AIM worm plays nasty new trick

A worm found spreading via America Online’s Instant Messenger is carrying a nastier punch than usual, a security company has warned.

The unnamed worm delivers a cocktail of unwanted software, including a so-called rootkit, security experts at FaceTime Communications said Friday. A rootkit is a tool designed to go undetected by the security software used to lock down control of a computer after an initial hack.

“A very nasty bundle is downloaded to your machine” when you click on the worm link, said Tyler Wells, senior director of engineering at FaceTime. “This is the first time that we have seen a rootkit as part of the bundle of applications that is sent to your machine. It is a disturbing trend.”

CNet via Calendar of Updates

Web 2.0 Cracks Start to Show

The problems that beleaguer the old internet are appearing again in newer technologies known collectively as Web 2.0, a term coined by O’Reilly Media Vice President Dale Dougherty to describe post-dot-com sites and services that use the web as a platform – such as Flickr, BitTorrent, tagging and RSS syndication. Proponents say Web 2.0 has been better engineered to withstand the troubles that wrecked Usenet, BBSes and free e-mail, but misuses abound, such as splogging and manipulation of Google rankings. Some decry the open media movement, saying it is driving out traditional, quality-controlled media. Wikipedia has been singled out for criticism because its content is uneven, but founder Jimmy Wales says they are working on a reviewing scheme that should address quality and reliability. Flickr co-founder Stewart Butterfield says the key is to make a system easier to fix than it is to deface.


Are open source databases more secure?

Interest is growing in open source databases, in part due to security concerns. Evans Data surveyed 400 industry database administrators and found that use of the open source database software MySQL increased over 25% in six months and 44% of developers are now using it. Respondents said security was an important part of database development. Only 9% of those using open source reported a security breach within the last year, but 85% said proprietary database server data was compromised at least once in the last year. This situation may be similar to that of Firefox, which was relatively immune to attack until it gained enough users to draw the attention of both vulnerability researchers and hackers. Some believe the open source community can respond more quickly to vulnerabilities than can developers of proprietary software, but only time will tell if such is the case.

Web of Fear: Net Surfers Cut Back

Consumer Reports WebWatch reported that “some computer users are cutting back on time spent surfing the internet”. Twenty-five percent reported that they do not purchase items online anymore, and 80% say they’re “at least somewhat concerned someone could steal their identity from personal information on the internet” and have stopped providing such information inline.


The cost of joining Get Safe Online

The U.K.’s National Hi-Tech Crime Unit (NHTCU) has been raising funds for its latest Get Safe Online initiative by signing up security and online fraud experts willing to pay between £50,000 and £150,000. In return, the sponsors are “offered the opportunity to use the public sector-run campaign to drive sales and promote their own products and services to the consumers and businesses which the secure computing initiative is targeting.” A prospectus meant for potential sponsors was sent in error to, thus disclosing the arrangement. According to the document, sponsors of the program include BT, Dell, eBay, HSBC, Lloyds TSB, MessageLabs and Microsoft. Some in the industry worry that consulting only with sponsors willing and able to put up the money required might be a detrimentally narrow in approach. Others think such a scenario unlikely to hinder sharing of information within the security industry.

Web services security specs hit the standards track

The first meeting of the OASIS Web Services Secure Exchange (WS-SX) Technical Committee is set for early December 2005, and the long-anticipated WS-Trust, WS-SecureConversation and WS-SecurityPolicy specifications will be up for review. WS-Trust sets up an XML syntax for management of credentials across secure domains; WS-SecureConversation will allow multiple message conversations without having to check each new message; and WS-SecurityPolicy defines a set of overarching, general security policies for Web services. No specific timetable has been set for ratifying the specifications, but vendors are already building to the proposed specifications, which have been up on IBM’s developerWorks site for quite a while. The ultimate goal of the WS-SX standards is to create a universal web security system that can be changed without touching the web services themselves. A fourth standard, WS-Federation, is the only specification missing from the set. Its aim is to provide security across multiple domains without the need for a single identity manager. That standard won’t begin being reviewed for another year.

