- 27 June 2007 -
Fake Microsoft patch mail
Users are invited to update their Outlook in fake Microsoft security bulletin messages.
According to researchers, several people reported receiving an email directing them to a fake Microsoft patch. Several fake URLs were used in the messages, which had the full names of the recipients. Experts are already working on getting the systems hosting the malware cleaned or shut down.
Here is an example of the text in these emails, typos included:
"You are receiving this message because you are using Genuine Microsoft Software and your e-mail address has been subscribed to the Microsoft Windows Update mailing list. A new 0-day vulnerability has appeared in the wild and was reported for the first time Monday, June 18th. The vulnerability affects machines running MICROSOFT OUTLOOK and allows an attacker to take full control of the vulnerable computer if the exploitation process is successful. Since then, more than 100,000 machines have been reported as exploited and used to promote spammy pharmacy products such as viagra and cialis. An update has been released to fix this issue and can be downloaded from the following link :
....
It's urgent to download and install the update as soon as possible in order to decrease the number of succesfull attacks that occure each day. The update is only available for Genuine Versions of Microsoft Outllok."
Since Microsoft never sends out random patches by email like this, users should treat any message billed as a Microsoft update with skepticism.
(Source: SearchSecurity.com)
- 26 June 2007 -
Google against German bill
Google is threatening to shut down Gmail, its free email service, in Germany in protest at a new law.
Legislation drafted by Germany's Federal Ministry of Justice, and now being considered by the German Parliament would require ISPs and email providers to collect and store information on users' mailing and internet habits. The system should allow the identification of individual web users.
Peter Fleischer, global privacy counsel at Google, told German economics magazine Wirtschaftswoche that the move would be "a severe blow to privacy".
"If need be we will simply switch off Google Mail in Germany. If the web community can no longer trust us to handle their data with care, we will fairly quickly cease to be a going concern."
Fleischer added that the law would be useless anyway, since users would just switch to email accounts run overseas.
(Source: VNUnet)
- 22 June 2007 -
Austrian domain registrar blacklisted
Anti-spam organization Spamhaus has taken the unusual step of putting an entry for Austrian domain registrar Nic.at on its Spamhaus Block List (SBL).
According to Spamhaus, Nic.at knowingly provides services to hundreds of domains run by Russian cybercrime phishing gang Rock Phish. Experts report that ".at" domain names have been used by the Rock Phish group since April 17. Earlier, the gang favored ".hk" domains, but when the ".hk" domain registrar, HKDNR, took steps against fraudsters, they started to look elsewhere. Their use of ".at" domain names has increased over recent weeks.
International banks being phished by the Russian cybercriminals through Nic.at include: USAA Bank, Washington Mutual, Nationwide, Volksbank, National City, Nordea and Commerce Bank.
Spam fighters' emails sent to Nic.at were replied to by the legal department, saying any problems need to be taken up with domain owners. But the provided domain owner information is fraudulent and the domains were paid for with stolen credit cards.
Spamhaus said the lack of co-operation from Nic.at had become a serious cause of concern to it and other spam fighters over recent weeks - to say nothing of concerns from the international banking industry. Other registrars, Spamhaus pointedly notes, shut down phishing domains immediately on notification.
(Source: The Register)
- 19 June 2007 -
Hungarian hoax - attacking a multi
A message has returned to and is spreading on the Hungarian internet, calling for the boycott of the products of a multinational company, which has a subsidiary in the country.
The authors of the hoax message, pretending to protect local industry, urge readers to stop buying Danone products - and, of course, they ask for forwarding their mail.
- 18 June 2007 -
Millionth internet crime reported
The U.S. Internet Crime Complaint Center (IC3) said it received its one-millionth complaint last week.
Launched seven years ago as an American clearinghouse for reports of online fraud, the IC3 is jointly run by the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center. It passes on information to law enforcement agencies, and keeps track of trends in cybercrime.
To date, it has referred nearly a half-million complaints representing almost million in losses to federal, state and local law enforcement agencies.
Crime has changed since the IC3 first opened shop, according to Donna Gregory, an FBI employee who works for IC3. "Most of the complaints we saw at the beginning were the typical non-delivery auction fraud," she said. "Now we are seeing more complex schemes, involving identity theft and issues where people are using anonymizers and are being affected by keystroke loggers... everything is more sophisticated now."
With all that said, auction fraud and online financial scams are still the top problems. Auction fraud accounted for nearly half of the complaints received by the IC3 last year.
(Source: Computerworld)
- 13 June 2007 -
New Office flaw found
Just after "Patch Tuesday", a new vulnerability was discovered in Microsoft Office.
Experts reported a new flaw with exploit code in Microsoft Office, specifically, in the MSODataSourceControl ActiveX control within the package. Attackers could exploit the vulnerability via Internet Explorer to cause a denial of service or run malicious code on targeted machines.
Microsoft has confirmed that it is investigating the issue.
The news came on the heels of Microsoft's latest security bulletin release: the software giant patched 15 flaws across its product line on Tuesday, June 12.
(Source: SearchSecurity.com)
- 13 June 2007 -
Microsoft: 6 bulletins to fix 15 bugs
On "Patch Tuesday", Microsoft released 6 security bulletins, fixing a total of 15 vulnerabilities in Windows, Internet Explorer, Outlook Express, Windows Mail and Visio.
