This Week (and last) in Security
You may have noticed that there was no MarketWatch last week due to technical issues. This week’s is a bit longer as it incorporates news from last week as well as this week. JG
Spyware/Malware/Phishing/Virus/etc:
Internet miscreants have created a spam-sending Trojan that comes fitted with an anti-virus scanner. The SpamThru Trojan attempts to reserve control of compromised machines by blocking infection by other forms of malware using a pirated copy of a commercial anti-virus scanner.
http://www.theregister.co.uk/2006/10/23/spamthru_trojan/
In keeping with the Halloween season, I'm starting a series on scary malware tricks, similar to last year's series on spyware tricks. Perhaps my personal focus has changed, but it seems to me spyware tricks are becoming far more devious and destructive. Last year I was testing mostly adware, whereas this year I'm testing more trojans, backdoors, rootkits, etc. Also scary – botnets are reportedly growing in frightening numbers.
http://blogs.zdnet.com/Spyware/?p=859
This is a nasty trick! There are a few Halloween sites being used to distribute malware, right at the time when unsuspecting web users might be searching for Halloween sites for fun. Patrick Jordan, aka, Webhelper has posted the details here with a screenshot of the code with iframe links to a well known malware distribution site.
http://blogs.zdnet.com/Spyware/?p=860
Last week, a handful of employees at Dekalb Medical Center in Decatur, Ga., received e-mails saying they were being laid off. The subject line read “Urgent – employment issue,” and the sender listed on the message was at dekalb.org, which is the domain the medical center uses. The e-mail contained a link to a Web site that claimed to offer career-counseling information.
And so a few employees, concerned about their employment status and no doubt miffed about being laid off via e-mail, clicked on the link to learn more and unwittingly downloaded a keylogger program that was lurking at the site.
http://www.networkworld.com/news/2006/110106-spam-spear-phishing.html?fsrc=netflash-rss
Five words are guaranteed to send a chill through the Hub’s financial community today.
Jim Grant is watching you.
The legendary Wall Street guru has become embroiled in a legal battle with Hub mutual fund company Eaton Vance. He accuses its employees of making pirate copies of his famous $850-a-year newsletter, Grant’s Interest Rate Observer, and sharing them around the office.
How does he know? According to a lawsuit just filed by Eaton Vance in federal court, Grant’s Web site planted spyware in their computers when they subscribed to his newsletter online. The spyware is able to track how many copies they were printing out.
http://business.bostonherald.com/businessNews/view.bg?articleid=165298
Researchers at Exploit Prevention Labs recently uncovered a major cyber criminal ring operating in Australia using what appear to be Yahoo Greetings e-cards to infect thousands of computer users with malicious keylogger malware. Attackers used the malware to steal credit card numbers, bank account usernames and passwords and other personal information.
http://www.technewsworld.com/story/7ujrbuLiqQvvCV/Holiday-Scammers-E-Greeting-Card-Tactics.xhtml
Recently, I have been receiving a number of what can best be described as "bounced" e-mails. Trouble is, these e-mails are not originating with me. As anyone can attest who has been bombarded with "delivery failure" notices for e-mails he never sent, identity theft on the Internet is not only about stealing credit card numbers and IDs. It’s also about stealing an important commodity: your e-mail and/or domain address so it can be used as a "spoofed" return address for some spammer’s large mailing of get-rich-quick stock tips, fake prescription medications or sexual enhancements.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9004636
Fascinated at the stuff some people "think" they can toss out in the trash, I was handed an assignment I couldn't pass up: Cruise curbside for discarded computers and the possible info contained inside.
http://www.canada.com/topics/technology/story.html?id=87f7f6bc-5d4f-4051-ad4e-bce6492393e7&k=34726
Security firms are reporting more and more instances of booby-trapped Windows codecs - file compressors - required to play some video formats.
http://news.bbc.co.uk/2/hi/technology/6100016.stm
Hackers have published code that could let an attacker disable the Windows Firewall on certain Windows XP machines.
http://www.networkworld.com/news/2006/103006-new-windows-attack-can-kill.html
A tricky malicious program has become more prevalent in spam, but experts don't know what its creators plan to do with it.
Many vendors are rating the malware -- called "Warezov," "Stration" and "Stratio" -- as a low risk. But they also say that it is tricky to deal with.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9004601
Domain names likely to appeal to fraudsters are up for grabs on domain resale sites.
Firms such as Sedo and Moniker specialise in the sale of domain names that have already been registered and are now being resold in the secondary (or aftermarket) for domain names. Most domain names are sold for a few hundred or thousand dollars (as opposed to an original registration price of $10 or so) while particularly attractive domains - such as hell.com - can fetch six figure sums.
http://www.theregister.com/2006/10/31/domain_resale_market/
The threat posed by hackers is shifting from attacks on computers to attacks on electronic transactions, according to the head of one of the world's largest security software vendors.
http://www.techworld.com/security/news/index.cfm?newsID=7255&pagtype=all
Security & Legal:
A federal trial that began Monday in Philadelphia will decide whether operators of Web sites can be jailed and fined for not blocking children's access to materials deemed "harmful" to them.
