chiawaikian
-
Posts
72 -
Joined
-
Last visited
Posts posted by chiawaikian
-
-
Microsoft is embedding advertising in its new e-mail client software known as Windows Live Mail Desktop, the company disclosed late Friday. The feature, known as Active Search, will display text links based on a message's content, much like Google does with its Gmail service on the Web.
Windows Live Mail Desktop is expected to be released later this year and will eventually serve to replace Outlook Express, updated for Vista and renamed Windows Mail. Because it will not ship with Microsoft's new operating system, Live Mail Desktop will be available as a free download.
Full article at:
http://www.betanews.com/article/New_Micros..._Ads/1149533952
-
There is currently no official place for ZoneAlarm users to turn in feature requests.
Under popular demand, I have created a (unofficial) place in my forum to collect feature requests for all ZoneAlarm products. Do note that this place is not for support issues, or for pure complaining!
I will submit all reasonable requests to the ZoneAlarm team directly.
http://chiawaikian.proboards78.com/index.cgi?board=zarequest
-
Security watchers have discovered a Trojan with built in root-kit functionality that's designed to steal the credentials of online poker players.
This isn't particularly unusual in itself, but anti-virus researchers at Finnish security firm F-Secure discovered the malware was hidden in a ostensibly legitimate package offered for download at checkraised.com, a site which provides advice and tools to online poker players.
Analysis of the Trojan revealed a sophisticated and targeted attack featuring a number of malware (executable) components that a compromised package called RBCalc.exe (AKA Rakeback calculator) deposits on vulnerable Windows PCs.....
Read more at:
-
Links from internet search results sometimes point to web pages harbouring spyware, a study from net security firm McAfee warns. The four month study from McAfee's SiteAdvisor team on five major search engines concludes that 285m clicks to hostile sites occurs every month as a result of search queries initiated by US net users alone.
The investigation, which studied search results generated by Google, Yahoo!, MSN, AOL, Ask.com, found that even common search terms can lead users to risky sites.
Dangerous sites soared to as much as 72 per cent of results for certain popular keywords, such as "free screen savers," "digital music," "popular software," and "singers". All five search engines were capable of pointing users towards risky sites.
The study also finds that "sponsored" results - paid for by advertisers - are more dangerous than non-sponsored results. On average, 8.5 per cent of sponsored links were found to be dangerous against 3.1 per cent of regular search results.
"Search engines clearly play a critical role in internet use: As a convenient starting point for online browsing, they're estimated to account for about half of all site visits," said Chris Dixon, who heads the McAfee SiteAdvisor product team.
"But economically motivated purveyors of spam, adware and other online problems quickly follow where consumers go online, in this case directly to search engine results. Today, based on browsing trends, we estimate that US internet users make 285m clicks to hostile sites every month through search queries."
Read the whole report at:
http://www.theregister.co.uk/2006/05/16/mc...h_risks_survey/
-
The number of companies reporting a spyware infestation has increased by almost half in the past 12 months, according to a new survey.
In addition, 17 percent of companies with more than 100 employees have spyware such as a keylogger on their networks, said the authors of the annual Websense Web@Work survey, published on Tuesday.
"This is almost 50 percent growth in the instances of keyloggers that organizations are reporting back," said Joel Camissar, a manager for Internet security specialist Websense. "Despite the organizations' having a 'best of breed' antivirus, anti-spyware and firewall, we are still detecting a huge amount of back-channel spyware communication."
Spyware is seen as an increasingly serious security problem, and the U.S. Federal Trade Commission has pledged to take action against companies that distribute it. The software is installed on machines without the owner's knowledge to track their online habits, sometimes via a keylogger, which records the user's keystrokes.
One reason for the growth in corporate spyware infestation is a massive increase in the number of spyware-making toolkits being sold online, said Camissar, who referred to some research that Websense conducted earlier this year in partnership with the Anti-Phishing Working Group.
"In April 2005, there were 77 unique password-stealing applications. In the latest March report, there were 197. Unique Web sites hosing keyloggers in the same time frame have gone up from 260 to 2,157--almost a 10-times growth," Camissar said.
