Spyware Hunter

Symantec has warned computer users of Infostealer.Wowcraft.C, a Trojan horse, which is said to be making attempt to commit theft of sensitive info related to online games and send it to a remote attacker. Computer users were reported to have complained regarding links in Outlook email, which, on being clicked, create a host of Trojans aimed at stealing gaming credentials.

The newly-detected Trojan also known as PWSteal.Wowcraft.C in fact puts the Trojan file, INTEXPLORE.com, as middleman. As soon as the link in email is clicked by the users, the INTEXPLORE.com file is installed, and let the control go to the browser. It’s viable that either any anti-virus software is getting rid of the Trojan however leaving behind the registry edit, or the file is being deleted by the affected users themselves but leaving behind the registry edit. Whatever be the way, the outcome is the unchanged - on the whole giving rise to a dead end every time a link in email is clicked by you.

Symantec has reported that Infostealer.Wowcraft.C:

Modifies the values

“(Default)” = “%ProgramFiles%\Internet Explorer\INTEXPLORE.com” -nohome”
“(Default)” = “%ProgramFiles%\common~1\INTEXPLORE.pif” %1″”
in the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htmlfile\shell\open\command

Luckily, there is a simple fix to get rid of the Trojan. First of all, the users will have to provide scan to their system with the latest anti-virus software unless the Trojan really is rooted out. After that edit the registry and put back the bad value with the default value as give below:

Read

Sun recently announced to come up with the offering of their encryption key management software interface free of charge. The company maintained that users with devices able to encrypt data would be capable of interoperating with a Sun key management system freely.

Nigel Dessau, Sun’s SVP for storage marketing and business ops, blogged

We believe in 3 years you will not be able to buy a storage device without encryption in it (whether you turn it on or not); When you have encryption you might as well turn it on (when you left the house this morning did you lock all the door and windows or just the ones the bad people can see?). There will not be one key management solution. It’s a heterogeneous world and that means multiple key management solutions.

Dessau added:

So- here is my offer. If you have a solution that needs a key management solution, you can have ours for free! Yes, we are willing to give our KMS away to partners who want to think about customers and not ‘lock-ins’. We want to share and swap APIs so we can share and swap keys.

Read

Researchers at Symantec recently warned of a on the loose Trojan horse that masquerade as a Windows activation program to swindle users into entering credit card info in order to reanimate their systems. Takashi Katsuki, a Symantec researcher was reported to have said that the Trojan, known as Kardphisher, is nothing much technically, but its author seemed have obviously taken much pains to make it look like legitimate.

Rated as very low risk by Symantec, Kardphisher, through self-installation, camouflages itself as a legitimate Windows activation dialog box, making it look like an authentic system message, which in turn, spits out the following message:

Your copy of Windows has been activated by another user.

To help reduce software piracy, please re-activate your copy of Windows now.

We will ask for your billing details, but your credit card will NOT be charged.

You must activate Windows before you can continue to use it.

Microsoft is committed to your Privacy. For more information, www.microsoft.com/piracy.

Do you want to activate Windows now?

Takashi Katsuki said that selecting “No,” would close down the computer. While “Yes,” in the meantime, leads the user to a second screen where he or she is told to enter his/her name and credit card info, which is after that relayed to the hacker’s server. Advising PC users Katsuki said that this Trojan provides us all a good lesson. “Trust no one.”

Read

Experts at Sophos have warned computer users of a new worm, which is disseminating using USB keys in a reversion to the earliest techniques of virus dissemination.

SillyFD-AA deploys itself onto machines and places a message in IE reading ‘Hacked by 1BYTE’. It also deploys an autorun.inf on any removable drives, like USB sticks or floppy discs.

Graham Cluley, senior technology consultant for Sophos, was quoted as saying;

USB keys are getting so cheap that marketing people are all set to utilize them as ‘throwaways’ so as to securing sales leads. Computer owners should tread very carefully when plugging an unknown device into their PC, however, as it could have malicious code planted on it. With a significant rise in financially motivated malware it could be an obvious backdoor into a company for criminals bent on targeting a specific business with malicious code.

Immediately after its being linked to another PC, the worm automatically deploys itself on the latest PC and does again the exercise with a view to spreading further. The experts advised the users to close down the Autorun functionality in Windows. The method imitates the very first techniques of virus dissemination while viruses were distributed only using floppy discs. Virus security then was simple; users just had to cover up the indented tab on a 5.25in floppy with sultry tape, the ostensible virus condom.

Read

Microsoft plans to release seven security bulletins next week, comprising a fix for a zero-day vulnerability in Windows that is already being utilized in cyber attacks. Microsoft was reported to have said on its website that the bulletins, part of Microsoft’s monthly patch cycle, are scheduled to give fixes for a hidden number of security flaws in Windows, Office, Exchange and BizTalk. The problem having an effect on BizTalk is also connected with ‘Capicom’, a designer module to include cryptography to apps.

The company said that each of the four product families is slated to get a hold of at least one “critical” update, Microsoft’s uppermost severity rating. Microsoft is making plans to issue two bulletins connected to problems in Windows and three linked to Office, with one left over for both Exchange and BizTalk.

Security tribulations tagged as critical typically might let a hacker intercept a bug-ridden system with very little, if any, action by the user. Microsoft’s updates will be included with a patch for a flaw in the Windows domain name system, or DNS. The security flaw has an effect on Windows 2000 Server and Windows Server 2003. Microsoft cautioned against the trouble previous month and said it was being utilized in limited attacks.

