IndiaTimes.com Visitors Risk High Exposure To Malware

Malware infection risk to Indiatimes visitors

:- Visitors to IndiaTimes.com, a major English-language Indian news site, risk infecting their computers with a deluge of malware, according to Mary Landesman, senior security researcher at ScanSafe.

"It's an entire cocktail of downloader Trojans and dropper Trojans," Landesman said Friday, putting the number of malicious files involved at 434. This includes scripts, binaries, cookies, and images.

Landesman characterized the size of the malicious payload as unusually large. She also noted that the attack involved a large number of Web sites. Analyzing just two of the binaries, she said that ScanSafe had identified at least 18 different IP addresses involved in the attack.

"Only certain pages of the IndiaTimes.com are infected," ScanSafe said in its Nov. 9 Threat Alert. "The impacted pages contain a script which points to a remote site containing iframes pointing to two additional sites. One of the sites included cookie scripts and an iframe pointing to a non-active site. The other iframe pointed to an encrypted script which exploits multiple vulnerabilities in an attempt to download malicious software onto susceptible systems of users visiting indiatimes.com."

"It appears that the Metasploit Framework was the framework used to facilitate these attacks," Landesman said. The Metasploit Framework is a security testing tool that can also be used maliciously.

Landesman decline to elaborate on the specifics of the exploit other than to say it involved cross-site scripting and that it could turn the victim's computer into a site for malware distribution. "We have reason to believe these are zero-day vulnerabilities," she said. "What we don't want to do is irresponsibly lead people to those exploit pages."

ScanSafe's Nov. 9 Threat Alert identifies one of the vulnerabilities as the MDAC vulnerability described in Microsoft Security Bulletin MS06-014.

Warning that much of current antivirus software misses this exploit, Landesman said that "a person even with up-to-date antivirus software is going to be susceptible to this. In the normal course of using this service, you'd arrive at this page and you'd be silently infected."

Malware Planted on MySpace Once Again

Attackers are piggybacking on the fame of R&B recording artist Alicia Keys to spread their malware over the Web. Keys' MySpace page has been infected with malicious software.

Exploit Prevention Labs discovered the attack, one of several targeted MySpace pages. French funk band Greements of Fortune and Glasgow rock band Dykeenies were also targets of the Web-based attack.

"When a visitor visits the infected page, they're first hit by an exploit which installs malware in the background if they're not fully patched against the latest security vulnerabilities, and next they're presented with a fake codec which tells them they need to install a codec to view the video," said Roger Thompson, CTO at Exploit Prevention Labs. "So even if they're patched, they can fall victim to the exploit."

One Hack After Another
Specifically, visitors to these MySpace pages are directed to co8vd.cn/s. This appears to be a Chinese malware site. If the visitors accept the code installation, the site installs malicious software. You can view a video demonstration of the attack on YouTube.

The hack has some interesting characteristics, Thompson explained. "Perhaps most interesting, the bad guys are using a creative hack we haven't seen before: The HTML in the page contains some sort of image map, which basically makes it so you can click on anything over a wide area on the page and your click is directed to the malicious hyperlink," he said. "We tested it and even the ads were affected."

MySpace officials could not immediately be reached for comment, but Thompson reported that the popular social-networking site fixed the pages in question within hours of the discovery. However, yet another hack was discovered just a few hours later, and a new image code has appeared that Thompson warned could be coming online soon.

Online Privacy Policies Don't Do Their Job, Critics Say

Online privacy policies need to be easier to understand and more conspicuous because few people now actually read them, said panelists at a U.S. Federal Trade Commission workshop on targeted online advertising.

While privacy policies can help users understand what personal information is being collected, they often need "college-level reading skills" to understand them, said Lorrie Faith Cranor, a Carnegie Mellon University computer science professor who's done research on privacy policies.

Cranor suggested FTC action may be necessary to help standardize privacy notices online. "We should look at the whole picture and think, 'Do we need nutrition labels for privacy?'" she said during the second day of an FTC workshop examining concerns about targeted online advertising.

Representatives of Microsoft, Google and Yahoo told audience members they're working to make privacy policies easier to understand and notices about data collection more immediate.

Representatives of eBay and Yahoo said their companies are experimenting with small question-mark shaped links on targeted ads that explain why a customer was shown the ad.

Microsoft tries to provide frequent links to its privacy policy, and makes it available every time customers sign up for a service, said Peter Cullen, chief privacy strategist at Microsoft. "Now, do we make sure they have to scroll through the short-form [privacy] notice?" he said. "No, because in all honesty, our customers have said that's overdoing it."

But Esther Dyson, Internet policy commentator and founder of EDventure.com, called on online advertising companies to use the same "brilliance" they have for delivering targeted ads to deliver targeted privacy policies and data-collection warnings to individual Web users.

Static privacy polices have limited appeal, she said. "I don't think you can force consumers to look at this stuff," Dyson said. "If they're interested, they do click. The problem is what they can find when they click, which is mostly incomprehensible."

She called on Web sites to tell individuals specifically what information is collected about them.

But "just-in-time" privacy notices take up space, said some panelists. "Every pixel fights for its life," Cullen said.

Joel Winston, associate director of the FTC's Division of Privacy and Identity Protection, opened the second day of the e-behavioral workshop by asking whether privacy notices could be made better, or whether they just don't work.

Part of the problem is that many privacy policies change without warning, and users have to go back to the policy to see the changes, said Carlos Jensen, a computer science professor at Oregon State University. "Reading a privacy policy that could change five seconds after you read it means I'm not going to bother," he said.

More standardization of privacy notices is needed, Jensen said. Web users don't want to wade through multiple Web sites with different privacy notices in different locations, he said.

But Web sites are still experimenting with the best ways to deliver privacy notices, said Colin O'Malley, director of strategic business at Truste. Web sites should still be allowed to figure the best approach before the FTC gets involved, he said.

"We don't want to lead with a prescription," he said.

A better system is needed, and Web sites need to give more detailed information about the personal data they collect, said Jeffrey Chester, executive director of the Center for Digital Democracy and a critic of targeted advertising practices.

"There has to be a simple, unified way to tell the individual exactly what is going on," he said. "Why can't you say you're collecting and targeting and profiling this information? Why can't you say [to users] what you tell your clients?"

Aladdin eSafe Secure Web Gateway Blocks 100 percent of Anonymous Proxies

Anonymous proxies, or anonymizers, are Web sites that allow Internet users to connect to the Web through an external Web site, thereby bypassing any restrictions typically enforced on the local network.

This bypass mechanism, though originally designed for safe, anonymous Web surfing, proves extremely dangerous for businesses, schools and other organizations. It opens any computer to all malware that is usually filtered out by a gateway device, and malware is now free to enter the computer and the network – facing only traditional security measures that have proven ineffective against the new waves of malware threats.

Many using anonymous proxies simply want to access MySpace, YouTube and other restricted sites while at work and are completely unaware of the threat proxies pose to the organization. In a recent SearchSecurity.com poll, 27 percent of respondents said they would consider using anonymous proxies and 9 percent said they are already using them.

Since proxy servers frequently change URL addresses, it is impossible for URL filters to keep up with elusive proxy servers. The eSafe Anti-Anonymizer goes beyond traditional filtering methods to also proactively block anonymous proxies based on their site code and communications behavior – even if encrypted by SSL protocols. eSafe prevents users from leaving the protected network at any time, maintaining network integrity and increasing productivity, as well as ensuring regulatory compliance that is extremely important for government, healthcare, education and other industries. Existing eSafe customers were automatically updated to include the new anti-anonymizer technology in their eSafe product and add-on modules.

Spammers and PDF spam

Is PDF spam simply not working for the spammers?:

Sophos has reported a dramatic decrease in the amount of spam emails using PDF file attachments to spread their unwanted messages. According to research compiled by SophosLabs, Sophos's global network of virus, spyware and spam analysis centres, levels of PDF spam have dropped from a high of close to 30 percent of all spam earlier this month, to virtually zero.

"If PDF spam email messages have all but disappeared, there can only be one reason - they're not working," said Graham Cluley, senior technology consultant for Sophos. "Spammers wouldn't turn away from PDF spam if it was an effective way to fill their pockets with cash and direct consumers to their websites, dodgy goods or dodgy investment opportunities. This drop indicates that the spammers are finding it hard to fool the public into reading marketing messages distributed in this way."

Levels of PDF spam spiked on 7 August 2007 when a single campaign, designed to manipulate stock prices of Prime Time Group Inc, accounted for a 30 percent increase in overall junk email levels. Since then, however, PDF spam has shown a sharp decline.

"Of course, it's too early to say that this is the last we will see of PDF spam. There could still be more campaigns to come, but its dramatic fall may be a sign that we are witnessing its demise," continued Cluley. "Our advice remains the same to all internet users - it make sense to ensure that your email inbox is properly defended with a product which can defend against the threats of spam and malware."

