Spyware, Viruses, & Security forum

General discussion

NEWS - October 1, 2009

Microsoft blocks pirates from Security Essentials antivirus

Free software installs only on legit Windows

By Gregg Keizer
Published: 01 October 09

Microsoft will block users running counterfeit copies of Windows from installing the free Security Essentials antivirus software, the head of the company's anti-piracy group has said.

Security Essentials, which launched early Tuesday, is basic anti-virus and anti-spyware software that Microsoft touts as suitable for users who can't, or won't, pay for security.

"During installation, you'll be asked to validate Windows running on your PC to make sure that it's genuine," said Alex Kochis, director of Microsoft's Genuine Windows team, in a post to a company blog Tuesday. Genuine Windows is the umbrella label for several of the company's anti-piracy technologies, including product activation and the often-criticised validation and notification components, which regularly determine whether the copy of Windows running on a PC is legitimate.

Continued here: http://news.techworld.com/security/3203037/microsoft-blocks-pirates-from-security-essentials-antivirus/
Discussion is locked
You are posting a reply to: NEWS - October 1, 2009
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - October 1, 2009
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Next-gen Trojan rewrites bank statements

In reply to: NEWS - October 1, 2009

Crooks loot $440K using uber-subtle stealth malware

By John Leyden
1st October 2009

Black hat hackers have created a new strain of Trojan that rewrites online bank statements to disguise fraud.

Victims of the URLZone Trojan would only realise their bank account has been looted after they check their balance with a bank branch or via an ATM.

Cybercriminals distribute the malware by booby-trapping websites (many of them legitimate) using the LuckySpoilt toolkit. Malicious pdf files or JavaScripts are used to push the URLZone Trojan onto the vulnerable Windows boxes of visiting surfers.

The malware features a keystroke logger that captures bank login credentials and takes screenshots of activities on bank accounts, each of which were forwarded to a command and control server hosted in the Ukraine.

Continued here: http://www.theregister.co.uk/2009/10/01/next_gen_bank_trojan/
Collapse -
Botnet control server camouflages commands as JPEG images

In reply to: NEWS - October 1, 2009

1 October 2009

The command and control server for the Monkif botnet is reportedly using a rudimentary technique to mask network communication by camouflaging commands to its drones as JPEG images. According to monitoring by Websense, the Monkif C&C server, operating as a web server, responds to queries from bots with an HTTP packet in which the Content-Type header is set to "image/jpeg". The packet also includes a fake, but valid, JPEG header. Rather than an image, the rest of the packet contains an encoded command (XOR'd with 0x4).

Continued here: http://www.h-online.com/security/Botnet-control-server-camouflages-commands-as-JPEG-images--/news/114370

Collapse -
Botnet buries commands in image files

In reply to: Botnet control server camouflages commands as JPEG images

Stego backdoor hub

Security researchers have identified a botnet that borrows an idea from steganography by burying commands in jpg images.

The DlKhora botnet, which is primarily geared towards downloading other strains of malware, encodes instructions so that the command and control server appears to be serving up image files, SecureWorks reports.

The server sets the HTTP Content-Type header to ?image/jpeg? and prefaces the bot commands with a fake 32-byte JPEG header. The bot checks if the header matches and decodes the rest of the response to retrieve its commands. The commands are encoded using a single byte XOR with 0
Collapse -
Twitter Abuse Growing Rampant

In reply to: NEWS - October 1, 2009

Social networks are rapidly becoming a primary channel to market for malware distributors and other cyber-criminals as the use of popular sites such as Twitter continues to take off, and the communications vehicles subsequently create new opportunities for attackers to hide their threats using features such as so-called link shorteners.

Attackers have been working to infiltrate and abuse social networks for years, but the issue is becoming truly pervasive nowadays as they shift even more of their efforts away from more traditional electronic messaging systems and distribute a greater share of their nefarious content over so-called Web 2.0 sites, in particular Twitter, according to Symantec security researcher Ben Nahorney.

