As planned, Microsoft released a fix on Monday for a critical Windows vulnerability that was being exploited by a fast-spreading virus and other malware.
The software patch fixes the way Windows Shell handles shortcut files, which are links to a file represented by an icon and implemented with the .lnk extension. Attackers exploiting the hole could take complete control of the computer, the security advisory said.
An attacker could disseminate a USB or other removable drive with a malicious shortcut file on it and when the target victim opens the drive in Windows Explorer or any other application that parses the icon of the shortcut, the malicious code would execute on the victim's computer. An attacker could also embed malware in a malicious Web site, a remote network share, or in a Microsoft Word document, Microsoft said.
Originally, the Windows flaw was used to spread the Stuxnet worm via USB drives and it was stealing information from systems running Siemens software used in critical infrastructure companies. Late last week, Microsoft issued a blog post that said there were copycat attacks exploiting the hole, including one involving the Sality.AT virus, which was spreading fast.
The situation was serious enough to prompt Microsoft to release an "out of band" patch instead of wait a week to fix the hole with its next scheduled Patch Tuesday security update, on August 10.
"Symantec is aware of multiple threats leveraging the vulnerability, and attempted exploitations have steadily increased since the security hole first came to light," said Ben Greenbaum, senior research manager for Symantec Security Response. "One such threat is a new variant of Changeup," a highly destructive threat.
The hole affects all versions of Windows including Windows 2000 and Windows XP service pack 2, which are not supported by Microsoft anymore. Customers using those versions need to upgrade to be protected from the attacks.
"So far, most of the exploits using this vulnerability have been targeting SCADA (supervisory control and data acquisition) systems, and these systems typically run on older operating system versions. These older systems are not being patched today," said Andrew Storms, director of security operations for nCircle. "Utility companies that know they cannot upgrade are fully aware their systems contain a public vulnerability that is being exploited. Utility companies and SCADA vendors are probably scrambling to find a resolution to this problem as quickly as possible."
Monday, August 2, 2010
Monday, July 26, 2010
Microsoft: IE8 Barred 1 Billion Malware Downloads
Internet Explorer 8, with the help of its SmartScreen Filter, has "blocked 1 billion attempts to download malware," Microsoft product manager James Pratt said in a blog post Friday.
The SmartScreen Filter evaluates URLs and their associated servers. If the software recognizes a server as containing malicious content, it displays a warning, saying it's unsafe to browse to a respective site that could cause harm on the user's computer. The user is then given the option to continue to the page or go back to their home page without downloading any content.
According to Microsoft, the SmartScreen filter continues to improve. In August 2009, it blocked 70 million malware download attempts. At the time, just 15 percent of Web users were surfing with Internet Explorer 8. Today, Microsoft reported, nearly 26 percent of the Web population is using IE8, and the company's SmartScreen filter is blocking "five times more malware month on month" compared to August 2009.
Of course, whether Microsoft's ability to block a billion malware download attempts is really something to gloat about is up for debate. On one hand, the company seems to be doing a better job of keeping users safe. On the other, the fact that that many attempts have been made might speak to security issues that still plague the Windows ecosystem. Regardless, it seems that Microsoft is turning its blocking abilities into a positive thing. And to some extent, it's commendable.
But that won't stop me from choosing Google Chrome or Mozilla Firefox over Internet Explorer.
Monday, July 19, 2010
Spy Rootkit Goes After Indian, Iranian Systems
Sophisticated malicious software that infects critical infrastructure systems is spreading in the wild, according to security companies.
Finnish security company F-Secure, which is in the process of analyzing the malware, told ZDNet UK that critical infrastructure in India and Iran had been affected.
The malware takes advantage of a zero-day vulnerability in Microsoft .lnk shortcut files, and infects Siemens WinCC Scada software running on Windows 7 Enterprise Edition x86 systems. It spreads via USB drives and runs automatically when a shortcut icon is displayed on a user's screen.
Read more of "Spy rootkit goes after key Indian, Iranian systems" at ZDNet UK.
Monday, July 12, 2010
Report: NSA initiating program to detect cyberattacks
The National Security Agency is reportedly launching a program to monitor for cyberattacks against government agencies and private companies responsible for key services such as electricity, nuclear power, and transportation, according to a story in Thursday's Wall Street Journal.
The program, known as "Perfect Citizen," is already triggering mixed reactions, says the Journal. Some in industry and government see it as an attempt by the NSA to intrude into domestic matters, while others believe it's a much-needed step in fighting the threat of cyberattacks.
Perfect Citizen would establish a series of sensors across various computer networks that would sound an alarm in the event of a possible cyberattack. The sensors would be deployed at agencies and private companies that handle the nation's most critical infrastructure, including the electrical grid, nuclear power plants, subway systems, and air-traffic control networks.
