Security Fix
Spamhaus: Google Now 4th Most Spam-Friendly Provider
Google's free services are being heavily exploited by spammers to redirect visitors to sites touting knockoff designer drugs and scams, according to the latest rankings from Spamhaus.org, a group that tracks unsolicited commercial e-mail. Last month, Security Fix called attention to Microsoft's persistent ranking on Spamhaus's running list of the "Top 10 Worst Spam Service ISPs". Now that Microsoft has cleaned up its act, it appears the bad guys are moving on to Google, which is now ranked #4 on the list (#1 being the worst). "Microsoft got rid of the bad guys, and off they went to Google, which is now hosting a lot of the stuff that was on Microsoft's domains," said Richard Cox, Spamhaus's chief information officer. Other Internet providers, including Sprint and Verizon, currently round out the #8 and #10 slots on the Top 10 list, respectively. According to Spamhaus, spammers are using Google Documents to
Phishers Now Twittering Their Scams
Phishers are trying to trick Twitter users into forking over their user names and passwords by sending tweets that direct users to fake Twitter login pages, security experts warn. Update, 7:31 p.m. ET: Twitter now says that in an unrelated incident, the Twitter accounts for president-elect Barack Obama and 33 other notables were compromised by an individual who hacked into some of the tools the company's support team uses to help people do things like edit the email address associated with their Twitter account when they can't remember or get stuck. More on that incident from a new post on the Twitter blog. Original post: Blogger Chris Pirillo spotted the Twitter phishes on Jan. 3, after receiving a tweet that asked him to log in at a counterfeit Twitter site called "twitter.login-access.com" (it's probably best to avoid visiting this site, which is still active as of this writing.) Suspecting that
One Weak Link to Rule Them All
It is said that any security system is only as strong as its weakest link. A team of researchers today proved that point yet again, showing the world how they could use known weaknesses in the encryption technology that protects online transactions to undermine the security around e-commerce. washingtonpost.com ran an in-depth story I wrote about their findings, along with a sidebar explaining the weakness in a bit more detail. Long story short: An international team of security experts (pictured at right, thanks to Alexander Klink) showed that they could undermine the system most of us rely on to secure our online transactions, so that even though the browser indicates your connection is encrypted (Web browser address starts with "https://") and vetted by a third party to be secure and authentic, it may in fact be controlled by an attacker offering up a counterfeit Web site designed to steal your
Beware Holiday e-Greeting Cards, Digital Hitchhikers
Cyber crooks are once again blasting out fake holiday e-greeting cards in a bid their special kind of cheer. Also, there are signs that computer viruses may again be piggybacking on digital photo frames and other data storage devices that make popular holiday gifts. E-greeting scams are hardly new, but they tend to increase around major holidays, probably because consumers are more receptive to opening them at these times and because more people are home in front of their computers. Most of these e-greeting scams try to foist malicious software by claiming the recipient needs to install some application in order to view the card, such as Adobe's Flash Player. Almost invariably, the downloaded program isn't a legitimate add-on, but malware. According to Symantec, some of the fake e-card domains being used in this scam include (please don't visit any of these sites): * [http://]itsfatherchristmas.com * [http://]bestchristmascard.com * [http://]whitewhitechristmas.com *
PC Got a Virus? Consider Getting Help Offline
If you suspect or know your PC is infected with a virus, it's probably wise to avoid purchasing anything using that computer until you're sure the machine is clean. That includes additional anti-virus or security products. Chances are the malicious software on your machine includes built-in ability to steal user names, passwords and other sensitive data from infected hosts. Recently, I've heard from several people who used their credit or debit cards at the first sign of infection, to renew or upgrade their anti-virus protection when their existing software didn't work or failed to update. Also, in a Live Web chat a few weeks ago, one reader described how he "stupidly" went online and bought an anti-virus product after realizing he'd infected his machine with a DNS hijacker Trojan. Consumers can be forgiven for such goofs: After all, they paid for security software, they expect (rightly or wrongly) to be
Hundreds of Stolen Data Dumps Found
A comprehensive new study that peers into huge troves of financial data stolen by cyber thieves confirms what experts have surmised from looking at much smaller, isolated caches of digital loot: That criminals can make hundreds, even thousands, of dollars a day selling data stolen with the help of widely available software toolkits. Recent reports by security firms Finjan, RSA, SecureWorks and Symantec have shown that stolen identities, bank accounts and credit card numbers are sold in bulk every day in shadowy online forums, often for pennies on the dollar. In its analysis, Symantec found in 2007 that the going rate for the keys to assuming someone else's identity was between $14 and $18 per victim. Those reports either presented conclusions based on examining a single cache of stolen data, or by observations based on watching transactions between cyber thieves. But a report released today by researchers at the University
Firefox 2 Users Will Get No More Security Updates
Security Fix has often praised Mozilla for equipping its Firefox Web browser with a no-hassle system for automatically applying security updates. But for those users still browsing the Interwebs with anything less than Firefox 3, it's time to take note: Mozilla shipped its final update to Firefox 2 on Tuesday, and plans no further updates for this version. Put simply: If you want to keep using Firefox safely, you're going to need to upgrade to Firefox 3. The latest version of the popular browser received mixed reviews on its release, but Mozilla appears to have done a good job ironing out the kinks since then. Most notably, Firefox 3 consumes far less system memory than older releases. That said, there is a non-trivial chance that Mozilla may in fact ship another update to Firefox 2. A bug report filed Wednesday with Mozilla indicates the browser maker overlooked a security flaw
Microsoft Issues Emergency Patch to Curb Password-Stealing Hackers
