-------------------------------------------
From: Andrea Mueller (MKT-US)
Sent: Monday, March 29, 2010 6:07:56 AM
To: Newsbank; All of Trend Corporate Marketing Department;
All of Trend Global PR; All of US Sales; All of US Marcom Dept.
Cc: Steve Quane (Seg GM-SMB); Thomas Miller (SAL-US); 'Mark Vangel';
Darren Blank (SAL-US); 'trendpr@upstreamaustralia.com.au';
Alan Wallace (MKT-US)
Subject: NABU Trend Micro News Summary - 03/20/10 - 03/26/10
Auto forwarded by a Rule
NABU Trend Micro News Summary – 03/20/10 – 03/26/10
Table of Contents
· Silicon Valley/San Jose Business Journal (03.19) – 'Top 100 Women of Influence' in 2010
· SC Magazine (02.23) – Conservative effort at social media experiment leaves open source Cash Gordon site directing to adult and Labour Party websites
· The Times (03.23) – Tory online experiment foiled as hackers crash ‘Cash Gordon’ website
· PC World (03.24) – Security Companies Warn of Uptick in New IE Attack (Paul Ferguson, Trend Micro)
o Network World
o Techworld
· iHotNews (03.25) – Cloud computing held back by security fears, expert says
· Computerworld (03.25) – Malware attack uses China World Expo guise
· MX Logic (03.25) – Journalists receive malware disguised as event notice
· The Times Online (03.23) – No trick is off limits to a Beijing this supremely confident
· Computerworld (03.25) – New malware overwrites software updaters
· Computerworld (03.22) – FBI embeds cyber-investigators in Ukraine, Estonia
o CIO.com
· The New New Internet (03.26) – ZBOT Trojan Targets European Banks
o MX Logic
· Softpedia (03.25) – Large European Banks Targeted by ZeuS; C&C server hosted in Serbia
· About.com: Mary’s Antivirus Software Blog (03.24) – Pictures Ruse Used to Spam Zeus/Zbot
· MSP
· Computerworld Blogs (03.24) – Can Ubuntu save online banking?
· InfoSecurity.com (03.26) – Trend Micro: We are witnessing the decline of the operating system
· Taylor Vinters (03.24) – YouTube accused of copyright breach by Viacom
· SPAMfighter News (03.26) – Antivirus Software Incapable to Find Top Three Trojans
· Ars Technica (03.24) – Exploits of unpatched IE6, IE7 flaw on the rise
· SPAMfighter News (03.25) – Malware in Fake Reports of President Obama’s Death
· SPAMfighter News (03.23) – Cyber Miscreants Found Exploiting the News of Corey Haim’s Funeral
· Reuters (03.24) – Inside a global cybercrime ring
· SPAMfighter News (03.23) – Miscreants Riding on DTS Searches, Spreading Scareware
· Softpedia (03.23) – New Scareware Leverages the Layered Service Provider; Blocks popular websites from being displayed
· SC Magazine US (03.26) – Scammers capitalizing on tax season to spread Zeus
· IT World Canada (03.26) – HP Canada gets a new president
Trend Micro Announcements
| Mar 25, 2010 Eva Chen and other winners to be honored at April 8 awards ceremony |
| Mar 23, 2010 |
| Mar 16, 2010 Trend Micro Asks: 'What's Your Story?' User-generated video contest puts Internet safety, education, and awareness in the spotlight; grand prize winner gets $10,000 and a chance to be a part of Internet Safety Month. |
| Mar 15, 2010 Trend Micro Introduces Hosted Email Security 2.0 Emerging leader in hosted security announces a new hosted email security platform that delivers daily protection to more than 30,000 companies worldwide. |
“Five-year goal: Our vision is to make the world safe for exchange of digital information, and we see a tremendous game-changing opportunity with the rise of cloud computing that will change the world and create new businesses, but will also require new types of security that really fit the need.” – Eva Chen, Co-founder and CEO, Trend Micro Inc.
'Top 100 Women of Influence' in 2010
Silicon Valley/San Jose Business Journal – 3/19/10
“This isn't all fun and games though, configuration oversights can lead to serious harm. This latest in a line of social media marketing related fails is a salutary warning not to underestimate the technical know-how of the world wide audience you are inviting.” –
SC Magazine – 3/23/10
“This is not the first social media campaign that has resulted in a big fail for the people doing it. You would expect some learning to be happening.” –
Tory online experiment foiled as hackers crash ‘Cash Gordon’ website
The Times – 3/23/10
"It's popping up all over the place. It started off slowly, but I really started noticing it yesterday, and then today -- there were a bunch of sites which harbored this exploit." – Paul Ferguson, Trend Micro
Security Companies Warn of Uptick in New IE Attack
PC World – 3/24/10
"When we consume cloud services we outsource a substantial amount of control but we don't outsource any accountability; we can't outsource any accountability." –
Cloud computing held back by security fears, expert says
iHotNews – 3/25/10
"There seems to be a [definite] increase in sophisticated, targeted attacks coming out of
Malware attack uses China World Expo guise
Computerworld – 3/25/10
"There seems to be a [definite] increase in sophisticated, targeted attacks coming out of
Journalists receive malware disguised as event notice
MX Logic – 3/25/10
Anti-hacking experts at Trend Micro go even further: if you are staying in a hotel, shut down your machine when you take a shower — that is when the Chinese cyber thieves tend to strike.
No trick is off limits to a Beijing this supremely confident
The Times Online – 3/23/10
"They will lose the auto-updating functionality of whatever software is affected even after the malware is cleaned up. That could of course leave them open to exploitation further down the line if critical vulnerabilities don't get patched as a result." -
New malware overwrites software updaters
Computerworld – 3/25/10
"
FBI embeds cyber-investigators in Ukraine, Estonia
Computerworld – 3/22/10
“At this point, we do have the data that show that these banks are indeed being currently targeted,” said Trend Micro’s advanced threats researcher
ZBOT Trojan Targets European Banks
The New New Internet – 3/26/10
"At this point, we do have the data that show that these banks are indeed being currently targeted. We are including some names of the banks here to make people aware." -
Large European Banks Targeted by ZeuS; C&C server hosted in Serbia
Softpedia – 3/25/10
According to threat researcher
Pictures Ruse Used to Spam Zeus/Zbot
About.com: Mary’s Antivirus Software Blog – 3/24/10
Botnets: A Threat (And Opportunity) for Managed Services Providers?
MSP
Can Ubuntu save online banking?
Computerworld Blogs – 3/24/10
We are witnessing the decline of the general purpose operating system." -
Trend Micro: We are witnessing the decline of the operating system
InfoSecurity.com – 3/26/10
Social networking websites have also courted controversy recently, with Trend Micro senior security advisor
YouTube accused of copyright breach by Viacom
Taylor Vinters – 3/24/10
Trend Micro Mentions
Further, Silon, the second most active Trojan, was found only by Trend Micro's antivirus engine …
Antivirus Software Incapable to Find Top Three Trojans
SPAMfighter News – 3/26/10
Security researchers for antivirus company AVG are now reporting tens of thousands of attacks per day, and this number is likely to grow further. Rival firm Trend Micro has reported similar growth.
