Spyware Hunter

Kaspersky says that cyber crooks are getting increasingly smart day by day. Taking into consideration the declining arrest rate of the online creeps, they seem to be getting success in outwitting law- enforcement agencies. Eugene Kaspersky boss of Kaspersky said that there had been 2.5 times more nasty codes in 2006 than in 2005, and the trend is still on and on in 2007. He says when many cases of hacking are reported to be taking place, why is there so less arresting. Cyber crooks are now embedded with new methods, like the utilization of ‘human proxies,’ individuals who get and send money gathered from cyber crime. The online creeps now instead of making too much noise, attempts to get more and more money.

He further said that there does not seem any way to keep track of the criminals, and once police track human proxies down, the active creeps splits the chain and set on to a new one. He also stated that one of the main obstacles being faced by law-enforcement agencies is that cyber crime is at the most a worldwide business, and as police in many nations have got progressed in cross-border relations, the varied levels of bureaucracy in different nations frequently holds up to track the real culprit behind web scams. He added that the victim could be in the UK, however the creator is somewhere else and you will have to get in touch with many law-enforcement agencies in many nations, and a few of them are better than others. Kaspersky also said that the far-flung East is going host the biggest threat over the next few years.

Read

Microsoft recently said that it would roll out its security softwares with the schemed release of an enterprise application of products and the formation of a web portal waring of malware info. The Forefront Client Security software of the company, consisting of anti-virus, anti-malware and anti-spyware elements, is to be introduced in the subsequent few months, whereas the Microsoft Malware Protection Centre has before now gone live.

But, Redmond said no to the initiatives, which are claimed to have been developed to edge out rival security softwares as of firms like Symantec and McAfee. The first thing is that logically it makes no difference which technology solution is being used by you only if you make use of something. When there is a matter of security products, customers are free to choose.

Read

Cisco recently warned of a vulnerability, which is said to be having affect on several versions of its Cisco Network Services NetFlow monitoring tool (NetFlow versions prior to 6.0.) Cisco said that on being deployed the tool; default users credentials are generated on the machine, which is likely to enable a remote hacker who has knowledge of these hard-coded credentials, to obtain access to a pretentious machine. Cisco advises users to enhance to Version 6.0. It’s not a free upgrade.

The NetFlow Collection Engine is a monitoring tool, which is said to grant access to network management infrastructure metering for technologies as routers and switches. The gathered data can be utilized to make available a network baseline that supports IT managers to find out network indiscretions such as denial-of-service attacks, malware, and other nasty behavior.

Cisco was reported to have said that NetFlow is operated on a Unix platform, which on being deployed generate a default Web-enabled user account, nfcuser, looked-for dong app maintenance, configuration, and troubleshooting with a password of nfcuser. In prior to 6.0 versions, the installer will also generate a local user, which is also known as nfcuser, on the operating system with a default password also a double of the username. If the user before now exists, the installer will create change in the password to be the similar like the username. The company recommends in its advisory that users are allowed to manually modify the password on the host operating system.

Read

MessageLabs recently claimed to have found out the presences of bug-ridden spam relating to stocks and shares for the first time. The company’s Intelligence Report for April depicts that thousands of these messages have been identified since April 14th, all of which are bug-ridden with the Storm worm, also called Zhelatin.

This spam is containing links to new malware on hacker-intercepted websites that falsely claims to take to screensavers, which in actual fact are files bug-ridden with the Storm worm. Mark Sunner, chief security analyst for MessageLabs, maintained that cybercreeps are beginning to ‘layer’ their invasions.

Warning PC users, he maintains that these newest methods are part of a new confidence being depicted by any criminal gangs being tracked tracking. These newest improvements also help in bringing to light that spam cannot be seen only as an annoyance and it ought to be keep at bay from the desktop. Max Wilkie of Jinny Software of late purported that spam is also a critical issue for cell phone networks and advised operators to take a proactive instead of reactive approach to put a block to spammers.

Read

With the aim of helping users protect their personal info, Staples has come up with the release of Staples Identity Theft Protection service power-driven by PrivacyGuard, plus a best-of-the-breed two-pack package of Symantec’s Norton Internet Security 2007 and Staples Identity Theft Protection, which can be availed at Staples stores countrywide.

Staples Identity Theft Protection power-driven by PrivacyGuard claims to make available consumers every day credit watching, identity fraud resolution backup as well as ID theft insurance. The Staples special two-pack package consists of Norton Internet Security and Staples Identity Theft Protection service simultaneously for simple and comprehensive on and offline security. The Staples/Norton package comes with the price tag of $69.99 and gives protection to almost three PCs each household for almost 1-year.

Frank W. Abagnale, world-famous specialist on ID theft and fraud, was quoted as saying

Identity theft is the fastest growing crime in America. Monitoring your credit and online activity are two of the most important ways to protect your identity. Staples Identity Theft Protection powered by PrivacyGuard and the exclusive two-pack bundle of Norton Internet Security PLUS Staples Identity Theft Protection are two great tools to help control identity theft and preserve your good name.

Read

Microsoft recently said that it would set up two labs to study on the rise nasty software hovering around in the cyber world. The Redmond giant said that the Malware Protection Centers, in Dublin and Tokyo, would be employed with analysts who would be assigned to generate updates, known as “signatures” for its security softwares to identify pernicious software.

