Anti Spam Filter

Software Cracker With Bogus Anti-Virus

admin — Thu, 11 Mar 2010 20:57:30 +0000

CA the security company has issued an alert to computer users who crack legally designed software only because it could be obtained for free. Says the company, maliciously-intended people have been employing software crackers as bait for malware. Of late, specialists at CA noticed ‘Dr. Guard,’ a software-cracking program. This program includes a fake anti-malware application. When run, the packaged rogue application identified as Win32/Multidropper runs the cracking program as well as plants additional malware onto the user’s computer. These additional malware are information stealers, file installers or a FAKEAV. CA detected Dr. Guard as Win32/WindowsAntivirusPro! Generic. Moreover, Dr. Guard represents the family of fresh bogus security applications that have been converted into ransomware before letting loose. Once the malware is loaded to an end-user’s computer, it will continuously generate alert pop-ups and steal access to the supposedly highly contaminated system. Further the alerts prompt the user to purchase so-called anti-virus software (complete edition) if he wants to clean his system. A few IT specialists suspect that the promoters of Dr. Guard have joined up with deceitful information technology geeks to disseminate illicit or partially illicit spyware. This program though doesn’t directly harm users, yet it gathers information about their behavior. Based on such mass monitoring, user information is generated, while users potentially spend cash to purchase the Dr. Guard adware post running its free software. Nevertheless, this is only a presumption that may be mistaken. Thus, to keep users secured, CA’s security specialists have advised them not trust the scam. While users would lose their cash, which they thought could be saved at the very outset via the software cracking exercise; they would also end up having their computers infected. In addition to the above, users must update all security software and other applications on their systems. Also, they must know about the most recent threats lurking online. Moreover, they must run scanners to spot viruses in case Dr. Guard is on their machines. Furthermore according to the specialists, people should utilize legal, paid security applications, as they could be made up-to-date while they could save users from any such mess.

Spanish Government, Security Firms Stub Mariposa Botnet

admin — Thu, 11 Mar 2010 16:56:39 +0000

Security forces in Spain along with Panda Security and Defense Intelligence both, security companies declared that three men were arrested because they allegedly operated a botnet called Mariposa. Mariposa, which clandestinely snatched control of computers after infecting them, recruited those systems into an army of zombie PCs that formed the botnet. The network captured keystrokes and stole login credentials from contaminated computers. Thereafter it transmitted the information over to a central command-and-control (C&C) server of the remote hackers. Reportedly, the data, which the botnet targeted, consisted of usernames, passwords and bank account information. Sometimes the enslaved bots were even dragged into DOS assaults. Furthermore, the botnet-controllers as well sold the stolen logins pertaining to Internet services and other pay-per-install toolbars through Mariposa. States Defense Intelligence that Mariposa was expanded via an amalgamation of peer-to-peer networks, instant messenger applications and USB sticks. According to the company, it has seen attempts at MSN Messenger being leveraged to disseminate malware. Mariposa reportedly, had contaminated innumerable computers across 190 countries that were located in government agencies, around 50% of the 1,000 biggest organizations, about 40 large financial institutions, schools and homes. Said CEO Chris Davis of Defense Intelligence Inc. the detector of the virus in 2009, his company needed to disable the botnet, especially detach the head. The Times of India published this on March 4, 2010. Said Senior Research Advisor Pedro Bustamante at Panda Security that the company’s initial investigation showed that the bot-controllers didn’t possess sophisticated hacking expertise. That was frightening as currently it proved the degree of sophistication and efficacy in malware dissemination that enabled even unprofessional cyber-criminals to cause vital financial loss and damage, Bustamante added. EWeek. com reported this on March 3, 2010. Meanwhile about the arrests, it’s said they’re important, as it’s not often that the ringleaders responsible for the largest bot networks are knocked off. Moreover, those who’re suspected aren’t the typical brilliant code makers involved in cyber-crime. Rather, there are underworld contacts that help them in constructing and running the botnet. However, the suspects, who are found to be Spaniards, may get a six-year imprisonment if proved guilty of hacking.

Tracing Botnets Becoming More Difficult

admin — Thu, 11 Mar 2010 13:06:29 +0000

According to computer scientists, honeypot traps that are set up to safeguard PCs off botnets’ clutches can now be attacked due to sophistications in botnet programs. Botnets are utilized for executing spurious and criminal operations online. Reportedly, the leaders of the computer scientists’ team are University of Florida’s Cliff Zou and colleagues. Their research indicates that online crooks manage to find out the PCs inside the botnets that are unable to follow commands like pushing out spam. Subsequently, on discovering a honeypot, these crooks configure the command-and-control server such that the honeypot systems are eluded or disabled, preventing researchers to access crucial data. Said Zou that security researchers still considerably found it valuable to research and install honeypots. According to him, the current paper would likely reiterate to honeypot researchers how significant it was to study the methods for constructing clandestine honeypots as also the security impediments involved in their installation. However, it shouldn’t be still as simple to spot honeypots, as they were currently, the scientists noted. The New Internet reported this on March 3, 2010. In the meantime, according to anti-virus and other security companies, they are already dealing with the problem. Technical Director Luis Corrons of PandaLabs at Panda Security the Spanish anti-virus company elucidated that while researchers should necessarily filter all e-mail traffic produced from the honeypot’s bot, they could filter to choose that which they would and wouldn’t allow passage. For instance, in case the bot-controller told the bot that it must distribute spam, researchers could allow the instruction to come to the bot along with even allowing it to dispatch the spam, however, diverting the messages via a proxy so that they didn’t go to any victim. TheRegister reported this on March 2, 2010. In another suggestion, CTO Amichai Shulman at Imperva the database security company said that instead of following infected systems’ activities, cyber-criminals could try detecting virtual PCs. Honeypot systems mostly relied on virtualization environments, usually VMWare. If malware developers could recognize that attribute pertaining to the contaminated environment, they might effectively spot a lot of honeypots in existence, Shulman pointed out. TheRegister reported this.

Botnets Target Campus Computer Networks

admin — Thu, 11 Mar 2010 08:59:59 +0000

ShadowServer has asked IT officials at colleges/universities campuses that they should avoid using students social security numbers as identification because nearly 5,900 botnets have pilfered critical information from computer networks in several sectors such as higher education. ShadowServer actually involves in monitoring the botnet activities in the education, governments and private sectors. Peyton Engel, Technical Architect, CDW-G (a company that provides technological solutions for education, government and business) states that colleges and universities use the method of assigning students’ social security numbers as their identification. However, this method seems non-conducive in the present circumstance when botnet and virus activities become quite common and therefore, campuses IT staff should assign random algorithm numbers to students, as reported by ecampusnews on March 3, 2010. Engel further adds that this method is not an ideal solution to beat botnet attacks but it could help in mitigating attacks. When hackers do not find social security numbers correspond to students ID numbers, then the damage could be reduced. Engel also highlights the issue that IT officials at campuses have been facing a lot of problem to deactivate or eliminate botnet attacks. They often fail to stop botnets from gathering critical information such as keystrokes, passwords and screen shots transmitted to spammers. A new trend has been observed about botnets that they become stealthier and sophisticated, said Engel. If a computer user knew that his machine had botnet, then he must have been familiar the way his machine had infected other machines. It is noticeable that botnet attacks are not confined to colleges and universities, but other important sectors like top companies and government agencies have been in the top list of their attacks. For instance – NetWitness Corp, an Internet security firm, found a botnet of 74,000 corrupt computers in February 2010. The botnet stole the information from over 2,400 government and business computers. As per the company’s investigation, the botnet had been successful in compromising computers of both commercial and government along with stealing of 68,000 corporate login details. It had gained access to e-mail system, Facebook, Yahoo, online banking accounts, Hotmail and other social network credentials. The botnet also accessed over 2,000 digital security certificates and cache of personal information.

Health Checks Could Enhance Computers’ Safety

admin — Thu, 11 Mar 2010 05:14:04 +0000

Microsoft has come up with the idea to implement computer "health checks" before Internet connection is allowed to them so as to bring down the incidences of malware infections. Corporate vice-president of Microsoft’s Trustworthy Computing Group, Scott Charney, stated in his important presentation at the RSA Conference 2010 held in San Francisco that cyberspace could follow the healthcare model. For instance, a cyber equivalent of World Health Organization could make it mandatory for all the systems to pass a malware check before Internet connection is allowed to them. Clarifying the idea, Charney stated that when people are suffering from diseases and run the danger of passing on the infection to other people, the medical fraternity has invented instruments/methods to ensure the health of the public, as per the news published by INQUIRER on March 3, 2010. The same idea should actually be applied to the consumer market, where there are majority of botnets. Charney opined that Internet service providers could isolate users operating with a botnet signature till the time they sanitize their operations. Further, senior director of security engineering strategy at Microsoft, Steve Lipner, informed that computers in several organizations have to first go through malware scanning before they are allowed remote connection to internal networks. However, this is not the case for a vast majority of other computer systems connecting to the Internet, reported ComputerWeekly. com on March 3, 2010. Lipner also added that malware can be equated to disease as it can potentially affect huge number of online users along with the carrier, as per the news published by bcs on March 3, 2010. It is comparatively simple for malware to infect a computer as it just requires the user to visit an infected webpage. Besides stealing private details, it can spread to other PCs as well. Lipner said that this idea is surely possible in terms of technology, but it has to be analyzed from an economic, social and political perspective to evaluate the extent of the feasibility of this idea in the abovementioned context.

