2010年3月28日 星期日

FW: NABU Trend Micro News Summary - 03/20/10 - 03/26/10


-------------------------------------------
From: Andrea Mueller (MKT-US)
Sent: Monday, March 29, 2010 6:07:56 AM
To: Newsbank; All of Trend Corporate Marketing Department;
All of Trend Global PR; All of US Sales; All of US Marcom Dept.
Cc: Steve Quane (Seg GM-SMB); Thomas Miller (SAL-US); 'Mark Vangel';
Darren Blank (SAL-US); 'trendpr@upstreamaustralia.com.au';
Alan Wallace (MKT-US)
Subject: NABU Trend Micro News Summary - 03/20/10 - 03/26/10
Auto forwarded by a Rule


 

NABU Trend Micro News Summary – 03/20/10 – 03/26/10

 

Table of Contents

 

Trend Micro Quotes

·                    Silicon Valley/San Jose Business Journal (03.19) – 'Top 100 Women of Influence' in 2010 

·                    SC Magazine (02.23) – Conservative effort at social media experiment leaves open source Cash Gordon site directing to adult and Labour Party websites

·                    The Times (03.23) – Tory online experiment foiled as hackers crash ‘Cash Gordon’ website

·                    PC World (03.24) – Security Companies Warn of Uptick in New IE Attack (Paul Ferguson, Trend Micro)

o                               Network World

o                               Techworld

·                    iHotNews (03.25) – Cloud computing held back by security fears, expert says

·                    Computerworld (03.25) – Malware attack uses China World Expo guise

·                    MX Logic (03.25) – Journalists receive malware disguised as event notice

·                    The Times Online (03.23) – No trick is off limits to a Beijing this supremely confident

·                    Computerworld (03.25) – New malware overwrites software updaters

·                    Computerworld (03.22) – FBI embeds cyber-investigators in Ukraine, Estonia

o                               CIO.com

·                    The New New Internet (03.26) – ZBOT Trojan Targets European Banks

o                               MX Logic

·                    Softpedia (03.25) – Large European Banks Targeted by ZeuS; C&C server hosted in Serbia

·                    About.com: Mary’s Antivirus Software Blog (03.24) – Pictures Ruse Used to Spam Zeus/Zbot

·                    MSP Mentor (03.23) – Botnets: A Threat (And Opportunity) for Managed Services Providers? (Trend Micro guest blog by TJ Alldridge)

·                    Computerworld Blogs (03.24) – Can Ubuntu save online banking?

·                    InfoSecurity.com (03.26) – Trend Micro: We are witnessing the decline of the operating system

·                    Taylor Vinters (03.24) – YouTube accused of copyright breach by Viacom

 

Trend Micro Mentions

·                    SPAMfighter News (03.26) – Antivirus Software Incapable to Find Top Three Trojans

·                    Ars Technica (03.24) – Exploits of unpatched IE6, IE7 flaw on the rise

·                    SPAMfighter News (03.25) – Malware in Fake Reports of President Obama’s Death

·                    SPAMfighter News (03.23) – Cyber Miscreants Found Exploiting the News of Corey Haim’s Funeral

·                    Reuters (03.24) – Inside a global cybercrime ring

·                    SPAMfighter News (03.23) – Miscreants Riding on DTS Searches, Spreading Scareware

·                    Softpedia (03.23) – New Scareware Leverages the Layered Service Provider; Blocks popular websites from being displayed

·                    SC Magazine US (03.26) – Scammers capitalizing on tax season to spread Zeus

·                    IT World Canada (03.26) – HP Canada gets a new president

 

Trend Micro Announcements

 

 

Mar 25, 2010

Trend Micro CEO Named One of Silicon Valley/San Jose Business Journal's 'Top 100 Women of Influence' in 2010

Eva Chen and other winners to be honored at April 8 awards ceremony

Mar 23, 2010

Trend Micro™ Data Loss Prevention for Endpoint Receives Tolly Certification and Proves More Effective at Mitigating Risk Than Competing DLP Solutions

Mar 16, 2010

Trend Micro Asks: 'What's Your Story?'

User-generated video contest puts Internet safety, education, and awareness in the spotlight; grand prize winner gets $10,000 and a chance to be a part of Internet Safety Month.

Mar 15, 2010

Trend Micro Introduces Hosted Email Security 2.0

Emerging leader in hosted security announces a new hosted email security platform that delivers daily protection to more than 30,000 companies worldwide.

 

 

Trend Micro Quotes

 

“Five-year goal: Our vision is to make the world safe for exchange of digital information, and we see a tremendous game-changing opportunity with the rise of cloud computing that will change the world and create new businesses, but will also require new types of security that really fit the need.” – Eva Chen, Co-founder and CEO, Trend Micro Inc.

'Top 100 Women of Influence' in 2010 

Silicon Valley/San Jose Business Journal – 3/19/10

 

“This isn't all fun and games though, configuration oversights can lead to serious harm. This latest in a line of social media marketing related fails is a salutary warning not to underestimate the technical know-how of the world wide audience you are inviting.” – Rik Ferguson, Trend Micro

Conservative effort at social media experiment leaves open source Cash Gordon site directing to adult and Labour Party websites

SC Magazine – 3/23/10

 

“This is not the first social media campaign that has resulted in a big fail for the people doing it. You would expect some learning to be happening.” – Rik Ferguson, Trend Micro

Tory online experiment foiled as hackers crash ‘Cash Gordon’ website

The Times – 3/23/10

 

"It's popping up all over the place. It started off slowly, but I really started noticing it yesterday, and then today -- there were a bunch of sites which harbored this exploit." – Paul Ferguson, Trend Micro

Security Companies Warn of Uptick in New IE Attack

PC World – 3/24/10

 

"When we consume cloud services we outsource a substantial amount of control but we don't outsource any accountability; we can't outsource any accountability." – Rik Ferguson, Trend Micro

Cloud computing held back by security fears, expert says

iHotNews – 3/25/10

 

"There seems to be a [definite] increase in sophisticated, targeted attacks coming out of China," said Paul Ferguson, a researcher at Trend Micro.

Malware attack uses China World Expo guise

Computerworld – 3/25/10

 

"There seems to be a [definite] increase in sophisticated, targeted attacks coming out of China," Paul Ferguson, a researcher at Trend Micro, told the news provider in an instant message.

Journalists receive malware disguised as event notice

MX Logic – 3/25/10

 

Anti-hacking experts at Trend Micro go even further: if you are staying in a hotel, shut down your machine when you take a shower — that is when the Chinese cyber thieves tend to strike.

No trick is off limits to a Beijing this supremely confident

The Times Online – 3/23/10

 

"They will lose the auto-updating functionality of whatever software is affected even after the malware is cleaned up. That could of course leave them open to exploitation further down the line if critical vulnerabilities don't get patched as a result." - Rik Ferguson, Trend Micro

New malware overwrites software updaters

Computerworld – 3/25/10

 

"Ukraine's a huge problem," said Paul Ferguson, a researcher at security firm Trend Micro Inc. "I would rank it above Russia right now."

FBI embeds cyber-investigators in Ukraine, Estonia

Computerworld – 3/22/10

 

“At this point, we do have the data that show that these banks are indeed being currently targeted,” said Trend Micro’s advanced threats researcher Ivan Macalintal.

ZBOT Trojan Targets European Banks

The New New Internet – 3/26/10

 

"At this point, we do have the data that show that these banks are indeed being currently targeted. We are including some names of the banks here to make people aware." - Ivan Macalintal, Trend Micro

Large European Banks Targeted by ZeuS; C&C server hosted in Serbia

Softpedia – 3/25/10

 

According to threat researcher Ivan Macalintal of Trend Micro, the email sent is highly personalized, making it appear legitimate and potentially leading to a greater number of victims falling for the scam.

Pictures Ruse Used to Spam Zeus/Zbot

About.com: Mary’s Antivirus Software Blog – 3/24/10

 

TJ Alldridge is product marketing manager at Trend Micro. Guest blogs such as this one are part of MSPmentor’s annual platinum sponsorship.

Botnets: A Threat (And Opportunity) for Managed Services Providers?

MSP Mentor – 3/23/10

 

Raimund Genes, chief technology officer at security software vendor Trend Micro, calls the security measures used for online banking in the U.S. "a joke."

Can Ubuntu save online banking?

Computerworld Blogs – 3/24/10

 

We are witnessing the decline of the general purpose operating system." - Justin Foster, Trend Micro

Trend Micro: We are witnessing the decline of the operating system

InfoSecurity.com – 3/26/10

 

Social networking websites have also courted controversy recently, with Trend Micro senior security advisor Rik Ferguson claiming that the sites are attractive to a number of online criminals because of the large number of people making use of them.

YouTube accused of copyright breach by Viacom

Taylor Vinters – 3/24/10

 

Trend Micro Mentions

 

Further, Silon, the second most active Trojan, was found only by Trend Micro's antivirus engine

Antivirus Software Incapable to Find Top Three Trojans

SPAMfighter News – 3/26/10

 

Security researchers for antivirus company AVG are now reporting tens of thousands of attacks per day, and this number is likely to grow further. Rival firm Trend Micro has reported similar growth.