Sophos experts point to a number of disadvantages for spammers who try and use PDFs in their spam campaigns which may explain its decline.

"PDF spam simply isn't as immediate a way of communicating with your intended audience as an instant glimpse of the marketing message in your victim's email preview pane," explained Cluley. "Furthermore, have you tried opening a PDF file? Adobe Acrobat chugs into action, taking a fair while to load before it can show you the contents of the PDF. Consumers learn pretty quickly that it's a waste of time to open every unsolicited PDF they receive, which means the spammer's message doesn't get read, and the cybercriminals don't make any money."

Cross-site scripting and Firefox 3

Mozilla Aims At Cross-Site Scripting With FF3

Web 2.0 has enabled a broad array of Websites to be more engaging for users. It has also enabled a new and now very common attack, namely cross site scripting, commonly referred to as XSS attacks.

Mozilla is aiming to put an end to XSS attacks in its upcoming Firefox 3 browser. The Alpha 7 development release includes support for a new W3C working draft specification that is intended is secure XML over HTTP requests (often referred to as XHR) which are often the culprit when it comes to XSS attacks. XHR is the backbone of Web 2.0 enabling a more dynamic web experience with remote data.

New ESET Online Scanner

Scan and disinfect viruses with ESET online scanner

This new online scanning service allows users to scan and disinfect systems and emails without uninstalling existing antivirus solution.

ESET has announced the availability of a new online scanning service that allows users to scan and disinfect systems, hard disks, compressed files and email - without uninstalling their existing antivirus solution.

Powered by ESET NOD32 Antivirus software, the ESET Online Scanner is a free Web-based service that allows non-ESET users to identify hidden threats, get a "second opinion" on the health status of their computers and determine the strength of their current malware solution.

Based on ESET's heuristic detection technology, ThreatSense, the ESET Online Scanner provides a comprehensive analysis of a computer's malware infection status. It not only detects both known and unknown forms of malware, including viruses, worms, Trojans, phishing and spyware, residing on a computer, but it also cleans the system and allows the end-user to troubleshoot and repair many malware-related problems.

Additional ESET Online Scanner Benefits:

• Fast and Easy-to-Use: The scanner is installed and activated by a single button
• Always Up-to-Date: Uses the most current threat signatures and heuristic detection algorithms available from the ESET Threat Lab
• Deep Scans: Scans inside archive files, runtime packed executables and email messages
• Anonymity: The Online Scanner can be used anonymously as contact information is not required to use the service.

"Not all antivirus and anti-malware products are as effective as they should be and users are starting to understand that the AV solutions that come with their computers may not catch existing malware or protect them from emerging threats," said Paul Brook, Managing Director of ESET UK.

"Despite this realisation, users still rely on these limited solutions for protection, which may lead to potential disaster for them if they become infected and misery for others if their machine is used to distribute malware. Our new online scanner allows any computer user to see very quickly if they have a problem and in many cases help them rectify it too," added Paul Brook.

The ESET Online Scanner is available now.

New Norton Antivirus and Norton Internet Security

Norton Internet Security - Norton Antivirus 2008 Launches:

Symantec has added new shields against malware and Web vulnerabilities in the latest versions of Norton Internet Security and Norton AntiVirus software.
The 2008 versions of the products include a feature called Browser Defender, a behavioral-based technology that defends against drive-by downloads and other threats targeting vulnerabilities in Internet Explorer.
"The notion behind the technology was there's thousands of exploits and the exploits change on a daily basis, but there's only a handful of vulnerabilities—for IE there's 39 vulnerabilities," said Rowan Trollope, senior vice president of consumer products at Symantec.
Other enhancements include Norton Identity Safe, which is aimed at protecting personal information when a user is buying, banking or browsing online. It enables users to control which information is shared with Web sites, and it fills in passwords automatically to thwart keylogging software, company officials said.

Read more here

Firefox Security and Privacy Extensions

Extend Firefox for better security & privacy:

In the last few years Firefox gained a massive support from surfers worldwide. This is mainly because Internet Explorer, still the biggest player on the market, has proved to be hopelessly insecure.

Besides offering more security than IE by default, what users appreciate is the fact that Firefox can be expanded with add-ons that offer a variety of functions not integrated in the browser upon install. This article will explore useful security and privacy extensions that will add to your browsing experience. These are:-

Spamavert
ShowIP
Greasemonkey

Go get your firefox tightened up for better security and more privacy.

New Crimeware targeting companies

New crimeware targeting companies

The new variant, “Prg”, researched by Finjan’s Malicious Code Research Center (MCRC) and also noted by Don Jackson of managed security specialist SecureWorks, relays sensitive data collected during employees’ online activity to hacker websites, using SSL-encrypted format. Finjan’s MCRC found criminals’ servers in Panama.

Jackson's research suggests that the crimeware has been modified using a Trojan development kit to listen for hacker commands on a special TCP/IP port. These commands allow the hacker to gain remote control of the compromised system. Jackson’s analysis of log files on the servers storing the stolen data found that information was coming from corporate PCs, as noted in his report.

"This trend highlights the alarming growth of crimeware toolkits being sold to criminals by hackers. Such crimeware is focusing on stealing sensitive business data and sending it back to criminals’ servers over encrypted communication channels like SSL, in order to go undetected", said Yuval Ben-Itzhak, the CTO of Finjan.

Elcomsoft System Recovery for Windows

Elcomsoft System Recovery helps when you get locked out of Windows:

Elcomsoft has released the Basic version of Elcomsoft System Recovery, an easy-to-use boot-disk application that makes it simple to access your Windows computer if you've been locked out because of password problems. Unlike the Standard and Professional versions of Elcomsoft System Recovery, which are designed for network administrators and power-users, the Basic version give business owners and home users a foolproof solution to system recovery. Purchase the program online, download the software, burn it to a CD-ROM, boot your computer, and reset the Administrator's password.

Under a special agreement with Microsoft, Elcomsoft System Recovery is based upon Microsoft Windows Preinstallation Environment (Windows PE), a hardware-independent minimal Windows system that replaces the antique DOS boot disk that was used to set up new computer systems.

Elcomsoft System Recovery is completely self-contained, allowing you to access each of your desktops and workstations (but not servers), without the need for third-party or proprietary software. Simply insert the CD, and boot your computer.

Why PCI isn’t enough to ensure data security today?

Ounce Labs thinks it’s critical for consumers to know that, in many instances, their credit card data is still not secure:

• Compliance statistics are miserable with less than 50% of merchants able to meet the minimum standards of PCI DSS.
• Even when merchants do comply, some portions of the standard are worded in ways that are open to interpretation.
• Published reports have appeared that some unscrupulous auditors are taking advantage of non-compliant merchants by forcing them to utilize the auditors compliance services in order to pass – a blatant conflict of interest that compromises the integrity of the PCI audit process.

Read more here

Security Vendors Challenge Antivirus Tests

Security Vendors Challenge Antivirus Tests

Antivirus software is frequently tested for performance, so picking a top product should be straightforward: Select the number-one vendor whose software kills off all of the evil things circulating on the Internet. You're good to go then, right? Not necessarily.

The increasing complexity of security software is causing vendors to gripe that current evaluations do not adequately test other technologies in the products designed to protect machines.

Relations between vendors and testing organizations are generally cordial but occasionally tense when a product fails a test. Representatives in both camps agree that the testing regimes need to be overhauled to give consumers a more accurate view of how different products compare.

"I don't think anyone believes the tests as they are run now... are an accurate reflection of how one product relates to the other," said Mark Kennedy, an antivirus engineer with Symantec Corp.

Representatives of Symantec, F-Secure Corp. and Panda Software SA agreed last month at the International Antivirus Testing Workshop in Reykjavik, Iceland, to design a new testing plan that would better reflect the capabilities of competing products. They hope all security vendors will agree on a new test that can be applied industrywide, Kennedy said.

A preliminary plan should be drawn up by September, Kennedy said.

One of the most common tests involves running a set of malicious software samples through a product's antivirus engine. The antivirus engine contains indicators, called signatures, that enable it to identify harmful software.

But antivirus products have changed over the last couple years, and "now many products have other ways of detecting and blocking malware," said Toralv Dirron, security lead system engineer for McAfee Inc.

Signature-based detection is important, but an explosion in the number of unique malicious software programs created by hackers is threatening its effectiveness. As a result, vendors have added overlapping defenses to catch malware.

Vendors are employing behavioral detection technology, which may identify a malicious program if it undertakes a suspicious action on a machine. A user may unwittingly download a malicious software program that is not detected through signatures. But if the program starts sending spam, the activity can be identified and halted.

Read more on Yahoo News

Malware, scams and identity theft protection tips

Tips for protecting against malware, scams and identity theft

• Don't add friends you don't actually know when using social networking sites. Often the "free" code available in social networking sites, such as MySpace and Facebook is spyware and will track your activity or even display unwanted ads.
  