Microsoft today issued an emergency update to plug a critical security hole present in all versions of its Internet Explorer Web browser, a flaw that hackers have been leveraging to steal data from millions of Windows users. The patch, which Microsoft dubbed MS08-078, fixes a security vulnerability that Microsoft says already has been used to attack more than 2 million Windows users. As Security Fix and other members of the tech community have chronicled, attackers have been busy compromising thousands of Web sites by seeding them with code that installs password-stealing software on computer systems of Web site visitors who use Internet Explorer. Microsoft estimated Monday that one in every 500 Windows users had been exposed to sites that try to exploit the flaw. Additionally, it said the number of victims was increasing at a rate of 50 percent daily. Vulnerability management company nCircle said Microsoft's decision to issue the
CheckFree.com Hijack May Have Affected 160,000 Users
Online bill pay giant CheckFree.com said the hijacking of its Web site this month affected an estimated 160,000 people, a disclosure that offers the most detailed account yet of the true size and scope of a brazen type of attack that experts say may become more common in 2009. In a filing with Wisconsin's Office of Privacy Protection, CheckFree said at least 160,000 people may have visited the site during the nine-hour period it was hijacked, which had redirected visitors to a site in Ukraine. An analysis of that Ukranian site indicated that it was trying to exploit known security flaws in Adobe Acrobat and Adobe Reader, in an attempt to install a variant of the the Gozi Trojan, which is among the most sophisticated password-stealing programs in use today. CheckFree controls between 70 to 80 percent of the U.S. online bill pay market. Among the 330 kinds of bills
Google Ads Lead to Phony Apps
Web security firm Websense is warning that scam artists have hijacked Google's sponsored links to spread rogue anti-virus software. While this type of attack is not new, I was amazed to find how deeply Google's ad program appears to be infested with this crud. Websense's alert shows how following sponsored links generated by searches for popular software titles may not be such a hot idea. Their investigation of the sites served up at those links took them through what appears to be a long and convoluted effort to trick visitors into installing bogus security software. Websense discovered the scam after searching for WinRAR, a popular tool used for archiving files and folders. Interestingly, when I searched for WinRAR just a few minutes ago, I found two different sponsored links to sites that offered up a version of the program that came with a malicious keystroke-logging program attached, according to a
Microsoft: Emergency Patch for IE Flaw Coming Wednesday
Microsoft is signaling that it plans to ship an emergency software update on Wednesday to fix a dangerous security hole in its Internet Explorer Web browser that thousands of compromised Web sites have been using to install malicious software. Microsoft says the critical flaw is present in all versions of IE, from IE5 all the way up through IE8 Beta 2. In an unusually frank blog post, the company estimated that about 0.2 percent of Windows users worldwide may have been exposed to Web sites containing exploits that try to attack this vulnerability. While one in every 500 IE users may not sound like a large number, Microsoft said the frequency of attacks is increasing dramatically. "That percentage may seem low, however it still means that a significant number of users have been affected. The trend for now is going upwards: we saw an increase of over 50 percent in
Apple Patches 21 Security Flaws
Apple has released software updates to fix at least 21 security vulnerabilities in its Mac OS X operating system and other software for the Mac. The patches are available via Software Update or Apple Downloads. Seven of the updates included in this patch bundle fix flaws for the Mac version of Adobe's Flash player, flaws that Adobe patched last month in two separate releases. No matter what OS platform you use, it's important not only to keep Flash updated with the latest security protections, but also to only use Adobe's site to grab those updates (for everything but Solaris, Flash 10,0,12,36 is the latest version). Bogus Flash updates are probably the single biggest vector for distributing malicious software in use today. So, when in doubt, keep this link handy: It will show you whether you are indeed running the most up-to-date version of Flash.
Microsoft: Big Security Hole in All IE Versions
On Wednesday, Security Fix warned readers about a newly-discovered security hole in Internet Explorer 7. I'm posting this again because Microsoft now says the flaw affects all supported versions of IE, and because security experts are warning that a large number of sites are being compromised in an effort to exploit this vulnerability and install malware on vulnerable systems. The SANS Internet Storm Center reports that hackers are breaking into legitimate Web sites and uploading code that could install data-stealing software on the machine of a user who visits the site using Internet Explorer. SANS's chief technology officer Johannes Ullrich estimates that thousands of sites have been seeded with this exploit to date. For example, Web security firm Websense reports that hackers have compromised the Chinese Web site for ABIT, the maker of motherboards that power many home computers. So far, the exploits appear to be only stealing online gaming
Who's Tracking You?
The cover story for the January 2009 issue of Popular Mechanics magazine is a piece I wrote about ways marketers, or even stalkers, can track people through technologies many of us use every day. Here's a snippet from that piece: "Free Web services aren't free," says Gregory Conti, a computer science professor at the United States Military Academy at West Point. "We pay for them with micropayments of personal information. Users aren't entirely oblivious to the fact that information is being collected, and they're doing a cost-benefit analysis, but they're not thinking long-term." Even those who take the time to read a Web site's privacy policy may not realize how many companies have access to their data. That's because most Web sites pull advertisements, snippets of code and other content from a number of third-party sources, any one of which may track the visitor and use the data in a
Retail Fraud Rates Plummeted the Night McColo Went Offline
One month after the shutdown of hosting provider McColo Corp., spam volumes are nearly back to the levels seen prior to the company's take down by its upstream Internet providers. But according to one noted fraud expert, spam wasn't the only thing that may have been routed through the Silicon Valley based host: New evidence found that retail fraud dropped significantly on the same day. It is unclear whether the decrease in retail fraud is related to the McColo situation, but in speaking with Ori Eisen, founder of 41st Parameter, he said close to a quarter of a million dollars worth of fraudulent charges that his customers battle every day came to a halt. Eisen, whose company provides anti-fraud consulting to a number of big retailers and banks, told me at least two of the largest retailers his company serves reported massive declines in fraud rates directly following McColo's termination.
Home