Exploits of unpatched IE6, IE7 flaw on the rise
Ars Technica – 3/24/10
The security researchers of Trend Micro have discovered a malware movement on the famous Internet Messaging (IM) service in the last few days which tries to dupe the users on harmful links that circulate malware.
Malware in Fake Reports of President Obama’s Death
SPAMfighter News – 3/25/10
According to the security experts of Trend Micro, cyber goons are increasingly exploiting the news of the death of Corey Haim, Canadian teen idol, in a bid to launch FAKEAV (fake anti-virus) scams.
Cyber Miscreants Found Exploiting the News of Corey Haim’s Funeral
SPAMfighter News – 3/24/10
The scareware also removes legitimate anti-virus software from vendors including Symantec Corp, McAfee and Trend Micro Inc, leaving PCs vulnerable to other attacks.
Inside a global cybercrime ring
Reuters – 3/24/10
To conclude, security experts from security purveyors Websense and Trend Micro independently alarm the users of similar schemes wherein Corey Haim's death was targeted, which occurred in the second week of March 2010.
Miscreants Riding on DTS Searches, Spreading Scareware
SPAMfighter News – 3/23/10
Security researchers from antivirus vendor Trend Micro warn that a new FAKEAV version operates a ransomware-like component as a Layered Service Provider (LSP) routine.
New Scareware Leverages the Layered Service Provider; Blocks popular websites from being displayed
Softpedia – 3/23/10
Cybercriminals have been capitalizing on tax season by sending messages that appear to come from the Internal Revenue Service but actually lead to the data-stealing trojan Zeus, researchers at anti-virus firm Trend Micro warned Thursday.
Scammers capitalizing on tax season to spread Zeus
SC Magazine
Former NEC and Trend Micro Canada executive Pat Kewin will be named director of sales and marketing for Accutrust shortly.
HP Canada gets a new president
IT World
Silicon Valley/San Jose Business Journal
March 19, 2010
'Top 100 Women of Influence' in 2010
Eva Chen
Co-founder and CEO, Trend Micro Inc.
Trend Micro, a global leader in Internet content security, focuses on securing the exchange of digital information for businesses and consumers. Trend Micro is advancing integrated threat management technology to protect operational continuity, personal information, and property from malware, spam, data leaks and the newest Web threats.
Education: MBA and master’s in management information systems,
Boards/volunteer work: Board member, Trend Micro; volunteer work including building houses in the
First job: Sportswriter, but my first real tech job was product manager at Acer.
Business hero: Steve Jobs, his passion for innovation, business leadership, and changing the world.
Proudest achievement: My children and of course Trend Micro. Personally, I am proud to hold several security technology patents that have helped keep us ahead of the bad guys starting from the earliest days on the Internet.
Biggest workplace challenge: Driving innovation and execution deep into the organization while still managing our profitability and growth, and protecting our customers from an increasingly malicious and threatening Internet landscape. Of course, we are a global company with headquarters in
Something that would surprise others: I also paint, fence and love reading science fiction.
Five-year goal: Our vision is to make the world safe for exchange of digital information, and we see a tremendous game-changing opportunity with the rise of cloud computing that will change the world and create new businesses, but will also require new types of security that really fit the need. Our strategy in several different areas is to create security that fits.
SC Magazine
March 23, 2010
Conservative effort at social media experiment leaves open source Cash Gordon site directing to adult and Labour Party websites
By Dan Raywood
The Conservative Party was left with egg on its face after a social media marketing campaign aimed at embarrassing the Labour Party backfired.
The Tories introduced a website called ‘Cash Gordon', which claimed that ‘one of the great untold stories of British politics is how Unite has taken advantage of Labour's near bankruptcy and the departure of Tony Blair to gain an unprecedented grip on the party'.
It was also set up to collect Twitter messages that contained the hashtag #cashgordon and republish it in a live stream on the home page. However a configuration error was discovered as any messages containing the #cashgordon hashtag were being published, as well as whatever else they contained.
Trend Micro senior security advisor
The abuse was noted and led to Twitter users sending users to various sites, including pornography sites, the Labour Party website and a video of 1980s pop star Rick Astley.
The BBC's technology correspondent Rory Cellan-Jones commented that for several hours, while the developers worked to fix the problem, visitors to Cash Gordon were redirected to the main Conservative site. Meanwhile, Labour and Conservative micro-bloggers traded insults, with one side arguing this was the greatest foul-up in the short history of ‘peer-to-peer' campaigning. The other ]side said] that their strategy had been vindicated because #cashgordon was now a trending topic on Twitter and their opponents had simply given them free publicity.
Tweets appearing on the Cash Gordon site appear to show that it is back up and running, although many users are claiming that Tweets are now being moderated.
”In reality this poor configuration could have posed a serious risk to the Tory party's own supporters as well as any other curious visitor. Those responsible for the page should have been filtering incoming Tweets or simply sanitising the code before it was posted as this could just as easily been used as a means to infect visitors by redirecting them to malicious websites.”
http://www.scmagazineuk.com/conservative-effort-at-social-media-experiment-leaves-open-source-cash-gordon-site-directing-to-adult-and-labour-party-websites/article/166314/
March 23, 2010
Tory online experiment foiled as hackers crash ‘Cash Gordon’ website
By Murad Ahmed, Technology Reporter
It was supposed to display how the modern Conservative Party could harness the power of the internet. Instead, the Tories’ latest attempt to engage the web backfired spectacularly.
Over the weekend the party launched the “Cash Gordon” website as part of an internet campaign to highlight links between the Prime Minister and Unite, the trade union behind the recent strikes by British Airways cabin crew. The Tories invited the public to contribute to the effort through the social-networking websites Facebook and Twitter.
By this morning, however, the website had been flooded with mocking and abusive messages. Eventually, hackers infiltrated the page so that visitors to Cash Gordon were redirected to the Labour Party website, porn sites and an infamous video of Rick Astley singing on YouTube. Within hours, the Conservatives were forced to take down the site, saying that it was suffering from “technical problems”.
Cash Gordon had started out as a slick webpage, using the latest features from Facebook and Twitter in an effort to gain public interest in the campaign.
In the first two days it had only a few hundred followers. But the party was keen to talk up the effort. On Sunday Samuel Coates, from the party’s new media team, wrote on the Conservative’s official blog: “In the brave new world of online politics it’s important to keep innovating in this way.”
Key to the Tories’ strategy for Cash Gordon was to invite the public’s comments. It published all tweets — messages written on Twitter — that included the phrase #cashgordon. This meant that the Cash Gordon website would feature comments praising the campaign, but also — as was more often the case — those criticising it.
Hackers also wrote tweets that included simple computer code, meaning that visitors to the site were automatically redirected to other pages.
By this afternoon the site had been taken down. A Conservative spokeswoman said: “There was an attempt made to redirect 'cashgordon' users to other websites. We’ve made the necessary adjustments to the site and the 'cashgordon' campaign has now led to many thousands people hearing about Unite’s funding stranglehold over the Labour Party.”
Last night it appeared that the party had the site up and running again.
Experts said that the Conservatives had built the website too quickly and had not learned from the lessons of others.
