Beware BlackBerry Browser Bug Until Carriers Offer Updates

A recently identified BlackBerry Browser bug that affects the vast majority of RIM smartphones makes BlackBerry owners more vulnerable to phishing attacks. BlackBerry maker RIM claims to have released new software to address the issue to carriers, yet most of those updated builds are not yet publicly available via U.S. carrier sites. Here’s how to stay safe, now and later.

BlackBerry smartphone users who frequently surf the Web via handheld will want to keep checking with their wireless carriers for BlackBerry Handheld Software updates in the coming weeks. That’s because a new bug found in most current versions of Research In Motion’s (RIM) device software, which makes it easier for malicious parties to execute "phishing" attacks on unsuspecting smartphone users, has been addressed via handheld software updates from RIM.

From RIM’s online security advisory:

"This advisory relates to a BlackBerry Browser dialog box that provides information about web site domain names and their associated certificates. The BlackBerry Browser dialog box informs the BlackBerry device user when there is a mismatch between the site domain name and the domain name indicated in the associated certificate, but does not properly illustrate that the mismatch is due to the presence of some hidden characters (for example, null characters) in the site domain name."

Here’s a list that specifies which software should be updated and to which new versions.

Current Software Version
BlackBerry Device Software v4.5.0.x to v4.5.0.173 or later
BlackBerry Device Software v4.6.0.x to v4.6.0.303 or later
BlackBerry Device Software v4.6.1.x to v4.6.1.309 or later
BlackBerry Device Software v4.7.0.x to v4.7.0.179 or later
BlackBerry Device Software v4.7.1.x to v4.7.1.57 or later

http://www.cio.com/article/503562/Beware_BlackBerry_Browser_Bug_Until_Carriers_Offer_Updates
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB19552

Kaspersky pragmatic about Microsoft’s free security

Still room in the anti-malware market

Kaspersky’s David Emm has admitted that Microsoft’s free Security Essentials package will have a big effect on the anti-malware market but insisted that there is still room for companies to produce quality security software.

Microsoft Security Essentials is likely to have a huge impact, allowing people to install a free piece of software which will provide top-level security against malware such as viruses and Trojans.

This is likely to pinch the market for traditional PC Security companies such as Kaspersky, but Emm is upbeat about the new arrival and insists that people will still look for added functionality.

More in http://www.techradar.com/news/software/applications/kaspersky-pragmatic-about-microsoft-s-free-security-639336

Dutch ISPs Sign Anti-Botnet Treaty

Netherlands ISPs last month launched a joint effort to fight malware-infected computers and botnets — fondly described by locals as a "treaty."

The effort involves 14 ISPs, 98 percent of the consumer market, and will include:

- Exchange of relevant information among the cooperating ISPs
- Quarantine of infected computers
- Notification of end-users by their ISP

This way, information-sharing will lead to better coverage of the issues and a faster response time, quarantine will ensure that the infected no longer participate in criminal activity nor infect others, and most importantly, the ISPs take responsibility to notify their victimized users so that they can take action.

http://www.darkreading.com/blog/archives/2009/09/dutch_isps_sign.html

Hacker ships tool to circumvent China’s Green Dam filter

A security researcher at the University of Michigan has released a tool that help Chinese computers users disable the censorship functionality of the controversial Green Dam Youth Software.

The Dam Burst utility, created by researcher Jon Oberheide, works by by injecting code into a running application and removing the Green Dam hooks that enable it to monitor and block user activity. This effectively restores the running application to its original uncensored state, Oberheide explained.

http://blogs.zdnet.com/security/?p=4471

Chinese hackers launch targeted attacks against foreign correspondents

According to an assessment published by the Information Warfare Monitor, Chinese hacktivists (politically motivated hackers) have recently launched a targeted malware attack against foreign news correspondents attempting to trick them into executing a malware-embedded PDF attachment (Interview list.pdf), coming from a non-existent editor working for The Straits Times.

http://blogs.zdnet.com/security/?p=4476

Microsoft Security Essentials Final is ready

Microsoft Security Essentials Version:  1.0.1611.0 has been released by Microsoft. 