The distribution of malware infection links over Twitter has become particularly problematic of late, Nahorney noted in a recent blog post. Since the 140 character limit for posts to made over micro-blogging platform has lead to widespread use of URL-shorteners obscure address details, and even savvy users of Twitter are likely taking bigger risks, the implication appears to be.

Continued here: http://securitywatch.eweek.com/twitter/twitter_abuse_growing_rampant.html

Collapse -
Google has Chrome Frame plug-in for Firefox up its sleeve..

In reply to: NEWS - October 1, 2009

"Google has Chrome Frame plug-in for Firefox up its sleeve, says Mozilla"

Source code points to possible 'browser-in-a-browser' plug-in for Firefox, Opera

By Gregg Keizer
October 1, 2009

Google may intend to produce a Chrome Frame plug-in for Firefox, Mozilla's chief engineer said.

"The code is certainly there," said Mike Shaver, Mozilla's vice president of engineering, referring to parts of the Chrome Frame source code that indicate Google could crank out a Firefox plug-in similar to what Google released last week for Microsoft's Internet Explorer (IE).

"But source code doesn't speak to intent," Shaver added Wednesday, saying he had no inside knowledge as to whether Google would, in fact, expand its browser-in-a-browser plug-in concept to Firefox.

Chrome Frame, which Google launched Sept. 23, currently only supports IE6, IE7 and IE8, and lets those Microsoft browsers utilize the Chrome browser's WebKit rendering engine, as well as its V8 JavaScript engine. Google pitched the plug-in as a way to instantly boost the speed of the notoriously slow IE and as a means for Web developers to support standards IE can't handle, including HTML 5.

More here: http://www.computerworld.com/s/article/9138740/Google_has_Chrome_Frame_plug_in_for_Firefox_up_its_sleeve_says_Mozilla
Collapse -
Fake antivirus overwhelming scanners

In reply to: NEWS - October 1, 2009

Criminals look for easy money.

By John E. Dunn
Published: 15:25 GMT, 01 October 09

Fake antivirus programs are multiplying at such a rate they could start to overwhelm the detection capabilities of signature-based scanners, the latest figures from the Anti-Phishing Working Group (APWG) have hinted.

Rogue or bogus programs passing themselves off as real antivirus software have been one of the malware themes of 2009, but the APWG's numbers for the first half of the year show that the organisation's members detected 485,000 samples, more than five times the total for the whole of 2008.

The reason for the growth in numbers is what is known in technical terminology as ?polymorphism', and old defence technique which involves changing the binary checksum of every copy (or download) of a piece of malware. This makes it much more difficult for antivirus programs to detect the programs.

More here: http://news.techworld.com/security/3203072/fake-antivirus-overwhelming-scanners/


Malware worldwide grows 15 percent in September

By Lance Whitney

A rise in malware has caused the number of infected PCs worldwide to increase 15 percent just from August to September, says a report released Tuesday from antivirus vendor Panda Security.

Across the globe, the average number of PCs hit by malware now stands around 59 percent, an all-time high for the year. Among 29 countries tracked, the U.S. ranked ninth with slightly more than 58 percent of its PCs infected. Taiwan hit first place with an infection ratio of 69 percent, while Norway came in lowest with only 39 percent of its PCs attacked by malware.

Here: http://news.cnet.com/8301-1009_3-10363373-83.html?tag=nl.e757
Collapse -
Facebook Hit With New Spyware Scam

In reply to: NEWS - October 1, 2009

Hackers bypassed the social networking site's captchas to create new accounts at will.

October 1, 2009
By Larry Barrett:

Facebook on Thursday was hit with yet another spyware attack.

This time hackers managed to crack the security captchas -- the words or letter combinations that users are asked to retype when registering -- to create new Facebook accounts designed to steal users' account and personal information.

Roger Thompson, chief of research at AVG Technologies, detailed this latest scam in a blog post Thursday morning. He said that this new tactic was "one of the first if not the first time" that hackers were able to compromise the Facebook captcha.

"We're seeing a lot of these, all from different profiles, but with the same picture and link," Thompson said. "I'm sure Facebook will deactivate all these accounts as quickly as they find them, but it can't be an easy thing for them to find."