“They certainly overlooked the possibility that that this could happen,” said
The incident will come as an embarrassment to the party, who have been hailed recently as online pioneers by the likes of Wired magazine and technology bloggers because of their investment in new media ideas.
One the party’s biggest internet successes, WebCameron, an internet video diary featuring David Cameron, has been viewed by hundreds of thousands of people.
However, it is not the first time that the party has suffered at the hands of the internet’s uncontrollable crowds. Within hours of launching its latest poster campaign, featuring the party leader’s face, blogs said that the picture had been airbrushed and numerous send-ups of the posters quickly spread through the web.
http://technology.timesonline.co.uk/tol/news/tech_and_web/the_web/article7071740.ece
PC World
March 24, 2010
Security Companies Warn of Uptick in New IE Attack
By Robert McMillan, IDG News Service
Criminals are stepping up their attacks leveraging an unpatched flaw in Microsoft's Internet Explorer browser, using it to install fake antivirus products and malicious back doors on victim's computers.
Microsoft first warned of the bug on March 9, saying that it had been used in "targeted attacks." But now, according to researchers, the exploits are much more widespread. By late last week, security vendor AVG was getting reports of 30,000 attacks per day, according to Roger Thompson, AVG's chief research officer.
"It's not a massive attack, but it's an unpatched exploit being used aggressively," he said Tuesday, in an instant message interview.
It appears that two separate cybergangs have begun using the exploit -- the first uses it to install fake antivirus software on victim's computers; the second group is installing a variant of the Sinowal Trojan, Thompson said.
Most of the attacks are being hosted on Web sites that appear to be specifically set up to host the attack code, rather than hacked sites, Thompson said.
Although AVG tracked just 16,000 attacks on Monday, Thompson predicted that problem would get worse in the next few days, putting pressure on Microsoft to rush out a fix for the bug ahead of it's scheduled April 13 security updates. "I would expect it to be adopted by more gangs over the next couple of weeks, as soon as they figure out where to find a copy," Thompson said.
Rival AV vendor Trend Micro agreed that attacks are on the rise. "It's popping up all over the place," said Paul Ferguson, a researcher with the company. "It started off slowly, but I really started noticing it yesterday, and then today -- there were a bunch of sites which harbored this exploit," he said via instant message on Tuesday.
Internet Explorer versions 6 and 7 are vulnerable to the attack. For it to work, however, the victim has to first visit a Web site hosting the malicious code.
Microsoft could not immediately be reached for comment on this story.
Also @
Network World
http://www.networkworld.com/news/2010/032410-security-companies-warn-of-uptick.html?t51hb
Techworld
iHotNews
March 25, 2010
Cloud computing held back by security fears, expert says
Posted by Paul Sells
IT outsourcing users are reluctant to use cloud computing because they have to give up control of data but are still responsible for its security, an expert has claimed.
A recent poll by the Information Systems Audit and Control Association discovered that a quarter of firms using cloud computing believes its benefits are outweighed by the risks, but use it anyway.
Trend Micro senior security advisor
"When we consume cloud services we outsource a substantial amount of control but we don't outsource any accountability; we can't outsource any accountability," he added.
However, Mr Ferguson pointed out that security is cited by many IT outsourcing users as one of cloud computing's main benefits and claimed this contradiction demonstrates a "disconnect" in how firms perceive the technology.
http://www.ihotdesk.com/article/19689534/Cloud-computing-held-back-by-security-fears,-expert-says
March 25, 2010
Malware attack uses China World Expo guise
By Owen Fletcher
IDG News Service - A malware attack dressed up as an e-mail from organizers of the upcoming Shanghai World Expo targeted at least three foreign journalists in
The e-mail appeared to be sent from the inbox of the Expo news office, but it was not sent by the Expo and may be targeting journalists who signed up to cover the event, a reporters' advocacy group in China told members in an e-mail on Thursday.
Google drew global attention to cyberattacks from
There was also no evidence to suggest that the e-mail sent to foreign journalists had any tie to the government. But at least one version of the e-mail, which was sent by an attacker to IDG News Service, clearly targeted people who had filled out a spreadsheet to register for the Expo. The e-mail had a .pdf attachment that exploited a recently patched vulnerability in Adobe Reader, according to scan results on the Wepawet malware analysis Web site.
"There seems to be a [definite] increase in sophisticated, targeted attacks coming out of
The World Expo will be a months-long show in
The alert sent out by the reporters' group in
http://www.computerworld.com/s/article/9174100/Malware_attack_uses_China_World_Expo_guise
March 25, 2010
Journalists receive malware disguised as event notice
The upcoming Shanghai World Expo has been exploited by cyber criminals to spread malware, according to Computerworld. Three Chinese journalists report that an email claiming to be from organizers of the event contained malware.
The journalists believe that the email may be linked to the attacks that struck Google in January that targeted human rights activists. There is no link to the Chinese government, but since all three reporters who received it are members of a journalists advocacy group, suspicions have arisen that the malware is an attempt to gain information from the reporters' hard drives.
"There seems to be a [definite] increase in sophisticated, targeted attacks coming out of
However, the Chinese government has expressed support for the expo, as it views the show, that will take place over several months, as a demonstration of
March 23, 2010
No trick is off limits to a
By Leo Lewis
Packing for a successful business trip to
Anti-hacking experts at Trend Micro go even further: if you are staying in a hotel, shut down your machine when you take a shower — that is when the Chinese cyber thieves tend to strike.
It is tempting for companies to conclude that the foreigner doing business in
The arrest of the four Rio Tinto executives fitted neatly with a view that no trick is off-limits to a
This is evident amid the rising acrimony over whether the Chinese currency has been kept unfairly low. President Obama’s pledge to double
But
Fears of how
The tendency to exaggerate the horrors of doing business in
A list of big foreign companies that have pulled out of the Chinese market is short and riddled with highly specific circumstances. Yahoo! and eBay “pulled out” of
The annual “Doing Business” report by the World Bank Group — a measure of the difficulties faced by domestic companies operating in their home economies — places China 89th out of 183 surveyed countries. Foreign companies may take the view that corruption, the debacle with Google and the arrest of the Rio executives mean that
Nick Day, chief executive of the business intelligence company Diligence, said that from the foreign business point of view, the Chinese scene is clouded by
http://business.timesonline.co.uk/tol/business/markets/china/article7071881.ece
Computerworld
March 25, 2010
New malware overwrites software updaters
IDG News Service - For the first time security researchers have spotted a type of malicious software that overwrites update functions for other applications, which could pose additional long-term risks for users.
The malware, which infects Windows computers, masks itself as an updater for Adobe Systems' products and other software such as Java, wrote Nguyen Cong Cuong, an analyst with Bach Khoa Internetwork Security (BKIS), a Vietnamese security company, on its blog.
BKIS showed screen shots of a variant of the malware that imitates Adobe Reader version 9 and overwrites the AdobeUpdater.exe, which regularly checks in with Adobe to see if a new version of the software is available.
Users can inadvertently install malware on computers if they open malicious e-mail attachments or visit Web sites that target specific software vulnerabilities. Adobe's products are one of the most targeted by hackers due to their wide installation base.