Exploits of unpatched IE6, IE7 flaw on the rise

Ars Technica – 3/24/10

 

The security researchers of Trend Micro have discovered a malware movement on the famous Internet Messaging (IM) service in the last few days which tries to dupe the users on harmful links that circulate malware.

Malware in Fake Reports of President Obama’s Death

SPAMfighter News – 3/25/10

 

According to the security experts of Trend Micro, cyber goons are increasingly exploiting the news of the death of Corey Haim, Canadian teen idol, in a bid to launch FAKEAV (fake anti-virus) scams.

Cyber Miscreants Found Exploiting the News of Corey Haim’s Funeral

SPAMfighter News – 3/24/10

 

The scareware also removes legitimate anti-virus software from vendors including Symantec Corp, McAfee and Trend Micro Inc, leaving PCs vulnerable to other attacks.

Inside a global cybercrime ring

Reuters – 3/24/10

 

To conclude, security experts from security purveyors Websense and Trend Micro independently alarm the users of similar schemes wherein Corey Haim's death was targeted, which occurred in the second week of March 2010.

Miscreants Riding on DTS Searches, Spreading Scareware

SPAMfighter News – 3/23/10

 

Security researchers from antivirus vendor Trend Micro warn that a new FAKEAV version operates a ransomware-like component as a Layered Service Provider (LSP) routine.

New Scareware Leverages the Layered Service Provider; Blocks popular websites from being displayed

Softpedia – 3/23/10

 

Cybercriminals have been capitalizing on tax season by sending messages that appear to come from the Internal Revenue Service but actually lead to the data-stealing trojan Zeus, researchers at anti-virus firm Trend Micro warned Thursday.

Scammers capitalizing on tax season to spread Zeus

SC Magazine US – 3/26/10

 

Former NEC and Trend Micro Canada executive Pat Kewin will be named director of sales and marketing for Accutrust shortly.

HP Canada gets a new president

IT World Canada – 3/26/10

 


 

 

Trend Micro Quotes

 

Silicon Valley/San Jose Business Journal

March 19, 2010

 

'Top 100 Women of Influence' in 2010 

 

Eva Chen

Co-founder and CEO, Trend Micro Inc.

 

Trend Micro, a global leader in Internet content security, focuses on securing the exchange of digital information for businesses and consumers. Trend Micro is advancing integrated threat management technology to protect operational continuity, personal information, and property from malware, spam, data leaks and the newest Web threats.

 

Education:  MBA and master’s in management information systems, University of Texas; philosophy degree, Che Chi University in Taipei.

 

Boards/volunteer work: Board member, Trend Micro; volunteer work including building houses in the Philippines.

 

First job: Sportswriter, but my first real tech job was product manager at Acer.

 

Business hero: Steve Jobs, his passion for innovation, business leadership, and changing the world.

 

Proudest achievement: My children and of course Trend Micro. Personally, I am proud to hold several security technology patents that have helped keep us ahead of the bad guys starting from the earliest days on the Internet.

 

Biggest workplace challenge: Driving innovation and execution deep into the organization while still managing our profitability and growth, and protecting our customers from an increasingly malicious and threatening Internet landscape. Of course, we are a global company with headquarters in Japan, big development in Taiwan and China, marketing and research in California, and so the amount of travel I must do is a workplace challenge. But I make it a point to fly home for the weekend with my children, or even take an extra flight to get home for dinner on a weeknight.

 

Something that would surprise others: I also paint, fence and love reading science fiction.

 

Five-year goal: Our vision is to make the world safe for exchange of digital information, and we see a tremendous game-changing opportunity with the rise of cloud computing that will change the world and create new businesses, but will also require new types of security that really fit the need. Our strategy in several different areas is to create security that fits.

 

Return to top

 


 

SC Magazine

March 23, 2010

 

Conservative effort at social media experiment leaves open source Cash Gordon site directing to adult and Labour Party websites

 

By Dan Raywood

 

The Conservative Party was left with egg on its face after a social media marketing campaign aimed at embarrassing the Labour Party backfired.

 

The Tories introduced a website called ‘Cash Gordon', which claimed that ‘one of the great untold stories of British politics is how Unite has taken advantage of Labour's near bankruptcy and the departure of Tony Blair to gain an unprecedented grip on the party'.

 

It was also set up to collect Twitter messages that contained the hashtag #cashgordon and republish it in a live stream on the home page. However a configuration error was discovered as any messages containing the #cashgordon hashtag were being published, as well as whatever else they contained.

 

Trend Micro senior security advisor Rik Ferguson commented that if users tweeted JavaScript instead of standard messages, this JavaScript would be interpreted as a legitimate part of the Cash Gordon site by the visitor's browser. This would redirect the user to any site of their choosing, and this saw the site abused to the point of being taken offline.

 

The abuse was noted and led to Twitter users sending users to various sites, including pornography sites, the Labour Party website and a video of 1980s pop star Rick Astley.

 

The BBC's technology correspondent Rory Cellan-Jones commented that for several hours, while the developers worked to fix the problem, visitors to Cash Gordon were redirected to the main Conservative site. Meanwhile, Labour and Conservative micro-bloggers traded insults, with one side arguing this was the greatest foul-up in the short history of ‘peer-to-peer' campaigning. The other ]side said] that their strategy had been vindicated because #cashgordon was now a trending topic on Twitter and their opponents had simply given them free publicity.

 

Tweets appearing on the Cash Gordon site appear to show that it is back up and running, although many users are claiming that Tweets are now being moderated.

 

Ferguson said: “This isn't all fun and games though, configuration oversights can lead to serious harm. This latest in a line of social media marketing related fails is a salutary warning not to underestimate the technical know-how of the world wide audience you are inviting.

 

”In reality this poor configuration could have posed a serious risk to the Tory party's own supporters as well as any other curious visitor. Those responsible for the page should have been filtering incoming Tweets or simply sanitising the code before it was posted as this could just as easily been used as a means to infect visitors by redirecting them to malicious websites.”

 

http://www.scmagazineuk.com/conservative-effort-at-social-media-experiment-leaves-open-source-cash-gordon-site-directing-to-adult-and-labour-party-websites/article/166314/

 

Return to top


 

 

The Times

March 23, 2010


Tory online experiment foiled as hackers crash ‘Cash Gordon’ website

 

By Murad Ahmed, Technology Reporter

 

It was supposed to display how the modern Conservative Party could harness the power of the internet. Instead, the Tories’ latest attempt to engage the web backfired spectacularly.

 

Over the weekend the party launched the “Cash Gordon” website as part of an internet campaign to highlight links between the Prime Minister and Unite, the trade union behind the recent strikes by British Airways cabin crew. The Tories invited the public to contribute to the effort through the social-networking websites Facebook and Twitter.

 

By this morning, however, the website had been flooded with mocking and abusive messages. Eventually, hackers infiltrated the page so that visitors to Cash Gordon were redirected to the Labour Party website, porn sites and an infamous video of Rick Astley singing on YouTube. Within hours, the Conservatives were forced to take down the site, saying that it was suffering from “technical problems”.

 

Cash Gordon had started out as a slick webpage, using the latest features from Facebook and Twitter in an effort to gain public interest in the campaign.

 

In the first two days it had only a few hundred followers. But the party was keen to talk up the effort. On Sunday Samuel Coates, from the party’s new media team, wrote on the Conservative’s official blog: “In the brave new world of online politics it’s important to keep innovating in this way.”

 

Key to the Tories’ strategy for Cash Gordon was to invite the public’s comments. It published all tweets — messages written on Twitter — that included the phrase #cashgordon. This meant that the Cash Gordon website would feature comments praising the campaign, but also — as was more often the case — those criticising it.

 

Hackers also wrote tweets that included simple computer code, meaning that visitors to the site were automatically redirected to other pages.

 

By this afternoon the site had been taken down. A Conservative spokeswoman said: “There was an attempt made to redirect 'cashgordon' users to other websites. We’ve made the necessary adjustments to the site and the 'cashgordon' campaign has now led to many thousands people hearing about Unite’s funding stranglehold over the Labour Party.”

 

Last night it appeared that the party had the site up and running again.

 

Experts said that the Conservatives had built the website too quickly and had not learned from the lessons of others.

 

“They certainly overlooked the possibility that that this could happen,” said Rik Ferguson, a senior analyst at Trend Micro, the internet security firm. “This is not the first social media campaign that has resulted in a big fail for the people doing it. You would expect some learning to be happening.”

 

The incident will come as an embarrassment to the party, who have been hailed recently as online pioneers by the likes of Wired magazine and technology bloggers because of their investment in new media ideas.

 

One the party’s biggest internet successes, WebCameron, an internet video diary featuring David Cameron, has been viewed by hundreds of thousands of people.

 

However, it is not the first time that the party has suffered at the hands of the internet’s uncontrollable crowds. Within hours of launching its latest poster campaign, featuring the party leader’s face, blogs said that the picture had been airbrushed and numerous send-ups of the posters quickly spread through the web.