As per the sources, it is said that the labs are to be like ones operated by rivals like Symantec & McAfee, but executives were reported to be saying forcibly that they were not making attempts to openly vie facility-for-facility with rivals, but in fact attempting to cater the requirements from their customers. Microsoft is also said to have operated only one lab at its head office in Redmond, Wash., which can be availed, if required, on a 24-hour basis. As a result the company is now going to get facilities in three times zones.

The labs are aimed at giving support to Microsoft’s range of consumer and enterprise security softwares. Microsoft recently maintained that their anti-virus and anti-spyware softwares for business desktops, Forefront Client Security, emerge from beta and is to be availed in the upcoming month.

Read

Security experts recently recommended US lawmakers to get going on reinforcing the potentials of nation’s cybersecurity in order to steer clear of crippling attacks. Executives as of security firms like Cyber Defense Agency and Geer Risk Services, plus from the Center for Strategic and International Studies gave proof in front of the US House of Representatives Subcommittee on rising threats, cybersecurity as well as science and technology.

Sami Saydjari, president of Professionals for Cyber Defense and CEO of Cyber Defense Agency, purported that the US was not ready to protect itself suitably and recover from a tactical cyberattack. Daniel Geer Jr., principal owner of Geer Risk Services, was reported to have said that the nation has been lucky enough that it has not been encountered with any highly potential attack so far. The dangers are evidently present, mainly in the security vulnerabilities that are ostensibly existed in more or less all software products in the market.

Geer added further that the government should set up enhanced security metrics, in order to accord with the staffing and training of cybersecurity specialists. Reminding US, he said the country previously had a few narrow escapes. For example, the Nimda worm, that appeared a week after the 9/11 attacks, to put off the 911 emergency dialing system in the US, which might have resulted in increased public terror,

Read

The Washington Post was reported to have said that consumers making efforts to reach a few legal sites could be getting bug-ridden with pernicious software while ads at Google are clicked on by them. The software is claimed to make an attempt to commit theft of passwords and additional personal or private info from bug-ridden computers,” said by the article at the Washington Post. Google has reportedly confiscated the ads.

In accordance with a report at Exploit Prevention Labs, whilst the top sponsored links that appeared prior this week while users looked for “BBB,” “BBBonline” or “Cars.com” came into view to guide visitors to those sites, they at first would make way for people who clicked on the ads via an intermediary site. The intermediary site tried to exploit flaw in Microsoft Windows to stealthily put in software developed to commit theft of passwords and other sensitive info from bug-ridden computers.

The hackers exploited a vulnerability in Microsoft’s IE Web browser, a trouble for which a patch to fix was already announced by the company in last June.

Read

If you have been victimized by the web-based malicious bugs, here is a central portal where you are allowed to warn of the next-up incident to other users. Victims of Internet Crime Europe (Voice), has been brought about to make available a place where you are allowed to inform other users of scams faced by you, whilst giving data for security specialists to inspect.

The declaration of the scheme was made at previous week’s International Conference on Global E-Security, conducted at the University of East London (UEL). Dr Hamid Jahankhani, principal lecturer in Information Security at UEL, was reported to have said at the conference that collecting exact info on this subject is naturally hard-hitting; victims frequently do not succeed to account cybercrime, as they do not seem to be familiar with how or where to complain.

Functioning with researchers, industry, law enforcement and government partners throughout Europe, they are aimed at bringing about a standalone depository for cybercrime data for the entire nations throughout the EU. Cybercrime is expected to have cost firms and individuals $220 billion previous year.

Read

Researchers have stated that the Apple Mac flaw that delivers $10,000 into the pocket of a hacker in a Mac hacking contest is in Apple’s QuickTime media player. It is said that the contest, conducted at the CanSecWest security conference in Vancouver, potholed a pair of MacBook Pro notebooks, each with all at present available security patches fixed, against all comers.

The fight was taken over by Dino Di Zovie, who promoted a URL with an exploit to a friend attending the conference, Shane Macaulay. Di Zovie carried away the $10,000 prize given by TippingPoint’s Zero Day Initiative, whilst Macaulay got a MacBook Pro. Recently, Sean Comeau, one of the CanSecWest organizers, was said to have maintained that the vulnerability was in Safari, the Apple browser integrated with Mac OS X. however researchers at Matasano Security, are of the view that the vulnerability in fact reside in QuickTime.

Matasano researcher Thomas Ptacek on Matasano’s blog said,

Dino’s finding targets Java handling in QuickTime. Any Java-enabled browser is a viable attack vector, if QuickTime is installed. Apple’s vulnerable code ships by default on Mac OS X (obviously) and is extremely popular on Windows, where this code introduces a third-party vulnerability.

Ptacek verified that both Safari & Mozilla’s Firefox are able to be compromised via the latest QuickTime vulnerability. Matasano also said to have presumed that Firefox is open to on Windows PCs if QuickTime’s plug-in is deployed. If, as is said by the group, any Java-based browser is able to be misused if QuickTime is deployed, which is also likely to lead Microsoft’s IE’s users in the vulnerable group.

Read