After this particular kind of malware gets onto a machine, it opens a DHCP (Dynamic Host Configuration Protocol) client, a DNS (Domain Name System) client, a network share and a port in order to received commands, BKIS said.
Malware that poses as an updater or installer for applications such as Adobe's Acrobat or Flash are nothing new, said
Decent security software should detect the malware, but those people who do become infected could be worse off even if the malware is removed,
"They will lose the auto-updating functionality of whatever software is affected even after the malware is cleaned up,"
That means that users would need to manually download the software again, which they may be unlikely to do if they don't know the effect of the malware.
http://www.computerworld.com/s/article/9174126/New_malware_overwrites_software_updaters
March 22, 2010
FBI embeds cyber-investigators in
By Robert McMillan
Computerworld - Hoping to catch cybercrooks, the FBI has begun embedding agents with law enforcement agencies in
Over the past few months, the agents have begun working with local police to help crack tough international cybercrime investigations, said Jeffrey Troy, chief of the FBI's cyber division, in an interview. Because virtually all cybercrime crosses international borders, this type of cooperation is crucial, experts say.
The embedding was inspired by a successful operation in
Security analysts say
This version of this story was originally published in Computerworld's print edition. It's a condensed version of an article that originally appeared online.
Read more about security in Computerworld's
http://www.computerworld.com/s/article/347523/FBI_Fights_Cybercrime_in_E._Europe
Also @ CIO.com
http://www.cio.com/article/587678/FBI_Fights_Cybercrime_in_E._Europe?source=rss_news
March 26, 2010
ZBOT Trojan Targets European Banks
This was written by Camille Tuutti
A new Trojan spreading primary in
The main targets have been reported to be four European banks with large customer bases in
“At this point, we do have the data that show that these banks are indeed being currently targeted,” said Trend Micro’s advanced threats researcher
The TSPY ZBOT. AZX was created by using the ZeuS toolkit, which was specifically developed to build malware. It makes is possible for cyber criminals to create their own versions of remote-controlled malware. The infected machine then becomes part of the ZeuS botnet, which has been estimated to include millions of computers worldwide.
At its most basic level, ZeuS has always been known for engaging in criminal activities, as it signals a new wave of online criminal business enterprises wherein different organizations can cooperate with one another to perpetrate online theft and fraud.
Domains used by TROJ_ZBOT.BYP can also be found on the same server in
http://www.thenewnewinternet.com/2010/03/26/zbot-trojan-targets-european-banks/
Excerpted at MX Logic
http://www.mxlogic.com/securitynews/web-security/new-malware-strain-alters-software-prevent-updates211.cfm
Softpedia
March 25, 2010
Large European Banks Targeted by ZeuS
C&C server hosted in
Security researchers from antivirus vendor Trend Micro have identified a variant of the infamous ZeuS computer trojan, which targets large banks located in
According to Trend Micro, amongst the targeted financial institutions are Banca di Roma (Bank of Rome), a subsidiary of UniCredit Group, which dominates the Central and Eastern European markets; Abbey National, the UK bank recently rebranded to Santander after its parent, Grupo Santander, one of the largest banking groups in the world; HSBC, the world's leading banking group with a very strong presence in Europe; Crédit Mutuel, a major French retail bank; and the FIDUCIA Group, Germany's top provider of IT services for credit unions and other financial organizations.
"At this point, we do have the data that show that these banks are indeed being currently targeted. We are including some names of the banks here to make people aware," commented
Computers infected with this ZeuS variant, detected as TROJ_ZBOT.BYP by Trend Micro, contact two domain names hosted on a Serbian server. According to the security company, this server is known to have hosted domain names used in scareware distribution or spam campaigns in the past.
ZeuS, also known as Zbot, is one of the biggest malware threats currently circulating on the Internet. There are hundreds of ZeuS variants in the wild at any given time, because the trojan client is highly customizable and is being generated with a crimeware toolkit sold to cybercrooks on the underground market.
Zbot is capable of stealing login credentials for a wide array of account types, from social networking to webmail and FTP. However, by far the most targeted information is credit card details inputted into Web forms and online banking passwords.
The latest iteration of the crimeware platform can cost as much as $4,000, but it can also be extended through a series of independently developed and sold modules. Such add-ons are available for prices between $500 and $10,000, depending on their functionality.
http://news.softpedia.com/news/Large-European-Banks-Targeted-by-ZeuS-138344.shtml
About.com: Mary’s Antivirus Software Blog
March 24, 2010
Pictures
By Mary Landesman, About.com Guide to Antivirus Software
Scammers are spreading the Zeus/Zbot backdoor by sending an email warning recipients that (presumably embarrassing) pictures of them were posted online. The text of the email reads:
Hey, some jerk has posted your pictures (u understand what kind of pictures are there) and sent a link of them to all
Clicking the link loads a bogus 'photo archive' which is actually the Zbot trojan. According to threat researcher
One easy way to cut down on the risk of social engineering attacks is to use the free Trend Micro eMail ID which helps verify the authenticity of the received mail. Trend's eMail ID works with a range of different mail providers, including Gmail, Hotmail, AIM, and Outlook. For a complete list of supported mail programs and other system requirements, see the Trend Micro eMail ID product page. And did I mention, it's free?
http://antivirus.about.com/b/2010/03/24/pictures-ruse-used-to-spam-zeuszbot.htm
MSP
March 23, 2010
Botnets: A Threat (And
By
Call it the silent small business killer. Many small businesses have so called botnets or zombie software lurking in the background on their notebooks, PCs and servers. Here’s how botnets work, and here’s how managed services providers can stamp out the problem.
Simply put, a botnet is a collection (network) of compromised machines, often referred to as “zombies.” The botnet can involve computers in a single company, or it can extend across millions of consumer and business systems. Some pundits estimate that botnets have infiltrated roughly one-quarter of all personal computers connected to the Internet.
Cyber criminals use these botnets in a few ways.
One way is on a machine by machine basis. They collect data from the individual zombies by installing a key stroke logger or other malware in the background. They can then sell the collected information on the black market.
The second way the botnets work is by sending spam, launch phishing attacks, or creating denial of service attacks.
For the cyber criminals, the goal often is to grow the botnet as big as possible, and to collect as much information as possible.
Most botnets are named after the software used to create it. One very popular piece of botnet software being used today is called “Zeus.” This software has been around for many years and over the past few years cyber criminals have written add-ons to this malware, customizing it to meet their needs.
To grow a botnet, the originator (known as the “bot herder”) will use several tactics such as drive-by downloads, exploiting web browser vulnerabilities, worms, Trojan horses, or even exploits in applications.
There are many ways to deal with Zeus and other botnets — including free botnet detection tools. But I wonder: Are you dealing with this problem today or do you have customers asking you for help?
- - -
http://www.mspmentor.net/2010/03/23/botnets-a-threat-and-opportunity-for-managed-services-providers/
March 24, 2010
Can Ubuntu save online banking?
Jay McLaughlin has me worried. I do my online banking from the same home computer the rest of the family uses for Web surfing and online games. I have the McAfee security suite loaded and do regular scans so accessing online banking should be protected. Right?
