IT security, vunerabilities, bugs, fixes, flaws, RSA conference and Infosec.
A blog from

« December 2009 | Main | February 2010 »

Microsoft plays down IE flaw risk

Microsoft has been doing some desperate fire fighting since a flaw in its Internet Explorer browser was found to have been the vector by which Chinese hackers attempted to infiltrate Google's systems.

Since then, both the French and German authorities have urged their citizens to use another browser until the flaw is patched.

But Microsoft UK's chief security officer Cliff Evans was keen to stress to yesterday that although the vulnerability technically affects IE6, IE7 and IE8, "the exploits we're seeing out there at the moment only affect IE6", which is the smallest group of IE users in the UK.

The message was loud and clear - upgrade to IE8, whose advanced security features which include the SmartScreen filter and Data Execution Protection, will make it extremely difficult for hackers to implement the exploit code effectively on this browser.

As to whether Redmond will implement a security fix as part of the next scheduled patch Tuesday or an out-of-band release, Evans argued the team will need to take a considered view.

"The actual risk is minimal - you'd need to be using IE6 on XP and to visit these [malicious] sites," he added. "We'll have to balance the perceived risk with getting people to roll out yet another update."

January 19, 2010 | | Comments (1)

Haiti earthquake disaster exploited by cyber criminals

It didn't take long. As with all global and media-saturated events these days, the tragedy in Haiti has been exploited by cyber criminals for all its worth.

First the 419 scammers. According to a new blog posting by Symantec Hosted Service, aka MessageLabs, the classic advance fee fraud scammers are exploiting the news to part well-meaners with their cash, sending emails purporting to be from charities such as the British Red Cross, requesting donations.

"Exploiting tragic world events for personal gain unfortunately seems perfectly acceptable for some cyber criminals, and the Haiti Earthquake 419 advance fee fraud example highlights that there are no boundaries on what they'll attempt to profit from," wrote malware data analyst, Matt Nisbet.

"The public needs to be aware of such scams so that they can be more vigilant when visiting donation websites, ensuring vital donations arrive at the intended locations, rather than lining the scammers pockets."

The other main strategy taken by the cyber-criminals has been blackhat SEO-ing, or SEO poisoning. This is when the crims piggy-back upon a news story of widespread interest to promote their own malicious sites into the top of the search rankings, by cramming the sites full of keywords. F-Secure and Websense both warned users to ensure their AV tools are kept up-to-date and they have real-time content scanning capabilities.

"Websense Security Labs ThreatSeeker Network has discovered that searches on terms related to the recent earthquake in Haiti return results leading to a rogue antivirus program," read a posting on the Websense Security Labs blog.

"Unfortunately, the bad guys use major crises and events like this to spread their malicious code."

January 14, 2010 | | Comments (1)

How to spot malware the old-fashioned way

Security experts reminded users today that sometimes the best form of defence against malware attacks is common sense.

In a blog posting, Sophos senior security consultant Graham Cluley highlighted a recent Spanish-language spam email he noticed, which claims to point to an update for the Adobe Flash Player.

Clicking on the link in the email would take a user to a page requesting they download an "update" to Adobe Flash, which is actually malware. However, as Cluley points out, the email is littered with spelling mistakes, such as "Adoble" instead of "Adobe",

"So how do these tiny clues and mistakes manage to sprinkle themselves into a hacker's attack? Is there some divine intervention that is ensuring that so many cyber criminals keep making daft errors, putting a spanner in the works, and helping to tip off potential victims? Whatever the reason, I hope it continues for as long as there's a malwre problem," wrote Cluley.

Apart from regarding any unsolicited emails with suspicion, users should always visit the vendor's own site for any updates, he advised.

But while some cyber criminals are continuing to leave obvious errors in their emails or malicious sites, which should tip off wary users, the general trend appears to be towards greater professionalism in the cyber criminal world. If it's one thing criminals do well, it's that they learn quickly and stay agile.

So while it's obviously important to keep an eye out for any grammatical or other errors that could set alarm bells ringing, users can no longer be guaranteed that e-mail and web threats will be as easy to spot in future. Comprehensive real-time content scanning tools are an essential addition for any computer user today.

January 4, 2010 | | Comments (1)

Site credentials: About | Privacy policy | Terms & conditions | Top of the page
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093