 

http://technology.timesonline.co.uk/tol/news/tech_and_web/the_web/article7071740.ece

 

Return to top


 

PC World

March 24, 2010

 

Security Companies Warn of Uptick in New IE Attack

 

By Robert McMillan, IDG News Service

 

Criminals are stepping up their attacks leveraging an unpatched flaw in Microsoft's Internet Explorer browser, using it to install fake antivirus products and malicious back doors on victim's computers.

 

Microsoft first warned of the bug on March 9, saying that it had been used in "targeted attacks." But now, according to researchers, the exploits are much more widespread. By late last week, security vendor AVG was getting reports of 30,000 attacks per day, according to Roger Thompson, AVG's chief research officer.

 

"It's not a massive attack, but it's an unpatched exploit being used aggressively," he said Tuesday, in an instant message interview.

 

It appears that two separate cybergangs have begun using the exploit -- the first uses it to install fake antivirus software on victim's computers; the second group is installing a variant of the Sinowal Trojan, Thompson said.

 

Most of the attacks are being hosted on Web sites that appear to be specifically set up to host the attack code, rather than hacked sites, Thompson said.

 

Although AVG tracked just 16,000 attacks on Monday, Thompson predicted that problem would get worse in the next few days, putting pressure on Microsoft to rush out a fix for the bug ahead of it's scheduled April 13 security updates. "I would expect it to be adopted by more gangs over the next couple of weeks, as soon as they figure out where to find a copy," Thompson said.

 

Rival AV vendor Trend Micro agreed that attacks are on the rise. "It's popping up all over the place," said Paul Ferguson, a researcher with the company. "It started off slowly, but I really started noticing it yesterday, and then today -- there were a bunch of sites which harbored this exploit," he said via instant message on Tuesday.

 

Internet Explorer versions 6 and 7 are vulnerable to the attack. For it to work, however, the victim has to first visit a Web site hosting the malicious code.

 

Microsoft could not immediately be reached for comment on this story.

 

http://www.pcworld.com/businesscenter/article/192236/security_companies_warn_of_uptick_in_new_ie_attack.html

 

Also @

 

Network World

http://www.networkworld.com/news/2010/032410-security-companies-warn-of-uptick.html?t51hb

 

Techworld

http://news.techworld.com/security/3218192/internet-explorer-vulnerable-to-hackers-warn-experts/?olo=rss

 

Return to top

 


 

iHotNews

March 25, 2010

 

Cloud computing held back by security fears, expert says

 

Posted by Paul Sells

 

IT outsourcing users are reluctant to use cloud computing because they have to give up control of data but are still responsible for its security, an expert has claimed.

 

A recent poll by the Information Systems Audit and Control Association discovered that a quarter of firms using cloud computing believes its benefits are outweighed by the risks, but use it anyway.

 

Trend Micro senior security advisor Rik Ferguson, speaking at the Westminster eForum Keynote Seminar on cloud computing, said research by his firm found three-quarters of chief information officers do not want to use the innovation because of its security problems.

 

"When we consume cloud services we outsource a substantial amount of control but we don't outsource any accountability; we can't outsource any accountability," he added.

 

However, Mr Ferguson pointed out that security is cited by many IT outsourcing users as one of cloud computing's main benefits and claimed this contradiction demonstrates a "disconnect" in how firms perceive the technology.

 

http://www.ihotdesk.com/article/19689534/Cloud-computing-held-back-by-security-fears,-expert-says

 

Return to top


 

 

Computerworld

March 25, 2010

 

Malware attack uses China World Expo guise

 

By Owen Fletcher

 

IDG News Service -  A malware attack dressed up as an e-mail from organizers of the upcoming Shanghai World Expo targeted at least three foreign journalists in China, in the latest sign of increasingly sophisticated cyberattacks from the country.

 

The e-mail appeared to be sent from the inbox of the Expo news office, but it was not sent by the Expo and may be targeting journalists who signed up to cover the event, a reporters' advocacy group in China told members in an e-mail on Thursday.

 

Google drew global attention to cyberattacks from China two months ago, when the company said it had detected hacking attempts from the country partly aimed at the Gmail accounts of Chinese human rights activists. Google also said the attacks had caused the loss of Google intellectual property and that at least 20 other large companies were targeted. Chinese authorities use various methods to keep political dissidents under surveillance, but Google did not blame the Chinese government for the attacks.

 

There was also no evidence to suggest that the e-mail sent to foreign journalists had any tie to the government. But at least one version of the e-mail, which was sent by an attacker to IDG News Service, clearly targeted people who had filled out a spreadsheet to register for the Expo. The e-mail had a .pdf attachment that exploited a recently patched vulnerability in Adobe Reader, according to scan results on the Wepawet malware analysis Web site.

 

"There seems to be a [definite] increase in sophisticated, targeted attacks coming out of China," said Paul Ferguson, a researcher at Trend Micro, in an instant message.

 

Eastern Europe is a base for many cybercriminals who aim to profit by illicitly obtaining credit-card and banking information from victims. But large-scale attacks from China are often aimed at stealing intelligence or intellectual property, Ferguson said.

 

The World Expo will be a months-long show in Shanghai this year where dozens of countries will set up displays. The government sees the event as a display of China's rising influence abroad.

 

The alert sent out by the reporters' group in China said .pdf attachments had become a common mode of attack and that antivirus tools often do not pick up the types of malware involved. On Thursday afternoon in China, Kaspersky was the only vendor out of 42 tested by VirusTotal that labeled the file in the fake Expo e-mail as malicious.

 

China has repeatedly said its laws ban cybercrime including hacking attacks when asked about accusations of government involvement in attacks.

 

http://www.computerworld.com/s/article/9174100/Malware_attack_uses_China_World_Expo_guise

 

Return to top


 

 

MX Logic

March 25, 2010

 

Journalists receive malware disguised as event notice

 

The upcoming Shanghai World Expo has been exploited by cyber criminals to spread malware, according to Computerworld. Three Chinese journalists report that an email claiming to be from organizers of the event contained malware.

 

The journalists believe that the email may be linked to the attacks that struck Google in January that targeted human rights activists. There is no link to the Chinese government, but since all three reporters who received it are members of a journalists advocacy group, suspicions have arisen that the malware is an attempt to gain information from the reporters' hard drives.

 

"There seems to be a [definite] increase in sophisticated, targeted attacks coming out of China," Paul Ferguson, a researcher at Trend Micro, told the news provider in an instant message.

 

However, the Chinese government has expressed support for the expo, as it views the show, that will take place over several months, as a demonstration of China's global influence.

 

http://www.mxlogic.com/securitynews/web-security/journalists-receive-malware-disguised-as-event-notice212.cfm

 

Return to top


 

 

The Times Online

March 23, 2010

 

No trick is off limits to a Beijing this supremely confident

 

By Leo Lewis

 

Packing for a successful business trip to China, warn the consultants at International Risk, should be a nervous and costly affair. Take a laptop, a BlackBerry, a mobile phone and all your usual electronic clobber — but make sure they are not the ones you normally use. Somewhere along the way, they will be plundered for information.

 

Anti-hacking experts at Trend Micro go even further: if you are staying in a hotel, shut down your machine when you take a shower — that is when the Chinese cyber thieves tend to strike.

 

It is tempting for companies to conclude that the foreigner doing business in China struggles in an arena of permanent injustice, that the game is fundamentally rigged against success. Governments, especially Washington, believe that a range of Chinese policies — from the currency peg to rare metal export quotas — are the construct of an economy that cares neither for the spirit nor letter of free trade.

 

The arrest of the four Rio Tinto executives fitted neatly with a view that no trick is off-limits to a Beijing that, particularly since the 2008 humiliation of Wall Street, has supreme confidence that it can get away with anything.

 

This is evident amid the rising acrimony over whether the Chinese currency has been kept unfairly low. President Obama’s pledge to double US export growth in five years implies a clash with China’s own export ambitions and a deeper politicisation of the currency debate.

 

But China now has answers to all that. A hawkish editorial response last week by the Xinhua news agency declared that “America is the biggest manipulator of foreign currency and is unqualified to accuse other countries”.

 

Fears of how China deals with foreign businesses are reflected in concerns over its projection of power around the globe — especially its push into countries with mineral and energy resources. In a speech at the China Development Forum yesterday, Tom Albanese alluded to these concerns. “To develop its overseas brand, China will need to reflect on the global impact of its activities,” the Rio Tinto chief executive said.

 

The tendency to exaggerate the horrors of doing business in China may also apply at the level of the individual companies operating there. The opportunities are so good that many foreign companies choose to treat the iniquities as a cost of being near those opportunities.

 

A list of big foreign companies that have pulled out of the Chinese market is short and riddled with highly specific circumstances. Yahoo! and eBay “pulled out” of China but actually folded their operations into ventures with local players. Ahold withdrew because it could not compete with low-priced local competitors.

 

The annual “Doing Business” report by the World Bank Group — a measure of the difficulties faced by domestic companies operating in their home economies — places China 89th out of 183 surveyed countries. Foreign companies may take the view that corruption, the debacle with Google and the arrest of the Rio executives mean that China belongs lower down on the list, but the position suggests that even Chinese entrepreneurs know that the scene is far from perfect.