Not really, says McLaughlin, a Certified Information Security Professional and CIO of CNL Bank. Accessing online banking from your everyday PC is just asking for trouble, he says.
In fact, the CIO of the Orlando, Florida-based regional bank would like to see all of his customers - both consumers and businesses - access online banking either from a dedicated machine or from a self-booting CD-ROM running Ubuntu Linux and Firefox.
The Ubuntu option
Recognizing that most consumers don't want to buy a separate computer for online banking, CNL is seriously considering making available free Ubuntu Linux bootable "live CD" discs in its branches and by mail. The discs would boot up Linux, run Firefox and be configured to go directly to CNL Bank's Web site. "Everything you need to do will be sandboxed within that CD," he says. That should protect customers from increasingly common drive-by downloads and other vectors for malicious code that may infect and lurk on PCs, waiting to steal the user account names, passwords and challenge questions normally required to access online banking.
A bootable CD works because it's isolated from the host PC environment. Malware on the host can't touch it - and any malware picked up when running from the CD-ROM goes away once the CD is ejected. "When you eject the CD you have removed everything off the machine," McLaughlin says.
He thinks that security suites are increasingly ineffective at keeping up with threats from organized crime rings abroad, such as the Russian Business Network. Right now business users are feeling the heat, but he says consumers are being targeted as well. He's so worried about drive by downloads, in fact, that he uses Firefox with the Noscript plug-in, which won't allow any JavaScript to execute on his PC without his explicit permission.
"If you are using online banking you should be using a hardened system that is not used for anything else but online banking," McLaughlin says. While the FDIC, American Banking Association and Federal Financial Institutions Examination Council have come out with similar recommendations for commercial customers, McLaughlin says consumers need to follow them as well.
Going out of band
Genes says using your regular home PC is acceptable for online banking so long as the bank supports two-factor authentication. For example, some banks in
CNL Bank currently offers out of band authentication only when setting up an initial password on a new online account or for password reset requests. The authentication code can be transmitted via SMS, using an automated attendant that calls a phone number that the customer has set up in advance, or through e-mail (although McLaughlin says the e-mail option may be discontinued because a compromised machine may have compromised e-mail as well).
McLaughlin is also considering offering this mechanism as an authentication option each time the user logs in, and CNL may offer an even more granular option that requires out of band authentication for individual transactions - for example, for commercial customers with high risk transactions such as wire transfers.
Flash or CD-ROM?
When accessing online banking, consumers may want to consider using a secure, bootable flash drive running an environment such as U3 or MojoPak, says John Pescatore, analyst with Gartner Inc. But banks like the idea of the Ubuntu distribution because the software is free and the media is much cheaper than a memory stick. The problem with both is that the user now has to carry something to access online banking. "They hate that. That's why this approach has never broken into the mainstream," Pescatore says.
Consumers could also access online banking from a separate, bootable partition on their PC, but that's probably more work than most consumers would put up with. Another alternative, hosting a separate virtual machine (VM), is better than nothing. But McLaughlin cautions that the VM is still not totally isolated from the PC. Malware that targets the hypervisor layer underlying the VM may find its way around those defenses.
Everyone is unanimous on one point, however: Nobody seems to think doing online banking from the machine you use every day for Web surfing and e-mail is a good idea.
McLaughlin thinks the bootable Ubuntu CD option may be the best alternative right now. Regardless of who you bank with, he suggests ordering a copy of the free Ubuntu Desktop Edition selt-booting CD (If you don't want to wait you can download the image and burn it on a CD yourself) and try it for your online banking.
McLaughlin and Genes put a sufficient scare into me that I've decided to give it a go. Yes, it's a hassle to reboot for online banking - until you think of what could happen if someone stole your credentials. On the plus side, I'll be exposed to Linux on a regular basis.
Who knows? I might decide that I like running Linux for more than just online banking.
http://blogs.computerworld.com/15815/can_ubuntu_save_online_banking?source=rss_blogs
March 26, 2010
Trend Micro: We are witnessing the decline of the operating system
In an interesting analysis of the migration of local systems to the cloud, and the transition from desktop to laptops, netbooks and mobiles,
"We are witnessing the decline of the general purpose operating system", he said in his security blog posted last night, adding that the once static data centre has transformed into a highly agile virtual data centre.
And, he says, it is now once again transforming thanks to cloud computing.
"First generation migrations to cloud, using Infrastructure-as-a-service, are facing tough competition from Platform-as-a-Service frameworks designed to take advantage of the rapid elasticity and scalability the cloud model provides", he said.
"A similar change is taking place with client devices. The once ubiquitous laptop is being supplanted by highly specialised and proprietary devices like smart phones, iPads and netbooks running Google's Chrome operating system", he added.
According to Foster, as these devices become more capable, the need for a general-purpose operating systems like Windows or Mac OSX fades away.
Foster calls this change cloudamorphosis, a process that is create new challenges – and opportunities.
"As security emerges from the cocoon of the past, a new generation of cloud-focused solutions will unify the diverse mixture of assets, restoring the control we once had and embracing the agility of the new model", he said.
"With all of this change, we have to remember that effective security management requires unified visibility and control across the spectrum of traditional assets, mobile devices and cloud computing resources", he added.
"The next generation of security solutions need to bridge this gap and let our data safely take flight."
March 24, 2010
YouTube accused of copyright breach by Viacom
Published by Tim Hill
An argument has broken out between Viacom, the company which owns movie studio
Viacom filed a $1 billion (£650 million) lawsuit against Google, the parent company of YouTube, in 2007 but fresh discussions have since erupted, with the former company accusing the video sharing site of piracy.
According to the Daily Telegraph, YouTube creators Chad Hurley, Steve Chen and Jawed Karim have countered the claims by suggesting that Viacom uploaded its own content to the site in order to provide evidence for its copyright breach allegation.
"The law is clear that Google and YouTube are liable for their infringement ... The statements by Google regarding Viacom activities are merely red herrings and have no relevance on the legal facts of this case," a spokesperson for Viacom countered.
Social networking websites have also courted controversy recently, with Trend Micro senior security advisor
Please contact Patrick Farrant, Head of Technology for further information or call 01223 225181
http://www.taylorvinters.com/node/2528
Trend Micro Mentions
March 26, 2010
Antivirus Software Incapable to Find Top Three Trojans
The IT Security Firm Trusteer states that antivirus program is completely incapable at detecting the dominant three Trojans- Yaludle, Silon and Zeus, which were responsible for stealing from
Out of 42 antivirus engines tested, only 14 were able to discover the Zeus Trojan, as per the firm's research. Further, Silon, the second most active Trojan, was found only by Trend Micro's antivirus engine and Panda Software and F-Secure could detect the third most rampant Trojan, Yaludle.
Further, Trusteer also disclosed that almost 90% of bank fraud held these three malware groups responsible for the Trojans attacks. 1 out of 100 systems were hit with Zeus Trojan and it end up being the most abundant one. The Zeus Trojan is often used to jeopardize individual banking accounts in the
CEO of Trusteer, Mickey Boodaei, claimed that most of the hackers use Zeus, but there is not clear association between Yaludle and Silon, as per the news published by SCMagazine on March 17, 2010.
