‘Scareware’ Trojan holds users to ransom

New version of Vundo scrambles users’ files A Trojan that normally peddles bogus anti-virus ‘scareware’ has hit on a new way of persuading users to part with money for a worthless licence – it encrypts their data first.  The concept of encrypting data on an infected PC has been seen several times since 2005, but the new version of the Vundo Trojan reported to be doing the rounds by security company FireEye is the first to tie straight extortion to a conventional rogue anti-virus software scam. The company doesn’t fully detail how the program infects users – Trojans such as … Continue reading ‘Scareware’ Trojan holds users to ransom

Foxit PDF Reader being exploited in the wild

Adobe isn’t the only PDF software maker facing in-the-wild malware attacks. Just weeks after the availability of patches for critical security flaws in the popular FoxIt Reader, there is word that malicious hackers are already targeting unpatched versions of the software. http://blogs.zdnet.com/security/?p=2996 If you have the latest version, you should be OK: http://www.calendarofupdates.com/updates/index.php?showtopic=17370

Firefox exploit sends Mozilla into ‘high-priority fire drill’ mode

Two weeks, two exploits Mozilla’s security team is rushing out a fix for its flagship Mozilla browser following the public release of attack code that targets a previously unknown vulnerability. The exploit was released Wednesday online. It attacks a vulnerability present on Windows, Mac and Linux versions of the browser and could be used to surreptitiously execute malware on the machines of users who browse booby-trapped websites. The flaw is classified as a boundary condition error that targets Firefox’s XML parsing features according to SecurityFocus. This is the second critical vulnerability in Firefox to come to light in as many … Continue reading Firefox exploit sends Mozilla into ‘high-priority fire drill’ mode

Webmail bug puts 40m accounts in jeopardy – One attack pwns all

A web-borne vulnerability lurking in a popular email application seriously compromised the security of 40 million accounts until it was fixed early last month, independent researchers said. The flaw, in the Memova messaging application sold by a company known as Critical Path, is yet another testament to the awesome power of XSS, or cross site scripting, vulnerabilities. Combined with another bug, it allowed attackers to surreptitiously forward the email of millions of end-users from some of Europe’s biggest internet service providers. "The attacker only needs to send a specially crafted email to his victim," independent researchers Rosario Valotta and Matteo … Continue reading Webmail bug puts 40m accounts in jeopardy – One attack pwns all

New BIOS attack renders antivirus useless

Only solution may be physically removing BIOS chip A new form of attack that installs a rootkit directly onto a computer’s BIOS system would render antivirus software useless researchers have warned. Alfredo Ortego and Anibal Sacco of Core Security Technologies explained to vnunet.com that the attack was possible against almost all types of commonly used BIOS systems in use today. The two devised a 100 line Python script that could be flashed onto the BIOS to install a rootkit. Because the BIOS software activated before any other program on a computer when it starts up then normal antivirus software would … Continue reading New BIOS attack renders antivirus useless

Hackers Deface Aussie Censorship Board’s Website

Australia’s official online censorship board’s web page was offline Thursday, hours after hackers hijacked it to protest revelations the government was going to require ISPs to block public access to thousands of websites, many of which aren’t obscene. Anonymous hackers defaced the Censorship Board’s homepage — classification.gov.au — and restated the board’s public message in a chilling and humorous tone. http://blog.wired.com/27bstroke6/2009/03/hackers-deface.html

Study: IE8’s SmartScreen leads in malware protection

The study’s methodology is however, greatly flawed at several key points, making its conclusions open to interpretation which should be the case when making such comparative tests. For starters, NSS Labs undertook a rather minimalistic approach towards the definition of web malware. In this study, the malware URLs they’re using are basically “links that directly lead to a download that delivers a malicious payload“, a decision that directly undermines the statement of “block rate” in times when client-side vulnerabilities are massively abused courtesy of web malware exploitation kits. And since no live exploit URLs were taken into consideration, the DEP/NX … Continue reading Study: IE8’s SmartScreen leads in malware protection

Kaspersky Lab launches official site for Asia-Pacific region

Kaspersky Labs announces the launch of Kasperskyasia.com, a new corporate site created especially for the Asia-Pacific region. The new site has been designed specially for Kaspersky Lab’s customers and partners in the 26 countries of its Asia-Pacific region that covers countries such as China, India, Australia, South Korea, Malaysia, Indonesia, Thailand, Singapore and the Philippines. http://www.kaspersky.com/news?id=207575782

Nasty New Worm Targets Home Routers, Cable Modems

A computer worm has been discovered that can infect 55 different home-based routers and DSL/cable modems including common brands like Linksys and Netgear. Believed to have originated in Australia and known as "psyb0t" or Bluepill, this is the first worm known to be able to infect residential routers and modems. Psyb0t is armed with 6000 common usernames and 13,000 popular passwords that it tries in various combinations to gain entry to your home network. Most home-based routers will give you unlimited attempts to get the username and password correct, making these devices an ideal target for infection. Also, unlike your … Continue reading Nasty New Worm Targets Home Routers, Cable Modems