Facebook spokesman Simon Axten told InternetNews.com the social-networking site is working to identify all the bogus accounts in order to disable them en masse.

Continued here: http://www.internetnews.com/security/article.php/3841921/Facebook+Hit+With+New+Spyware+Scam.htm

Automated Facebook Attack underway

October 01, 2009

Today our LinkScanner users started detecting rogue spyware attacks that seemed to be originating from Facebook. The first profile that we looked at looked like this ?

(See Screenshots within Article)

We're seeing rather a lot of these, all from different profiles, but with the same picture and link. Clearly, the Data Snatchers have found a way to automate the creation of Facebook accounts, which means they've found a way to bypass the Facebook Capcha (the image of letters which are required for a new account, which are supposed to ensure that a human is involved).

I'm sure Facebook will deactivate all these accounts as quickly as they find them, but it can't be an easy thing for them to find.

More here: http://thompson.blog.avg.com/2009/10/automated-facebook-attack-underway.html
Collapse -
One thumb up for MS Security Essentials in early tests

In reply to: NEWS - October 1, 2009

Detection fair but clean-up lacking, reports AV-Test.org

By John Leyden
1st October 2009

Independent testing lab AV-Test.org has published one of the first reviews of Microsoft Security Essentials, Redmond's freebie anti-virus package.

The software earned favourable comparison with other free packages, such as AVG and Avast. Detection rates were respectable and the product scored plaudits in avoiding false positives, a perennial problem for anti-virus scanner where legitimate files are detected as potentially malign and put into quarantine, sometimes hobbling systems in the process.

Most of the worst problems occur when anti-virus scanners decide that Windows systems files might be dodgy. Microsoft has an obvious advantage in been able to avoid such problems. Even so, minimising the risk of false positives is a big plus mark for Microsoft Security Essentials.

Continued here: http://www.theregister.co.uk/2009/10/01/ms_security_essentials_review/
Collapse -
Mozilla Tests More Secure Firefox

In reply to: NEWS - October 1, 2009

Versions of Firefox with enhanced cross-site scripting protection have been released for testing

By Thomas Claburn
October 1, 2009 05:20 PM

Mozilla on Wednesday posted preview builds of its Firefox browser with security enhancements designed to mitigate the risk of certain Web attacks.

In a blog post, Brandon Sterne, security program manager for Mozilla, asks security researchers and server administrators to help test the changes by downloading a build appropriate for their operating system.

The preview versions of Firefox implement a specification called Content Security Policy (CSP), which is designed to protect against cross site scripting (XSS) attacks.

CSP originally also addressed cross site request forgery (CSRF) attacks, but the anti-CSRF measures have been moved into a separate security specification called the Origin Header proposal.

XSS and CSRF attacks have been used for data theft, Web site defacement, and malware distribution. They're typically made possible by Web application coding errors.

More here: http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=220300750
Collapse -
Targeted e-mails distribute malware in PayChoice breach

In reply to: NEWS - October 1, 2009

by Elinor Mills
October 1, 2009

Payroll processor PayChoice said on Thursday it is investigating a breach in which customers received targeted emails purporting to be from the company that were designed to trick people into downloading malware.

Workers received e-mails last week that directed them to download a browser plug-in or visit a Web site so they could continue accessing the Onlineemployer.com PayChoice portal. Malware in the download and on the Web site turned out to exploit holes in Internet Explorer, Adobe Flash and Adobe Reader, PayChoice said.

The emails were targeted to individuals and included their user names, login IDs and partial passwords, thus increasing the chance that recipients would be likely to fall for the ruse.

In a statement, PayChoice did not say how many people received the e-mails, but said most of the employees served by PayChoice do not use the portal. PayChoice, based in Moorestown, New Jersey, provides payroll software and services to 125,000 businesses.

Continued here: http://news.cnet.com/security/?tag=hdr;snav

Popular Forums

Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Sublime suburban chariot

High on style and technology, the 2019 Volvo XC90 is an incredibly satisfying everyday crossover.