Boodaei said that this is something useful for an original crime group for developing themselves and it will not be seen anywhere else. For instance, Zeus is platform specific, and it can be used in other countries as well in the time to come.
Explaining the detections and the number of infections, Boodaei opined that he did not have precise details because every piece of malware is not similar.
Along the lines of Boodaei's claim, information from another security firm, Prevx, demonstrated that it first observed attacks on 4th September 2009, and until March 16th 2010, the firm had seen 97 agents with 50 unique executables. Out of those variants, the maximum was 17 findings of just one file name. Resembling Boodaei's comments about the uniqueness of it, most of the filenames had just one agent seen.
As a solution to this problem, Boodaei recommends that banking institutions and their customers should be clearer about what malware can be used for online theft so that they can exactly know which of the several kinds of malware they should be protected against most, as per the news published by ComputerWeekly.com on March 17, 2010.
http://www.spamfighter.com/News-14091-Antivirus-Software-Incapable-to-Find-Top-Three-Trojans.htm
March 24, 2010
Exploits of unpatched IE6, IE7 flaw on the rise
By Peter Bright
An unpatched flaw in Internet Explorer versions 6 and 7 is increasingly being exploited. The flaw, first reported two weeks ago, was initially used in limited, targeted attacks. It is now evolving into something more widespread and indiscriminate.
Security researchers for antivirus company AVG are now reporting tens of thousands of attacks per day, and this number is likely to grow further. Rival firm Trend Micro has reported similar growth. It appears that there are now two main attacks being used by two separate gangs of hackers; one installs fake antivirus software, the other installs a trojan.
http://arstechnica.com/microsoft/news/2010/03/exploits-of-unpatched-ie6-ie7-flaw-on-the-rise.ars
March 25, 2010
Malware in Fake Reports of President Obama’s Death
The security researchers of Trend Micro have discovered a malware movement on the famous Internet Messaging (IM) service in the last few days which tries to dupe the users on harmful links that circulate malware.
The security experts of the security firm, Loucif Kharouni, actually spotted the harmful messages, as per the blog post published by TrendLabs Malware Blog on March 16, 2010.
It appears that the messages are aimed at French speaking Web users as the text before the links is written in French language and tells the users to click on the attached link. Some of these attached links made the users believe that they are watching a photograph related to an incident that reportedly killed the
However, in actual fact, the attached links take the gullible users to harmful BUZUS variants identified by the security firm Trend Micro as TROJ_BUZUS.BTB and TROJ_BUZUS.BTA.
The security experts hence suggested users to ignore the instant messages that took them to President's death.
Expressing their opinions on the issues, the security experts stated that bogus celebrity death reports have appeared on the Web earlier as well. In past few years, there were rumors about Britney Spears' death, death of Will Farrel, Justin Timberlake, Michael Jackson (before he actually died), Sean Connery, etc. Considering the propagation of malware, celebrity death reports can take a leap if the hackers chose to pick up the trend.
Meanwhile, the security experts opined that this is not the first time when President Obama has become the target of hackers to circulate malware. At the time of his campaign for the US Presidency in 2008, there were many instances of cyber criminals taking advantage of Obama's news. Previous attacks were seen both during his election (both for spreading malware and pharmaceutical spam), and during his inauguration.
Further, it is to be noted that it is not Barack Obama only who has been a victim of malware campaign. Earlier, Bill Clinton, George Bush and Ronald Reagan have also been targeted by hackers to accomplish their vicious purposes, i.e. to spread malware.
http://www.spamfighter.com/News-14087-Malware-in-Fake-Reports-of-President-Obamas-Death.htm
March 23, 2010
Cyber Miscreants Found Exploiting the News of Corey Haim’s Funeral
According to the security experts of Trend Micro, cyber goons are increasingly exploiting the news of the death of Corey Haim, Canadian teen idol, in a bid to launch FAKEAV (fake anti-virus) scams.
Security experts describes that employing blackhat SEO (SEARCH ENGINE OPTIMIZATION) techniques, malicious links at the top of search results are provided if a user simply search for the news on the funeral of Corey Haim on Google. These malicious links redirect the susceptible user to Web sites that ultimately result in downloading a FAKEAVE.
It is worth noting that at present, FAKEAV or fake antivirus, has become one of the most common threats in the Internet threat landscape, and as cyber crooks take a more advanced and sophisticated approach, fake anti-virus are constantly evolving.
Trend Micro alerts all the gullible users that while following these malicious links, a false window opens and shows that the user's system is flooded with malware, and therefore suggests him/her to download the anti-virus solution it offers.
The downloaded file is detected as TROJ_FAKEAV.DBB. by the security firm. A scan page containing phony scan results is loaded by the program which offers the user to eliminate hazardous files from his system.
As the product asks for activation, Trend Micro feels that there's a slight catch. The security firm recommends users to be watchful of such ploys as they might unwillingly make the target reveal his personal sensitive data. Attackers, in this case, ask the victim for his credit card details.
Considering the viciousness of the spam, users are strongly advised to be extra cautious while surfing the Internet for such hot topics as malware felons have gain expertise to get their names included in the top search results. Also, to avoid system infection, users must rely only on the trusted news websites to search for reports on celebrity's death.
The Canadian teen idol is not the only celebrity whose death has been misused by cyber crooks. These miscreants were also spotted misusing Brittany Murphy's death in December 2009.And earlier, in June 2009, when the whole world was morning for loosing the greatest pop star Micheal Jackson, cyber assailants were busy launching various FAKEAV scams.
http://www.spamfighter.com/News-14079-Cyber-Miscreants-Found-Exploiting-the-News-of-Corey-Haims-Funeral.htm
March 24, 2010
Inside a global cybercrime ring
By Jim Finkle
(Reuters) - Hundreds of computer geeks, most of them students putting themselves through college, crammed into three floors of an office building in an industrial section of Ukraine's capital Kiev, churning out code at a frenzied pace. They were creating some of the world's most pernicious, and profitable, computer viruses.
According to court documents, former employees and investigators, a receptionist greeted visitors at the door of the company, known as Innovative Marketing Ukraine. Communications cables lay jumbled on the floor and a small coffee maker sat on the desk of one worker.
As business boomed, the firm added a human resources department, hired an internal IT staff and built a call center to dissuade its victims from seeking credit card refunds. Employees were treated to catered holiday parties and picnics with paintball competitions.
Top performers got bonuses as young workers turned a blind eye to the harm the software was doing. "When you are just 20, you don't think a lot about ethics," said Maxim, a former Innovative Marketing programer who now works for a Kiev bank and asked that only his first name be used for this story. "I had a good salary and I know that most employees also had pretty good salaries."
In a rare victory in the battle against cybercrime, the company closed down last year after the U.S. Federal Trade Commission filed a lawsuit seeking its disbandment in
An examination of the FTC's complaint and documents from a legal dispute among Innovative executives offer a rare glimpse into a dark, expanding -- and highly profitable -- corner of the internet.
Innovative Marketing Ukraine, or IMU, was at the center of a complex underground corporate empire with operations stretching from Eastern Europe to
The company built its wealth pioneering scareware -- programs that pretend to scan a computer for viruses, and then tell the user that their machine is infected. The goal is to persuade the victim to voluntarily hand over their credit card information, paying $50 to $80 to "clean" their PC.