• Do not give out personal information on your social networking site profile, such as your address, telephone number, work address or telephone number, or the name and location of your school.
  
• Never get together with someone you "meet" on a website, they may not be who they say they are. If for some reason you still choose to meet the person, they should discuss it with their parents first, and arrange the meeting in a public place and bring some friends.
  
• Don't shop online while using an unencrypted or open wireless network. Hackers and thieves can use your open/unencrypted or a store's wireless network to break into your computer and capture your financial information.
  
• Secure your computer with latest security software and updates. Before connecting to the Internet, take the following three core precautions: 1) Install anti-virus and anti-spyware programs and keep them up to date; 2) Install a firewall; 3) Regularly update operating software.
  
• Don't give away your financial information to unsecured websites. Make sure when providing payment information, the beginning of the Web site URL address changes from http to https, indicating that the purchase is encrypted or secured.
  
• Protect personal information with common sense and technology. Be suspicious if someone unexpectedly asks for personal information. Identity thieves send out bogus emails about problems with consumers' accounts to lure them into divulging personal information. Consider using multi-factor authentication services when offered by online retailers as a way to secure your information.
  
• Confirm email correspondences from your financial institution directly. If you receive an email from your bank or other institution that you are unsure of, simply call the bank directly to confirm they need the information requested. Don't just reply with the information without checking first.
  
• If you are not familiar with the seller or the web site, do some research. You can contact the Better Business Bureau in the state where the company is located (by telephone or at bbb.com), and investigate the number and nature of complaints against the seller. Sometimes, a basic Internet search will reveal an actual chat room or web site (commonly called "gripe-sites") on which civic-minded fellow consumers have posted complaints warning of a company's practices.

by CyberDefender

Free Antispyware downloads - Warning Signs

Free Antispyware Download - Caution before Download

We all know getting rid of spywares is a pain in the neck. What even if our antispyware is a big nasty spyware inside? There are plenty of free antispyware programs offered for download, But are they worth it?

Though internet is a revolution in the present world, it has its own disadvantages. The security and privacy are at stake. The Internet is a dangerous place full of privacy invaders, scammers, and hackers availaing full advantage of your internet activities. You need to take certain preventive measures to avoid these threats. Spyware may get installed via certain shareware programs offered for download. Downloading programs only from reputable sources can provide some protection from this source of attack.

There are are plenty of things you can do to keep yourself safe. Antispyware, antivirus, firewalls or internet security suites are some of the software applications that can ensure your privacy. There are a number of good antispyware programs in the market today. At the same time, dozens of fake and rogue antispyware softwares are also prevailing in the market. They leave the traces of spyware and adware on your PC when scanned, thus creating a fear of threat and making yourself to buy that antispyware software. These rogue antispyware softwares are heavily marketed through e-mail campaigns and sometimes through some words like FREE ANTISPYWARE DOWNLOAD. Beware of them. Never run any free scan or free antispyware download unless you are aware of the software publishers.

If you find time, just go through the independent product reviews that are published by renowned computer magazines like PCWorld, PCMag, CNET. Spending some extra time on researching antispyware softwares can save you a lot of hassles in the long run. There are certainly some companies that specialize in delivering just good antispyware software programs and nothing else.

As a customer, everyone of us would be interested in evaluating the antispyware program. The four basic parameters which we look at the best antispyware software are price, features, ease of use, and performance. A growing number of antispyware tools are taking a new approach to fight the spyware. Rather than blocking each spyware and adware, they aim to limit malwares power to cause harm even if it gets in.
Research analysts test the products ability to provide real-time defense on contact with threats, as well as their propensity to falsely identify harmless files. A real-time protection against rootkits and phishing sites is also one of the feature to test the accuracy of the antispyware software. Other user-friendly features like the ability to choose between a fast system scan and a slow system scan is a notable thing if you are run out of time.

Anti-phishing protection guards prevents access to known bad sites. Detecting malware is one thing; cleaning it thoroughly from your system is another. Some antispyware softwares claim that they have detected even the unnoticeable spyware and adware. But in reality one needs to have a thorough cleaning antispyware software application.

Some of the top most antispyware software programs are : Aluria Spyware Eliminator, AVG Antispyware, CA Antispyware, Lavasoft Ad-aware SE, Microsofts GIANT Antispyware, McAfee AntiSpyware , NoAdware, PC Tools Spy ware Doctor, Spybot Search & Destroy, Spyware Nuker, Webroots Spy Sweeper, XoftSpy. In the above list, some are free antispyware downloads, the other are paid versions. Spybot S&D and Lavasoft offer Free Antispyware Download. The major difference between a paid and free antispyware download is the presence of real-time adware and spyware protection and automatic updates in the paid ones. I dont think for a few dollars, you would be at the pray of the spyware attack. Act wisely and you can be sure of your internet activities.

Author Cher K Markov articles on various subjects and has a treasure chest of information and resources on Free Antispyware Download at http://www.online-downloads.blogspot.com

Rise in Malware Threats

Malware danger and profitability rising

FBI reports show general increases in money-driven threats.

Two major new reports on computer security issues have shown a steady rise in just about every aspect of security risk, with increased danger from each vector in some way linked to financial motives.

According to Symantec's report on the threat landscape in the second half or last year, released last week, viruses, worms and trojans, exploitation of vulnerabilities, spam and phishing, spyware and data theft were all up on previous figures.

The report shows a decrease in volume of network worms, with a matching increase in the numbers of trojans seen, and also reckons that while half of the top ten malcode families are viruses and worms and half are trojans, the trojans have the edge in terms of potential to infect.

The US was again the major source of malware and spam, and although China has the lead in terms of machines infected with bots, most are controlled from the US, and the States is also home to most spam-sending bots.

Read more here

ID Data Theft by Trojan

Huge haul of ID data stolen by trojan

Smart Russian spyware gathered info 'unnoticed' for 54 days.

According to researchers at SecureWorks, a sophisticated trojan which spread through browser exploits, harvested sensitive data both from storage and by monitoring online activity, and uploaded this data to a server in St. Petersburg, went undetected by many AV products for over 50 days.

The trojan, dubbed 'Gozi' by researchers at SecureWorks, was first spotted by them in early January, and was apparently infecting users from early December 2006. A single seeding of one variant is thought to have infected over 5,000 individual machines and stolen data concerning over 10,000 accounts, netting credentials worth up to $2 million on the black market.

When first tested against 30 AV products, no specific identification was available, although several picked up on suspicious behaviour or the use of packers. By early February, several products were detecting the trojan under various names, while many more still had no detection at all.

Following up initial investigation into the behaviour of the trojan, SecureWorks researchers looked into the site storing the stolen data, and found the harvested information stored in a searchable format, which was then used to inform affected financial institutions, while attempts were made to have the server tracked and shut down.

Full analysis of the trojan, along with details of subsequent investigations into online data trading, can be found here.

Messenger pushes Rogue Antispyware

Rogue antispyware pushed by MSN Messenger

Microsoft IM tool carries ads for fake security product.

Microsoft's MSN Messenger, recently renamed MSN Live Messenger, was found last week to be carrying banner advertising for the WinFixer rogue anti-spyware product.

WinFixer, also known as ErrorSafe, uses fake warnings of malware infections to trick users into installing its software. Like many such rogue applications, installation may be limited to a low-grade malware scanner which blackmails victims into paying for a 'full version' to remove non-existent infections; more insidious rogue products also include downloader trojans to bring further unwanted adware and spyware onto compromised machines.

It is thought the advertising was sneaked past the MSN Messenger screening process by replacing a clean advertising stream. While some of the ads required the user to click on them to activate the attack, others are thought to have been capable of launching without user interaction. Microsoft has issued an official apology for the breach and has removed the ads from the Messenger product.

Internet Explorer expert Sandi Hardmeier has more details and screenshots at the SpywareSucks blog, here.

Microsoft Update under Scanner

Is Microsoft Update Infecting You?

Tens of millions of Microsoft users get their security updates from the Microsoft Update service. But a researcher at security firm Symantec (Quote) is alleging that users could potentially get something more than they bargained for.

A Symantec researcher said that Microsoft Update, which includes a component called Background Intelligent Transfer Service (BITS), could potentially be used by hackers to bypass security measures and attack users' PCs. BITS runs in the background on a Windows PC as an asynchronous download service for patch updates.

A Microsoft spokesperson confirmed to internetnews.com that Microsoft is aware of public reports that BITS is being used by TrojanDownloader:Win32/Jowspry to bypass policy-based firewalls in order to install additional malware.

According to Microsoft, the bypass relies on TrojanDownloader:Win32/Jowspry already being present on the system; it is not an attack vector for initial infection. The bypass most commonly occurs after a successful social-engineering attempt lures the user into inadvertently running TrojanDownloader:Win32/Jowspry, which then utilizes BITS to download additional malware.