Note:  This is not beta but final version.  Available to all.  Discussion is in http://www.calendarofupdates.com/updates/index.php?showtopic=23488

Download:  http://www.microsoft.com/Security_essentials/

My review on Microsoft Security Essential is in http://www.brighthub.com/computing/smb-security/reviews/39342.aspx

You might want to see also:  AntiVir PE vs Microsoft Security Essentials

Trend Micro: In Security, Reputation Is Key

That appears to be the conclusion of a pair of independent tests recently released by NSS Labs.

Back in June of 2008 you may remember there was some noise in the IT press, as Trend Micro was declining to participate in some of the well known anti-malware tests, such as VB100. Our argument at the time, and this still stands today, was that those tests simply do not accurately reflect the threat as our customers encounter it, and as such the results may offer a false sense of security.

The internet has emerged as the most abused attack vector, attacks are multi-variant, multi-protocol, distributed in source (botnets), often targeted in nature and can no longer be defeated by the pattern-matching techniques that have been at the core of security software for so long.

Independent and importantly unsponsored testing, from NSS Labs, has just been released that underlines the importance of this new approach. In July and August of this year NSS Labs performed 17 days of 24×7 testing on 9 consumer and 10 enterprise products.

Is Trend Micro’s cloud-client Smart Protection Network ready for prime time? I think the results speak for themselves…

http://countermeasures.trendmicro.eu/in-security-reputation-is-key/

School boards hit with cash-stealing Trojan

The U.S. Federal Bureau of Investigation is probing a rash of reported online computer intrusions that have resulted in hundreds of thousands of dollars being stolen from school districts in Illinois.

FBI investigators are working on a computer intrusion case at the Crystal Lake School District in Crystal Lake, Illinois, said Ross Rice, a spokesman with the FBI’s Chicago office. But several other school districts also believe that they have been hit by the same malicious software, Rice said.

The FBI believes that the Clampi virus, already associated with a rash of banking thefts throughout the U.S., may be to blame, Rice said.

Rice declined to provide more information on the case because it is still under investigation, but local reports say that as much as US$350,000 may have been taken from the Crystal Lake District alone.

http://www.computerworld.com/s/article/9138636/School_boards_hit_with_cash_stealing_Trojan

Several Compromised Thai Sites Serve Malware;Fake Windows Live Malware Spreads via Email

Trend Micro researchers discovered another wave of mass compromised websites involving several Thai government agencies’ sites. One of the compromised sites, the Thai Police site, was injected with malicious codes to redirect users to several malicious sites. One of the landing pages, http://{BLOCKED}t.ru/ip/bchqu1.exe served a downloader detected by Trend Micro as TROJ_DLOADER.DNG. This Trojan downloader is responsible for downloading several malware (detected as TROJ_FAKEREAN.BW, TROJ_CUTWAIL.GQ, and TSPY_ZBOT.ACH).

http://blog.trendmicro.com/several-compromised-thai-sites-serve-malware/

Fake Windows Live Malware Spreads via Email

Trend Micro threat analysts recently snagged an email pushing a bogus Windows Live Messenger residing in http://{BLOCKED}s-live-msn.serveftp.com/Windows_Live_9.0_beta.exe (detected as WORM_VB.PAB). The .EXE file is, of course, not the “real” Windows Live Messenger but a bot that reports to an IRC-based C&C

http://blog.trendmicro.com/fake-windows-live-malware-spreads-via-email/

Pressure on Microsoft, as Windows attack now public

Hackers have publicly released new attack code that exploits a critical bug in the Windows operating system, putting pressure on Microsoft to fix the flaw before it leads to a worm outbreak.

The vulnerability has been known since Sept. 7, but until today the publicly available programs that leverage it to attack PCs haven’t been able to do more than crash the operating system. A new attack, developed by Harmony Security Senior Researcher Stephen Fewer, lets the attacker run unauthorized software on the computer, in theory making it a much more serious problem. Fewer’s code was added to the open-source Metasploit penetration testing kit on Monday.

Two weeks ago, a small software company called Immunity developed its own attack code for the bug, but that code is available only to the company’s paying subscribers. Metasploit, by contrast, can be downloaded by anyone, meaning the attack code is now much more widely available.

http://www.computerworld.com/s/article/9138634/Pressure_on_Microsoft_as_Windows_attack_now_public