Scareware, also known as rogueware or fake antivirus software, has become one of the fastest-growing, and most prevalent, types of internet fraud. Software maker Panda Security estimates that each month some 35 million PCs worldwide, or 3.5 percent of all computers, are infected with these malicious programs, putting more than $400 million a year in the hands of cybercriminals. "When you include cost incurred by consumers replacing computers or repairing, the total damages figure is much, much larger than the out of pocket figure," said Ethan Arenson, an attorney with the Federal Trade Commission who helps direct the agency's efforts to fight cybercrime.
Groups like Innovative Marketing build the viruses and collect the money but leave the work of distributing their merchandise to outside hackers. Once infected, the machines become virtually impossible to operate. The scareware also removes legitimate anti-virus software from vendors including Symantec Corp, McAfee and Trend Micro Inc, leaving PCs vulnerable to other attacks.
When victims pay the fee, the virus appears to vanish, but in some cases the machine is then infiltrated by other malicious programs. Hackers often sell the victim's credit card credentials to the highest bidder.
Removing scareware is a top revenue generator for Geek Choice, a PC repair company with about two dozen outlets in the
Anti-virus software makers have also gotten into the lucrative business of cleaning PCs, charging for those services even when their products fall down on the job.
Charlotte Vlastelica, a homemaker in
So she called Norton for help and was referred to the company's technical support division. The fee for removing Antispyware 2010 was $100. A frustrated Vlastelica vented: "You totally missed the virus and now you're going to charge us $100 to fix it?"
AN INDUSTRY PIONEER
"It's sort of a plague," said Kent Woerner, a network administrator for a public school district in
"When I have a sixth-grader seeing that kind of garbage, that's offensive," said Woerner. He fixed the machine by deleting all data from the hard drive and installing a fresh copy of Windows. All stored data was lost.
Stephen Layton, who knows his way around technology, ended up junking his PC, losing a week's worth of data that he had yet to back up from his hard drive, after an attack from an Innovative Marketing program dubbed Windows XP Antivirus. The president of a home-based software company in
But he was certain of its deleterious effect. "I work eight-to-12 hours a day," he said. "You lose a week of that and you're ready to jump off the roof."
"These guys were the innovators and the biggest players (in scareware) for a long time," said Arenson, who headed up the FTC's investigation of Innovative Marketing.
Innovative's roots date back to 2002, according to an account by one of its top executives, Marc D'Souza, a Canadian, who described the company's operations in-depth in a 2008 legal dispute in
According to D'Souza's account, Innovative Marketing was set up as an internet company whose early products included pirated music and pornography downloads and illicit sales of the impotence drug Viagra. It also sold gray market versions of anti-virus software from Symantec and McAfee, but got out of the business in 2003 under pressure from those companies.
It tried building its own anti-virus software, dubbed Computershield, but the product didn't work. That didn't dissuade the firm from peddling the software amid the hysteria over MyDoom, a parasitic "worm" that attacked millions of PCs in what was then the biggest email virus attack to date. Innovative Marketing aggressively promoted the product over the internet, bringing in monthly profits of more than $1 million, according to D'Souza.
The company next started developing a type of malicious software known as adware that hackers install on PCs, where they served up pop-up ads for travel services, pornography, discounted drugs and other products, including its flawed antivirus software. They spread that adware by recruiting hackers whom they called "affiliates" to install it on PCs.
"Most affiliates installed the adware product on end-users' computers illegally through the use of browser hijacking and other nefarious methods," according to D'Souza. He said that Innovative Marketing paid its affiliates 10 cents per hijacked PC, but generated average returns of $2 to $5 for each of those machines through the sale of software and products promoted through the adware.
ANY MEANS BUT SPAM
The affiliate system has since blossomed. Hackers looking for a piece of the action can link up with scareware companies through anonymous internet chat rooms. They are paid through electronic wire services such as
To get started, a hacker needs to register as an affiliate on an underground website and download a virus file that is coded with his or her affiliate ID. Then it's off to races.
"You can install it by any means, except spam," says one affiliate recruiting site, earning4u.com, which pays $6 to $180 for every 1,000 PCs infected with its software. PCs in the
Affiliates load the software onto the machines by a variety of methods, including hijacking legitimate websites, setting up corrupt sites for the purposes of spreading viruses and attacks over social networking sites such as Facebook and Twitter.
"Anybody can get infected by going to a legitimate website," said Uri Rivner, an executive with RSA, one of the world's top computer security companies.
A scareware vendor distributed its goods one September weekend via The New York Times' website by inserting a single rogue advertisement. The hacker paid NYTimes.com to run the ad, which was disguised as one for the internet phone company Vonage. It contaminated PCs of an unknown number of readers, according to an account of the incident published in The New York Times.
Patrik Runald, a senior researcher at internet security firm Websense Inc, expects rogueware vendors to get more aggressive with marketing. "We're going to see them invest more money in that -- buying legitimate ad space," he said.
To draw victims to infected websites, hackers will also manipulate Google's search engine to get their sites to come up on the top of anyone's search in a particular subject. For instance, they might capitalize on news events of wide interest -- from the winners of the Oscars to the Tiger Woods scandal -- quickly setting up sites to attract relevant search times. Anti-virus maker Panda Security last year observed one scareware peddler set up some 1 million web pages that infected people searching for Ford auto parts with a program dubbed MSAntispyware2009. They also snare victims by sending their links through Facebook and Twitter.
Some rogue vendors manage their partnerships with hackers through software that tracks who installed the virus that generated a sale. Hackers are paid well for their efforts, garnering commissions ranging from 50 to 90 percent, according to Panda Security. SecureWorks, another security firm, estimates that a hacker who gets 1 to 2 percent of users of infected machines to purchase the software can pull in over $5 million a year in commissions.
Hackers in some Eastern European countries barely attempt to conceal their activities.
Panda Security found photos of a party in March 2008 that it said affiliate ring KlikVIP held in
BANKING
One of Innovative Marketing's biggest problems was the high proportion of victims who complained to their credit card companies and obtained refunds on their purchases. That hurt the relationships with its merchant banks that processed those transactions, forcing it to switch from banks in
In 2005, Bank of
Innovative Marketing then went five months without a credit card processor before finding a bank in
To keep the chargeback rate from climbing even higher, Innovative Marketing invested heavily in call centers. It opened facilities in
Often that required disabling legitimate anti-virus software programs, according to McAfee researcher Dirk Kollberg, who spent hours listening to digitized audio recordings of customer service calls that Innovative Marketing kept on its servers at its
Police have had limited success in cracking down on the scareware industry. Like Innovative Marketing, most rogue internet companies tend to be based in countries where laws permit such activities or officials look the other way.
Law enforcement agencies in the
The FTC succeeded in persuading a
(Editing by Jim Impoco and Claudia Parsons)
http://www.reuters.com/article/idUSTRE62N29T20100324?type=technologyNews
March 23, 2010
Miscreants Riding on DTS Searches, Spreading Scareware
Security researchers of Vietnam-based antivirus purveyor, Bach Khoa Internet Security (BKIS) alarms users that search aimed at Daylight Time Saving (DST) may redirect them to FAKEAV sites.