The bulletins issued on June 12, as part of Microsoft's monthly security update cycle, address 15 flaws, nine of which were labeled "critical". This translates into four "critical" updates. Below, we provided a list of the new bulletins, in the order of their numbering. Severity is indicated by the number of asterisks preceding the ID:
* - "critical",
** - "important",
*** - "moderate".
This time experts disagree, which update should be installed first. Some say MS07-033, a six-bug update to IE6 and IE7 is the most critical, since two of the flaws affect IE7 on Windows Vista. MS07-034 also figures high on the list, as it is a four-bug update to Outlook Express on Windows XP and Windows Server 2003, and Outlook Express's replacement on Vista, Windows Mail. (The Outlook Express bugs were rated "low", "moderate" or "important", but the Windows Mail flaw was labeled "critical".) Analysts also point out that MS07-032 is the first bulletin that affects only Vista.
The June 12 releases are as follows (with the related Microsoft Knowledge Base article ID in parentheses):
**MS07-030 - Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (927051)
*MS07-031 - Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution (935840)
***MS07-032 - Vulnerability in Windows Vista Could Allow Information Disclosure (931213)
*MS07-033 - Cumulative Security Update for Internet Explorer (933566)
*MS07-034 - Cumulative Security Update for Outlook Express and Windows Mail (929123)
*MS07-035 - Vulnerability in Win 32 API Could Allow Remote Code Execution (935839)
Microsoft has also re-released two earlier bulletins:
> MS07-012 - Vulnerability in Microsoft MFC Could Allow Remote Code Execution (924667)
> MS07-018 - Vulnerabilities in Microsoft Content Management Server Could Allow Remote Code Execution (925939)
As part of the June 12 releases, the software giant also issued an updated version of its Windows Malicious Software Removal Tool.
Resources:
> Microsoft Security Bulletin Summary for June 2007
> Microsoft Security Response Center (MSRC) blog
(Source: Microsoft, Computerworld)
- 11 June 2007 -
Patch for Yahoo Messenger
Yahoo has issued a critical security patch for Messenger to fix vulnerabilities in its webcam ActiveX controls.
Messenger users' computers could be at risk if they visit malicious web sites. The attackers could then exploit security flaws in the system's webcam ActiveX controls to run their own code on the victim's PC. The problem was discovered last week, and exploits were published the following day.
Yahoo now issued a patch and urged users to update their software. The application prompts users of the available update when they sign on.
Resources:
> Yahoo security updates: Yahoo! Webcam ActiveX Controls
(Source: ZDNet)
- 8 June 2007 -
Microsoft to release 6 patches
The software giant is planning to release six security bulletins on Tuesday, June 12, to address flaws in Windows 2000, XP and Vista; Internet Explorer (IE) 6 and 7; Microsoft Office; Outlook Express and Windows Mail.
Following its recently modified announcement scheme, Microsoft provided details of its upcoming security bulletins to be released, as usual, on the second Tuesday of the month, i.e. June 12.
In an advance notice Microsoft said it intends to provide four critical updates for Windows, IE, Outlook Express and Windows Mail, which comes with Vista. Microsoft said attackers could exploit all the critical flaws to launch malicious code remotely, and several of them affect IE 7 on both Windows XP and Vista.
One "important" update will address flaws in Microsoft Office and Visio. Though it's not rated critical, the company said this issue could also be used by an attacker to execute malicious code remotely.
Finally, a "moderate" update will patch an information disclosure flaw in Windows Vista.
As it does every month, Microsoft will also update its Malicious Software removal tool. Additionally, the company plans to release seven non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
Resources:
> Microsoft Security Bulletin Advance Notification for June 2007
(Source: Microsoft, SearchSecurity.com)
- 6 June 2007 -
Balancing between profit and risk
Despite all the news on data losses and identity theft, 40% of companies don't monitor their databases for suspicious activity, according to a new study.
While 78% of the IT professionals responding to a survey of the Ponemon Institute said their databases are either critical or important to their business, 40% of their companies still do not monitor them for suspicious activities. The reason is professionals are caught between trying to protect data from misuse by external and internal threats, and, at the same time, giving greater access to the same data in order to drive business initiatives.
More than half of the organizations involved have 500 or more databases, and the number is growing. Even so, some of the respondents admitted that they simply don't know if any monitoring is being done.
What is IT managers' and CIOs' biggest concern? The dreaded insider. According to Ponemon, 57% said they have inadequate protection against malicious insiders.
According to estimates, there were more than 150 million data records exposed in the past two years. In other terms, experts calculate that 53 million people - including consumers, employees, students, and patients - have had data about themselves exposed over the past 13 months.
(Source: InformationWeek)
- 2 June 2007 -
Google Desktop exploit published
Proof of concept details have been published showing how attackers could use Google Desktop to launch software that is already installed on the victim's computer. Recently, a similar problem was discovered in a variety of Firefox add-ons.
The Google Desktop exploit is complex because of the security features that Google built into its software. Thus an attack is hard to pull off and could not necessarily be used to install unauthorized software on the victim's PC, but, according to researchers, it does illustrate the kind of security issues that arise with web-based applications.
To exploit the Google Desktop vulnerability, an attacker would first have to launch a successful "man-in-the-middle" attack, somehow placing himself between the victim and Google's servers. This could be done by tricking the victim into logging onto a malicious WiFi network. Once this was done, the hacker should change the web pages being delivered to the victim's PC. By returning Web pages containing new JavaScript code, the victim could be tricked into clicking on a malicious link. That link points to Google Desktop that actually runs code.
Just recently, another researcher showed how a man-in-the-middle attack could be used to install malicious software on computers that used a variety of popular Firefox add-ons, including the toolbars from Google, Yahoo and AOL.
(Source: Computerworld)
|
More Quick Links