Microsoft recommends that any users who believe they are affected by TrojanDownloader:Win32/Jowspry visit Windows Live OneCare safety scanner to scan their systems, determine if they are infected, and clean all currently known variants of this Trojan.

Using BITS to download malicious files is a clever trick because it bypasses local firewalls, as the download is performed by Windows itself, and does not require suspicious actions for process injection, Symantec researcher Elia Florio wrote on the Symantec Security Response blog.

Reard more here

Data Loss and Theft Prevention

Preventing data loss and theft

All kinds of organisation have been affected by data security breaches, from government departments to well-know financial institutions. And there is no indication that the problem is subsiding. Recent research found that there had been over 25 million exposures of personal records to potential theft and fraud over a 12-month period. This equates to the same number of households in the UK and highlights the enormous security challenge facing British public and private sector organisations in today’s data-rich society.

Organisations of every kind keep records on their clients and customers, which is vital for a whole array of business practices such as sales activity, marketing campaigns and customer service. Transactional processes such as billing, credit and finance requirements all involve maintaining detailed personal records. The need for more sophisticated methods of tracing fraudsters and data thieves has never been greater.

Most institutions have already put tight internal measures in place, but all too frequently these measures do not pay attention to the eventuality of a breach. Most companies would be appalled to find their customers were contacted inappropriately by rogue traders with, at worst, fraudulent intentions. Unfortunately, these breaches are all too often a result of human intervention.

A whole host of situations involving human interference might be to blame; from something as simple as an employee loosing their work laptop to a more sinister stimulus like an employee who is being blackmailed by criminal elements to obtain customer data. For larger list owners, the consequent recovery of client’s marketing communications would typically run costs into hundreds of thousands of pounds or Euros, not to mention the subsequent chaos for customers and employees alike.

The security and accessibility of data sets is frequently viewed as a purely internal issue. If an organisation were to admit that it had experienced a breach of its data security, that might open it up to potential legal liability as well as exposure of its reputation. So most keep quiet if it happens. Even the requirement of the Data Protection Act 1998 to keep personal data secure has tended to be viewed as an entirely internal process.

One consequence of this inward focus has been a lack of clear ownership and specified processes to deal with data security. Often the issue is handled within IT departments rather than as a standalone function.

Abuse of this “out of sight, out of mind” attitude has therefore been relatively easy. It is an uncomfortable fact that most breaches of data security are carried out by an organisation’s own staff, including its director and senior managers. Recent research by KPMG Forensic found that the typical company fraudster is a trusted male executive who gets away with over 20 fraudulent acts over a period of up to five years or more.

Significant changes in the broader culture across commerce and the public sector – and especially among data subjects – mean that “laissez faire” is no longer an acceptable attitude. Growing legal pressures, from industry-specific regulations to international laws, now mean that every organisation that has data needs to be sure it is holding on to it. Indeed, leading brands are becoming increasingly aware of the damage security breaches can do to their image. As a result, data security is moving from an IT discussion to the boardroom, not least because the brand is often the most highly-valued asset on the balance sheet.

Data security can never be 100 per cent. It is not possible to guarantee the total safety of any asset, whether physical or virtual, which needs to be in constant use. Certain measures will deliver a much higher degree of security, however, and are more likely to meet compliance requirements.

Perhaps most importantly, data security is being addressed almost exclusively from the point of view of stopping data leaving the organisation through, or to, an unauthorised party. Firewalls and encryption routines help prevent illegal access to sensitive information. The problem with this approach – whilst absolutely necessary – is that such measures cannot protect against computer theft, loss or theft of data on physical media, or loss/theft of physical records. Moreover, although escalation procedures once a breach has occurred can minimise the impact of identity fraud, it cannot help trace the fraudsters.

Therefore, there is a significant need to widely implement measures for tracking and tracing identity thieves and fraudsters once a breach has occurred. There are various means of doing so, whether electronic or physical. However, all involve the use – in one way or another - of “seed names”. Seed names are agents or identities that appear to be real customers, but have in fact been inserted into the database to obtain a view of any unauthorised use of record.

In a real life example, the direct marketing industry uses such ‘sleepers’ as standard practice to guard against unauthorised use of commercial mailing lists. Now corporations and government bodies are beginning to adopt the same approach in order to monitor data abuse. Even in the early stages of such techniques in the wider commercial and public sectors, there have been cases of pre-emptive discovery, where unauthorised data usage (in fact data theft) has been identified, which would have otherwise lain undiscovered.

Notification of data security breaches is likely to become a legal requirement. In the US, in 2002, California became the first state to pass a Notice of Security Breach law requiring any organisation that suffers a breach of its data security and the loss of personal data to disclose this fact and to offer assistance to the data subjects affected. A further 33 states have since implemented similar legislation.

Some European Union states have similar laws in place, though not currently the UK. However, the introduction of the E-Commerce Directive 2006 has created a new regulatory framework for electronic communications networks and services. The objective of this framework is to protect citizens and businesses within the EU when they are using e-commerce.

To meet the terms of the directive, the UK’s Information Commissioner drew up new proposals affecting Internet Service Providers and network operators. These require the notification, to the national regulator, of any security breaches involving the loss of personal data. The regulator must then decide whether it is in the public interest to inform the general public of the breach. Notification to the customer is also required where any breach of data security leads to the loss, modification or destruction of, or unauthorised access to, personal data.

While not yet implemented, these requirements are likely to come into force in 2007. They create a new climate of opinion and a legal background that is likely to lead to pressure for the same standards to be applied by all data owners, whether using electronic networks for data transmission or not.

Public and private sector organisations are holding an increasing volume of data on customers and citizens. If such organisations are to continue to be allowed to use this information to improve customer service, they also have to take on the responsibility of keeping it safe and secure. The exposure of 25.45 million personal records every year to potential theft and fraud is already unacceptable. In addition, individuals must become more savvy and responsible about the way they keep and dispose of their personal records.

For organisations to concentrate only on internal systems security is not enough. Equal attention needs to be given to ways of tracking and tracing abusers and fraudsters after a data breach has occurred, so that the perpetrators might more frequently be brought to justice. Only by removing the criminal element from the picture can the tidal wave of identity fraud be turned back.

by Adrian Gregory, Managing Director, DQM Group

Hacking Risks with Pirated Software

Pirated software increase hacking risks

Here's one more reason why pirated software should not be used.

New research from the Business Software Alliance (BSA) reveals that more than a third of PCs worldwide are running pirated software. According to the research, 35 percent of computers run at least one illegal program, with computer users in China and Russia the worst offenders (with over 80 percent of computers running pirated software).

However, counterfeit software programs running on company networks can generate significant security and productivity risks. Pirated software can leave business networks open to attack as cybercriminals are provided with an additional route to infection. Running pirated software on corporate networks can also have severe repercussions on the network infrastructure, hogging valuable bandwidth and network resources.

"Putting aside the obvious legal issues, piracy can have a real impact on a company in terms of security," said Graham Cluley, senior technology consultant at Sophos. "It's not enough to make sure that all PCs are running legitimate copies of Word, businesses must also control what programs their employees are downloading, installing and running. Patching against software vulnerabilities is key to any good IT security policy, but with pirated software this becomes near impossible. Pirated software downloaded from dodgy websites or bought from a man in an alleyway will not come with technical support, and may even be virus infected."

"Businesses simply cannot afford to ignore piracy," continued Cluley. "The corporate network is the backbone of any company and if you allow users to run anything they like on it, whether illegal or not, you shouldn't be surprised when it breaks."

Scan out Virus, Worms, Adware, Spyware infections

Computer Virus Infection - Checking if you are Infected or Not?

Ever wondered why your PC is getting so slow? Or how did those annoying popups get in your internet browser? Well… You probably have some kind of malware in your computer.

Do you want to know if your computer is infected? The extent of the infection and what type of infection it is (Adware, Trojans, Hacking Tools, Worms, Spyware)?

Luckily, there is this new website www.infectedornot.com which allows you to scan your computer for virus.

They offer two free security tools: one they call Panda Nano Scan and another one called Panda Total Scan. The Nano Scan tool is designed to quickly diagnose your PC in about a minute. The Total Scan takes between 5 and 10 minutes. The main difference between these two tools is that the Total Scan (the one that takes a little bit more time) also checks for latent malware and not only active malware. This is useful information, since most of the computers are infected with latent malware.

The website also displays statistic information about the level of infection in all the tested computers. And, of course, more than half the users had some kind of infection. It is really much more common than you think.

Visit InfectedOrNot.com and check your computer with either the Nano Scan or the Total Scan tool. Chances are you are already infected. It can't hurt to know.