The Websense survey also discovered that companies did not have much faith in their staff being able to distinguish between genuine Web sites and phishing sites, which mimic the online outlets of trusted businesses, such as banks, to try to trick people into handing over sensitive personal information.
"Forty-seven percent of IT decision makers said their employees have clicked on phishing e-mails, and 44 percent believe employees cannot accurately identify phishing sites," Camissar added. "I am surprised that the results are not showing a larger growth in the number of organizations hit by this kind of threat."
http://news.com.com/Keylogger+spying+at+wo...tml?tag=cd.lede
-
Analysis: A globetrotter's guide to cyber crime
Is it as simple as pointing the finger at China, Russia and the US?
In the world of cyber crime it is very easy to get drawn into the stereotypes that are commonly bandied about regarding who does what. 'The Chinese', 'The Israelis', 'The Nigerians' and 'The Russians' are often talked about in grossly generalised terms, sometimes underpinned by hard fact, sometimes not.
The most important factor in understanding the limitations of such generalisations is that malware and hack attacks can be launched from anywhere and by anybody. Likewise we have to be aware that criminals will go to great lengths to obscure their tracks.
So drawing a definitive map of cyber crime is therefore far from an exact science and assuming any one country has sole rights to any one crime would be a mistake. Cyber crime is truly a global problem.
Yet despite all this there are still some clear regional trends, though this is a far from comprehensive list.
The US
With a high number of internet connections and a rich history of web- and computer-literate criminals, the US is understandably the major focus for much of the discussion into the current global problem of cyber crime.
For example, according to Spamhaus, the US is not only responsible for more spam than any other nation, it is actually far worse than the rest of the current top 10 put together. Though much US spam has traditionally travelled via China, the US does certainly harbour some of the most prolific spammers in the world, as well as the world's three worst ISPs for relaying spam, says Spamhaus.
That ISP figure points towards a hidden menace which further blurs the boundaries of cyber crime - the sheer number of PCs that have been compromised and are churning out spam and malware unbeknownst to their owners. The most recent figures from MessageLabs suggest almost one-fifth (18.1 per cent) of all compromised machines are located in the US - and it's a fair bet, based on recent police investigations, that many of those doing the infecting are also US-based.
This isn't to say that compromised PCs - or botnets - are solely a US problem, far from it. Criminals care little for where their botnets are located, as long as they are connected to a broadband connection which can be abused.
The US also accounted for about one-fifth of internet attacks and probes last year, according to figures from Kaspersky Labs. It was second only to China.
China
China leads the way in terms of originating internet attacks, accounting for just over one-quarter of all reports last year of internet attacks and probes, according to Kaspersky Labs. The country also has a reputation for relaying large quantities of spam.
China boasts a huge population and a rapid rate of internet adoption. As connections to the internet grow and populations become more web savvy, those countries with the largest populations will naturally represent an ever-larger threat in proportional terms. It is a numbers game to a degree.
Of course China will originate more internet attacks than the UK, for example, but then it has double the number of internet users already. However, the severity of China's internet crime problem is greater than the UK's by an order of magnitude far in excess of double.
The country's mechanisms for dealing with the problem and its government's willingness to address the issue are also at a less mature stage than other countries. Such factors make the process of understanding the scale of each country's liability difficult and make comparisons largely impossible.
Russia and the Baltic States
Despite the popular myth that 'The Russians' are the greatest threat to internet security, Russia accounted for only two per cent of internet attacks and probes last year. That puts the country down in sixth place, according to Kaspersky Labs, supporting security expert Eugene Kaspersky's understandably patriotic debunking of this theory.
The eponymous founder of Kaspersky Labs blames the stereotype on the American media, suggesting propaganda and political point-scoring has done little to paint a clearer picture of which countries are responsible for what kinds of attacks.
Nonetheless, the reputation of Russia and the Baltic States has certainly been tarnished in recent years by a growing trend towards blackmail with threats of denial of service attacks. And while this is in no way unique to these parts of the former Soviet Union as all crimes, if successful, will develop a global appeal - experts claim it is a crime that was pioneered in the region - though targets were often based in the US or Western Europe.
