General discussion

NEWS - October 11, 2010

Call to change PC security tools

An initiative has been kicked off that hopes to improve the way PC users are protected from viruses. It will create and distribute a small program that will gather statistics on how quickly security companies find and remove malicious code.

The figures will reveal if users are being left vulnerable and for how long as well as rank response times. But some experts say such simple tools could give a false impression and may prove hard to develop.

"In the last two to three years we have seen more individual pieces of malware than in the entire 30 years before that time," said Mr Chris Bolin, a former chief technology officer at McAfee who is now head of UK security firm Prevx, which is trying to start the initiative.

Discussion is locked

Reply to: NEWS - October 11, 2010
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - October 11, 2010
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
- Collapse -
New threat set to dethrone Zeus

The position of the infamous Zeus trojan may be usurped by a new upstart that is unknown to four of the six largest antivirus companies and has already been used by a criminal group to empty bank accounts across Europe and America.

The latest incarnation of the Carberp trojan possesses most of the tricks used by Zeus to steal millions of dollars from bank accounts around the world, and targets the most popular operating systems and web browsers including Microsoft's Windows 7, Vista and XP, as well as the Internet Explorer and Mozilla Firefox web browsers.

It also attempts to seek and destroy or disable rival bank account-stealing trojans, including Zeus. However, it is not known if the malware possesses the capability to remove the malware.

Security companies have yet to agree on the characteristics of Carberp. To some security companies Carberp is considered a derivative of Zeus. Less harmful variants of Carberp exist including malware downloaders and generic trojans, but this latest instance is considered the first fully-capable banking trojan of its kind.

"Carberp is different. It is very, very sophisticated and I expect the infection rates to be the same as Zeus," said Andreas Baumhof, co-founder and chief technology officer of secure banking authentication firm TrustDefender. He said the trojan is as yet unknown to the big antivirus companies. [...]

The company's research arm identified the new Carberp variant three months ago and has now deconstructed it.

- Collapse -
Online pharmacy spam campaign faking Twitter

From Avira TechBlog:

During the weekend our spamtraps received large amounts of emails pretending to come from Twitter. This time, the social engineering twist lies within the subject of the email: It is ?You have 2 urgent messages from Twitter!?, creating psychological pressure by some kind of emergency within in the social surroundings of Twitter users. This way the spammers try to increase the rate of the users that are opening the email and click on the links.

In the email there are actually two different links pointing to two different domains. The targets do nothing else than to redirect the browser to the final website, hosting a fake Canadian Pharma website.

- Collapse -
Oracle plans comprehensive patch day - including Java

As it did in mid-July, Oracle has announced another comprehensive patch day to close a total of 81 security holes. Oracle says that the Critical Patch Update, planned for the 12th of October, will affect hundreds of Oracle products. Thirty one of the holes are said to be in products from the former Sun portfolio, which is now called the "Oracle Sun Product Suite".

Oracle advises users to install the patches as soon as they become available, as many of the security holes are rated critical. For instance, one of seven holes in the Oracle Database Server grants remote access to intruders without requiring user name or password authentication. Users of Fusion middleware and the E-Business Suite are facing the same risk. Due to similar security holes in various versions of the Java Development Kit (JDK) and the Java Runtime Environment (JRE), Oracle has also announced patches for 29 critical holes in Java SE and in Java for Business.

- Collapse -
OMG? Not txtin again? Beware Facebook rogue applications

Over the weekend I saw a large number of Facebook users were searching my blog for information about a Facebook scam that disguises itself as a status update saying the user will "never text again". A couple of times in the last few months we've seen this is a successful method for encouraging hundreds of thousands of unsuspecting Facebook users to click on a link.

Well, from the scammers point of view, if it ain't broke why fix it? Sure enough, they're using the ploy again to dupe Facebook addicts. [Screenshot]

'OMG! Im never going to send another text message again after seeing this! <LINK>'

At the time of writing, these messages appear to have slowed on Facebook. But that may be because they have been superceded by a yet another new incarnation of the campaign, which uses different wording and spelling: [Screenshot]

'OMG! Im not txtin again now that I have seen this! <LINK>'

However, the link that these latest messages point to, which takes the user via the short url redirection service, remains the same.

Clicking on the link takes you to a Facebook page, which encourages you to click onward, and permit a rogue application to have access to your profile.

Continued @ Graham Cluley's Blog

- Collapse -
India Plans to Develop Its Own Computer Operating System

India plans to develop a new computer operating system, with an eye to enhancing the security of its computer systems, a government spokesman said on Monday.

The new operating system is being developed by the country's Defence Research & Development Organization (DRDO), Ravi Kumar Gupta, a spokesman for the DRDO, said.

The DRDO is a wing of the country's Ministry of Defence, and has about 50 laboratories specialized in developing technologies in a number of areas including aeronautics, armaments, electronics, combat vehicles, engineering systems, instrumentation, missiles, advanced computing and simulation, special materials, naval systems, life sciences, training, information systems and agriculture.

Although the new operating system will be originally developed for defense applications, it may also be made available to the commercial sector, Gupta said.