The program would reportedly focus on older computer systems and networks that were initially designed without Internet access or any real security in place but have since been linked to the Internet, leaving them open and vulnerable. Since it can't force private companies to accept Perfect Citizen, the government would dangle various incentives to get them to tie into the new system, according to the Journal.
In spite of privacy concerns, many businesses might find the extra protection valuable, as in the case of Google, which enlisted the aid of the NSA last year to help investigate the cyberattacks launched from China. Reportedly, Google and the NSA chatted earlier this year about a more formal partnership to thwart future cyberattacks.
Officials in Washington and executives in the private sector have increasingly expressed fears that major cyberattacks launched against the country's critical infrastructure could seriously harm the government and economy. U.S. intelligence experts have already been monitoring attempts to hack into the electric grid and other key services, which they believe stem from China and Russia, the Journal reported.
The new program is getting funding from the Comprehensive National Cybersecurity Initiative. This multibillion initiative hinted at the Perfect Citizen project with plans by the NSA to expand its surveillance into the private sector through a network monitoring system named Einstein. Defense company Raytheon has already scored a contract worth up to $100 million for the initial stage of the project, the Journal said, citing a person familiar with the project.
Since Perfect Citizen is still in its infancy, key questions will need to be addressed, including which network systems will be monitored and how information will be gathered. The NSA would probably kick off the project with the most critical services, such as electricity, nuclear power, and air traffic control systems, said the Journal.
The program, known as "Perfect Citizen," is already triggering mixed reactions, says the Journal. Some in industry and government see it as an attempt by the NSA to intrude into domestic matters, while others believe it's a much-needed step in fighting the threat of cyberattacks.
Perfect Citizen would establish a series of sensors across various computer networks that would sound an alarm in the event of a possible cyberattack. The sensors would be deployed at agencies and private companies that handle the nation's most critical infrastructure, including the electrical grid, nuclear power plants, subway systems, and air-traffic control networks.
The program would reportedly focus on older computer systems and networks that were initially designed without Internet access or any real security in place but have since been linked to the Internet, leaving them open and vulnerable. Since it can't force private companies to accept Perfect Citizen, the government would dangle various incentives to get them to tie into the new system, according to the Journal.
In spite of privacy concerns, many businesses might find the extra protection valuable, as in the case of Google, which enlisted the aid of the NSA last year to help investigate the cyberattacks launched from China. Reportedly, Google and the NSA chatted earlier this year about a more formal partnership to thwart future cyberattacks.
Officials in Washington and executives in the private sector have increasingly expressed fears that major cyberattacks launched against the country's critical infrastructure could seriously harm the government and economy. U.S. intelligence experts have already been monitoring attempts to hack into the electric grid and other key services, which they believe stem from China and Russia, the Journal reported.
The new program is getting funding from the Comprehensive National Cybersecurity Initiative. This multibillion initiative hinted at the Perfect Citizen project with plans by the NSA to expand its surveillance into the private sector through a network monitoring system named Einstein. Defense company Raytheon has already scored a contract worth up to $100 million for the initial stage of the project, the Journal said, citing a person familiar with the project.
Since Perfect Citizen is still in its infancy, key questions will need to be addressed, including which network systems will be monitored and how information will be gathered. The NSA would probably kick off the project with the most critical services, such as electricity, nuclear power, and air traffic control systems, said the Journal.
Wednesday, July 7, 2010
Ad-Aware Free Gains Antivirus Abilities
The paid upgrade versions of the popular malware remover Ad-Aware have offered antivirus support for more than a year, but now that feature, plus a long-awaited scheduler, have been added to the free version.
On Tuesday, Ad-Aware Free Internet Security 8.3 offered users of its free product those two new features in a minor update.
Ad-Aware Free Internet Security 8.3 finally offers its users a scheduler.
(Credit: Screenshot by Seth Rosenblatt/CNET)
Although the update sounds small, the addition of a scheduler comes after years of the publisher LavaSoft restricting the feature to its paid upgrades as bait to get users to buy a license. Many software publishers have similar business models, though there is an ongoing debate among users as to what is acceptable to restrict and what cripples a program's core functionality. While the scheduler doesn't affect the program's ability to function, many users felt that by forcing them to rely on themselves to run scans, the company was, in effect, making their computers less secure.
The antivirus feature is new to Ad-Aware, having only been introduced in 2008. Originally, the program used Avira's virus detection engine, but since 2009, the detection engine has been provided by Sunbelt Software. These changes to the free version of Ad-Aware put it on more competitive footing with other well-known free security programs, such as AVG, Avast, and Avira.
On Tuesday, Ad-Aware Free Internet Security 8.3 offered users of its free product those two new features in a minor update.
Ad-Aware Free Internet Security 8.3 finally offers its users a scheduler.
