Security experts are warning that adware and spyware pushers are trying to bundle their wares into the latest version of Firefox in order to trick users into downloading the software.

A new blog posting from network security firm eSoft explains that adware pushers are trying to capitalise on the success of Firefox 3.6 in order to extend their reach.

The fake Firefox download site uncovered by the firm has been designed to fool users hoping to upgrade, but contains the spelling errors which are often a tell-tale sign of a scam site, said the blog posting.

"Victims of this scam install the 'Hotbar' toolbar by Pinball Corp, formerly Zango," the post noted.

"Not only are users subject to the annoying toolbar, they're also barraged with pop-up ads and host to a new Hotbar weather application running in the system tray."

ESoft warned users only to download software directly from the publisher, where possible.

February 3, 2010 | Permalink | Comments (0)

Microsoft has been doing some desperate fire fighting since a flaw in its Internet Explorer browser was found to have been the vector by which Chinese hackers attempted to infiltrate Google's systems.

Since then, both the French and German authorities have urged their citizens to use another browser until the flaw is patched.

But Microsoft UK's chief security officer Cliff Evans was keen to stress to V3.co.uk yesterday that although the vulnerability technically affects IE6, IE7 and IE8, "the exploits we're seeing out there at the moment only affect IE6", which is the smallest group of IE users in the UK.

The message was loud and clear - upgrade to IE8, whose advanced security features which include the SmartScreen filter and Data Execution Protection, will make it extremely difficult for hackers to implement the exploit code effectively on this browser.

As to whether Redmond will implement a security fix as part of the next scheduled patch Tuesday or an out-of-band release, Evans argued the team will need to take a considered view.

"The actual risk is minimal - you'd need to be using IE6 on XP and to visit these [malicious] sites," he added. "We'll have to balance the perceived risk with getting people to roll out yet another update."

January 19, 2010 | Permalink | Comments (1)

It didn't take long. As with all global and media-saturated events these days, the tragedy in Haiti has been exploited by cyber criminals for all its worth.

First the 419 scammers. According to a new blog posting by Symantec Hosted Service, aka MessageLabs, the classic advance fee fraud scammers are exploiting the news to part well-meaners with their cash, sending emails purporting to be from charities such as the British Red Cross, requesting donations.

"Exploiting tragic world events for personal gain unfortunately seems perfectly acceptable for some cyber criminals, and the Haiti Earthquake 419 advance fee fraud example highlights that there are no boundaries on what they'll attempt to profit from," wrote malware data analyst, Matt Nisbet.

"The public needs to be aware of such scams so that they can be more vigilant when visiting donation websites, ensuring vital donations arrive at the intended locations, rather than lining the scammers pockets."

The other main strategy taken by the cyber-criminals has been blackhat SEO-ing, or SEO poisoning. This is when the crims piggy-back upon a news story of widespread interest to promote their own malicious sites into the top of the search rankings, by cramming the sites full of keywords. F-Secure and Websense both warned users to ensure their AV tools are kept up-to-date and they have real-time content scanning capabilities.

"Websense Security Labs ThreatSeeker Network has discovered that searches on terms related to the recent earthquake in Haiti return results leading to a rogue antivirus program," read a posting on the Websense Security Labs blog.

"Unfortunately, the bad guys use major crises and events like this to spread their malicious code."

January 14, 2010 | Permalink | Comments (1)

Security experts reminded users today that sometimes the best form of defence against malware attacks is common sense.

In a blog posting, Sophos senior security consultant Graham Cluley highlighted a recent Spanish-language spam email he noticed, which claims to point to an update for the Adobe Flash Player.

Clicking on the link in the email would take a user to a page requesting they download an "update" to Adobe Flash, which is actually malware. However, as Cluley points out, the email is littered with spelling mistakes, such as "Adoble" instead of "Adobe",

"So how do these tiny clues and mistakes manage to sprinkle themselves into a hacker's attack? Is there some divine intervention that is ensuring that so many cyber criminals keep making daft errors, putting a spanner in the works, and helping to tip off potential victims? Whatever the reason, I hope it continues for as long as there's a malwre problem," wrote Cluley.

Apart from regarding any unsolicited emails with suspicion, users should always visit the vendor's own site for any updates, he advised.

But while some cyber criminals are continuing to leave obvious errors in their emails or malicious sites, which should tip off wary users, the general trend appears to be towards greater professionalism in the cyber criminal world. If it's one thing criminals do well, it's that they learn quickly and stay agile.

So while it's obviously important to keep an eye out for any grammatical or other errors that could set alarm bells ringing, users can no longer be guaranteed that e-mail and web threats will be as easy to spot in future. Comprehensive real-time content scanning tools are an essential addition for any computer user today.

January 4, 2010 | Permalink | Comments (1)

Mozilla has updated its flagship Firefox web browser to patch three critical vulnerabilities.

Firefox 3.5.6 and 3.0.16 suffered from crashes due to memory corruption, according to the Mozilla security advisory.

"Mozilla developers and community members identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products," the advisory noted.

"Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code."

There are a total of 62 fixes for bugs in the new version of Firefox.

"We strongly recommend that all Firefox users upgrade to this latest release," noted a posting on the Mozilla Developer Center blog.

"If you already have Firefox 3.5 or Firefox 3, you will receive an automated update notification within 24 to 48 hours. This update can also be applied manually by selecting 'Check for Updates...' from the Help menu."

December 17, 2009 | Permalink | Comments (0)

Global communications giant Verizon Business launched its supplemental Data Breach Investigations Report today, offering customers some useful case studies and other information which could help them avoid a data breach.

The report found that most (19 per cent) of breaches are caused by keyloggers and spyware, closely followed by backdoor/command and control and SQL injection attacks.

Abuse of systems access comes swiftly behind and unauthorised access via default credentials is in fifth place.

So having detailed what are the most common threats to guard against, Verizon helpfully then lists each in detail, including how to spot an attack, how to mitigate one, and a useful case study to provide more background info.

The information may seem like basic stuff to many CISOs, but is likely to go down well among those organisations at the smaller end of SME which are struggling to keep their heads above water with limited IT, and even more limited information security, resources at their disposal.

December 9, 2009 | Permalink | Comments (0)

The furore surrounding Microsoft's Black Screen of Death may finally be dying down, but it has raised more serious concerns about the integrity of new operating systems and whether firms are deliberately delaying upgrades to avoid becoming a bigger target for hackers.

That is, at least, according to security giant Symantec, which has commissioned a new survey into the upgrade habits of enterprise customers, either with alarming speed or uncanny foresight.

The vendor interviewed nearly 1,500 IT managers in UK, France, Germany and Italy and found that just over a third had major concerns over hackers targeting newer desktop software to find vulnerabilities.

A quarter said they would hold off on upgrading for at least another 12 months, while two-thirds said negative press coverage played a role in influencing their decisions to upgrade.

Which is all very well, but are IT decision makers really that easily swayed by so-called 'negative press coverage'? The letters and comments we get here at V3 would seem to suggest not.

Surely the level-headed IT manager would be wise enough to realise that any new operating system or desktop software is likely to receive an unduly large amount of media scrutiny, including how safe or otherwise it is.

We all know that bigger security risks lie with systems remaining unpatched against known flaws, whether those systems are fresh from the factory or not.

December 2, 2009 | Permalink | Comments (1)

VeriSign is to provide security and authentication for the cloud-based Windows Azure platform.

The security giant said that Microsoft would be using its Secure Sockets Layer (SSL) certificates, and Code Signing Certificates, to create a layer of security for its Azure platform of cloud based services and applications.

Doug Hauger, general manager of Windows Azure at Microsoft, said: "With VeriSign SSL and Code Signing Certificates, VeriSign is providing proven safeguards that help ensure a trusted experience on the Windows Azure platform."

VeriSign's security tools will be use to protect services and applications delivered over the cloud. Currently Azure comprises a mixture of services including an operating system and developer and deployment tools. Microsoft said that by adopting it firms could reduce their costs and system complexity.

November 18, 2009 | Permalink | Comments (0)

Researchers from security firm FireEye have been able to effectively take down the prolific Mega-D spamming botnet, causing inboxes everywhere to release a thankful sigh of relief.

The researchers apparently did what they do best, and studied Mega-D and its behaviour. By doing this they were able to to identify its control structure and other features, and the bot herders back where it hurts. Late last week they brushed some dirt off their white coats, starting ringing around ISPs, disabling control servers, de-registering any of the bots' used domains, and registering any unused fallback ones. In short they threw a whopping great spanner directly into Mega-D's works.

According to M86 Security labs Mega-D was responsible for almost a third of all spam last year, while over the weekend it slowed to just a trickle, and yesterday had stopped altogether. Current suggestions are that before it was taken down, Mega-D was pumping out some 15,000 messages per hour, which is a lot of junk emails

The actions also let them get a better understanding of the bots, such as the fact that they used hard-coded DNS servers, domain generation algorithms and fallover domains. Regardless of this, anyone with an inbox should be glad that it is over, at least for now.

November 10, 2009 | Permalink | Comments (0)

Sun Microsystems and BlackBerry maker Research in Motion both had to act yesterday to fix major security problems in their respective products which could have allowed hackers to run unauthorised software on a victim's PC.

Sun's was the larger of the two tasks, patching 12 flaws in its Java Runtime Environment, including one vulnerability which allows "an untrusted Java Web Start application to run as a trusted application and execute arbitrary code".

Java and other third party applications are increasingly being targeted by hackers thanks to large installed base and the fact that Microsoft is getting better at protecting its own software.

RIM, on the other hand, had just the one flaw to patch, releasing a fix for a flaw in the BlackBerry Desktop Manager which could allow remote code execution. The vulnerability was given a CVSS severity rating of 9.3 and applies to BlackBerry Desktop Software version 5.0 and earlier on all platforms, so it warrants immediate attention.

November 4, 2009 | Permalink | Comments (0)