide this, we'll continue to respect your privacy by not sharing your information with advertisers, and we'll anonymize any information we receive."
Users who set their profile as viewable by everyone can also expect search engines to index wall posts and news feeds.
A third significant change signals Facebook's plan to exploit users' location.
"m00p" was a virus-writing group that had more than 10 members from various countries. One of the gang members was sentenced in May last year.
Another alleged member of the gang pleaded not guilty on Friday in a London court. Trial will continue in November 2010.
BREDOLAB Revealed;Malware Conceals Itself as Boss's Letter
From F-Secure blog:
When BREDOLAB entered the threat landscape several months ago, it was initially thought of as a common downloader (that downloads executable files) designed for malware infection only. However, Trend Micro researchers noticed a sudden increase in its activities by August 2009. This made our researchers delved more on the inner workings and behaviors of BREDOLAB.
Our analysis then observed BREDOLAB's connections to two notorious malware families, FAKEAV and ZBOT/ZeuS. The samples always include the aforementioned malware in its download repertoire. Adding BREDOLAB in their long list of carriers, these malware families are mostly focused on information and financial theft.
BREDOLAB also exhibited certain similarities with another well-known botnet, PUSHDO in terms of downloading routines. This led our threat researchers to believe that the cybercriminals behind PUSHDO and BREDOLAB are the same.
Trend Micro's Senior Threat Researcher David Sancho has written an in-depth analysis of this new threat. Read it here: You Scratch My Back...BREDOLAB's Sudden Rise in Prominence.
Malware Conceals Itself as Boss's Letter
Trend Micro threat analysts found spammed messages that pretend to be a letter coming from the "boss". It bears the subject "get back to my office for more details" and instructs users to read the attached ZIP file, which contains a letter. The ZIP attachment is, of course, not a letter but an .EXE file (info.exe) detected by Trend Micro as TROJ_CUTWAIL.GT.
Also, Christmas Spam Spotted
With Christmas just right around the corner, spammers are already flooding users' inboxes with unwanted emails. No surprises there. Spammers are known to exploit the holidays for its malicious activities.
Just recently, Trend Micro threat analysts found another spammed messages that claimed to be a 'replication specialist' and entice users to buy replica products like watches, handbags, and jewelries in a discounted price.
Microsoft Security Essentials bundled with PCs
Not everyone may realize this, but it's worth noting that all Microsoft Signature PCs (name-brand computers sold at their online and retail stores) include Microsoft Security Essentials pre-installed.
Microsoft isn't making the mistake of competing with their own OEM customers in the PC business. However, for their new PC re-selling initiative, they are hand-selecting a number of PCs from major manufacturers (Dell, HP, Lenovo, Sony, Toshiba, Asus and Acer), and creating "Signature" editions.
These special editions are pre-built with standard Windows components (IE 8, etc.), but also include Windows Media Center, Internet TV for Media Center, Microsoft Security Essentials, Bing 3D Maps, Zune 4.0 and all the major Live components.
Consider the Toshiba NB205. If you buy it from Microsoft, you'll get Microsoft Security Essentials. If you buy the exact same PC from Toshiba at the same price, you'll get Norton Internet Security pre-installed.
More from Alex in http://sunbeltblog.blogspot.com/2009/10/microsoft-security-essentials-bundled.html
Pirate Bay clampdown prompted file sharing site spike
A true 'cloud computing' effort, reports McAfee
Attempts to shut down notorious torrent tracker site The Pirate Bay have spurred a four-fold increase in the number of file sharing websites during the third quarter of 2009.
At least some of these sites are primarily designed to distribute scareware and other types of malware rather than pirated content.
Net security firm McAfee reports that a 300 per cent increase in file sharing sites that offer music and films has been accompanied by a sharp increase in associated malware-themed scams. Some of the newly created sites are littered with ruses designed to trick users into downloading various strains of malware.
Filesharing fans began creating their own sites in support of The Pirate Bay community when the site came under legal attack in Sweden during August, leaving it temporarily unavailable, McAfee explains.
Microsoft Report Reveals Resurgence of Worms; Rogue Security
Software Still Top Threat
Press release by MS on SIRv7: http://www.microsoft.com/presspass/press/2009/nov09/11-02WormResurgencePR.mspx
Microsoft Report Reveals Resurgence of Worms; Rogue Security Software Still Top Threat
Microsoft Corp. today released the seventh volume of the Microsoft Security Intelligence Report (SIRv7), which indicates that worm infections in the enterprise rose by nearly 100 percent during the first half of 2009 over the preceding six months. Rogue security software remains a major threat to customers; however, 20 percent fewer customers were affected by rogue infections during the past six months.
In addition, the Zlob family of trojans, considered a top threat two years ago, has drastically declined due to Microsoft’s work to aggressively clean customer machines and customers’ diligence in applying software updates.
SIRv7 provides a deep, accurate view of the threat landscape country by country. For the first time, this report shares security best practices from countries that have consistently exhibited low malware infection. These best practices and security intelligence provide a valuable resource for business leaders who need to make accurate decisions based on the threats that are most pressing today.
IOBit Steals Malwarebytes' Intellectual Property
Malwarebytes.org got evidence that IObit steals Malwarebytes' intellectual property
Marcin got a request to everyone to help fight IObit:
Malwarebytes intends to pursue legal action against IOBit. We demand IOBit immediately remove all traces of Malwarebytes' proprietary research and database from their software. We also demand IOBit be delisted from Download.com due to Terms of Service violations. This is criminal: it is theft, it is fraud, and we will not stand for it.
What can you do to help? If you feel the same way we do about this theft, we encourage you to send an email to hosting services such as Download.com and Majorgeeks.com requesting that all IOBit software be removed.