Kaspersky Anti-Virus Mobile protection releases

Kaspersky Anti-Virus Mobile protection - Smart protection for Smartphones

Kaspersky Lab has announced the release of Kaspersky Anti-Virus Mobile, a product that protects mobile phones using Symbian and Windows Mobile operating systems (smartphones) against mobile malware. Kaspersky Anti-Virus Mobile is a fully functional, integrated security solution that protects smartphones from malicious programs and unsolicited SMS/MMS messages and this latest version now includes a range of new technologies and features that improve the program's performance and make it more user-friendly.

Kaspersky Anti-Virus Mobile uses a combination of real-time antivirus protection and on-demand scanning to protect against threats, and also provides protection from unwanted SMS/MMS messages by blacklisting undesirable phone numbers. Real-time antivirus protection monitors wireless connections and scans EMS/MMS messages, as well any data received from a PC during synchronization. Its flexible settings allow the user to view the phone's antivirus status as well as the event log, which records all actions performed by the program.

Kaspersky Anti-Virus Mobile includes an antivirus database update feature which ensures that the smartphone is protected against the latest malicious programs. Updates can either be installed automatically by a built-in scheduler, or on demand. Database updates are downloaded via WAP or HTTP from Kaspersky Lab servers. Kaspersky Anti-Virus Mobile takes advantage of advanced features available in today's smartphones: the device's built-in web browser can be used to download updates and view information about any malicious programs detected.

Compared to previous versions of mobile phone protection systems, the new-generation solution offers significantly enhanced functionality based on a much more extensive set of tools that process scanned objects and protect from IT threats. Kaspersky Anti-Virus Mobile includes a number of previously unavailable features, such as scanning of individual objects (files or folders) and isolation of infected objects in quarantine storage to prevent deletion of important information. The antivirus protection has become even more reliable due to the feature of unpacking and scanning the contents of .sis files, which are often used by cybercriminals for distributing malicious code. Optimization of the product's antivirus engine also results in higher performance levels.

Smartphone users will appreciate the pioneering antispam component of Kaspersky® Anti-Virus Mobile. The antispam module protects the user from mass mailing/advertising distributed via SMS/MMS. For maximum convenience, the antispam module has three predefined operating modes with different filtering levels: 'Enable', 'B/W Lists Only' and 'Disable'.

In the 'Enable' mode the antispam module filters incoming messages based on the blacklist and the whitelist, which are compiled by the user. When a message is received from a telephone number that is on neither list, the antispam module prompts the user to block or allow the message, and then to add the sender number to one of the lists. In this mode the antispam module operates as a personal SMS/MMS filter that ensures that the user receives only the messages that are needed. In the 'B/W Lists Only' mode the system filters incoming messages based only on the data from the blacklist and the whitelist. Messages from numbers that are on neither list are received without prompting the user. Finally, in the 'Disable' mode incoming messages are not filtered.

The product can be installed on smartphones that are based on Symbian operating system versions 6.x, 7.x, 8.x – Series 60, 80 or UIQ, or Windows Mobile 2003 (for Smartphones, Phone Edition) and 5.0.

Ipods aren't secure now

First 'Real' iPod Virus Surfaces

It just goes to show nothing is safe. Late last year, some TomTom GPS devices were infected with a pair of low-grade Windows viruses. The iPod also found itself infected with a similar low-risk virus late last year as well.

But neither of those two were a threat to the device or users. Both viruses got onto the machines during the manufacturing process and would not run on the device's native operating system. However, a newly discovered virus for the iPod does indeed run on the iPod.

The Podloso virus is a proof of concept that does not pose a real threat, but it shows the potential is there. Podloso does execute on the iPod, unlike the previous iPod infection. But the good news is that it doesn't do anything. It has no malicious payload, nor does it damage files. Antivirus vendor Kaspersky Labs considers it a "typical proof of concept virus. Such viruses are created in order to demonstrate that it is possible to infect a specific platform."

The other bit of good news is that it only works on iPods running Linux not the normal iPod operating system. Linux software would have to be loaded by the user, it's not included in the iPod as sold by Apple. There are some Linux antivirus programs available, like AVG from Grisoft and BitDefender, so once they add the Podloso definition it should be removable.

The virus works by installing itself to the folder that contains program demo versions. Podloso cannot be launched automatically without user involvement. Once launched, the virus scans the device’s hard disk and infects all executable .elf format files. Any attempt to launch these files will cause the virus to display a message on the screen which says “You are infected with Oslo the first iPodLinux Virus.”

Read more here

Biggest threat to Internet could be a massive virtual blackout

The most serious threat to the Internet infrastructure in the 21st century is a massive virtual blackout known as a "distributed denial of service attack," an outspoken board member for the group that administers Internet addresses said Thursday at a Hudson Institute briefing.

This type of high-tech ambush, which occurs when multiple compromised systems flood the bandwidth or resources of a targeted server to make Web pages unavailable, could be devastating for global online communication, said Susan Crawford of the Internet Corporation for Names and Numbers.
The most significant attack in recent years came on Feb. 6, when six of 13 root-zone servers were slammed by an army of "zombie computers," which were compromised by hackers, the Cardozo Law School professor said at the think tank event.

While the average Internet user's experience was not affected by the attack, the incident underscored the fact that there is no real oversight of those servers, whose components are backed up by other machines around the world, Crawford said.

Prevention of DDOS attacks will eventually mean "having fewer zombies out there," she said. "People are turning millions of PCs into weapons... and we don't have a lot of data about what is happening. Researchers are often operating in the dark," Crawford said.

The U.S. Computer Emergency Readiness Team and its facilitator, the Homeland Security Department, are largely reactive in their approach. "From the outside, it looks as if [DHS] doesn't really know what it's doing," she said. "They're trying, but many of their efforts lack timeframes for completion."

DHS also suffers from a high turnover rate among senior officials, but the agency now has Greg Garcia as its cyber-security czar, who is attempting to address the problem, Crawford said. He was previously vice president at the Information Technology Association of America.

Garcia has talked about the need for legislation but Crawford said she is "not convinced" that a new U.S. law can offer a cure for denial of service attacks because congressional action "is too local for the networked age."

Crawford advocated turning more attention and money to focus on prospective global educational efforts. A new multi-stakeholder entity "with a new, friendly acronym" might be the best solution, she said.

"None of the existing institutions will work," Crawford said. ICANN cannot do the job because its power is contractually based and too narrow, and the recently launched Internet Governance Forum is "highly political" and "not necessarily the best forum for a technical discussion of best practices," she contended.

Crawford added that improvements in routing security, which is "how packets go from one place to another," are also needed. A hacker could inject phony paths into a routing algorithm in order to intercept packets or trigger a DDOS attack. The susceptibility for such an assault grows as the size of so-called "routing tables" increases to accommodate the next-generation Internet known as IPv6, she said.

By Andrew Noyes
(c) 2007 National Journal's Technology Daily

Launch of Kerio WinRoute Firewall 6.3

Kerio Technologies has launched a new version of Kerio WinRoute Firewall that runs on 64-bit versions of the Windows OS and includes a new Statistics and Reporting module to provide a comprehensive overview of network and user activity.

The new version 6.3 also introduces StaR – the Statistics and Reporting module – that automatically analyses network data and presents the underlying network traffic and usage patterns in an easy-to-read graphical format. It also reports on individual user traffic, with links to websites visited, or breaks down surfing by category when combined with the optional IBM Proventia Web Filter.

“There are a lot of great log analysers that work with Kerio WinRoute Firewall,” shared John Jones, Sales Engineer at Kerio, “but those tools are designed for IT administrators. With StaR, detailed network usage diagrams can be output to a browser so that even the least technical business manager can understand how users are accessing the Internet and where bottlenecks are occurring.”

Kerio WinRoute Firewall is a network security software package that provides gateway anti-virus scanning, web content filtering, VPN services and access policy management. Its full-featured Administration Console allows system administrators to remotely manage with much greater utility than the simple web interfaces found in most firewall appliances. Integration with Active Directory simplifies setup for existing Windows networks.

Kerio WinRoute Firewall and Kerio VPN Client run on Windows 2000/XP/2003 and Windows Vista and the built-in Kerio SSL-VPN supports Internet Explorer 6 and 7, Firefox 2 and Apple Safari 2.

Read more here

Credit cards of 45 million TK Maxx customers compromised

The TK Maxx data breach, originally announced by parent company TJX in January 2007, has taken a fresh turn as it emerged yesterday that the data thieves stole records containing transaction details of more than 45 million cards, including transactions at TK Maxx stores in the UK and Ireland. According to the company, this information could have been unencrypted, and thus unprotected. It is thought to be the largest data breach of its kind worldwide.

Hundreds of thousands of consumers are waking up today to find out that by buying that innocent pair of jeans a year ago, they may have fallen foul of the world’s biggest computer hack.

The retailer said the intruder first accessed its systems in July 2005 and on subsequent dates in 2005 and from mid-May last year to mid-January this year. No customer data was stolen after December 18 last year (Scotland Yard and the Information Commissioner's Office were informed after the theft was discovered in December), but it begs the question – how was the hacker allowed to retain access to sensitive data for so long without being detected? How was such an obviously organised and well prepared criminal not on SOCA’s radar, especially as a great deal of credit card fraud is used to finance organised crime?