 

Nick Day, chief executive of the business intelligence company Diligence, said that from the foreign business point of view, the Chinese scene is clouded by Beijing’s own worries about social instability. “Those concerns are exaggerated by the state of the global economy. Western business are not going to be targeted but are likely to be caught in the crossfire,” he said.

 

http://business.timesonline.co.uk/tol/business/markets/china/article7071881.ece

 

Return to top


 

Computerworld

March 25, 2010

 

New malware overwrites software updaters

 

IDG News Service -  For the first time security researchers have spotted a type of malicious software that overwrites update functions for other applications, which could pose additional long-term risks for users.

 

The malware, which infects Windows computers, masks itself as an updater for Adobe Systems' products and other software such as Java, wrote Nguyen Cong Cuong, an analyst with Bach Khoa Internetwork Security (BKIS), a Vietnamese security company, on its blog.

 

BKIS showed screen shots of a variant of the malware that imitates Adobe Reader version 9 and overwrites the AdobeUpdater.exe, which regularly checks in with Adobe to see if a new version of the software is available.

 

Users can inadvertently install malware on computers if they open malicious e-mail attachments or visit Web sites that target specific software vulnerabilities. Adobe's products are one of the most targeted by hackers due to their wide installation base.

 

After this particular kind of malware gets onto a machine, it opens a DHCP (Dynamic Host Configuration Protocol) client, a DNS (Domain Name System) client, a network share and a port in order to received commands, BKIS said.

 

Malware that poses as an updater or installer for applications such as Adobe's Acrobat or Flash are nothing new, said Rik Ferguson, senior security advisor for Trend Micro.

 

Decent security software should detect the malware, but those people who do become infected could be worse off even if the malware is removed, Ferguson said.

 

"They will lose the auto-updating functionality of whatever software is affected even after the malware is cleaned up," Ferguson said. "That could of course leave them open to exploitation further down the line if critical vulnerabilities don't get patched as a result."

 

That means that users would need to manually download the software again, which they may be unlikely to do if they don't know the effect of the malware.

 

http://www.computerworld.com/s/article/9174126/New_malware_overwrites_software_updaters

 

Return to top

 


 

Computerworld

March 22, 2010

 

FBI embeds cyber-investigators in Ukraine, Estonia

 

By Robert McMillan

 

Computerworld - Hoping to catch cybercrooks, the FBI has begun embedding agents with law enforcement agencies in Estonia, Ukraine and the Netherlands.

 

Over the past few months, the agents have begun working with local police to help crack tough international cybercrime investigations, said Jeffrey Troy, chief of the FBI's cyber division, in an interview. Because virtually all cybercrime crosses international borders, this type of cooperation is crucial, experts say.

 

The embedding was inspired by a successful operation in Romania, begun in 2006, that led to nearly 100 arrests. "We looked at that and said, 'Where else can we do this?' " Troy noted.

 

Security analysts say Ukraine is home to numerous online scammers, including the creators of the Zeus Trojan malware that can empty bank accounts. "Ukraine's a huge problem," said Paul Ferguson, a researcher at security firm Trend Micro Inc. "I would rank it above Russia right now."

 

This version of this story was originally published in Computerworld's print edition. It's a condensed version of an article that originally appeared online.

 

Read more about security in Computerworld's Security Knowledge Center.

 

http://www.computerworld.com/s/article/347523/FBI_Fights_Cybercrime_in_E._Europe

 

 

Also @ CIO.com

http://www.cio.com/article/587678/FBI_Fights_Cybercrime_in_E._Europe?source=rss_news

 

 

Return to top


 

 

The New New Internet

March 26, 2010

 

ZBOT Trojan Targets European Banks

 

This was written by Camille Tuutti

 

A new Trojan spreading primary in Europe is attempting to steal sensitive information from financial institutions and their high-profile customers, including passwords and usernames.

 

The main targets have been reported to be four European banks with large customer bases in Italy, England, Germany and France, including Crédit Mutuel och Abbey National, according to Trend Micro.

 

“At this point, we do have the data that show that these banks are indeed being currently targeted,” said Trend Micro’s advanced threats researcher Ivan Macalintal. “We are including some names of the banks here to make people aware.”

 

The TSPY ZBOT. AZX was created by using the ZeuS toolkit, which was specifically developed to build malware. It makes is possible for cyber criminals to create their own versions of remote-controlled malware. The infected machine then becomes part of the ZeuS botnet, which has been estimated to include millions of computers worldwide.

 

At its most basic level, ZeuS has always been known for engaging in criminal activities, as it signals a new wave of online criminal business enterprises wherein different organizations can cooperate with one another to perpetrate online theft and fraud.

 

Domains used by TROJ_ZBOT.BYP can also be found on the same server in Serbia, according to Trend Micro’s website.  The IP address has earlier also been linked to part of FAKEAV-hosting domains and previous pharmacy spam campaigns.

 

http://www.thenewnewinternet.com/2010/03/26/zbot-trojan-targets-european-banks/

 

Excerpted at MX Logic

http://www.mxlogic.com/securitynews/web-security/new-malware-strain-alters-software-prevent-updates211.cfm

 

Return to top

 


 

Softpedia

March 25, 2010

 

Large European Banks Targeted by ZeuS

C&C server hosted in Serbia

 

Security researchers from antivirus vendor Trend Micro have identified a variant of the infamous ZeuS computer trojan, which targets large banks located in Italy, Germany, France and the United Kingdom. The command and control server has been tracked down to a server in Serbia previously used in other cyber-criminal activities.

 

According to Trend Micro, amongst the targeted financial institutions are Banca di Roma (Bank of Rome), a subsidiary of UniCredit Group, which dominates the Central and Eastern European markets; Abbey National, the UK bank recently rebranded to Santander after its parent, Grupo Santander, one of the largest banking groups in the world; HSBC, the world's leading banking group with a very strong presence in Europe; Crédit Mutuel, a major French retail bank; and the FIDUCIA Group, Germany's top provider of IT services for credit unions and other financial organizations.

 

"At this point, we do have the data that show that these banks are indeed being currently targeted. We are including some names of the banks here to make people aware," commented Ivan Macalintal, advanced threat researcher with the antivirus vendor.

 

Computers infected with this ZeuS variant, detected as TROJ_ZBOT.BYP by Trend Micro, contact two domain names hosted on a Serbian server. According to the security company, this server is known to have hosted domain names used in scareware distribution or spam campaigns in the past.

 

ZeuS, also known as Zbot, is one of the biggest malware threats currently circulating on the Internet. There are hundreds of ZeuS variants in the wild at any given time, because the trojan client is highly customizable and is being generated with a crimeware toolkit sold to cybercrooks on the underground market.

 

Zbot is capable of stealing login credentials for a wide array of account types, from social networking to webmail and FTP. However, by far the most targeted information is credit card details inputted into Web forms and online banking passwords.

 

The latest iteration of the crimeware platform can cost as much as $4,000, but it can also be extended through a series of independently developed and sold modules. Such add-ons are available for prices between $500 and $10,000, depending on their functionality.

 

http://news.softpedia.com/news/Large-European-Banks-Targeted-by-ZeuS-138344.shtml

 

Return to top

 

About.com: Mary’s Antivirus Software Blog

March 24, 2010

 

Pictures Ruse Used to Spam Zeus/Zbot

 

By Mary Landesman, About.com Guide to Antivirus Software

 

Scammers are spreading the Zeus/Zbot backdoor by sending an email warning recipients that (presumably embarrassing) pictures of them were posted online. The text of the email reads:

 

Hey, some jerk has posted your pictures (u understand what kind of pictures are there) and sent a link of them to all ur friends. I have already replied back. Said, that he is an idiot. See the link:

 

Clicking the link loads a bogus 'photo archive' which is actually the Zbot trojan. According to threat researcher Ivan Macalintal of Trend Micro, the email sent is highly personalized, making it appear legitimate and potentially leading to a greater number of victims falling for the scam. Pictures of the email and the file downloads are available in this Trend Micro blog post.

 

One easy way to cut down on the risk of social engineering attacks is to use the free Trend Micro eMail ID which helps verify the authenticity of the received mail. Trend's eMail ID works with a range of different mail providers, including Gmail, Hotmail, AIM, and Outlook. For a complete list of supported mail programs and other system requirements, see the Trend Micro eMail ID product page. And did I mention, it's free?

 

http://antivirus.about.com/b/2010/03/24/pictures-ruse-used-to-spam-zeuszbot.htm

 

Return to top


 

 

MSP Mentor

March 23, 2010

 

Botnets: A Threat (And Opportunity) for Managed Services Providers?

 

By TJ Alldridge

 

Call it the silent small business killer. Many small businesses have so called botnets or zombie software lurking in the background on their notebooks, PCs and servers. Here’s how botnets work, and here’s how managed services providers can stamp out the problem.

 

Simply put, a botnet is a collection (network) of compromised machines, often referred to as “zombies.” The botnet can involve computers in a single company, or it can extend across millions of consumer and business systems. Some pundits estimate that botnets have infiltrated roughly one-quarter of all personal computers connected to the Internet.

 

Cyber criminals use these botnets in a few ways.

 

One way is on a machine by machine basis.  They collect data from the individual zombies by installing a key stroke logger or other malware in the background.  They can then sell the collected information on the black market.