Europe
Europe like the US plays a twin role in the world of cyber crime - as the home to perpetrators but also as a common victim. It makes sense that many of the countries with the most attractive economies will attract criminals who are increasingly spurred on by a financial incentive. And so it has proved.
Europe also has a very active hacker network and recent years have seen a number of European virus writers arrested in relation to serious attacks. Perhaps most famous of all is Sven Jaschan, the German teenaged writer of the Sasser virus. Another famous virus - as much for its social engineering as for its payload - was the Kournikova virus whose Dutch author was arrested in 2001.
And high-profile arrests are just the tip of the iceberg. Criminals within a number of accession countries to the EU have been linked with crimes such as denial of service attacks as well as the distribution of malware.
As with the US, Europe is also guilty of relaying a great deal of malware infections via unguarded home PCs and large ISPs, though this may see Europeans cast as the 'mule' rather than the criminal at source. France, Germany, Italy, Spain and the UK are all in a recent top 10 of nations originating Trojan infections, which may be unwittingly spammed out from infected botnets.
Developing world
By mid-2006, the penetration of the internet will have reached almost all corners of the globe and every country which has connections to the internet will have individuals within its population who will try to exploit this connectivity in a criminal manner. It has nothing to do with a country's 'national characteristics' and everything to do with the fact that a small percentage of any population will always turn to crime.
For some in the developing world internet crime will offer something of a level playing field as they attempt to bridge the iniquities of the world economy.
Take West Africa, which has become synonymous with electronic fraud in the wake of so-called 419 email scams and other internet-based fraud originating from Nigeria.
Many of these scams are crude but it's reasonable to expect them to follow the same learning curve of increasing sophistication that other areas have witnessed. And, just as it would be na?ve to assume Nigeria is the only area involved in committing 419 scams, it is wrong to assume that other forms of cyber crime aren't also being committed there.
South America
South America has seen many instances of website defacements and although these are a worldwide problem it is certainly a hotbed for this type of activity.
At one time there was a spate of such attacks coming out of Brazil and the country still has a very active hacker community.
Middle East
In less politically stable regions, such as the Middle East, we have seen several websites vandalised as well as sites defaced with a political message - often called 'hacktivism', though this is small scale and lacks the severity of impact that other attacks have.
Also in the Middle East there is a strong growing association between Israel and the use of spyware. Similarly the use of Trojans and other spying technologies appears to have found some popularity in Israel but again it is far from unique to the one country.
In conclusion, while it is worth identifying the most obvious and most serious trends in global cyber crime, we must realise it is never going to be as straightforward as assuming the battle lines are drawn as clearly as the national boundaries on the map.
Cyber crime is a global problem, requiring global co-operation which is currently almost non-existent. Because, in all of this the only other given - besides a human predisposition towards crime - is that criminals will choose the path of least resistance, picking territories with the weakest legislation and the slightest chance of being caught.
It doesn't matter where they live or what it says on their passport, a minority of people will try to find a way to commit crimes wherever and against whoever they believe will be most profitable to them.
-
A new Microsoft Excel virus is targeting fantasy football league fans, luring them with an offer of worksheets to track the performance of their team.
The XF97/Yagnuul.A virus can infect users' dot-xls spreadsheets once the attachment is opened. The virus deploys an infected fantasy league file on the computer's hard drive and may also modify a user's data, according to an alert on Monday from security company Sophos.
Graham Cluley, Sophos senior technology consultant, said in a statement: "Fantasy football-like leagues have been set up in offices across the [uK], and fans often keep track of how well they are doing by using Excel spreadsheets. Every computer user needs to take great care not to fall foul of malware like the Yagnuul virus."
The virus relies on social engineering to entice people to open the attachment, said Ron O'Brien, a Sophos senior security analyst. He added that fantasy league players often do not know each other and, as a result, are prone to opening attachments from strangers who claim to be a league member.