http://www.itworld.com/Man/2681/061023copa/index.html
Adware manufacturer Zango has reached an agreement with the Federal Trade Commission in response to charges that it breached federal law by deceptively installing advertising software on consumers' PCs without a clear means of removal.
http://news.com.com/Zango+reaches+settlement+with+FTC/2100-1032_3-6132364.html?tag=nefd.top
Federal law enforcement officials Tuesday arrested the well-known CEO of White Plains, N.Y.-based MSP provider Compulinx on charges of stealing the identities of his employees in order to secure fraudulent loans, lines of credit and credit cards, according to an eight-count indictment unsealed by the U.S. Attorney's office in White Plains.
http://www.varbusiness.com/sections/news/breakingnews.jhtml?articleId=193500991
C|Net article about the uncertain future of the popular anti-virus software companies. "I mention Netscape because, if you believe Symantec and McAfee, a similar situation is about to unfold within the security industry. Microsoft, again recognizing late that it had failed to seize upon this thing called security, is now about to bundle its own security solutions within Windows Vista and further enforce new security policies that lock out some third-party security solutions altogether. Vendors Symantec and McAfee have looked into the future and realized that people may one day speak of them in the way that we now speak reverently of the early builds of Netscape."
http://cnet.com.au/software/internet/0,239029524,339271785,00.htm
Indiana University graduate student Christopher Soghoian pointed out a flaw in airline security by posting a fake boarding pass generator online, and was rewarded with a visit from FBI agents with a search warrant.
http://www.theregister.co.uk/2006/10/31/the_fake_boarding_pass_merit_badge/
A flurry of fifty-five criminal and civil lawsuits against sellers of counterfeit software hit targets in the United States and ten other countries as Microsoft tries to crack down on the threat to its main revenue business.
Seventeen members of an alleged international phishing and carding gang have been arrested in the US and Eastern Europe following an FBI investigation.
http://www.theregister.co.uk/2006/11/03/operation_cardkeeper_phishing_arrests/
An alleged credit card thief, who has been identified as using the online handle "John Dillinger," has emerged as a suspect in an aggressive FBI law enforcement action to be announced Friday. The action, dubbed Operation Cardkeeper, has resulted in 17 arrests of hackers and carders this week in the United States and Poland.
http://www.wired.com/news/technology/0,72064-0.html?tw=wn_index_1
Microsoft:
Microsoft's mythical operating system looks set to remain a thing of legend. The oft-delayed Windows Vista is facing an epic setback, having been pushed back 18,000 years.
http://www.theregister.co.uk/2006/11/01/vista_delayed_until_20007/
In the first three months after shipping the Windows Defender Beta 2 anti-spyware application, Microsoft detected 22 million pieces of adware/spyware programs, resulting in roughly 14 million removals.
http://www.eweek.com/article2/0,1895,2036355,00.asp
Windows Vista's licensing terms have raised eyebrows among PC enthusiasts. As previously reported, Windows Vista sports a new Software Protection Platform (SPP) aimed at curbing piracy. Among SPP's many "features" is a service that monitors PCs for evidence of significant hardware changes. New hard drive? New motherboard? Windows Vista will recognize and keep track of the hardware in your PC, much like its predecessor Windows XP did, and it will use that information to monitor licensing compliance.
http://arstechnica.com/news.ars/post/20061030-8104.html
License transfers aren't the only thing the End User License Agreement (EULA) for Microsoft Corp.'s Windows Vista OS limits. The license also puts restrictions on how benchmarks of certain components of the OS can be published, another issue that is raising eyebrows as Microsoft still has not clarified how changes will specifically affect users.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9004658
Symantec Software Supports Vista
New antivirus, backup apps are aimed at early adopters of the upcoming Windows OS.
http://www.pcworld.com/article/id,127733-c,antivirus/article.html
Microsoft has backed down to fierce criticism over proposed licensing terms for Windows Vista to allow users to uninstall the forthcoming operating system and install it on another PC.
http://www.theregister.co.uk/2006/11/03/ms_vista_climb-down/
Two consumer advocacy groups have filed a complaint with the U.S. Federal Trade Commission, saying Microsoft and other Web-based companies are using "unfair and deceptive" business practices to collect data about their customers.
http://www.pcworld.com/article/id,127727-c,privacy/article.html
Misc/Humour:
Two men accused of trying to sell Coca-Cola Co. trade secrets to rival Pepsico Inc. have pleaded guilty to conspiracy.
http://www.cbc.ca/money/story/2006/10/23/coketradesecrets.html
A UK artist has dismally, albeit heroically, failed to get off the ground in a 20ft aircraft powered by a giant rubber band, the Daily Telegraph reports.
http://www.theregister.co.uk/2006/10/24/giant_model_plane/
This is how we built the Mac-O-Lantern
http://www3.uark.edu/bkst/macmod/page1.htm
Greg shed 41 lbs. from a 274-pound frame in just 3 months -- and did it playing World of Warcraft. Word?
http://www.theinquirer.net/default.aspx?article=35456
Bad dates, B-movie terrors, meat that eats meat, and meeting places for the dead: All these horrors and more make up our list of the freakiest Web sites.
http://www.pcworld.com/article/id,127508/article.html
Letter carriers occasionally have to deal with angry dogs or maybe even a spider's nest in a mailbox, but a mean squirrel?