 

The second way the botnets work is by sending spam, launch phishing attacks, or creating denial of service attacks.

 

For the cyber criminals, the goal often is to grow the botnet as big as possible, and to collect as much information as possible.

 

Most botnets are named after the software used to create it.  One very popular piece of botnet software being used today is called “Zeus.”  This software has been around for many years and over the past few years cyber criminals have written add-ons to this malware, customizing it to meet their needs.

 

To grow a botnet, the originator (known as the “bot herder”) will use several tactics such as drive-by downloads, exploiting web browser vulnerabilities, worms, Trojan horses, or even exploits in applications.

 

There are many ways to deal with Zeus and other botnets — including free botnet detection tools. But I wonder: Are you dealing with this problem today or do you have customers asking you for help?

- - -

 

TJ Alldridge is product marketing manager at Trend Micro. Guest blogs such as this one are part of MSPmentor’s annual platinum sponsorship.

 

http://www.mspmentor.net/2010/03/23/botnets-a-threat-and-opportunity-for-managed-services-providers/

Return to top

 


 

 

Computerworld Blogs

March 24, 2010

 

Can Ubuntu save online banking?

 

Jay McLaughlin has me worried. I do my online banking from the same home computer the rest of the family uses for Web surfing and online games. I have the McAfee security suite loaded and do regular scans so accessing online banking should be protected. Right?

 

Not really, says McLaughlin, a Certified Information Security Professional and CIO of CNL Bank. Accessing online banking from your everyday PC is just asking for trouble, he says.

 

In fact, the CIO of the Orlando, Florida-based regional bank would like to see all of his customers - both consumers and businesses - access online banking either from a dedicated machine or from a self-booting CD-ROM running Ubuntu Linux and Firefox.

 

The Ubuntu option

 

Recognizing that most consumers don't want to buy a separate computer for online banking, CNL is seriously considering making available free Ubuntu Linux bootable "live CD" discs in its branches and by mail. The discs would boot up Linux, run Firefox and be configured to go directly to CNL Bank's Web site. "Everything you need to do will be sandboxed within that CD," he says. That should protect customers from increasingly common drive-by downloads and other vectors for malicious code that may infect and lurk on PCs, waiting to steal the user account names, passwords and challenge questions normally required to access online banking.

 

A bootable CD works because it's isolated from the host PC environment. Malware on the host can't touch it - and any malware picked up when running from the CD-ROM goes away once the CD is ejected. "When you eject the CD you have removed everything off the machine," McLaughlin says.

 

He thinks that security suites are increasingly ineffective at keeping up with threats from organized crime rings abroad, such as the Russian Business Network. Right now business users are feeling the heat, but he says consumers are being targeted as well. He's so worried about drive by downloads, in fact, that he uses Firefox with the Noscript plug-in, which won't allow any JavaScript to execute on his PC without his explicit permission.

 

"If you are using online banking you should be using a hardened system that is not used for anything else but online banking," McLaughlin says. While the FDIC, American Banking Association and Federal Financial Institutions Examination Council have come out with similar recommendations for commercial customers, McLaughlin says consumers need to follow them as well.

 

Raimund Genes, chief technology officer at security software vendor Trend Micro, calls the security measures used for online banking in the U.S. "a joke." Any key logger can grab the user name, password and answers to challenge questions that banks commonly use to authenticate users today, he says.

 

Going out of band

 

Genes says using your regular home PC is acceptable for online banking so long as the bank supports two-factor authentication. For example, some banks in Europe use a transaction authentication number, an authentication code that's sent to the user "out of band," such as via SMS to a cell phone. The user then enters the code into the Web browser to complete a transaction online. The code changes every time the user makes a new request. Another alternative is a smart token, such as an RSA token. Barring that, he says, "I would not do online banking at all. Or if I had to I would use a sandboxed browser. I would boot up a mini Linux system from a USB stick."

 

CNL Bank currently offers out of band authentication only when setting up an initial password on a new online account or for password reset requests. The authentication code can be transmitted via SMS, using an automated attendant that calls a phone number that the customer has set up in advance, or through e-mail (although McLaughlin says the e-mail option may be discontinued because a compromised machine may have compromised e-mail as well).

 

McLaughlin is also considering offering this mechanism as an authentication option each time the user logs in, and CNL may offer an even more granular option that requires out of band authentication for individual transactions - for example, for commercial customers with high risk transactions such as wire transfers.

 

Flash or CD-ROM?

 

When accessing online banking, consumers may want to consider using a secure, bootable flash drive running an environment such as U3 or MojoPak, says John Pescatore, analyst with Gartner Inc. But banks like the idea of the Ubuntu distribution because the software is free and the media is much cheaper than a memory stick. The problem with both is that the user now has to carry something to access online banking. "They hate that. That's why this approach has never broken into the mainstream," Pescatore says.

Consumers could also access online banking from a separate, bootable partition on their PC, but that's probably more work than most consumers would put up with. Another alternative, hosting a separate virtual machine (VM), is better than nothing. But McLaughlin cautions that the VM is still not totally isolated from the PC. Malware that targets the hypervisor layer underlying the VM may find its way around those defenses.

 

Everyone is unanimous on one point, however: Nobody seems to think doing online banking from the machine you use every day for Web surfing and e-mail is a good idea.

 

McLaughlin thinks the bootable Ubuntu CD option may be the best alternative right now. Regardless of who you bank with, he suggests ordering a copy of the free Ubuntu Desktop Edition selt-booting CD (If you don't want to wait you can download the image and burn it on a CD yourself) and try it for your online banking.

 

McLaughlin and Genes put a sufficient scare into me that I've decided to give it a go. Yes, it's a hassle to reboot for online banking - until you think of what could happen if someone stole your credentials. On the plus side, I'll be exposed to Linux on a regular basis.

 

Who knows? I might decide that I like running Linux for more than just online banking.

 

http://blogs.computerworld.com/15815/can_ubuntu_save_online_banking?source=rss_blogs

 

Return to top


 

 

 

InfoSecurity.com

March 26, 2010

 

Trend Micro: We are witnessing the decline of the operating system

 

In an interesting analysis of the migration of local systems to the cloud, and the transition from desktop to laptops, netbooks and mobiles, Justin Foster, a software architect with Trend Micro, says that an unexpected transformation is taking place at the heart of server workloads and mobile devices.

 

"We are witnessing the decline of the general purpose operating system", he said in his security blog posted last night, adding that the once static data centre has transformed into a highly agile virtual data centre.

 

And, he says, it is now once again transforming thanks to cloud computing.

 

"First generation migrations to cloud, using Infrastructure-as-a-service, are facing tough competition from Platform-as-a-Service frameworks designed to take advantage of the rapid elasticity and scalability the cloud model provides", he said.

 

"A similar change is taking place with client devices. The once ubiquitous laptop is being supplanted by highly specialised and proprietary devices like smart phones, iPads and netbooks running Google's Chrome operating system", he added.

 

According to Foster, as these devices become more capable, the need for a general-purpose operating systems like Windows or Mac OSX fades away.

 

Foster calls this change cloudamorphosis, a process that is create new challenges – and opportunities.

 

"As security emerges from the cocoon of the past, a new generation of cloud-focused solutions will unify the diverse mixture of assets, restoring the control we once had and embracing the agility of the new model", he said.

 

"With all of this change, we have to remember that effective security management requires unified visibility and control across the spectrum of traditional assets, mobile devices and cloud computing resources", he added.

 

"The next generation of security solutions need to bridge this gap and let our data safely take flight."

 

http://www.infosecurity-magazine.com/view/8365/trend-micro-we-are-witnessing-the-decline-of-the-operating-system-/

 

Return to top


 

 

 

Taylor Vinters

March 24, 2010

 

YouTube accused of copyright breach by Viacom

 

Published by Tim Hill

 

An argument has broken out between Viacom, the company which owns movie studio Paramount and MTV Networks, and the founders of YouTube over an alleged incident of copyright infringement.

 

Viacom filed a $1 billion (£650 million) lawsuit against Google, the parent company of YouTube, in 2007 but fresh discussions have since erupted, with the former company accusing the video sharing site of piracy.

 

According to the Daily Telegraph, YouTube creators Chad Hurley, Steve Chen and Jawed Karim have countered the claims by suggesting that Viacom uploaded its own content to the site in order to provide evidence for its copyright breach allegation.

 

"The law is clear that Google and YouTube are liable for their infringement ... The statements by Google regarding Viacom activities are merely red herrings and have no relevance on the legal facts of this case," a spokesperson for Viacom countered.

 

Social networking websites have also courted controversy recently, with Trend Micro senior security advisor Rik Ferguson claiming that the sites are attractive to a number of online criminals because of the large number of people making use of them.

 

Please contact Patrick Farrant, Head of Technology for further information or call 01223 225181

 

http://www.taylorvinters.com/node/2528

 

Return to top


 

 

 

Trend Micro Mentions

 

SPAMfighter News

March 26, 2010

 

Antivirus Software Incapable to Find Top Three Trojans

 

The IT Security Firm Trusteer states that antivirus program is completely incapable at detecting the dominant three Trojans- Yaludle, Silon and Zeus, which were responsible for stealing from UK financial institutions.