Tom Newton, product manager at SmoothWall, suggests that while TK Maxx should bear the brunt of the responsibility for not ensuring its security policies were robust enough to identify and block the intruder, perhaps the security agencies should have done more to identify the malicious parties involved.

He said: “Following the broadside from the Corporate IT Forum back in January, and this week’s defence at the E-crime Congress in London, one must ask exactly what SOCA is doing to advise and protect businesses against e-crime. TK Maxx is a high-profile target and to be a victim for almost 18 months suggests that the hacker really knew their stuff – if that is not a serious crime then what is?”

“SOCA’s remit is to work with leading security experts and UK business to ensure that e-crime is eradicated. While I applaud its efforts in what is an ever-evolving and difficult market, bolder steps need to be taken to identify and stop these criminals. Why stop with credit card details? If the hacker gets the taste for success, he or she will move on to bigger, more high-profile targets like government or public service systems. What effects will that have on the public?”

“The UK has made great strides in stopping these activities, but the authorities simply do not have the resources to cope with today’s level of e-crime. The onus is on therefore on businesses to secure their own futures with a multi layered approach to protect systems from the latest virus and security threats. TK Maxx may have learnt its lesson, but without legislation to penalise businesses for poor security practice such as this, it will happen again and again.”

Jamie Cowper at PGP Corporation commented: "This is a frightening illustration that when retailer systems are hacked - even if it occurs on the other side of the world - the card details of customers in every country are at risk because of the way companies share and store information globally."

"With standards such as the Payment Card Industry Data Security Standard (PCI DSS) coming into force in June 2007, retailers such as TJX will have to safeguard its customers' card information - or face losing their credit card facilities altogether. Security technologies such as encryption can greatly simplify the process of protecting information - but the recent spate of data breaches in the news suggests that many companies are still a long way off being compliant with this and other data protection standards."

Greg Day, McAfee security analyst, said: "Today's full declaration by TJX is a graphic example of how a breach in information security can impact both a business and its customers. The announcement today is however just the tip of the iceberg, as organisations across the globe continue to evaluate and look to implement security policy to protect against external and internal threat."

According to reports, customers of TK Maxx have already had card details used in fraudulent circumstances. Understandably many consumers, and not just those who shop at TK Maxx, will be concerned about their cards being compromised in the future.

Unfortunately, standard network security solutions may no longer be sufficient to block advanced hackers. Mike Smart, European Product Manager, Secure Computing commented: "The visibility of this type of attack further strengthens the need for wider reaching preventive technology. We find that 80% of confidential data is typically undetectable by 90% of firewalls used by most companies. As a result, sensitive data can leak from the organisation without their knowledge. Especially with the rise of real time unencrypted communications, such as instant messaging and web mail - hacking into a corporate network and extracting data unnoticed is easy. This attack demonstrates that standard network security solutions are no longer sufficient to cope with the capabilities of today's hacker. All solutions employed need to be looking for application based protection and not network based. Those days are sadly, long gone."

Alex Raistrick, Director Northern Europe, ConSentry Networks added : “Even though the specific cause of TK Maxx’s problems has not been made clear at this stage, it’s a no-brainer that many security breaches are a result of the wrong people gaining access to sensitive information. Large companies like TK Maxx clearly need to implement better identity based controls to defend sensitive information. The most effective approach is to allow only appropriate and authorised users access to this kind of data, by creating a full usage log, which gives a trail of activity to prevent a breach of security as seen on this scale. Retail organisations need wake up and have more of a focus on user-based authentication controls, as the fewer people that have access to sensitive personal content, the better."

A solution could be found with behavioural based anti-malware software. Pete Baxter, General Manager, EMEA for Sana Security: "Anti-virus software often doesn't spot a malware threat or hack immediately, and as a result, the damage is being done within seconds. Behavioural based anti-malware software recognises any non-typical activity on the network and stops it dead before it can go any further. Security savvy retail organisations are increasingly turning to behaviour-based solutions to protect their customers' details. I'm confident we'll see an uptake in the coming months following high-profile cases such as this."

Read more here

Are Your Computers DST-Compliant?

Computer firms are alerting their customers of an impending problem related to the change in daylight savings time next month, which could throw their computer clocks off by an hour.

The issue stems from the change in dates for daylight savings time, that quaint tradition best defined by the phrase "spring forward, fall back." In April, most of the U.S. would set its clocks forward an hour. In October, they set their clocks back an hour. The reasons for it are numerous.

In 2005, Congress passed and President Bush signed into law the Energy Policy Act, which amended the Uniform Time Act of 1966 to change the beginning and ending of Daylight Saving Time (DST).

Beginning this year, DST begins on the second Sunday of March instead of the first Sunday in April, and ends on the first Sunday in November instead of the last Sunday of October.

The impact on hardware and software is that daylight savings time changes are programmed into their internal clocks, and systems developed before the 2005 law have the wrong dates in them. Therefore, old hardware and operating systems are still operating on the April/October date change rather than March/November.

This alert has led to some hyperbole and inevitable comparisons to the Y2K bug (define). However, it's nowhere near an apples-to-apples comparison, as this is a fix anyone can make. All a person needs to do is apply the patches from the vendors, or at worst alter their system clock manually. It's not like sifting through millions of lines of code to make date changes.

Still, Gartner has sent out an advisory to its clients not to downplay the risk. "Few IT organizations have any formalized risk assessment and remediation program in place to address the potential impact of this time modification," the research firm wrote.

There is the real risk of business damage and liabilities could occur from applications performing their processing at the incorrect time, the company wrote. It went on to say that patches for major operating systems and other infrastructure components appear to be readily available.

"Because code changes will usually not be required and most applications take their time from the underlying operating system (and hence only this needs to be patched), the overall remediation effort will pale in comparison to that of Y2K," concluded the Gartner report.

Microsoft (Quote) has issued its own warning for customers. Windows Vista and Office 2007 have already had this adjustment programmed in, but Office 2003 and prior versions, as well as Windows XP and older operating systems do not have this fix.

A fix for Windows XP Service Pack 2 (SP2) was pushed out as part of Patch Tuesday this week. There is also a fix on the Microsoft DST site for Outlook 2003 and prior versions.

For complete coverage Read here.

PC Security in Simple Steps

Simple Steps to Secure your PC:

Securing your computer isn't a very difficult task. It's just that people are not aware of their requirements and the best solutions for those. There are some common problems that everyone faces with an internet-connected computer. These include Viruses, Trojans, All kinds of Malware like Spyware, Adware. There are excellent programs and utilities to combat these pc security threats, but, most of the people are hardly aware of these. Even free pc security software is decently powered to protect an internet connected computer from all the malicious threats. Of course, if you want premium protection, you have to pay. Here's a list of steps you can do to protect your computer with free computer security software. These steps primarily aim to secure your computer from Virus, Trojan, Spyware, Malware infections. And, remember free doesn't mean that it's not worth it.

1. Make sure your Windows OS is secure to its core:You are more vulnerable to attacks if your OS is not secured properly. Windows in particular comes packed with lots of vulnerabilities. Pay particular attention to all the critical patches and bug fixes that microsoft provides for windows. You should make a habit of regularly updating your Windows with all the service packs. Don't ever miss critical patches and updates. Also download patches for your internet explorer or other software like email clients. If possible switch to a more secure browser.

2. Firewall is essential for security: Internet connected and without a firewall, thats' a folly. Whenever you are connected to internet, you must turn on a firewall solution to protect yourself of hacker attacks, identity thefts etc. Can't afford to buy one? Get ZoneAlarm free. Zone Alarm free excellently protects your computer and doesn't hog on system resources much. Get zone alarm free if you don't have one.

3. Free Antivirus solution: AVG is a good antivirus tool and keeps most of the active and dangerous viruses in tight control. Updates are fast and easy. Interface needs a face-lift though and you are presented with a few options in free version. There comes packed a schedular, email scanner, resident shield. AVG is just sufficient enough for a home-user needs having no special requirements.

4. Spyware protection: You have to have atleast two antispyware programs installed. Spybot Search and Destroy is good and freely available. It can find out many of the common nuisances. Comes with a bundle of other features as well. You get a robust spyware scanning engine, an immunizer to protect your browser of spywares, and an array of other tools available in advanced mode. It must be in your arsenal to combat spyware infections. The second I'd recommend is Ad-aware free version. Also, get a copy of AVG antimalware which functions as a fully functional version for 30 days and then as free version. Not to mention, free version is quite good in removing all the malware threats.

You can get more info on combating security threats and finding best security software on PcSecurityWorld.com.