Yagnuula, however, is currently a low-risk virus because a number of security companies have put out antivirus software to contain it, O'Brien noted.
http://software.silicon.com/malware/0,3800...39158763,00.htm
-
Verizon Communications said Friday it does not and will not provide any government agency unfettered access to customer records.
The telecommunications company said it could not comment on a "highly classified" National Security Agency program that President George W. Bush has referred to, nor could it confirm or deny whether it has had any relationship to the program.
"Verizon does not, and will not, provide any government agency unfettered access to our customer records or provide information to the government under circumstances that would allow a fishing expedition," the company said in a statement.
-
On Saturday "Linuxtag 2006" closed in Wiesbaden (Germany). According to the organisers, it?s Europe's biggest Linux Expo.
At the Kaspersky stand we talked to a lot of visitors. Pretty soon, it dawned on us exactly what the biggest threat to Linux systems is: the almost overwhelming belief in the invulnerability of Linux.
Nearly every visitor accepts the need to protect Windows against malicious code (although even at a Linux fair you find people believing that a firewall is all you need to keep viruses and worms away). But many people we spoke to were unable to think of Linux as potentially vulnerable; after all, they argued, a Linux user would never go online with root rights as typical Windows XP home users do......
Source: Kaspersky Analyst's Diary
-
Amateur virus writers are going the way of amateur athletes, morris dancing and the May Pole, according to a survey by Panda Software.
Seventy per cent of malware detected by the developer?s scanning service in the first quarter had a cybercrime or financial motive.
Forty per cent of malware detected was spyware, the firm said, with Trojans accounting for another 17 per cent. Malicious diallers rang up eight per cent of the market, while bots took four per cent.
-
Bloated means that the program has too many bells and whistles that are not required by normal users. As a result, the program uses a lot of resources and subsequently slow the whole system now. Norton is a good example.
-
A Trojan horse that poses as a World Cup wallchart has begun circulating on the net. The Haxdoor-IN Trojan horse is been spamvertised in messages, written in German, that purport a program that will allow fans to keep tab on football teams participating in next month's eagerly anticipated tournament.
Windows users who follow links in these messages and download the software will wind up with infected PCs. Net security firm Sophos says all the spam emails promoting downloads of the malware it has seen so far have been written in German. "There is no reason to believe that hackers will not switch to using other languages to increase their pool of potential victims," it warns.
-
AOL has cut off access to certain IP addresses from its instant messenger network in order to slow down the possible impact of a bot spreading over AIM.
"I will note that this started with a click happy user on AIM to the best of our knowledge," SANS diarist Scott Fendley wrote in the opening of the report.
The SANS Internet Storm Center posted about a submitted report on a bot making the rounds via AIM. The bot attempts to contact other bots and sites by using an encrypted P2P connection to port 8/TCP on machines.
"Flow analysis and/or tcpdump looking for mysterious port 8/TCP traffic seems to be the best way to detect these infections on your network," the report said, noting that the bot does not use DNS to find other Command & Control sites.
By using a test computer to observe the bot's behavior, the submitter noted its behavior. The bot tried to connect to 22 hardcoded IP addresses over port 8/TCP. "Since it tried to contact each of these many times, and not any other IP addresses, I feel it is fairly safe to guess it was not randomly selecting IPs to obscure "the real C&Cs"."
Symantec reported on its Security Response Site that the bot can propagate through email and over network shares.
Users and corporate admins should ensure their antivirus signatures are up to date. They can avoid potential exploits by verifying their systems have been updated with available patches to shut down any holes the bot could use to enter a system or a network.
http://www.securitypronews.com/news/securi...ariousBots.html
-
Microsoft has launched AdCenter in an effort to attract more pay-per-click advertisements.
The service allows the display of more relevant online ads, which should lead to increased revenues for Microsoft and higher conversion rates for advertisers.
AdCenter lets advertisers bid on search keywords around which an ad appears, and offers additional targeting features that control the geographic location of the target audience, for instance, or the time of day when the ads are displayed.
