Spyware

Lots of Microsoft news this week!

Spyware/Malware/Phishing/Virus/etc:

More Brits than ever are placing themselves at risk of identity fraud, despite awareness campaigns warning them of the dangers.

http://www.theregister.co.uk/2006/10/16/id_fraud_prevention_week/

McDonalds Japan has launched a recall after discovering that MP3 players it offered as a prize were loaded with a particularly nasty strain of malware. Up to 10,000 people might have been exposed to the problem after claiming a Flash MP3 player pre-loaded with ten tunes and a variant of the QQpass spyware Trojan.

http://www.theregister.co.uk/2006/10/16/mcd_spyware_mp3_recall/

The image to the left is something that surfaced on the murky waters of the web a few days ago - Zango is just one of a number of words I monitor on a regular basis to see if anything's kicking off on the Internet. Well, my Zangometer suddenly off the scale and I just had to get to the bottom of it.

http://www.vitalsecurity.org/2006/10/anyone-know-what-deal-is-with-zango.html

A nice little scam making the rounds victimizes sellers of computer hardware as the scamster asks for benchmarks of the system for sale, provides a link to Fraps for the vicitm to use, and delivers a keylogger with it.

http://www.securitypronews.com/insiderreports/insider/spn-49-20061016BewareOfPCBuyersBearingFraps.html

The marketplace for phishing toolkits, which can allow technophobe criminals to quickly and easily set up spoofed versions of banking Web sites, is booming, with kits changing hands for as little as $30.

http://news.com.com/Quality%2C+quantity+of+phishing+kits+on+the+rise/2100-1029_3-6126217.html?tag=nefd.top

Tipper Nic directs our attention to this forum post, where we read of a disheartening little slip of paper that suggests some seriously gross spyware will be installed along with Battlefield 2142, all in the name of in-game advertising:

http://www.kotaku.com/gaming/centipedes/battlefield-2142-with-a-dash-of-spyware-207955.php

Spyware researcher Ben Edelman has documented several issues with toolbars distributed by IAC Search and Media's FunWebProducts that lead him to criticize how those toolbars function.

http://www.securitypronews.com/insiderreports/insider/spn-49-20061017AskToolbarsHitWithSpywareClaim.html

Apple said that a small number of video iPods made after Sept. 12 included the RavMonE virus. It said it has seen fewer than 25 reports of the problem, which it said does not affect other models of the media player, nor does it affect Macs.

http://news.com.com/Apple+loads+Windows+virus+on+iPods/2100-7349_3-6126804.html?tag=nefd.top

Microsoft has blocked the attack vector used to slip unsigned drivers past new security policies being implemented in Windows Vista, according to Joanna Rutkowska, the stealth malware researcher who created the exploit.

http://www.eweek.com/article2/0,1895,2034307,00.asp

An email promising racy pictures of teenage Russian pop group Tatu is, yes, a new Trojan.

http://www.techworld.com/security/news/index.cfm?newsID=7149&pagtype=all

Security & Legal:

The Spamhaus Project Ltd. has told a U.S. court that it plans to appeal a recent ruling that threatened the volunteer organization with millions of dollars in legal fines and a possible shutdown of its database of known spammers.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9004179

Hackers are developing new software that will help hide browser attack code from some types of security software.

http://www.pcworld.com/article/id,127542-c,hackers/article.html

The phishing scheme that targeted an unnamed midsized bank arrived in employee inboxes personally addressed, without spelling or grammar errors, and claimed to be from a journalist.

http://www.securitypronews.com/insiderreports/insider/spn-49-20061019FakeJournalistPhishDeliveredKeyloggers.html

Microsoft:

Microsoft Corp. is limiting the number of machines to which users can transfer Windows Vista licenses as part of licensing changes the company has made to its Windows client operating system.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9004176

It is handbags at dawn after Microsoft has hit out at claims that a virus which was discovered in Apple's iVideo machine was its responsibility.