Read

Entrust Open Fraud Intelligence Network has been announced by Entrust which aids in fraud data sharing, behaviors and tactics of global organization as they experience it. Up till now the security market did not have any open and most importantly a non proprietary tool which could be used for consolidating data for fighting online fraud. It complies with the Internet Engineering Task Force standards body and an open collaboration has been undertaken with security minded organizations and financial institutions regarding how fraud data and behavior could be shared in an open manner despite the fact whatever fraud detection solution is being used.

Under the network consolidated information from a number of sources which includes fraud sharing pattern experienced by various institutions. This network works seamlessly with Entrust’s Risk-based Authentication Solution which comprises of Entrust IdentityGuard for authentication and zero touch fraud detection and offers some of the best tools for fighting fraud for a number of years.

image

Via net-security

A community project by OpenDNS called PhishTank recently claimed to have come across phishing threats, wherein PayPal and eBay are shown atop the list of top 10 targets for April 2007. PhishTank is a site that is touted to function as a community concentrated technique to cope with phishing attempts made by the online scammers.

The members of PhishTank submit supposed phishing attacks to the site, and submitted attacks later on are assessed and voted by the community. According to the same assessment and voting PhishTank came up with its April’s 77,709 submissions, that reveals that 40,549 out of the group were identified as phishing sites. Just 845 were confirmed as null and void by the community.

PayPal and eBay are inclined to turn up at the top of lists while there is a question of phishing attacks, and it’s not any different on PhishTank. In their top 10 lists of targets, PayPal and eBay were ranked at one and two. Together, they made up more than 7,500 applicable phishes, whereas eight banks followed the 2 in the listing.

Read

It is claimed by UK legal expert that attempts in the United States to fight off the rise of spyware are not likely to have an effect on European moves to embark upon the problem. Moves to imprison spyware architects in the United States are not likely to be copied by European authorities.

Observers believe that recently a US House of Representatives subcommittee said yes to a bill that urges almost 5 years imprisonment for guilty purveyors of nasty spyware. Prior versions of the Internet Spyware Prevention Act remained unsuccessful to go by a vote in the US Senate. None-theless, escalating militancy amongst US PC users down with useless software intrusion develop this most recent effort much more possible to pass into law.

Besides the bill’s backers also claim that at risk is the reliability of the internet itself, with domestic and business computer users growingly unconfident whom to confide in a world where the thievery of private data online is widespread.

Kiran Sandford, head of IT at law firm Mishcon de Reya, was quoted as saying,

There’s no similar legislation pending in the UK or anywhere in Europe that I’m aware of. But she questions whether any such legislation is likely to be effective. Spyware is very tricky to make laws against. What happens if someone does something outside your jurisdiction, in Timbuktu or Russia? It’s going to be rather hard to apply the long arm of the law and bring them to book.

Read

Email Systems recently reported that spammers, always one step ahead, are evading filters by making use of encrypted attachments, as a result attachment spam seems to have increased in the past few months. The method is based upon the fact that several Spam systems are not able to scan inside e-mails with encrypted or password-protected attachment, and work out that they are not legal. With no rule to put a stop to such attachments, the majority of systems will send the e-mail to recipients, providing spammers a significant success to get Spam through.

Email Systems, in recent weeks, claimed to have come across a sufficient number of such Spam originating from bot-compromised hosts, with a zipped-up version of the insidious ‘Storm’ bot-loading Trojan that infected Internet users in January.

Recipients could have been capable of unintentionally unzipping the Trojan with the use of an implanted password, after being allured by many attention-grabbing subject lines, such as ‘Worm Detected!’, ‘Virus Detected!’, ‘Spyware Alert!’ and ‘Warning!’

Though spammers have been using this technique for a few months, they seem to be accelerating their efforts to utilize it, stated by Greg Miller of Email Systems. The firm had removed infinitive numbers of copies of attachment spam, which has increased from levels a tenth this volume a few months back.

Read

A lone researcher recently claimed to have accumulated adequate vulnerabilities in a range of ActiveX controls to unleash a bug each day for the month of May. Dubbing the effort the Month of ActiveX Bugs (MoAxB), the attacker, identified himself as “shinnai” scripted, in broken English, that the attempt was an effort to teach people about the risks of ActiveX controls. Though the project has already been dismissed by some researchers as copycat, but others are forewarning its detections might jeopardize Windows users.

The researcher has also written that the majority of them are easy DoS (denial-of-service vulnerabilities), no need to be worried as there are also a few code execution — but that is for the reason that MoAxB has simply a sense: to let developers know regarding the risk of making use of ActiveX controls.

After the Month of Browser Bugs in July, the Month of Kernel Bugs in November, the Month of Apple Bugs in January and the Month of PHP Bugs in March, the initiative is said to be the 5th month of every day bugs, Two other introduced projects, the Month of MySpace Bugs and the Week of Vista Bugs, were nothing but the tricks, and a week devoted to Oracle bugs was foiled.

Microsoft’s ActiveX is utilized to enhance and customize Web pages to let them be very much interactive. This technology of Microsoft is utilized for a baffling range of chores, from kicking off Microsoft’s Windows Update to integrating streaming media to a Web site.

Read