 

Out of 42 antivirus engines tested, only 14 were able to discover the Zeus Trojan, as per the firm's research. Further, Silon, the second most active Trojan, was found only by Trend Micro's antivirus engine and Panda Software and F-Secure could detect the third most rampant Trojan, Yaludle.

 

Further, Trusteer also disclosed that almost 90% of bank fraud held these three malware groups responsible for the Trojans attacks. 1 out of 100 systems were hit with Zeus Trojan and it end up being the most abundant one. The Zeus Trojan is often used to jeopardize individual banking accounts in the UK.

 

CEO of Trusteer, Mickey Boodaei, claimed that most of the hackers use Zeus, but there is not clear association between Yaludle and Silon, as per the news published by SCMagazine on March 17, 2010.

 

Boodaei said that this is something useful for an original crime group for developing themselves and it will not be seen anywhere else. For instance, Zeus is platform specific, and it can be used in other countries as well in the time to come.

 

Explaining the detections and the number of infections, Boodaei opined that he did not have precise details because every piece of malware is not similar.

 

Along the lines of Boodaei's claim, information from another security firm, Prevx, demonstrated that it first observed attacks on 4th September 2009, and until March 16th 2010, the firm had seen 97 agents with 50 unique executables. Out of those variants, the maximum was 17 findings of just one file name. Resembling Boodaei's comments about the uniqueness of it, most of the filenames had just one agent seen.

 

As a solution to this problem, Boodaei recommends that banking institutions and their customers should be clearer about what malware can be used for online theft so that they can exactly know which of the several kinds of malware they should be protected against most, as per the news published by ComputerWeekly.com on March 17, 2010.

 

http://www.spamfighter.com/News-14091-Antivirus-Software-Incapable-to-Find-Top-Three-Trojans.htm

 

Return to top


 

 

Ars Technica

March 24, 2010

 

Exploits of unpatched IE6, IE7 flaw on the rise

 

By Peter Bright

 

An unpatched flaw in Internet Explorer versions 6 and 7 is increasingly being exploited. The flaw, first reported two weeks ago, was initially used in limited, targeted attacks. It is now evolving into something more widespread and indiscriminate.

 

Security researchers for antivirus company AVG are now reporting tens of thousands of attacks per day, and this number is likely to grow further. Rival firm Trend Micro has reported similar growth. It appears that there are now two main attacks being used by two separate gangs of hackers; one installs fake antivirus software, the other installs a trojan.

 

Redmond is yet to release (or even announce) a patch, though an automated workaround is now available. The next Patch Tuesday is not until April 13, so if the growth in exploitation continues, the company will be under increasing pressure to publish a update sooner. There is, however, one robust fix already available: upgrade to Internet Explorer 8. The newest browser version doesn't contain the flaw at all.

 

http://arstechnica.com/microsoft/news/2010/03/exploits-of-unpatched-ie6-ie7-flaw-on-the-rise.ars

 

Return to top


 

 

SPAMfighter News

March 25, 2010

 

Malware in Fake Reports of President Obama’s Death

 

The security researchers of Trend Micro have discovered a malware movement on the famous Internet Messaging (IM) service in the last few days which tries to dupe the users on harmful links that circulate malware.

 

The security experts of the security firm, Loucif Kharouni, actually spotted the harmful messages, as per the blog post published by TrendLabs Malware Blog on March 16, 2010.

 

It appears that the messages are aimed at French speaking Web users as the text before the links is written in French language and tells the users to click on the attached link. Some of these attached links made the users believe that they are watching a photograph related to an incident that reportedly killed the US President, Barack Obama. The used domain names resemble authentic sites such as YouTube and Facebook.

 

However, in actual fact, the attached links take the gullible users to harmful BUZUS variants identified by the security firm Trend Micro as TROJ_BUZUS.BTB and TROJ_BUZUS.BTA.

 

The security experts hence suggested users to ignore the instant messages that took them to President's death.

 

Expressing their opinions on the issues, the security experts stated that bogus celebrity death reports have appeared on the Web earlier as well. In past few years, there were rumors about Britney Spears' death, death of Will Farrel, Justin Timberlake, Michael Jackson (before he actually died), Sean Connery, etc. Considering the propagation of malware, celebrity death reports can take a leap if the hackers chose to pick up the trend.

 

Meanwhile, the security experts opined that this is not the first time when President Obama has become the target of hackers to circulate malware. At the time of his campaign for the US Presidency in 2008, there were many instances of cyber criminals taking advantage of Obama's news. Previous attacks were seen both during his election (both for spreading malware and pharmaceutical spam), and during his inauguration.

 

Further, it is to be noted that it is not Barack Obama only who has been a victim of malware campaign. Earlier, Bill Clinton, George Bush and Ronald Reagan have also been targeted by hackers to accomplish their vicious purposes, i.e. to spread malware.

 

http://www.spamfighter.com/News-14087-Malware-in-Fake-Reports-of-President-Obamas-Death.htm

 

Return to top


 

 

 

SPAMfighter News

March 23, 2010

 

Cyber Miscreants Found Exploiting the News of Corey Haim’s Funeral

 

According to the security experts of Trend Micro, cyber goons are increasingly exploiting the news of the death of Corey Haim, Canadian teen idol, in a bid to launch FAKEAV (fake anti-virus) scams.

 

Security experts describes that employing blackhat SEO (SEARCH ENGINE OPTIMIZATION) techniques, malicious links at the top of search results are provided if a user simply search for the news on the funeral of Corey Haim on Google. These malicious links redirect the susceptible user to Web sites that ultimately result in downloading a FAKEAVE.

 

It is worth noting that at present, FAKEAV or fake antivirus, has become one of the most common threats in the Internet threat landscape, and as cyber crooks take a more advanced and sophisticated approach, fake anti-virus are constantly evolving.

 

Trend Micro alerts all the gullible users that while following these malicious links, a false window opens and shows that the user's system is flooded with malware, and therefore suggests him/her to download the anti-virus solution it offers.

 

The downloaded file is detected as TROJ_FAKEAV.DBB. by the security firm. A scan page containing phony scan results is loaded by the program which offers the user to eliminate hazardous files from his system.

 

As the product asks for activation, Trend Micro feels that there's a slight catch. The security firm recommends users to be watchful of such ploys as they might unwillingly make the target reveal his personal sensitive data. Attackers, in this case, ask the victim for his credit card details.

 

Considering the viciousness of the spam, users are strongly advised to be extra cautious while surfing the Internet for such hot topics as malware felons have gain expertise to get their names included in the top search results. Also, to avoid system infection, users must rely only on the trusted news websites to search for reports on celebrity's death.

 

The Canadian teen idol is not the only celebrity whose death has been misused by cyber crooks. These miscreants were also spotted misusing Brittany Murphy's death in December 2009.And earlier, in June 2009, when the whole world was morning for loosing the greatest pop star Micheal Jackson, cyber assailants were busy launching various FAKEAV scams.

 

http://www.spamfighter.com/News-14079-Cyber-Miscreants-Found-Exploiting-the-News-of-Corey-Haims-Funeral.htm

 

Return to top


 


Reuters

March 24, 2010

 

Inside a global cybercrime ring

 

By Jim Finkle

 

(Reuters) - Hundreds of computer geeks, most of them students putting themselves through college, crammed into three floors of an office building in an industrial section of Ukraine's capital Kiev, churning out code at a frenzied pace. They were creating some of the world's most pernicious, and profitable, computer viruses.

 

According to court documents, former employees and investigators, a receptionist greeted visitors at the door of the company, known as Innovative Marketing Ukraine. Communications cables lay jumbled on the floor and a small coffee maker sat on the desk of one worker.

 

As business boomed, the firm added a human resources department, hired an internal IT staff and built a call center to dissuade its victims from seeking credit card refunds. Employees were treated to catered holiday parties and picnics with paintball competitions.

 

Top performers got bonuses as young workers turned a blind eye to the harm the software was doing. "When you are just 20, you don't think a lot about ethics," said Maxim, a former Innovative Marketing programer who now works for a Kiev bank and asked that only his first name be used for this story. "I had a good salary and I know that most employees also had pretty good salaries."

 

In a rare victory in the battle against cybercrime, the company closed down last year after the U.S. Federal Trade Commission filed a lawsuit seeking its disbandment in U.S. federal court.

 

An examination of the FTC's complaint and documents from a legal dispute among Innovative executives offer a rare glimpse into a dark, expanding -- and highly profitable -- corner of the internet.

 

Innovative Marketing Ukraine, or IMU, was at the center of a complex underground corporate empire with operations stretching from Eastern Europe to Bahrain; from India and Singapore to the United States. A researcher with anti-virus software maker McAfee Inc who spent months studying the company's operations estimates that the business generated revenue of about $180 million in 2008, selling programs in at least two dozen countries. "They turned compromised machines into cash," said the researcher, Dirk Kollberg.

 

The company built its wealth pioneering scareware -- programs that pretend to scan a computer for viruses, and then tell the user that their machine is infected. The goal is to persuade the victim to voluntarily hand over their credit card information, paying $50 to $80 to "clean" their PC.