The service goes beyond online search advertising. Microsoft unfolded its Live Software strategy last year in which it plans to introduce a series of free, ad-supported online applications such as email, blogging tools and security products.
"Ad-supported software services are an integral part of Microsoft's plans to give consumers access to a broader variety of digital media, whenever they want and on whatever device they prefer," said Microsoft chief executive Steve Ballmer.
"Our close partnership with the ad community is extremely important to us as we evolve Microsoft from a software company into the world's largest, most attractive provider of online media through MSN, Windows Live and AdCenter."
The service is a response to Google's AdSense programme and Yahoo's Search Marketing solutions, formerly known as Overture.
These services have been instrumental in increasing revenue from online search for their respective owners.
Although the Microsoft AdCenter bidding process is similar to Google's Adsense, Microsoft offers finer targeting mechanisms.
The service was announced in March 2005 and Microsoft is already using AdCenter in Singapore and France.
Staring this week AdCenter will become the exclusive online advertising platform for Microsoft's English websites in the US. A test in the UK is scheduled for June.
http://www.vnunet.com/vnunet/news/2155366/...-unwraps-online
-
May the FTC prosecute more of these rogue product vendors!
-
Court Halts Spyware Operations
One Operator to Pay More Than $4 Million; Another Ordered to Stop Collecting Consumers Personal Information
An operation that deceptively downloaded spyware onto unsuspecting consumers? computers, changing their settings and hijacking their search engines, has been halted by a federal court at the request of the Federal Trade Commission. The judge has ordered the operators to give up to more than $4 million in ill-gotten gains. The court also ordered a halt to another spyware operator?s stealthy downloads and barred the collection of consumers? personal information, pending trial.
The FTC sued both operations charging that the stealthy downloads of spyware were unfair and deceptive and violated federal law. Although the companies used different techniques to direct consumers to their Web sites and implement the downloads, the FTC alleged that both operations hijacked consumers? computers without the consumers? knowledge or approval, secretly changed their settings, and barraged consumers with pop-up ads. The spyware and other software the defendants installed caused many computers to malfunction, slow down, or crash, causing consumers to lose data stored on their computers.
The FTC alleged that Sanford Wallace and his company, Smartbot.Net, exploited a security vulnerability in Microsoft?s Internet Explorer?s Web browser in order to distribute spyware. The spyware caused the CD-ROM tray on computers to open and then issued a ?FINAL WARNING!!? to computer screens with a message that said, ?If your cd-rom drive?s open . . .You DESPERATELY NEED to rid your system of spyware pop-ups IMMEDIATELY! Spyware programmers can control your computer hardware if you failed to protect your computer right at this moment! Download Spy Wiper NOW!? Spy Wiper and Spy Deleter, purported anti-spyware products the defendants promoted, sold for $30.
In a second case, the FTC charged that Odysseus Marketing and its principal, Walter Rines, lured consumers to their Web site by advertising bogus software they claimed would allow consumers to engage in anonymous peer-to-peer file sharing. According to the FTC, the spyware and other software bundled with it hijacked search engines and reformatted search engine results, placing Rines? clients first. The FTC recently amended its complaint, charging that the defendants also distributed their spyware by exploiting security vulnerabilities in Internet Explorer and other applications, and that the defendants? spyware captured consumers? personal information, including their names, addresses, e-mail addresses, telephone numbers, Internet browsing and shopping history, and information about their online transactions. Once captured, the amended complaint alleges, the information was transmitted to defendants? Internet servers, where they compiled the information into a database in order to sell access to the data.
Read more at FTC.