Anti-Spyware Coalition Finalizes Spyware Definition

Anti-Spyware Coalition Finalizes Spyware Definition; Releases Risk Modeling Document; Announces Public Meeting

Washington, D.C. – October 27, 2005 – The Anti-Spyware Coalition (ASC), an alliance of technology companies and public interest groups, today announced several key accomplishments in its ongoing effort to help users combat the unwanted and often dangerous spyware infesting their computers.

As both Cyber-Security and Domestic Violence Awareness Month draws to a close,  ASC today unveiled its final, consensus definition of spyware, which was developed by coalition members including major anti-spyware companies, software developers and public interest groups. The definitions were further shaped by almost 400 comments submitted by organizations and individuals to the ASC Web site ( The final document, available now on the ASC Web site, will serve as the foundation for all of the coalition’s future anti-spyware efforts.

The coalition announced the first of those efforts today: an ASC “risk modeling” document that outlines the objective criteria anti-spyware vendors use to determine whether to identify a piece of software as “spyware.”  The document, which goes into considerable technical detail about the specific behaviors that make certain technologies risky, will help users better understand how the products that protect their computers work, as well as offering anti-spyware companies guidelines for their own proprietary rating processes, but still keeping a robust marketplace for anti-spyware technologies.

Stopping Zombies Before They Attack

Stopping Zombies Before They Attack: Microsoft Teams with Federal Trade Commission and Consumer Action to Promote PC Protection[/B]

“Don’t Get Tricked on Halloween” campaign and new lawsuit extend efforts by Microsoft to crack down on illegal methods used by spammers to distribute unsolicited e-mail.

Like medical researchers studying a strain of a contagious virus, Microsoft Internet Safety Enforcement investigators carefully experimented this summer with a tiny piece of malicious code used by computer criminals to hijack personal computers. The investigators began by placing a single copy of the code onto a healthy computer and then connected the computer to the Internet.

Almost immediately, the researchers noticed the first rumblings of life. The infected computer sent an alert with its Internet location and hijack status to a distant server. Then, connection requests from hundreds of Internet Protocol (IP) addresses poured into the machine, commanding the infected computer to distribute millions of illegal spam e-mails.

These requests meant one thing: the investigators had successfully created a “zombie” computer.

Today, Microsoft, the U.S. Federal Trade Commission (FTC) and Consumer Action, a public watchdog and education group, launched a campaign aimed at helping consumers prevent their computers from getting turned into zombies.

More in Microsoft

Windows XP Security Guide updated

The Windows XP Security Guide has been updated to provide specific recommendations about how to harden computers that run Windows XP with Service Pack 2 (SP2) in three distinct environments:

  • Enterprise Client (EC). Client computers in this environment are located in an Active Directory directory service domain.

  • Stand-Alone (SA). Client computers in this environment are not members of an Active Directory domain.

  • Specialized Security – Limited Functionality (SSLF). Client computers in this environment are subject to extraordinary security concerns. These concerns are so great that a significant loss of functionality and manageability is acceptable.

Information about the security features in SP2 was included as an appendix to the previous version of this guide. This information has now been integrated throughout the guide, and thoroughly tested templates for Windows Firewall security settings (Windows Firewall replaced the Internet Connection Firewall in SP2) are provided. Information is also provided about closing ports, Remote Procedure Call (RPC) communications, memory protection, e-mail handling, Web download controls, spyware controls, and much more.

Get it from Microsoft

Most DNS servers ‘wide open’ to attack

Four in five authoritative domain name system (DNS) servers across the world are vulnerable to types of hacking attacks that might be used by hackers to misdirect surfers to potentially fraudulent domains. A survey by net performance firm the Measurement Factory commissioned by net infrastructure outfit Infoblox of 1.3m internet name servers found that 84 per cent might be vulnerable to pharming attacks. Others exhibit separate security and deployment-related vulnerabilities.