Software Housing Source Code Poorly Protected

admin — Thu, 11 Mar 2010 00:56:43 +0000

Security researchers at McAfee stated on March 3, 2010 that software utilized for housing (or protecting) source code in corporations and which cyber criminals attacked against Google and other companies recently was poorly protected. The security company examined popular software known as Perforce, which shelters intellectual property, and revealed its outcomes at the San Francisco held RSA security conference. It commented that the systems which sheltered data like those related to intellectual property and others normally didn’t feature the expected tracking or authentication properties. Sometimes it was possible that cyber criminals altered the source code even as the targeted organization couldn’t know of it. Citing the Google attack as an instance, George Kurtz, Chief Technology Officer of McAfee, stated that the criminals executing it sometimes acquired access to the computers stored the companies’ "source code. " By source code, it meant the main software script, which lay within the products of a technological organization. The access allowed the hacker to capture or modify the code, as reported by The Wall Street Journal on March 3, 2010. McAfee had been executing certain security tasks jointly with a few among the group of organizations that were attacked together with Google. Nonetheless, Kurtz refrained from revealing if any of those organizations or Google really had their respective "source codes" stolen. He said that the particular attackers used spear phishing attack in which fake e-mails are forwarded to specific employees who handled data of high profile, as reported by BusinessWeek on March 3, 2010. According to the CTO, the hackers first found about the individuals whom the targeted employees trusted. After that, they sent e-mails carrying malware-laden attachments to those employees while posing as those individuals. As the employees opened the attachments, malicious software got activated. The software created a ‘backdoor’ giving the hackers access to the company computers from where they stole passwords and similar valuable data, McAfee said. Security professionals such as Mr. Kurtz haven’t come across this degree of sophistication earlier, but they expect that they will witness it again. Kurtz said that attacks were surging ahead in the manner as described.

Source Housing poorly protected

admin — Wed, 10 Mar 2010 20:55:19 +0000

Security researchers at McAfee said on March 3, 2010 that the software used for housing (or protect) the source code for businesses and cyber-criminals targeted against Google and other companies recently were poorly protected. Guarding considered popular software called Perforce, which shelters intellectual and revealed their findings in San Francisco celebrated the RSA Security Conference. He commented that the protected computer systems such as those relating to intellectual property rights and others who normally do not include follow-up waiting or authentication features. Sometimes it is possible that cybercriminals modified source code, even as the success of the organization could not know him. Referring to attacks on Google as an example, says George Kurtz, chief technology officer at McAfee, the execution of criminals that you sometimes have access to a computer store business “source.” In the source code, which means that the script Main software, which is within the products of a technical organization. Access hackers to capture or modify the code, according to The Wall Street Journal on 3 March 2010. McAfee has been to introduce specific security duties along with some of the group of organizations that were attacked, along with Google. In contrast, Kurtz did not reveal whether any of these organizations or Google really had their respective “source” stolen. He said that the attackers were mainly used in spear phishing attack, in which fake e-mails sent to some employees who handle high-profile data, as reported by Business Week March 3, 2010. According to the CTO first hackers are the people who run trusted employees. Then e-mail to carry malware-laden attachments employee while posing as these people. As employees opened the attachments, will be activated malware. The software created a “backdoor that gives hackers access to company computers where they stole the passwords and similar data value, said McAfee. Security professionals, Mr. Kurtz did not encountered this level of sophistication before, but is expected to be seen again. Kurtz said the attacks are surging forward in the manner described.

Source Housing poorly protected

admin — Wed, 10 Mar 2010 16:57:33 +0000

Source Housing poorly protected

admin — Wed, 10 Mar 2010 12:59:36 +0000

Multi-factor authentication – Key to Online Banking Security

admin — Wed, 10 Mar 2010 09:06:38 +0000

According to a senior investigator from the virus worldwide research and analysis team Kaspersky Lab Roel Schouwenberg, multi-factor authentication to address the problems of threats when they use online banking, according to a news published by SCMagazine 2 March 2010. The researcher reported that the banker Trojans had reached a sophistication than in 2007. This category of banking Trojans which was and still is, very sophisticated and misuse of security problems in some banks in the implementation of two-factor authentication. The report from the Anti-Phishing Working Group (APWG) said that the banking Trojans infections increased almost three times (186%) over the period Q4 2008 to Q2 2009th In order to clarify the cause, said security researchers to the status of Internet banking, somewhat similar to the Internet. For several banks, internet banks were not designed with sufficient safety in mind. Convenience is the greatest inspirational force. The Internet was designed broadly similar principles. The concern is that many banks do not use two-factor authentication and is used, is a weak form of it. He said that such security is not adequate for most banking Trojans / Spyware. What disturbs most researchers is that there is a definitive solution to a large extent address the problem of security in online banking. Simply put requirement online banking two factor authentication. The authentication code must be received or produced in a unit that is not connected to the device makes the operation according to news published by Threat Post on 25 February 2010. On the other hand, reported that the Trojans have the ability to touch anything on the screen and web traffic. The solution to this problem is simple. Effective systems online that are still resistant to the strong, the malware is deployed. Without the user’s bank account number, no way that all security experts in the world can say with certainty whether the operation is displayed on the screen is actually moving towards the right destination. Much has changed since 2006 or 2007. The average of malware sophistication has increased. With this in mind, the researchers believed that the multi-factor authentication is by far the most suitable method for secure online banking.