-
German court rules moderators liable for forum comments
A Hamburg court has ruled that moderators of online forums may be held liable for forum content. A forum participant on the Heise Online website posted a script intended to disrupt business at Universal Boards, a Munich company criticized for distributing dialers for premium rate phone numbers and buying up expired domain names to advertise pornography. A moderator for Heise Online took down the script at Universal Boards' request, but Universal sued for a temporary restraining when Heise Online refused to sign a formal obligation. The judge ruled that businesses should "reduce the scope of their business operations" if they do not have the resources to properly monitor their web forums. Heise plans to appeal the ruling.
http://www.theregister.co.uk/2006/04/21/mo...e_for_comments/
-
It takes too long to patch
by Konstantin Kornakov | Apr 18 2006 18:05 GMT
It?s long been said that software vendors do not release security fixes quickly enough. The last few months have seen a number of companies being criticised for taking too long to release patches for critical vulnerabilities. At the same time, response speed is becoming quicker, reducing the window of opportunity available to attackers. Malicious users are also adapting and are exploiting security flaws quicker than ever before, paving the way to the appearance of so-called ?zero-day? exploits: these appear virtually at the same time that the vulnerability is disclosed.
However, in this battle for security one important factor is commonly overlooked. The reduced window of opportunity means that users now must also act as speedily as possible to install patches. And a new survey shows that this is still not being done.
The study shows that 19% of companies take more than a week.......
Source : Kaspersky News?
-
Two patches released in Microsoft's April batch of security updates are causing system hangs, Windows crashes and the appearance of strange dialog boxes.
The problems stem from a nonsecurity modification to Internet Explorer and a critical fix for a code execution hole in Windows Explorer and affect third-party programs from Google, Siebel and Microsoft's own Windows Media Player.
On April 15, Microsoft released a knowledge base article to acknowledge "problems" in Windows Explorer or the Windows shell after the MS06-015 security update is installed.
That update, Microsoft said, includes a new binary called VERCLSID.EXE that validates shell extensions before they are instantiated by the Windows Shell or Windows Explorer.
On some consumer-facing programs running Hewlett-Packard's Share-to-Web software and Sunbelt's Kerio Personal Firewall, the new binary stops responding.
-
Is Microsoft silently fixing security vulnerabilities and deliberately obfuscating details about patches in its monthly security bulletins?
Matthew Murphy, a security researcher who has worked closely with the MSRC (Microsoft Security Response Center) in the past, is accusing the software maker of "misleading" customers by not clearly spelling out exactly what is being patched in the MS06-015 bulletin released on April 11.
That bulletin, rated "critical," contained patches for a remote code execution hole in Windows Explorer, the embedded file manager that lets Windows users view and manage drives, folders and files.
However, as Murphy found out when scouring through the fine print in the bulletin, the update also addressed what Microsoft described as a "publicly disclosed variation" of a flaw that was reported in May 2004 (CVE-2004-2289.)
http://www.eweek.com/article2/0%2C1759%2C1...3119TX1K0000594
-
What do you get with 20 years of development? More and more potent malware, writes CIO Update columnist Peter Tippett of Cybertrust
Worms, Trojans, viruses, denial of service attacks; many of these seem only to be recent threats to our network environments over the last five years. However, this past January marked the 20th anniversary of the Pakistani Brains virus?the first ever PC virus to replicate itself and spread from one computer to another. [...]
The First Generation: DoS Viruses (1986 - 1995)
The Second Generation: Macro Viruses (1995 - 2000)
The Third Generation: Big Impact Worms (1999 ? 2005)
The Fourth Generation: Malcode for Profit (2004 ? to present)
More details at http://www.cioupdate.com/article.php/3598621
-
Virus researchers at Kaspersky Lab have found proof-of-concept code for a cross-platform virus capable of infecting both Windows and Linux systems.
In an alert posted to Viruslist, Kaspersky said the sample virus has been given a dual name?Virus.Linux.Bi.a/ Virus.Win32.Bi.a?and highlighted the way attackers are targeting multiple platforms in malware attacks.
"The virus doesn't have any practical application," the company said in the alert. "It's classic proof-of-concept code, written to show that it is possible to create a cross-platform virus."
-
Have the time of your life.
-
SMB is launching a beginner course for computer users.
Please read the full post:
http://chiawaikian.proboards78.com/index.c...ge=1#1144479259
If you are not already a registered member of SMB, you will need to register before you can participate in this free course.
If you would like to join in in facilitating this course, please drop me a note.
Getting on the right side of IE 7 security
in Windows Security
Posted
TheRegister