 

Scareware, also known as rogueware or fake antivirus software, has become one of the fastest-growing, and most prevalent, types of internet fraud. Software maker Panda Security estimates that each month some 35 million PCs worldwide, or 3.5 percent of all computers, are infected with these malicious programs, putting more than $400 million a year in the hands of cybercriminals. "When you include cost incurred by consumers replacing computers or repairing, the total damages figure is much, much larger than the out of pocket figure," said Ethan Arenson, an attorney with the Federal Trade Commission who helps direct the agency's efforts to fight cybercrime.

 

Groups like Innovative Marketing build the viruses and collect the money but leave the work of distributing their merchandise to outside hackers. Once infected, the machines become virtually impossible to operate. The scareware also removes legitimate anti-virus software from vendors including Symantec Corp, McAfee and Trend Micro Inc, leaving PCs vulnerable to other attacks.

 

When victims pay the fee, the virus appears to vanish, but in some cases the machine is then infiltrated by other malicious programs. Hackers often sell the victim's credit card credentials to the highest bidder.

 

Removing scareware is a top revenue generator for Geek Choice, a PC repair company with about two dozen outlets in the United States. The outfit charges $100 to $150 to clean infected machines, a service that accounts for about 30 percent of all calls. Geek Choice CEO Lucas Brunelle said that scareware attacks have picked up over the past few months as the software has become increasingly sophisticated. "There are more advanced strains that are resistant to a lot of anti-virus software," Brunelle said.

 

Anti-virus software makers have also gotten into the lucrative business of cleaning PCs, charging for those services even when their products fall down on the job.

 

Charlotte Vlastelica, a homemaker in State College, Pennsylvania, was running a version of Symantec's Norton anti-virus software when her PC was attacked by Antispyware 2010. "These pop-ups were constant," she said. "They were layered one on top of the other. You couldn't do anything."

 

So she called Norton for help and was referred to the company's technical support division. The fee for removing Antispyware 2010 was $100. A frustrated Vlastelica vented: "You totally missed the virus and now you're going to charge us $100 to fix it?"

 

AN INDUSTRY PIONEER

 

"It's sort of a plague," said Kent Woerner, a network administrator for a public school district in Beloit, Kansas, some 5,500 miles away from Innovative Marketing's offices in Kiev. He ran into one of its products, Advanced Cleaner, when a teacher called to report that pornographic photos were popping up on a student's screen. A message falsely claimed the images were stored on the school's computer.

 

"When I have a sixth-grader seeing that kind of garbage, that's offensive," said Woerner. He fixed the machine by deleting all data from the hard drive and installing a fresh copy of Windows. All stored data was lost.

 

Stephen Layton, who knows his way around technology, ended up junking his PC, losing a week's worth of data that he had yet to back up from his hard drive, after an attack from an Innovative Marketing program dubbed Windows XP Antivirus. The president of a home-based software company in Stevensville, Maryland, Layton says he is unsure how he contracted the malware.

 

But he was certain of its deleterious effect. "I work eight-to-12 hours a day," he said. "You lose a week of that and you're ready to jump off the roof."

 

Layton and Woerner are among more than 1,000 people who complained to the U.S. Federal Trade Commission about Innovative Marketing's software, prompting an investigation that lasted more than a year and the federal lawsuit that sought to shut them down. To date the government has only succeeded in retrieving $117,000 by settling its charges against one of the defendants in the suit, James Reno, of Amelia, Ohio, who ran a customer support center in Cincinnati. He could not be reached for comment.

 

"These guys were the innovators and the biggest players (in scareware) for a long time," said Arenson, who headed up the FTC's investigation of Innovative Marketing.

 

Innovative's roots date back to 2002, according to an account by one of its top executives, Marc D'Souza, a Canadian, who described the company's operations in-depth in a 2008 legal dispute in Toronto with its founders over claims that he embezzled millions of dollars from the firm. The other key executives were a British man and a naturalized U.S. citizen of Indian origin.

 

According to D'Souza's account, Innovative Marketing was set up as an internet company whose early products included pirated music and pornography downloads and illicit sales of the impotence drug Viagra. It also sold gray market versions of anti-virus software from Symantec and McAfee, but got out of the business in 2003 under pressure from those companies.

 

It tried building its own anti-virus software, dubbed Computershield, but the product didn't work. That didn't dissuade the firm from peddling the software amid the hysteria over MyDoom, a parasitic "worm" that attacked millions of PCs in what was then the biggest email virus attack to date. Innovative Marketing aggressively promoted the product over the internet, bringing in monthly profits of more than $1 million, according to D'Souza.

 

The company next started developing a type of malicious software known as adware that hackers install on PCs, where they served up pop-up ads for travel services, pornography, discounted drugs and other products, including its flawed antivirus software. They spread that adware by recruiting hackers whom they called "affiliates" to install it on PCs.

 

"Most affiliates installed the adware product on end-users' computers illegally through the use of browser hijacking and other nefarious methods," according to D'Souza. He said that Innovative Marketing paid its affiliates 10 cents per hijacked PC, but generated average returns of $2 to $5 for each of those machines through the sale of software and products promoted through the adware.

 

ANY MEANS BUT SPAM

 

The affiliate system has since blossomed. Hackers looking for a piece of the action can link up with scareware companies through anonymous internet chat rooms. They are paid through electronic wire services such as Western Union, Pay Pal and Webmoney which can protect the identity of both the sender and the recipient.

 

To get started, a hacker needs to register as an affiliate on an underground website and download a virus file that is coded with his or her affiliate ID. Then it's off to races.

 

"You can install it by any means, except spam," says one affiliate recruiting site, earning4u.com, which pays $6 to $180 for every 1,000 PCs infected with its software. PCs in the United States earn a higher rate than ones in Asia.

 

Affiliates load the software onto the machines by a variety of methods, including hijacking legitimate websites, setting up corrupt sites for the purposes of spreading viruses and attacks over social networking sites such as Facebook and Twitter.

 

"Anybody can get infected by going to a legitimate website," said Uri Rivner, an executive with RSA, one of the world's top computer security companies.

 

A scareware vendor distributed its goods one September weekend via The New York Times' website by inserting a single rogue advertisement. The hacker paid NYTimes.com to run the ad, which was disguised as one for the internet phone company Vonage. It contaminated PCs of an unknown number of readers, according to an account of the incident published in The New York Times.

 

Patrik Runald, a senior researcher at internet security firm Websense Inc, expects rogueware vendors to get more aggressive with marketing. "We're going to see them invest more money in that -- buying legitimate ad space," he said.

 

To draw victims to infected websites, hackers will also manipulate Google's search engine to get their sites to come up on the top of anyone's search in a particular subject. For instance, they might capitalize on news events of wide interest -- from the winners of the Oscars to the Tiger Woods scandal -- quickly setting up sites to attract relevant search times. Anti-virus maker Panda Security last year observed one scareware peddler set up some 1 million web pages that infected people searching for Ford auto parts with a program dubbed MSAntispyware2009. They also snare victims by sending their links through Facebook and Twitter.

 

Some rogue vendors manage their partnerships with hackers through software that tracks who installed the virus that generated a sale. Hackers are paid well for their efforts, garnering commissions ranging from 50 to 90 percent, according to Panda Security. SecureWorks, another security firm, estimates that a hacker who gets 1 to 2 percent of users of infected machines to purchase the software can pull in over $5 million a year in commissions.

 

Hackers in some Eastern European countries barely attempt to conceal their activities.

 

Panda Security found photos of a party in March 2008 that it said affiliate ring KlikVIP held in Montenegro to reward scareware installers. One showed a briefcase full of euros that would go to the top performer. "They weren't afraid of the legal implications, " said Panda Security researcher Sean-Paul Correll. "They were fearless."

 

BANKING

 

One of Innovative Marketing's biggest problems was the high proportion of victims who complained to their credit card companies and obtained refunds on their purchases. That hurt the relationships with its merchant banks that processed those transactions, forcing it to switch from banks in Canada to Bahrain. It created subsidiaries designed to hide its identity.

 

In 2005, Bank of Bahrain & Kuwait severed its ties with an Innovative Marketing subsidiary that had the highest volume of credit card processing of any entity in Bahrain because of its high chargeback rates, according to D'Souza.

 

Innovative Marketing then went five months without a credit card processor before finding a bank in Singapore -- DBS Bank -- willing to handle its account. The Singapore bank processed tens of millions of dollars in backlogged credit card payments for the company, D'Souza said.

 

To keep the chargeback rate from climbing even higher, Innovative Marketing invested heavily in call centers. It opened facilities in Ukraine, India and the United States. The rogueware was designed to tell the users that their PCs were working properly once the victim had paid for the software, so when people called up to complain it wasn't working, agents would walk them through whatever steps it took to make those messages come up.

 

Often that required disabling legitimate anti-virus software programs, according to McAfee researcher Dirk Kollberg, who spent hours listening to digitized audio recordings of customer service calls that Innovative Marketing kept on its servers at its Ukraine offices. He gathered the data by tapping into a computer server at its branch in Kiev that he said was inadvertently hooked up to Innovative's website. "At the end of the call," he said, "most customers were happy."