http://www.theinquirer.net/default.aspx?article=35199

It's been a long time coming, but Internet Explorer 7 is here at last. If you're dying to get your hands on the new browser, you can go download it right now, but there's really no need -- IE7 will soon come knocking on your door.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9004205

Less than 24 hours after the launch of Internet Explorer 7, security researchers are poking holes in the new browser.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9004259

The launch of Internet Explorer 7 soon saw a followup advisory that a vulnerability had been found in the browser, which Microsoft disputed. That was promptly followed by some heated rhetoric from security firm McAfee over Vista security.

http://www.securitypronews.com/insiderreports/insider/spn-49-20061020MicrosoftBattlesIE7ReportsMcAfeeComplaints.html

Windows users have raised concerns about Microsoft Corp.'s new licensing for Windows Vista that will allow them to transfer a Vista license to only one machine other than the computer for which it was purchased.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9004276

Microsoft has quietly pushed back the third official service pack for Windows XP to 2008. Whether or not this is an issue seems to be one for debate.

http://www.internetnews.com/dev-news/article.php/3639101

Misc/Humour:

The US population has hit 300 million people, just 39 years after it reached 200 million, according to US Census Bureau estimates.

http://news.bbc.co.uk/2/hi/americas/6057004.stm

It's been said that the average American will see two million TV commercials by the time he or she turns 65. Doing some quick math in my head, I believe that means that I've seen...well, a terrifyingly large number of commercials for PCs and related products over the past 26 years or so. You too, maybe.  (Some great old PC commercials here! JG)

http://blogs.pcworld.com/techlog/archives/002950.html

A US casino mogul has blown a deal to offload a Picasso painting for £74m ($139m) after accidently sticking his elbow through it, the BBC reports.

http://www.theregister.co.uk/2006/10/18/magnate_holes_picasso/

It's not exactly the dreaded Y2K problem, but the way computers and other electronic devices handle dates and times could soon be a source of headaches again.

http://www.theglobeandmail.com/servlet/story/RTGAM.20061018.wxtw-dst19/BNStory/Front/home

The US's largest consumer ISP has started its controversial scheme to make people will have to pay to send AOL members email.

http://www.theinquirer.net/default.aspx?article=35237

Spyware/Malware/Phishing/Virus/etc:

Safer Networking, the maker of Spybot-S&D, has been battling with Symantec for a year and a half over Symantec's Norton products, leading to an ultimatum calling for Symantec to leave the Anti-Spyware Coalition, or Safer Networking will depart.

http://www.securitypronews.com/insiderreports/insider/spn-49-20061010SpybotAndSymantecInSpywareSpat.html

The anti-spam group Spamhaus Project warned more junk e-mail could be on the way as it prepares to lose its domain name thanks to a company it has accused of sending spam.

http://www.cbc.ca/technology/story/2006/10/10/tech-spamhaus.html

UK police are attempting to reach thousands of Brits who have become victims of malware-powered ID theft scam.

http://www.theregister.co.uk/2006/10/11/id_theft/

Computers in the US have been the staging point for a dramatic increase in criminal attacks against PCs in Britain.

http://www.securitypronews.com/insiderreports/insider/spn-49-20061012BritishPCsUnderAttackFromTheUS.html

A September decision by a federal court may mean more spam hitting inboxes, an analyst said Wednesday.

http://www.techweb.com/wire/security/193200666

Internet experts are worried that a court decision against antispam blacklister The Spamhaus Project Ltd. could trigger a "constitutional crisis" for the Internet.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9004111

The personal information — including some credit card and bank account numbers — of about 70,000 people who gave money to Brock University has been stolen from the school's computers by a hacker.

http://www.cbc.ca/technology/story/2006/10/12/tech-brock.html

Security & Legal:

Early on the morning of Oct. 10, reports started circulating that German police had arrested a man they accused of being Osama bin Laden's Webmaster. It was at that moment that I realized how different a war this is and how the Internet—and particularly its multimedia-friendly Web component— truly has changed all.

http://www.eweek.com/article2/0,1895,2028610,00.asp

Microsoft:

A large part of the appeal of blogging is its simplicity. Setting up an account at one of the large blogging services like Blogger.com is as untaxing as filling in a few fields in an online form. As uncomplicated as blogging can be, however, once the bloom fades on its novelty, it can become a chore. You've got to log into your host, navigate menus, write in a rudimentary editor and maybe even fuss with some HTML. Prolific bloggers usually skirt those annoyances by using an offline editor. There are several decent ones out there for Windows users. And now there's another. (PS:  I’ve tried it and it works VERY well! JG)

http://www.technewsworld.com/story/ZZ7BZmg6b3rCup/Microsofts-Free-Editor-Makes-Blogging-Simple.xhtml

Microsoft published 10 patches as part of its regular Patch Tuesday update cycle yesterday, but many users are experiencing problems getting hold of the software updates because of delays involving Microsoft's Windows Update delivery mechanism.

http://www.theregister.co.uk/2006/10/11/october_patch_tuesday/

Microsoft Corp. yesterday defended itself against accusations that its new antipiracy plan in Windows Vista will create more spyware.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9004019

Microsoft will end support for Windows XP Service Pack 1 and SP1a on Tuesday, leaving people no option but to upgrade to Service Pack 2 if they wish to continue to receive crucial components, including security software.

http://news.zdnet.com/2100-3513_22-6123975.html

Business:

Google announced today that it would acquire YouTube for $1.65 billion in stock compensation. YouTube will continue to operate independently. Google Video will continue to operate separately.

http://googlewatch.eweek.com/blogs/google_watch/archive/2006/10/09/13777.aspx

While thousands wait for service from its struggling TalkTalk broadband service, Carphone Warehouse has snatched 2.1 million new customers by buying AOL UK.

http://www.techworld.com/mobility/news/index.cfm?newsID=7076&pagtype=all

Misc/Humour:

The Maker of canned pork, Hormel Foods has lost a trademark battle over the word spam.

http://www.theinquirer.net/default.aspx?article=35055

Sick of spam? Have another drink...of it.

http://www.spam-energydrink.com/

Welcome back to our weekly "This Week In Security" segment.  Each week we'll be bringing you a list of interesting and useful stories/articles from around the Internet in one easy to find place.  Enjoy and happy reading!

Spyware/Malware/Phishing/Virus/etc:

In-the-wild exploits against the latest unpatched Windows vulnerability have started circulating, using Internet Explorer as the attack vector to load identity theft Trojans and rootkits on infected machines.

http://www.eweek.com/article2/0,1895,2022805,00.asp

Pond-dwelling scammers are seeking to exploit interest in last weekend's Brazilian airline disaster to tempt potential victims onto a site hosting a Trojan downloader.

http://www.theregister.co.uk/2006/10/03/flight_disaster_phishing_scam/

Increased use of stealth techniques such as rootkits is leading to fewer reports of new viruses, according to a study by net security outfit VeriSign iDefense.

http://www.theregister.co.uk/2006/10/03/verisign_stealth_malware_report/

The malware headache began for Robyn when she saw a MySpace bulletin from a friend inviting her to view new photos. She knew the friend in real life, so she went ahead and clicked the link. The site looked like a photo-sharing site, but one she had never heard of. Then her computer practically froze. A few days later, her MySpace friends received photo-viewing invites that seemed to come from her.

http://www.pcworld.com/article/id,127347-c,onlinesecurity/article.html

An instant messaging botnet attack that plagued users of Yahoo's Messenger client has been revamped into a more sophisticated approach that could lure people into clicking lucrative ads for the attacker's benefit.

http://www.securitypronews.com/insiderreports/insider/spn-49-20061004BotnetTacticsEnableClickFraud.html

One of the hackers who demonstrated exploit code for a vulnerability in the way the Firefox browser handles JavaScript at a hacker conference in San Diego admitted today that the presentation was meant to be a joke, according to Mozilla Corp.'s chief of security.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9003837

Social-networking sites could give hackers a backdoor into corporate IT platforms and databases, putting businesses at risk for malicious cyber attacks as more adults access these sites from computers at work., according to a study released Wednesday by CA (the former Computer Associates) and the National Cyber Security Alliance (NCSA).

http://www.techweb.com/wire/security/193104231

Sophos has launched a host intrusion detection (HIPS) technology it claims can spot malware before it has a chance to execute anywhere on the network.

http://www.techworld.com/security/news/index.cfm?newsid=7025&pagtype=all

Those who have spent a long time working with and learning about technology have found it hard to determine why non-techies seem more vulnerable to phishing attacks.

http://www.securitypronews.com/insiderreports/insider/spn-49-20061005ProfessorStudiesWhyPhishingWorks.html

A new service will call on the Internet community to identify suspected phishing scams. Freedom Networks' OpenDNS, which provides free directory services necessary to translate a Web site's domain name into its actual numeric Internet address, developed the system to help block its users from so-called phishing sites.

http://www.technewsworld.com/story/53464.html

Security & Legal:

Employees at the U.S. Department of Interior (DOI) spend significant time on sexually explicit and gambling Web sites and even more time shopping and playing online games while at work, according to a report released Wednesday.

http://www.itworld.com/Tech/2987/061005usworkers/

Russian hackers get eight years in clink

http://www.theinquirer.net/default.aspx?article=34841

Microsoft:

Microsoft will unveil Oct. 4 a new software protection platform and accompanying technologies that it plans to incorporate into a variety of products, starting with Windows Vista and Windows Server Longhorn, in hopes of combating piracy.

http://www.eweek.com/article2/0,1895,2024182,00.asp

Every system and network administrator's favorite time of the month, the unofficially-celebrated Patch Tuesday, arrives next week with eleven patches ready to battle a host of vulnerabilities.

http://www.securitypronews.com/insiderreports/insider/spn-49-20061006MicrosoftFighting11FlawsOnTuesday.html

McAfee Inc. top executives went on the offensive Monday against Microsoft Corp., saying Vista will be even less secure for customers than previous versions of Windows.

http://smallbusiness.itworld.com/4380/061004mcafeevista/page_1.html

Mobile:

A UK firm is hoping a cell phones security system it has developed which sets off a high pitch scream, permanently locks the handset and wipes all data if stolen, will halt the spiraling rise in phone theft.

http://news.yahoo.com/s/nm/20061002/tc_nm/telecoms_screaming_phone_dc_2

Cell phone worms and VoIP fraud are among the top 10 security threats to watch next year, according to a panel of experts assembled by the SANS Institute.

http://www.technewsworld.com/story/JpleN6k2Gwql8a/Report-Cell-Phone-Worms-VoIP-Fraud-to-Grow-in-07.xhtml

Misc/Humour:

Google has bought itself a birthday present for its 8th birthday: the 1,900-square-foot  Menlo Park house that boasts the garage where Sergey Brin and Larry Page launched Google eight years ago.

http://blogs.zdnet.com/micro-markets/index.php?p=494

A Bulgarian woman driver escaped relatively unscathed from a head-on pile-up with another vehicle when her 40DD breast implants absorbed most of the impact, Ananova reports.

http://www.theregister.co.uk/2006/10/03/bulgarian_airbags/

It looked like any other auction, until you noticed the guy with pointed Vulcan ears.

http://www.canada.com/topics/technology/story.html?id=de3faea8-3c71-4ee3-97ee-f50938d6cec0

Gallery of Trek items up for auction

http://www.canada.com/topics/technology/photogalleries/trekauc.html