Exploit Released for Critical PC Hijack Flaw

Exploit Released for Critical PC Hijack Flaw

A fully working exploit for a high-risk vulnerability fixed by Microsoft
two days ago has been put into limited release, prompting new "patch
now" warnings from computer security experts.

The exploit, which allows PC takeover attacks on Windows XP SP2, has
been published to Immunity's partners program, which offers up-to-the
minute information on new vulnerabilities and exploits to IDS (intrusion
detection companies) and larger penetrating testing firms.

Immunity, based in Miami Beach, Fla., sells access to the partners
program for around $40,000, according to founder Dave Aitel.

The company's exploit takes aim at a "critical" bug in the way VML
(Vector Markup Language) is implemented in Windows. It has been
successfully tested on Windows XP SP2 and Windows 2000, with default
installations of Internet Explorer 6.0.

"This is a fully working exploit, [it] will give you full access to do
anything on the target machine," says Immunity researcher Kostya
Kortchinsky.

The exploit was created and confirmed in less than three hours after
Microsoft's Patch Tuesday release on Jan. 9, a fact that clearly
illustrates just how much the gap has narrowed between patch release and
full deployment on enterprise networks.

For consumers, Microsoft uses the Automatic Updates mechanism to push
down updates but, in the enterprise, patches must go through rigorous
test passes to ensure there are no conflicts with mission-critical
applications.

On average, it could take a business a full month to fully test and
deploy updates to every desktop, laptop, server or mobile device.

Kortchinsky said the exploit will be refined to try to get code
execution on Internet Explorer 7.0, the newest version of Microsoft's
dominant Web browser.

According to the MS07-004 bulletin that covers the VML flaw, IE 7.0 on
Windows XP and Windows Server 2003 is indeed vulnerable.

Microsoft said the flaw was originally reported through its "responsible
disclosure" process, but a note in the advisory says it was used in
zero-day attacks before the Patch Day.

There is no public information available on those zero-day attacks.
Microsoft did not release a pre-patch advisory to warn of the VML
attacks.

Officials in the MSRC (Microsoft Security Response Center) are strongly
urging Windows users to treat the VML fix and a "high-priority" update.

In an interview with eWEEK, Mark Griesi, security program manager in the
MSRC, said the risk is high because there is a remote unauthenticated
attack vector that gives an attacker a way to hijack a vulnerable system
without any user action.

"That one should be your absolutely highest priority," Griesi declared.

Microsoft also warned users to pay special attention to MS07-003, a
bulletin that addresses a trio of serious flaws in the Microsoft Outlook
e-mail application.

One of the Outlook flaws, which carries a "critical" rating, allows an
attacker to use malformed VEVENT records to launch executable code when
Outlook handles file parsing routines.

Ominously, a successful attack only requires that an e-mail is sent to
the target if a specially rigged .ICS (iCal) file is embedded into the
body of a message.

Workstations and terminal servers are primarily at risk, according to
Microsoft's advisory.

Microsoft shipped a total of four bulletins in January with patches for
a least 10 holes in Outlook, Excel and Windows. However, there were no
fixes for known code execution holes in Microsoft Word that have already
been targeted in zero-day attacks.

http://www.eweek.com/article2/0,1895,2082416,00.asp

Browser PDF Plug-ins at Risk

Exploit Surfaces in Web Browser PDF Plug-Ins

Several security firms have found a vulnerability in the Adobe Reader that is surprisingly easy to initiate and also very dangerous.

The problem involves passing input from a URL to a hosted PDF file. The data is not properly cleaned by the browser's PDF reader plug-in before being returned to users, so any data can be passed through. This can be exploited to execute arbitrary script code in a user's browser.

iDefense president Ken Dunham provided a simple proof of concept, simply by tacking a little text on to the end of the link with a PDF file.

For example, the link:

"http://[URL]/[FILENAME].pdf#something=javascript:alert(123);"

Would open a PDF file in the browser, and a pop-up box would appear on the user's screen with an alert that reads "123."

Because it initiates a JavaScript script on the client, there is tremendous potential for dangerous activity, such as stealing cookie information or cross-site scripting.

Adobe (Quote) said in a statement sent to internetnews.com that it is aware of the vulnerability "that could potentially affect previous versions of Adobe Reader." Adobe further noted the potential vulnerability does not effect the current, version 8, of Adobe Reader, which it encouraged users to download. "Adobe is also working on updates to previous versions that will resolve this issue," the company said.

Read complete article here.

Hospitals as Popular ID Theft Target

Hospitals Becoming Popular ID Theft Target:

News of the theft of a computer containing the personal data of 38,000 cancer patients across five states highlights the evolution of identity theft. Medical data is now more prized than Social Security numbers, privacy advocates tell internetnews.com.

While Social Security numbers are increasingly common, a medical record of cancer or AIDS patients is worth its weight in gold, Pam Dixon, executive director of the World Privacy Organization, told internetnews.com. "Cancer patients are big money." The reason: fraudulent medical charges can easily hide among the many legitimate costs.

The stolen computer belonged to Cincinnati-based Electronic Registry Systems (ERS), a private company that maintains federally mandated cancer patient records. The computer contained the records from five hospitals, three of which are in Georgia, Tennessee and Pennsylvania. ERS refused to identify the other two.

Emory University-owned Emory Healthcare, which contracted with ERS, advised cancer patients to place a fraud watch on their credit records. Emory Hospital, Emory Crawford Long Hospital and Grady Memorial Hospital are part of the health care group.

However, checking credit records won't alert patients to fraudulent medical charges. Affected patients need to check their medical files, Dixon said.

Despite assurances that the computer had two passwords and the data was encrypted and usable only with proprietary ERS software, Dixon said gaining access was a simple matter.

"We're beyond that level of innocence," she said, adding that files could be read and copied and leave no fingerprints.

ERS said the patient data was stored on the computer unencrypted to convert the information to its proprietary format. As a result of the theft, the company said it has made changes to improve security.

In May, a Veteran's Administration laptop containing the personal data of 29 million veterans was stolen. But the largest medical data breach happened in 2005 when a laptop holding the personal information of 365,000 patients was stolen from an employee of Oregon's Providence Health System. The data was unencrypted.

Last year, Providence settled with Oregon's Attorney General, agreeing to spend millions to correct the blunder.

By Ed Sutherland Internetnews.com

Cisco Adds E-mail Security For $830M

Cisco Adds E-mail Security For $830M

Leave it to one of the most acquisitive IT companies to start 2007 off with a bang.

Cisco Systems (Quote) agreed to purchase IronPort Systems, which makes appliances to quash spam and spyware, in an $830 million in cash and stock deal.

The IronPort appliances and associated security software will join Cisco's threat mitigation, policy control, and management solutions, further fleshing out the company's "self-defending network."

"We feel there is enormous potential for enhanced e-mail and message protection solutions to be integrated into the existing Cisco Self-Defending Network framework," said Richard Palmer, senior vice president of Cisco's Security Technology Group.

Securing e-mail is a top priority for businesses these days, particularly with the proliferation of e-mail-based scams and viruses.

Corporations are especially responsible for protecting e-mail in the wake of new record retention regulations. Rules such as Sarbanes-Oxley, HIPAA and Basel II require companies to preserve the integrity of records.

Should the deal close in the third quarter 2007 as expected, Cisco will retain most of IronPort's 408 employees.

The IronPort team and product portfolio will operate as a business unit in Cisco's Security Technology Group, run by Palmer.

Cisco will enter a new realm of competition with IronPort; SonicWall, Secure Computing (which leapt into the fray last year by buying CipherTrust), Sophos, Seagate, MiraPoint, SurfControl and Tumbleweed all make appliances that combat spam and viruses, spyware, Trojans and worms.

Cisco will also compete with IT security powerhouse Symantec, which launched its line of e-mail security appliances two years ago this month.

The market can bear a lot of competition for the time being. IDC expects the market for messaging security gateway appliances to top $1.7 billion in 2009.

Cisco, an aggressive acquirer that has set its sights on IT markets in an attempt to broaden its portfolio, has been casually bulking up its security portfolio for years, particularly on the software side.

Four years ago this month, the networking giant agreed to acquire network security software maker Okena for $154 million in stock. In 2004, Cisco purchased Perfigo for $74 million in cash, adding network admission control products.

Just last year, the Cisco bought Meetinghouse Data Communications, a maker of wireless security software, for $43.7 million in cash and stock.

Those purchases, along with a successful IronPort bid, significantly bulk up Cisco's security war chest.

By Clint Boulton Internetnews.com

Google on Security Alert

Google on Security Alert

Though the New Years holiday was a long vacation for many, it was a long work weekend for those in Google's security operations.

A flaw was reported and fixed over the weekend, and there are allegations in the wild that a new crop of security issues may still exist.

Heather Adkins, information security manager at Google, said in a statement e-mailed to internetnews.com that over the holiday weekend Google was notified of a vulnerability that spanned multiple Google products.