 

Police have had limited success in cracking down on the scareware industry. Like Innovative Marketing, most rogue internet companies tend to be based in countries where laws permit such activities or officials look the other way.

 

Law enforcement agencies in the United States, Western Europe, Japan and Singapore are the most aggressive in prosecuting internet crimes and helping officials in other countries pursue such cases, said Mark Rasch, former head of the computer crimes unit at the U.S. Department of Justice. "In the rest of the world, it's hit or miss," he said. "The cooperation is getting better, but the level of crime continues to increase and continues to outpace the level of cooperation."

 

The FTC succeeded in persuading a U.S. federal judge to order Innovative Marketing and two individuals associated with it to pay $163 million it had scammed from Americans. Neither individual has surfaced since the government filed its original suit more than a year ago. But Ethan Arenson, the FTC attorney who handled the case, warned: "Collection efforts are just getting underway."

 

(Editing by Jim Impoco and Claudia Parsons)

 

http://www.reuters.com/article/idUSTRE62N29T20100324?type=technologyNews

 

Return to top


 

 

SPAMfighter News

March 23, 2010

 

Miscreants Riding on DTS Searches, Spreading Scareware

 

Security researchers of Vietnam-based antivirus purveyor, Bach Khoa Internet Security (BKIS) alarms users that search aimed at Daylight Time Saving (DST) may redirect them to FAKEAV sites.

 

Also referred as summer's time, DST pertains to advance the clock by 60 minutes so as to stretch daylight during afternoon. Not much regions of the world practice this concept; it is particularly done by regions located at high latitudes.

 

BKIS warns that assuming the users will browse the Internet to search for information associated with current year's DST (2010) in order to adjust their clocks accordingly, cyber crooks have employed Blackhat SEO (BHSEO) technique to add malicious links to search results, as reported by Bkis Security Blog on March 15, 2010.

 

Users will definitely be targeted if they type in "Day light Savings 2010" in the search box as keywords.

 

Bkis' experts also said that susceptible users who clicked malicious links displayed as the result of the aforementioned keywords will land into phony websites having forged Window interface. These websites display virus alerts on user's system which are actually harmless.

 

The main intention of this software lies in scaring users to purchase a license which has no worth, while endangering the credit card information during the process. Also termed as rogue security software, Scareware is a latest class of malware that acts as a gentleman in the battle against worms and viruses, said experts.

 

Moreover, this most recent scam spotted by Bkis appears to prove the point that McAfee, a security firm, made, right. In a recent report, McAfee claimed that the most expensive scam in 2010 will be the fake antivirus or scareware scam. Cyber goons earn over $ 300 Million via scareware scams, the report revealed.

 

To conclude, security experts from security purveyors Websense and Trend Micro independently alarm the users of similar schemes wherein Corey Haim's death was targeted, which occurred in the second week of March 2010. Corey was a former teen idol and a Canadian actor. Deaths of celebrities have unfortunately become common themes for cyber felons to execute BHSEO campaigns because they easily attract Internet users' attention.

 

http://www.spamfighter.com/News-14073-Miscreants-Riding-on-DTS-Searches-Spreading-Scareware.htm

 

Return to top


 

Softpedia

March 23, 2010

 

New Scareware Leverages the Layered Service Provider

Blocks popular websites from being displayed

 

Security researchers from antivirus vendor Trend Micro warn that a new FAKEAV version operates a ransomware-like component as a Layered Service Provider (LSP) routine. The malicious .DLL blocks access to websites such as Facebook, YouTube, MySpace, The Pirate Bay and others.

 

The Layered Service Provider is a Winsock feature that has long been abused by malware because it allows altering Internet traffic. The scareware analyzed by Trend installs a .DLL file in the LSP chain, with the purpose of intercepting calls to facebook.com, youtube.com or myspace.com, from Internet Explorer, Firefox and other applications (through svchost).

 

Trying to access any of these domains from an infected computer will result in a page with red background reading:  "Restricted Site! This web site is restricted based on your security preferences. Your system is infected. Please activate your antivirus software."

 

"It will only allow the users access if the registry key, HKEY_CURRENT_USER\Software\IS2010,  exists in their systems. However, the said key will only exist if the FAKEAV application Internet Security 2010 (aka TROJ_FAKEAL.SMDO, TROJ_FAKEAL.SMDP, or TROJ_FAKEINIT.BC), is present on the affected system," the Trend Micro researchers explain.

 

FAKEAV is a generic name used by the antivirus company to detect scareware or rogueware applications. These programs masquerade as antivirus products and attempt to scare users into paying for unnecessary license fees by displaying alerts about fake malware infections.

 

The distribution of scareware used to be a very profitable model for generating illegal income. However, with a constantly shrinking market due to successful public education against these scams, scammers found themselves forced to come up with ways to get an edge over their competition.

 

This fighting amongst competing cybercriminal gangs has lead to the appearance of more aggressive approaches, like disabling critical system functionality until the user agrees to pay up. Programs that display such behavior are referred to as ransomware and blocking access to popular websites certainly falls into this category.

 

http://news.softpedia.com/news/New-Scareware-Leverages-the-Layered-Service-Provider-138121.shtml

 

Return to top


 

 

SC Magazine US

March 26, 2010

 

Scammers capitalizing on tax season to spread Zeus

 

 

By Angela Moscaritolo

 

Cybercriminals have been capitalizing on tax season by sending messages that appear to come from the Internal Revenue Service but actually lead to the data-stealing trojan Zeus, researchers at anti-virus firm Trend Micro warned Thursday.

 

The messages ask users to follow a link and review their tax statement to fix errors related to unreported or under-reported income, according to Trend Micro. The URL leads users to a variant of Zeus, which steals information from compromised systems and sends it back to attackers.

 

With the tax deadline nearing, these types of scams are likely to ramp up, US-CERT warned on Thursday. Other phishing and malware campaigns taking advantage of tax season could include offers to help recipients file for a refund or details about fake e-file websites.

 

The IRS last week warned users about phishing, as part of its annual “dirty dozen” list of tax scams. Scammers will try and obtain users' personal information by impersonating the IRS in emails, tweets and phony websites, the agency warned. For example, scammers will likely tell consumers they are entitled to a tax refund, but they must reveal personal information to claim it.

 

“Taxpayers should be wary of anyone peddling scams that seem too good to be true,” IRS Commissioner Doug Shulman said in a statement. “The IRS fights fraud by pursuing taxpayers who hide income abroad and by ensuring taxpayers get competent, ethical service from qualified professionals at home in the U.S.”

 

Taxpayers who receive a message claiming to come from the IRS should not open any attachments or click on any links, the IRS warned.

 

http://www.scmagazineus.com/scammers-capitalizing-on-tax-season-to-spread-zeus/article/166647/

 

Return to top


 

 

IT World Canada

March 26, 2010

 

HP Canada gets a new president

 

By Paolo Del Nibletto

 

Things change and people change in this great industry of ours. Yesterday at HP Canada was just another example of change. Although this one has some major impact on the channel. Paul Tsaparis, the long-time face of the subsidiary will be leaving his role as president.

 

He is to be replaced by little known Peter Galanis. Tsaparis has received many honours in his career such as a member of the top 40 under 40 club, CDN Newsmaker of the Year, along with Channel Visionary and Builder of the past 20 years. I can tell you he has earned them all. Tsaparis is a fine person, top notch executive and leader.

 

I have interviewed Paul on many occasions and I also introduced him at a Comdex Canada Keynote address. I will surely miss him. But, more importantly I believe he will be missed by the channel community in Canada. He was a strong advocate for the channel. Tsaparis battled head office many times on direct selling, for example.

 

His departure will lead to questions about HP’s direction. CDN, along with many of my colleagues at IT World Canada, attempted to interview both Tsaparis and Galanis only to be told they would not made available for interviews.

 

I am sure that this would not sit well with Tsaparis who has always been transparent about his decisions.

 

HP Canada’s outside PR agency informed me that Galanis would not be made available for interviews because he was announced as the new president yesterday. Other sources around the industry have speculated to me that Tsaparis was looking to leave his role for a while now. If this move was planned, I don’t understand what they are hiding from.

 

Galanis is an unknown variable. His background is EMC, which is a traditional direct-selling organization. He has worked at HP in the U.S. central region for the past four years. Meanwhile Tsaparis will be vice-president of technology support for HP’s Americas region enterprise business. Maybe this role is better than the job he has had since 1998. It does not sound as sexy as President of HP Canada, but that’s why interviews are important. Tsaparis would have had an opportunity to explain the role and how exciting and challenging it is.

 

Galanis could have eased fears from the channel by fielding questions. Also HP Canada is very close to announcing a new channel chief. What if the new channel chief and the new president don't see eye-to-eye? Again, Galanis could have addressed this. Instead we are all left to speculate.

 

One quick hit before I go. Former NEC and Trend Micro Canada executive Pat Kewin will be named director of sales and marketing for Accutrust shortly.

 

http://www.itworldcanada.com/blogs/cdn/2010/03/26/hp-canada-gets-a-new-president/53026/

 

Return to top

 

 

沒有留言: