Spyware Hunter

Shanghai-based Xinmin Evening News was recently reported to have said on Sohu.com that some hackers allegedly hacked satellite TV signals in southern China to broadcast anti-government messages. As a result of the hacking, viewers started complaining that their TV screens remained blank for about two hours or displayed anti-government messages for 30 to 40 seconds evening.

The report didn’t explain the content of the messages aired in Guangdong province. While, TV station operators revealed viewers that hackers might have taken control of their satellites, added by the report. A receptionist who responded the phone at a cable TV operator in Guangdong maintained the occurrence is related to a satellite trouble that has been fixed.

Read

Warning PC users, PC Tools said that rise of malware all through the world is now exploding. The security firm said that cyber creeps could now be minting as much money as a small nation because of many trends detected by the company’s research center.

Adding more to the points, the company also claimed to have made out virus and spyware attacks getting combined so as to be more complex and aiming at confidential or sensitive information specifically. The fundamental signatures of Trojans are also getting changed to puzzle online scanners.

Michael Greene, vice president of product strategy for PC Tools, commented:

It’s a massive problem and this is why we are facing one of the most significant Internet security battles ever. Everyone is vulnerable.

Very last month, Sophos was reported to have said that the number of latest malware threats emerging out over doubled through the Q 1 of 2007 likened with the similar stage previous year.

Read

Well, with the sole aim of making most out of the cyber world, hackers utilize many a different techniques, which, to our surprise, are normally not known to us. Sometime ago, there was news of cybercrooks making use of the Google ads that also brought about irreparable losses to many users, and now as told by Dan Hubbard, vice president of security research at Websense, the tainted web pages, which at first came into existence in late 2005, are said to be turning up as Google ad links, on Wikipedia and elsewhere, “from top-tier names to mom and pop bakery shops.”

The web pages are being corrupted by cyber criminals in the tens of thousands. The hackers, by hitting vulnerabilities in the IE browser, instill small programs that link the computer of anybody who just hit clicks on the tainted page to a “mother ship” server, based generally in Russia or China. The “mother ship” server gathers data, which is typed into online forms - banking logins and shopping cart transactions. The central server is also said to seize the intercepted computer into a network of exploited PCs, called “bots,” to disseminate spam.

Read

A startling report released recently on the official Internet news service of the U.S. Air Force warned consumers of monitoring their bank account statements to evade fraud. The report tells the story of an investigation, which was held following a Colorado airman detected that his bank account was $124.90 below it should have been.

A Peterson AFB branch of 5-Star Bank, the man’s bank claimed to have detected that scammers in fact brought about random account numbers, wherein they made an attempt to put one cent. While one of the small deposits is clarified, the crooks make out to have stumbled on a live account and start taking out funds from it.

Turns out the criminals had mechanized the procedure: The charges seemed to have originated from Equity 1st Mortgage, located in Wilmington, N.C. An employee at the mortgage company maintained to have made the charges, however that almost 100 phone calls have been handled by her from scam victims since 2006. The withdrawn amount was the equal in each case and took place at the start of the month, undoubtedly to remain well prior to the issuance of end-of-the-month bank statements.

The story also warns of the scammers benefiting from validation vulnerabilities amongst businesses making use of the (ACH) automated clearinghouse system, which is a private electronic payment network that connects banks to each other using the Federal Reserve. The banks make use of the network to process big amounts of payroll, credit and debit card transactions, however it also smoothes the progress of direct payment of consumer bills like mortgages, loans and utility bills, plus business-to-business and federal, state and local tax payments.

Read

Symantec has warned computer users of Infostealer.Wowcraft.C, a Trojan horse, which is said to be making attempt to commit theft of sensitive info related to online games and send it to a remote attacker. Computer users were reported to have complained regarding links in Outlook email, which, on being clicked, create a host of Trojans aimed at stealing gaming credentials.

The newly-detected Trojan also known as PWSteal.Wowcraft.C in fact puts the Trojan file, INTEXPLORE.com, as middleman. As soon as the link in email is clicked by the users, the INTEXPLORE.com file is installed, and let the control go to the browser. It’s viable that either any anti-virus software is getting rid of the Trojan however leaving behind the registry edit, or the file is being deleted by the affected users themselves but leaving behind the registry edit. Whatever be the way, the outcome is the unchanged - on the whole giving rise to a dead end every time a link in email is clicked by you.

Symantec has reported that Infostealer.Wowcraft.C:

Modifies the values

“(Default)” = “%ProgramFiles%\Internet Explorer\INTEXPLORE.com” -nohome”
“(Default)” = “%ProgramFiles%\common~1\INTEXPLORE.pif” %1″”
in the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htmlfile\shell\open\command

Luckily, there is a simple fix to get rid of the Trojan. First of all, the users will have to provide scan to their system with the latest anti-virus software unless the Trojan really is rooted out. After that edit the registry and put back the bad value with the default value as give below:

Read

Sun recently announced to come up with the offering of their encryption key management software interface free of charge. The company maintained that users with devices able to encrypt data would be capable of interoperating with a Sun key management system freely.

Nigel Dessau, Sun’s SVP for storage marketing and business ops, blogged

We believe in 3 years you will not be able to buy a storage device without encryption in it (whether you turn it on or not); When you have encryption you might as well turn it on (when you left the house this morning did you lock all the door and windows or just the ones the bad people can see?). There will not be one key management solution. It’s a heterogeneous world and that means multiple key management solutions.

Dessau added:

So- here is my offer. If you have a solution that needs a key management solution, you can have ours for free! Yes, we are willing to give our KMS away to partners who want to think about customers and not ‘lock-ins’. We want to share and swap APIs so we can share and swap keys.

Read

Researchers at Symantec recently warned of a on the loose Trojan horse that masquerade as a Windows activation program to swindle users into entering credit card info in order to reanimate their systems. Takashi Katsuki, a Symantec researcher was reported to have said that the Trojan, known as Kardphisher, is nothing much technically, but its author seemed have obviously taken much pains to make it look like legitimate.

Rated as very low risk by Symantec, Kardphisher, through self-installation, camouflages itself as a legitimate Windows activation dialog box, making it look like an authentic system message, which in turn, spits out the following message:

Your copy of Windows has been activated by another user.

To help reduce software piracy, please re-activate your copy of Windows now.

We will ask for your billing details, but your credit card will NOT be charged.

You must activate Windows before you can continue to use it.

Microsoft is committed to your Privacy. For more information, www.microsoft.com/piracy.

Do you want to activate Windows now?

Takashi Katsuki said that selecting “No,” would close down the computer. While “Yes,” in the meantime, leads the user to a second screen where he or she is told to enter his/her name and credit card info, which is after that relayed to the hacker’s server. Advising PC users Katsuki said that this Trojan provides us all a good lesson. “Trust no one.”

Read

Experts at Sophos have warned computer users of a new worm, which is disseminating using USB keys in a reversion to the earliest techniques of virus dissemination.

SillyFD-AA deploys itself onto machines and places a message in IE reading ‘Hacked by 1BYTE’. It also deploys an autorun.inf on any removable drives, like USB sticks or floppy discs.

Graham Cluley, senior technology consultant for Sophos, was quoted as saying;

USB keys are getting so cheap that marketing people are all set to utilize them as ‘throwaways’ so as to securing sales leads. Computer owners should tread very carefully when plugging an unknown device into their PC, however, as it could have malicious code planted on it. With a significant rise in financially motivated malware it could be an obvious backdoor into a company for criminals bent on targeting a specific business with malicious code.

Immediately after its being linked to another PC, the worm automatically deploys itself on the latest PC and does again the exercise with a view to spreading further. The experts advised the users to close down the Autorun functionality in Windows. The method imitates the very first techniques of virus dissemination while viruses were distributed only using floppy discs. Virus security then was simple; users just had to cover up the indented tab on a 5.25in floppy with sultry tape, the ostensible virus condom.

Read

Microsoft plans to release seven security bulletins next week, comprising a fix for a zero-day vulnerability in Windows that is already being utilized in cyber attacks. Microsoft was reported to have said on its website that the bulletins, part of Microsoft’s monthly patch cycle, are scheduled to give fixes for a hidden number of security flaws in Windows, Office, Exchange and BizTalk. The problem having an effect on BizTalk is also connected with ‘Capicom’, a designer module to include cryptography to apps.

The company said that each of the four product families is slated to get a hold of at least one “critical” update, Microsoft’s uppermost severity rating. Microsoft is making plans to issue two bulletins connected to problems in Windows and three linked to Office, with one left over for both Exchange and BizTalk.

Security tribulations tagged as critical typically might let a hacker intercept a bug-ridden system with very little, if any, action by the user. Microsoft’s updates will be included with a patch for a flaw in the Windows domain name system, or DNS. The security flaw has an effect on Windows 2000 Server and Windows Server 2003. Microsoft cautioned against the trouble previous month and said it was being utilized in limited attacks.

Read

Entrust Open Fraud Intelligence Network has been announced by Entrust which aids in fraud data sharing, behaviors and tactics of global organization as they experience it. Up till now the security market did not have any open and most importantly a non proprietary tool which could be used for consolidating data for fighting online fraud. It complies with the Internet Engineering Task Force standards body and an open collaboration has been undertaken with security minded organizations and financial institutions regarding how fraud data and behavior could be shared in an open manner despite the fact whatever fraud detection solution is being used.

Under the network consolidated information from a number of sources which includes fraud sharing pattern experienced by various institutions. This network works seamlessly with Entrust’s Risk-based Authentication Solution which comprises of Entrust IdentityGuard for authentication and zero touch fraud detection and offers some of the best tools for fighting fraud for a number of years.

image

Via net-security