"We were first notified that this issue affected Google Video and fixed it within a few hours of receiving the report," Adkins stated. "We were then notified that the same issue affected other Google products. The problem with the other products was resolved within 24 hours of the second report. To our knowledge, no one exploited the vulnerability and no users were impacted."

The vulnerability, if exploited, could have allowed Google users' Gmail contact lists and other information to be exposed to malicious attackers. Adkins noted that the vulnerability related to how Google uses certain JSON (JavaScript Object Notation) (define) object within some of its product code.

"The fix we employed made sure the objects could not be abused," Adkins said. Google engineer Matt Cutts wrote in a blog that Google fixed the JSON vulnerabilities with a number of different approaches.

"On some of them, we immediately fixed the code to properly stop JavaScript," Cutts wrote. "On others, the urls were blocked until the next push of that service will happen."

Cutts noted that since the issues were server side, as Google's applications are Web-based, the fixes were deployed much faster than they would have been had the vulnerabilities appeared client-side.

"Even this situation (where several Google properties needed to be changed) yielded a much faster fix than patching so many client-side applications, and much of this was happening on New Year's Eve and New Year's Day when most normal people are sleeping off the night before," Cutts wrote.

Google has a solid track record of fixing vulnerabilities rapidly, especially of late. In mid-December Google moved quickly ahead of a weekend to fix an alleged flaw in its money-making AdWords solution.

In that case the security researcher alerted Google before the vulnerability was publicly disclosed, a move that Google applauded.

Responsible disclosure is something that Google's Adkins is certainly very keen on. "We strongly encourage anyone who is interested in researching and reporting security issues to follow responsible disclosure practices, including giving vendors ample time to respond to reports," Adkins commented.

"Responsible disclosure allows companies like Google to keep users safe by fixing vulnerabilities and resolving security concerns before they are brought to the attention of the bad guys."

There are currently perhaps two other issues lurking in the security shadows for Google. In one particularly active thread in a Google Groups discussion list, posters have alleged that their Gmail e-mails have gone missing or have been deleted. Google apologized in the thread for any inconvenience the issue may be causing.

"Regretfully, a small number of our users -- about 60 -- lost some or all of their email received prior to December 18th," Google spokesperson Courtney Hohne told internetnews.com. "Once we found out about this issue, we worked day and night to confirm that only a few accounts were affected and to do whatever we could to restore as much of the users' accounts as we could."

"We also reached out to the people who were affected to apologize and to work with them to restore the email from any personal backup they might have," Hohne added. "We know how important Gmail is to our users - we use it ourselves for our corporate email. We have extensive safeguards in place to protect email stored with Gmail and we are confident that this is a small and isolated incident."

Security research Rajesh Sethumadhavan posted on another security mailing list that Google's "blacklist" of phishing URLs was now publicly accessible.

Google's Safe Browsing extension is built into the Google Toolbar and integrated into Mozilla Firefox 2.0. Safe Browsing validates URLs against a constantly updated list of known phishing URLs. The problem apparently is that Google may also be catching a bit too much information.

"I just played around a bit with those lists and as it seems, Google did a splendid job, even capturing some people's login data," a poster noted in response to Sethumadhavan.

By Sean Michael Kerner Internetnews.com

Money For Vista, IE Bugs

Money For Vista, IE Bugs

The race to pick holes in Microsoft's newest operating system and browser is on.

VeriSign's iDefense Labs has kicked off its Vulnerability Contributor Program (VCP), a challenge to find remote arbitrary code execution vulnerabilities in Vista and Internet Explorer 7.0. VCP will pay $8,000 for the first six confirmed vulnerabilities.

It will pay an additional $2,000 to $4,000 for those who also provide working exploit code for the submitted vulnerability, bringing the total potential bounty to $12,000.

IDefense is looking for vulnerabilities that are remotely exploitable and allow arbitrary code execution without additional user interaction (like clicking an e-mail attachment for example). Social engineering and other attacks that require the user to do something other than actually just browsing a site are not valid for this contest.

IDefense expects to receive well more than six reports of vulnerabilities, but iDefense spokesman Jason Greenwood said the VCP stops at six because of budget constraints.

"We receive hundreds of vulnerability research submissions each month as part of our normal contributor program," Greenwood told internetnews.com. "We expect to get many more than six submissions that may qualify for this promotion."

Microsoft does not endorse the challenge, and Greenwood said the company has not contacted VeriSign about the challenge. "We have a close working relationship with Microsoft and responsibly make them aware of vulnerabilities as we discover them," Greenwood said.

That's not to say that Microsoft isn't aware of the iDefense challenge.

A Microsoft spokesperson told internetnews.com that Microsoft is aware of iDefense offering compensation for information regarding security vulnerabilities. The spokesperson added that Microsoft does not offer compensation for information regarding security vulnerabilities and does not encourage that practice.

"Our policy is to credit security researchers who report vulnerabilities to us in a responsible manner," the spokesperson said.

Though Microsoft will not pay for vulnerabilities, it won't ignore the vulnerabilities exposed by the challenge, either.

"Microsoft doesn't want to speculate on the motives of third-party researchers but will say it is committed to working with them closely on the issues they bring to our attention," the spokesperson said. "Whoever handles vulnerabilities, Microsoft does encourage them to responsibly disclose the vulnerability to the affected software vendor in order to protect all customers/users."

VeriSign's iDefense customers, however, may well get the leg up on Vista and IE7 vulnerabilities, ahead of regular Microsoft users.

"Early notification of vulnerabilities is just one aspect of the research the iDefense team does," iDefense's Greenwood said. "Our customers will benefit from the challenge by knowing about potential threats before they are exploited and giving them information to assess the potential risk prior to a patch being put out by Microsoft."

By Sean Michael Kerner Internetnews.com

Image Spam - A Growing Challenge

Image spam becoming a growing challenge:

There are hundreds of millions of spam email messages being sent every day. This has been a significant problem as spam covers 90% of all emails worldwide. Now this has become an even bigger challenge due to increased volume of image spam.

Image spam is a serious and growing problem, not least because of its ability to circumvent traditional email spam filters to clog servers and inboxes. In just half a year, the problem of image spam has become general enough to be representative of 35 per cent of all junk mail. Not only this, but image spam is taking up 70 per cent of the bandwidth bulge on account of the large file sizes every single one represents.

Apart from taking up valuable bandwidth, the time taken to filter out and destroy spam represents a significant burden on both IT staff and personnel in businesses and organizations. At the same time, operators themselves are building ever more efficient email servers and bandwidth capacity in order to deliver emails that nobody wants

Ironically, at the heart of the problem are ordinary computer owners completely unaware that their computers are being used to launch the very attacks that end up in their inboxes. This is achieved through botnets, where computers are silently infected and activated as part of a larger raft of computers to do the spammers' bidding. Vast majority of all the spam is being sent from these botnets of zombie computers.

To give some idea about the scale of the problem a typical Warezov-based botnet can send 160 million spam messages in just two hours. And last year botnets raised the volume of spam in circulation by 30 per cent. For enterprises, often the target of spam attacks, that figure was 50 per cent.

Spam originally used basic text captured in a GIF image to bypass standard dictionary-based content filters but this has now morphed into image spam. Image spam is characterized by patchwork colours, multicolour characters with pixel-level randomization. It also features the use of random nonsensical text messages sampled from legitimate web sites between the hard sell of products like Viagra and other popular pharmaceuticals.

From : F-Secure.com

Security threats for Company Networks

Security threats to Protect Networks from in 2007

According to GFI, a leading provider of network security, content security and messaging software, every IT manager should make it part of their New Year's Resolution to protect their networks from the following threats in 2007:

Piracy: To protect themselves from legal action companies need to monitor networks more effectively, to ensure employees do not copy illegal material

Targeted data theft: Even more then before crime cartels are realising that information can be as valuable, if not even more so, than drugs and weapons so companies need to take adequate steps to protect data

Phishing: This is an easy way for criminals to harvest credit card and other personal information and companies need to protect themselves from such threats

USB: The proliferation of USB devices and improvements in storage technology lead to the inevitability that targeted attacks using techniques such as hacksaw or pod slurping will increase

Malware: Although Microsoft Vista is more secure, third-party software can be targeted as a means of infecting a system through the back door. Security vendors need to catch up, and quickly

Vista IPv6 Windows Internet Computer Name: This technology will allow every Vista installation to have its own internet domain name, exposing users to the threat of "man-in-the-middle" attacks and spoofing. While users will have the option of two running modes, the secure mode is just too complex for most users, making it unlikely that many people will choose that option

Wireless: Is the next evolutionary step of pod slurping and hacksaw-like attacks that they will involve wireless devices? Watch out for this in 2007.

Games Consoles: Playstation 3 and Xbox 360 both have extensive processing power as well internet connections and it is only a matter of time before malicious attacks start targeting these systems with DDOS attacks as well as traditional spam.

Net-Security.org