Lycos screensaver to blitz spam servers

Lycos Europe has started to distribute a special screensaver in a controversial bid to battle spam. The program – titled Make Love Not Spam, and available for Windows and the Mac OS – sends a request to view a spam source site. When a large number of screensavers send their requests at the same time the spam web page becomes overloaded and slow. The servers targeted by the screensaver have been manually selected from various sources, including Spamcop, and verified to be spam advertising sites, Lycos claims. Several tests are performed to make sure that no server stops working. Flooding … Continue reading Lycos screensaver to blitz spam servers

CA slaps spyware label on Kazaa

Peer-to-peer program Kazaa is the No. 1 spyware threat on the Internet, according to Computer Associates International. Through its PestPatrol research, CA found that Kazaa posed a greater threat than other programs in its top five spyware list because of its widespread popularity. Kazaa claims that its software has been downloaded 214 million times. CA gave Kazaa a high “clot factor,” its measure of how much a program slows a machine by adding unnecessary registry entries and directories. However, classifying a popular application like Kazaa as spyware is a delicate matter, and CA admits this creates difficulties in attaching labels. … Continue reading CA slaps spyware label on Kazaa

Italian senate hit by gay porn worm attack, Sophos comments

 According to media reports, the Italian senate in Rome was ground to a halt as it was hit by one of the many variants of the Rbot worm. The worm allowed hackers to display hardcore homosexual pornography on monitors around the organisation. First noticed on Monday night, computers in the senate chamber, and every senator’s office, were said to have been affected by Tuesday morning. The Rbot family of worms includes backdoor functionality which allows remote hackers to gain access to infected computers, steal information and even – in some cases – monitor computer users via their webcams. http://www.sophos.com/virusinfo/articles/italiansenate.html

Because of security concerns Finland warns against using IE 6.0

Finnish authorities have warned computer users against using Microsoft’s Internet Explorer 6.0 as it has a “serious” security flaw that compromises computer systems. “It’s a serious security problem, as all machines running Internet Explorer Six are vulnerable to this exploitation,” Arsi Heinonen, information security advisor at the Finnish Communications Regulatory Authority, part of the Ministry of Communications, said. http://www.net-security.org/news.php?id=6602 Also in http://australianit.news.com.au/articles/0,7204,11504323%5E15407%5E%5Enbv%5E15306%2D15322,00.html “Keep your antivirus up-to-date.  Whatever browser you are using” 🙂 – Donna

Linux Kernel Local DoS and Memory Content Disclosure Vulnerabilities

Two vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain knowledge of potentially sensitive information. 1) An unspecified error can be exploited via a specially crafted a.out binary to cause a DoS. 2) A race condition within the memory management can be exploited to disclose the content of random physical memory pages. Solution:  Secunia is currently not aware of updated versions of the Linux Kernel fixing these vulnerabilities. Grant only trusted users access to affected systems. Provided and/or discovered by:  First reported in a … Continue reading Linux Kernel Local DoS and Memory Content Disclosure Vulnerabilities

How to protect your system or network from Zero-day attacks?

Zero-day or 0-day attacks is an incident in which a vulnerability was exploited in the wild before it is reported to the vendor or security community.  This means the vendor hasn’t identify the security hole.  Zero-day attacks arrives as a worm or virus.  How to protect your system or network from Zero-day attacks? Update your antivirus software – an up-to-date antivirus program can help to protect the system.  Any malware behavior that act like the known malware in its database will trigger the antivirus program to stop the malicious activity.  You can find free antivirus program here or check the special … Continue reading How to protect your system or network from Zero-day attacks?

Standardised malware naming for the new year

An end to the virus-naming problem? A new initiative that aims standardise malware naming may be in operation as early as January 2005. The US Department of Homeland Security’s Computer Emergency Readiness Team, US-CERT, is set to coordinate a Common Malware Enumeration initiative among anti-virus vendors, according to a letter sent to The SANS Institute and signed by representatives of the DHS, Symantec, Microsoft, McAfee, and Trend Micro. Rather like Mitre Corp’s Common Vulnerabilities and Exposures (CVE) list, US-CERT will maintain and coordinate a database of malware identifiers. More in http://www.virusbtn.com/news/virus_news/2004/11_25.xml?rss

Ways to help prevent potential security risks of using Google Desktop Search

Tim Greene wrote for Network World Fusion: Last week, we alerted readers to potential security problems that might arise from blending SSL VPNs with Google Desktop Search. Since Google’s search tool caches and indexes everything that goes on a desktop, it keeps a record of everything that goes on in SSL VPN sessions, too. SSL VPN cache cleaners don’t wipe out Google Desktop Search caches, so whatever is cached from SSL sessions remains available to the search tool. The risk is that if the machine used was borrowed or is otherwise insecure subsequent users could find the cached information. There … Continue reading Ways to help prevent potential security risks of using Google Desktop Search

Study: Tools Let Spyware Slip Through Cracks

With the threat of a sophisticated spyware attack looming, a renowned security researcher says the most popular detection and removal tools “fail miserably” at addressing the growing spyware/malware scourge. Just days after hackers seized control of a banner ad server and used it to load malicious programs on vulnerable machines, researcher Eric Howes issued failing grades on all anti-spyware scanners he tested during a two-week stretch in October. Howes, a graduate student at the University of Illinois at Urbana-Champaign, found that the best-performing anti-spyware scanner failed to detect about 25 percent of the “critical” files and registry entries installed by … Continue reading Study: Tools Let Spyware Slip Through Cracks