Also referred as summer's time, DST pertains to advance the clock by 60 minutes so as to stretch daylight during afternoon. Not much regions of the world practice this concept; it is particularly done by regions located at high latitudes.
BKIS warns that assuming the users will browse the Internet to search for information associated with current year's DST (2010) in order to adjust their clocks accordingly, cyber crooks have employed Blackhat SEO (BHSEO) technique to add malicious links to search results, as reported by Bkis Security Blog on March 15, 2010.
Users will definitely be targeted if they type in "Day light Savings 2010" in the search box as keywords.
Bkis' experts also said that susceptible users who clicked malicious links displayed as the result of the aforementioned keywords will land into phony websites having forged Window interface. These websites display virus alerts on user's system which are actually harmless.
The main intention of this software lies in scaring users to purchase a license which has no worth, while endangering the credit card information during the process. Also termed as rogue security software, Scareware is a latest class of malware that acts as a gentleman in the battle against worms and viruses, said experts.
Moreover, this most recent scam spotted by Bkis appears to prove the point that McAfee, a security firm, made, right. In a recent report, McAfee claimed that the most expensive scam in 2010 will be the fake antivirus or scareware scam. Cyber goons earn over $ 300 Million via scareware scams, the report revealed.
To conclude, security experts from security purveyors Websense and Trend Micro independently alarm the users of similar schemes wherein Corey Haim's death was targeted, which occurred in the second week of March 2010. Corey was a former teen idol and a Canadian actor. Deaths of celebrities have unfortunately become common themes for cyber felons to execute BHSEO campaigns because they easily attract Internet users' attention.
http://www.spamfighter.com/News-14073-Miscreants-Riding-on-DTS-Searches-Spreading-Scareware.htm
March 23, 2010
New Scareware Leverages the Layered Service Provider
Blocks popular websites from being displayed
Security researchers from antivirus vendor Trend Micro warn that a new FAKEAV version operates a ransomware-like component as a Layered Service Provider (LSP) routine. The malicious .DLL blocks access to websites such as Facebook, YouTube, MySpace, The Pirate Bay and others.
The Layered Service Provider is a Winsock feature that has long been abused by malware because it allows altering Internet traffic. The scareware analyzed by Trend installs a .DLL file in the LSP chain, with the purpose of intercepting calls to facebook.com, youtube.com or myspace.com, from Internet Explorer, Firefox and other applications (through svchost).
Trying to access any of these domains from an infected computer will result in a page with red background reading: "Restricted Site! This web site is restricted based on your security preferences. Your system is infected. Please activate your antivirus software."
"It will only allow the users access if the registry key, HKEY_CURRENT_USER\Software\IS2010, exists in their systems. However, the said key will only exist if the FAKEAV application Internet Security 2010 (aka TROJ_FAKEAL.SMDO, TROJ_FAKEAL.SMDP, or TROJ_FAKEINIT.BC), is present on the affected system," the Trend Micro researchers explain.
FAKEAV is a generic name used by the antivirus company to detect scareware or rogueware applications. These programs masquerade as antivirus products and attempt to scare users into paying for unnecessary license fees by displaying alerts about fake malware infections.
The distribution of scareware used to be a very profitable model for generating illegal income. However, with a constantly shrinking market due to successful public education against these scams, scammers found themselves forced to come up with ways to get an edge over their competition.
This fighting amongst competing cybercriminal gangs has lead to the appearance of more aggressive approaches, like disabling critical system functionality until the user agrees to pay up. Programs that display such behavior are referred to as ransomware and blocking access to popular websites certainly falls into this category.
http://news.softpedia.com/news/New-Scareware-Leverages-the-Layered-Service-Provider-138121.shtml
SC Magazine
March 26, 2010
Scammers capitalizing on tax season to spread Zeus
By Angela Moscaritolo
Cybercriminals have been capitalizing on tax season by sending messages that appear to come from the Internal Revenue Service but actually lead to the data-stealing trojan Zeus, researchers at anti-virus firm Trend Micro warned Thursday.
The messages ask users to follow a link and review their tax statement to fix errors related to unreported or under-reported income, according to Trend Micro. The URL leads users to a variant of Zeus, which steals information from compromised systems and sends it back to attackers.
With the tax deadline nearing, these types of scams are likely to ramp up, US-CERT warned on Thursday. Other phishing and malware campaigns taking advantage of tax season could include offers to help recipients file for a refund or details about fake e-file websites.
The IRS last week warned users about phishing, as part of its annual “dirty dozen” list of tax scams. Scammers will try and obtain users' personal information by impersonating the IRS in emails, tweets and phony websites, the agency warned. For example, scammers will likely tell consumers they are entitled to a tax refund, but they must reveal personal information to claim it.
“Taxpayers should be wary of anyone peddling scams that seem too good to be true,” IRS Commissioner Doug Shulman said in a statement. “The IRS fights fraud by pursuing taxpayers who hide income abroad and by ensuring taxpayers get competent, ethical service from qualified professionals at home in the U.S.”
Taxpayers who receive a message claiming to come from the IRS should not open any attachments or click on any links, the IRS warned.
http://www.scmagazineus.com/scammers-capitalizing-on-tax-season-to-spread-zeus/article/166647/
IT World
March 26, 2010
HP Canada gets a new president
By Paolo Del Nibletto
Things change and people change in this great industry of ours. Yesterday at HP Canada was just another example of change. Although this one has some major impact on the channel. Paul Tsaparis, the long-time face of the subsidiary will be leaving his role as president.
He is to be replaced by little known Peter Galanis. Tsaparis has received many honours in his career such as a member of the top 40 under 40 club, CDN Newsmaker of the Year, along with Channel Visionary and Builder of the past 20 years. I can tell you he has earned them all. Tsaparis is a fine person, top notch executive and leader.
I have interviewed Paul on many occasions and I also introduced him at a Comdex Canada Keynote address. I will surely miss him. But, more importantly I believe he will be missed by the channel community in
His departure will lead to questions about HP’s direction. CDN, along with many of my colleagues at IT World Canada, attempted to interview both Tsaparis and Galanis only to be told they would not made available for interviews.
I am sure that this would not sit well with Tsaparis who has always been transparent about his decisions.
HP Canada’s outside PR agency informed me that Galanis would not be made available for interviews because he was announced as the new president yesterday. Other sources around the industry have speculated to me that Tsaparis was looking to leave his role for a while now. If this move was planned, I don’t understand what they are hiding from.
Galanis is an unknown variable. His background is EMC, which is a traditional direct-selling organization. He has worked at HP in the
Galanis could have eased fears from the channel by fielding questions. Also HP Canada is very close to announcing a new channel chief. What if the new channel chief and the new president don't see eye-to-eye? Again, Galanis could have addressed this. Instead we are all left to speculate.
One quick hit before I go. Former NEC and Trend Micro Canada executive Pat Kewin will be named director of sales and marketing for Accutrust shortly.
http://www.itworldcanada.com/blogs/cdn/2010/03/26/hp-canada-gets-a-new-president/53026/
沒有留言:
張貼留言