(Credit: Screenshot by Seth Rosenblatt/CNET)
Although the update sounds small, the addition of a scheduler comes after years of the publisher LavaSoft restricting the feature to its paid upgrades as bait to get users to buy a license. Many software publishers have similar business models, though there is an ongoing debate among users as to what is acceptable to restrict and what cripples a program's core functionality. While the scheduler doesn't affect the program's ability to function, many users felt that by forcing them to rely on themselves to run scans, the company was, in effect, making their computers less secure.
The antivirus feature is new to Ad-Aware, having only been introduced in 2008. Originally, the program used Avira's virus detection engine, but since 2009, the detection engine has been provided by Sunbelt Software. These changes to the free version of Ad-Aware put it on more competitive footing with other well-known free security programs, such as AVG, Avast, and Avira.
Thursday, July 1, 2010
Latest Virus Threats Announced Online By Free Trial Spyware
Jay Stamford of Spyware Free Trial has announced that Win32/Oficla.GN trojan is one of a number of recent virus threats. When the infected e-mail attachment is executed, it copies to a Windows system folder and modifies the registry to load automatically on next startup.
It also downloads and installs several malicious files in the infected system. This is low to medium security threat. "Spywares and adwares are not only annoying but more often than not tend to damage your computer software and sometimes can even cause some damage to your hardware too. These annoying bugs have become a bane for internet browsers worldwide.
They have become a normal occurrence that we sometimes tend to ignore but God forbid we should never accept." Said Jay Stamford, site manager of Spyware Free Trial Spyware is computer software that spies on your internet usage. It collects highly personal and confidential information like credit card numbers, IPs and even addresses. The spyware program gets the credit card entries as the user logs them on a web form or an online application. Some spyware are even programmed to record your usage of the internet, what sites you visit, what files you download and how long you stay online.
It also downloads and installs several malicious files in the infected system. This is low to medium security threat. "Spywares and adwares are not only annoying but more often than not tend to damage your computer software and sometimes can even cause some damage to your hardware too. These annoying bugs have become a bane for internet browsers worldwide.
They have become a normal occurrence that we sometimes tend to ignore but God forbid we should never accept." Said Jay Stamford, site manager of Spyware Free Trial Spyware is computer software that spies on your internet usage. It collects highly personal and confidential information like credit card numbers, IPs and even addresses. The spyware program gets the credit card entries as the user logs them on a web form or an online application. Some spyware are even programmed to record your usage of the internet, what sites you visit, what files you download and how long you stay online.
Monday, March 1, 2010
Smart phone under threat of attacks - Friendly Computers
Smartphones are at risk of becoming the next major target for computer hackers. Researchers at Rutgers University presented their findings on cell phone vulnerabilities at a mobile computing workshop in Maryland, informing both users and phone manufacturers of the potential security threat. - Friendly Computers
Read more below…
Source: http://www.theticker.org/about/2.8220/smart-phone-under-threat-of-attacks-1.2174454
Read more below…
“Smartphones are essentially becoming regular computers … they run the same class of operating systems as desktop and laptop computers, so they are just as vulnerable to attack by malicious,” said Vinod Ganapathy, assistant professor of computer science in the Rutgers School of Arts and Sciences, in a Rutgers press release.
Since 2006, attacks on cell phones have become more common. The first attacks on cell phones came in the form of multimedia messages. After the user’s phone received the message, the cell phone would continually process the information and drain the battery 20 times faster than regular use. While cell phones have become more advanced, the types of attacks have also become more sophisticated.
Ganapathy and his team worked on a specific type of nefarious malware dubbed “rootkits.” Unlike computer viruses, rootkits attack the heart of a computer’s software, the operating system.
Rootkits can only be detected through a program known as a “virtual machine monitor,” which examines every operating system operation and data structure. An anti-virus scan would be unable to detect this specific type of malware.
Combating rootkits on smartphones is impossible since smartphones lack a virtual machine monitor program due to processing constraints. The program simply demands too much processing resources and energy that a portable phone could currently support.
Rootkits can be dangerous for the user. Not only could the assailant eavesdrop on conversations and extract personal information from phone directories, they could even keep track of a user’s whereabouts by querying the phones’ Global Positioning System receiver.
In Europe and Asia, rootkits could even gain access to a user’s finances. With mobile phones that can make payments like a credit card, a rootkit could potentially make the phone issue “reverse SMS” orders, which would direct payments to the assailant.
Currently, rootkits can be spread through an online website or Bluetooth. A benign Bluetooth worm has already been discovered in Singapore. Security specialists speculate that it was simply a test of the efficiency and effectiveness of the infection mechanism and that a major virus might be in the works.
While there isn’t much that users can do currently to protect themselves from attacks, it is advisable to visit only credible websites and delete text messages from unknown senders.
Source: http://www.theticker.org/about/2.8220/smart-phone-under-threat-of-attacks-1.2174454
Subscribe to:
Posts (Atom)