- Collapse -
Ubuntu 10.10 Maverick Meerkat released

Every April and October, Ubuntu issues a new release of their operating system, with an interesting code name. Today Ubuntu released their next major version, codenamed "Maverick Meerkat", which just so happened to be released on 10/10/10 at 10:10 UTC.

With the new Ubuntu 10.10 release, comes a new font in the typeface family, bringing users Latin, Cyrillic and Greek with the choice of regular, italic, bold and bold italic styles and weights. Not only does this release ship with a new font, but Ubuntu has become the first ever operating system to ship with the new Indian Rupee Sign for their currency. Ubuntu will continue to work on Arabic, Hebrew and Monospace font support in future releases.

Ubuntu 10.10 brings an improved installer with a new design, making it easier to use and install updates and drivers. [Screenshot]

What's new in this release?

* The GNOME base platform has been updated to version 2.32, which includes dconf and gsettings API.
* Evolution was updated to version 2.30, which operates much faster than previous versions.
* F-Spot has now been replaced by Shotwell as the default photo manager.
* Gwibber has been updated to use Twitters new OAuth, their new authentication system.
* The sound menu has been enhanced to include music player controls.
* Ubuntu One has received a big update with improved sign-up and sign-in integration, Nautilus enhancements for managing folder sync preferences, faster file transfer speeds and the ability to share links to music within the Ubuntu One Music Store.
* New bootup screen.

- Collapse -
Microsoft unveils new mobile platform, Windows Phone 7

Microsoft unveiled a new mobile phone operating system Monday in a bid to regain ground lost to the iPhone, Blackberry and devices powered by Google's Android software.

Microsoft chief executive Steve Ballmer took the wraps off nine mobile phones powered by Windows Phone 7 (WP7) during an event held at a loft in New York's Chelsea neighborhood.

Ballmer said more than 60 mobile operators around the world will offer the devices, made by South Korea's Samsung and LG Electronics, Taiwan's HTC and US computer giant Dell, in more than 30 countries.

"We have built a different kind of a phone," Ballmer said. "We set out to build a phone that was thoroughly modern."

With WP7, Microsoft is emphasizing personalization and customization, the company's CEO said.

"We focused on the things that real people really want to use," he added. "We really put our energy into bringing together the things that you love."

- Collapse -
A foolproof drive-by-download blocking tool?

A seemingly foolproof tool for blocking drive-by-download attacks has been developed by a group of researchers at the Georgia Institute of Technology and California-based SRI International.

The name of the tool is BLADE (an acronym for Block All Drive-By Download Exploits) and it's = as one of the researchers says - browser-independent and "vulnerability and exploit agnostic". It has been tried on various versions of Internet Explorer and Firefox, and the result is astounding: all of the circa 1,900 drive-by installation attempts blocked and no false positives. An added bonus is that it doesn't hog computer resources.

How does it work? "BLADE monitors and analyzes everything that is downloaded to a user's hard drive to cross-check whether the user authorized the computer to open, run or store the file on the hard drive. If the answer is no to these questions, BLADE stops the program from installing or running and removes it from the hard drive," said Long Lu - a Georgia Tech graduate student and one of the developers of BLADE - to Science Daily. Also, all downloads are stored to a "secure zone" of the hard drive so that BLADE can determine whether the software is malicious or not.

See Science Daily : BLADE Software Eliminates 'Drive-by Downloads' from Malicious Websites

- Collapse -
Warhammer Online Gold Sellers Can Lead To Malware

Ok I game. Get over it but this REALLY does relate to malware and malicious website research?.. just stay with me.

Warhammer Online has what they call an "Endless Trial". Meaning you can play the game for free, theoretically, forever (its not a full featured client but it is real nice). Anyway the first time I logged on I noticed a few naughty bits but didn't get screenshots so I thought I would rectify that egregious oversight on my part.

Below is a what a player is presented with post-logon, after their character is created. Take notice of the lower left hand side of the pane:
[Screenshot:Warhammer Post Logon]

Zooming in a bit closer we see that it is an advertisement for someone selling gold: [Screenshot]

We have not been playing the game long at all and we are already getting in-game advertisements? what most gamers fail to understand is the danger that may lay just behind the link. Lets have a look at the website in a browser?..

Continued @ the McAfee Labs Blog

- Collapse -
Java: A Gift to Exploit Pack Makers

I have long urged readers who have no need for Java to remove the program, because failing to keep this software updated with the latest security patches exposes users to dangerous, ubiquitous attacks. In this blog post, I'll show readers how attacks against Java vulnerabilities have fast emerged as the top moneymaker for authors of the best-selling "exploit kits," commercial crimeware designed to be stitched into hacked or malicious sites and exploit a variety of Web-browser vulnerabilities.

Take one look at the newest kit on the block - "Blackhole" - and it is obvious that Java vulnerabilities continue to give attackers the most mileage and profit, and have surpassed Adobe flaws as the most successful exploit vehicles.

I spoke briefly via instant message with the developer of this Blackhole kit (pictured at right), and he assured me that these images were taken from a working installation. The screen shot here shows the administration panel for this exploit pack, which lists the number of hits and downloads. The statistics show that on average this kit finds a working exploit that it can use to install malicious software on a visiting host about 10 percent of the time.

CNET Forums

Forum Info