Computer Security News Categories
Check the latest global news related to computer security.
The Latest Computer Security News
The latest global news related to computer security
Viruses, Trojans, Worms, Spyware, Threads
Unwanted, very dangerous malicious applications, often with self-replication ability, often transmitting information over internet connection in the background. They represent direct danger for stored data and operating system of infected computer.
March 14, 2010 11:08:22 AM CET
Recently published analyses – Recently published analyses Antivirus7 Trojan:Win32/Wisp.A Trojan:Win32/Wisp.B Backdoor:Win32/Otlard.A Exploit:JS/CVE-2010-0806 TrojanProxy:Win32/Pramro.F TrojanSpy:Win32/Bancos.SB Backdoor:Win32/Arurizer.A PWS:Win32/Daptdei.A PWS:Win32/Zbot.RI
March 14, 2010 3:08:07 AM CET
Win32/SillyAutorun.CUT – Should you have this detection reported on a file that you normally use, we highly recommend that you submit a sample of the affected file to CA Anti-Virus Research for analysis.For detailed instructions on how to submit samples to CA, please see below.----------Submitting Malware SamplesPlease visit our Sample/Suspicious file submission form here:...
March 14, 2010 3:08:07 AM CET
Win32/SillyAutorun.CUS – Should you have this detection reported on a file that you normally use, we highly recommend that you submit a sample of the affected file to CA Anti-Virus Research for analysis.For detailed instructions on how to submit samples to CA, please see below.----------Submitting Malware SamplesPlease visit our Sample/Suspicious file submission form here:...
March 14, 2010 3:08:07 AM CET
Win32/SillyAutorun.CUR – Should you have this detection reported on a file that you normally use, we highly recommend that you submit a sample of the affected file to CA Anti-Virus Research for analysis.For detailed instructions on how to submit samples to CA, please see below.----------Submitting Malware SamplesPlease visit our Sample/Suspicious file submission form here:...
March 14, 2010 3:08:07 AM CET
Win32/SillyAutorun.CUQ – Should you have this detection reported on a file that you normally use, we highly recommend that you submit a sample of the affected file to CA Anti-Virus Research for analysis.For detailed instructions on how to submit samples to CA, please see below.----------Submitting Malware SamplesPlease visit our Sample/Suspicious file submission form here:...
March 14, 2010 3:08:07 AM CET
Win32/SillyAutorun.CUP – Should you have this detection reported on a file that you normally use, we highly recommend that you submit a sample of the affected file to CA Anti-Virus Research for analysis.For detailed instructions on how to submit samples to CA, please see below.----------Submitting Malware SamplesPlease visit our Sample/Suspicious file submission form here:...
March 14, 2010 3:08:07 AM CET
Win32/Rimecud.UP – Should you have this detection reported on a file that you normally use, we highly recommend that you submit a sample of the affected file to CA Anti-Virus Research for analysis.For detailed instructions on how to submit samples to CA, please see below.----------Submitting Malware SamplesPlease visit our Sample/Suspicious file submission form here:...
March 14, 2010 3:08:07 AM CET
Win32/Rimecud.UO – Should you have this detection reported on a file that you normally use, we highly recommend that you submit a sample of the affected file to CA Anti-Virus Research for analysis.For detailed instructions on how to submit samples to CA, please see below.----------Submitting Malware SamplesPlease visit our Sample/Suspicious file submission form here:...
March 14, 2010 3:08:07 AM CET
Win32/Rimecud.UN – Should you have this detection reported on a file that you normally use, we highly recommend that you submit a sample of the affected file to CA Anti-Virus Research for analysis.For detailed instructions on how to submit samples to CA, please see below.----------Submitting Malware SamplesPlease visit our Sample/Suspicious file submission form here:...
March 14, 2010 3:08:07 AM CET
Win32/Rimecud.UM – Should you have this detection reported on a file that you normally use, we highly recommend that you submit a sample of the affected file to CA Anti-Virus Research for analysis.For detailed instructions on how to submit samples to CA, please see below.----------Submitting Malware SamplesPlease visit our Sample/Suspicious file submission form here:...
Adware and profiling user agents (PUA)
Programs that aren't malicious, such as dialers, remote administration tools and hacking tools, but are generally considered unsuitable for most business networks.
Email and virus hoaxes
Virus hoaxes are false reports about non-existent viruses, often claiming to do impossible things. Unfortunately some recipients occasionally believe a hoax to be a true virus warning and may take drastic action (such as shutting down their network).
March 13, 2010 3:46:00 AM CET
Muslim Protest Photographs - Pictures From London – Email claims that a series of attached photographs depict a protest in London at which Muslim demonstrators displayed placards with violent and inflammatory slogans.
March 11, 2010 5:31:00 AM CET
F1 Key Virus Warning – Message warns that responding to a pop-up prompt by pressing the F1 key when visiting an infected website could download and install a virus on your computer.
March 11, 2010 1:34:00 AM CET
Apartment Cleaner Overpayment Scam – Email offers the recipient a part time job cleaning an apartment for a quite generous fee. The cleaner is advised to deduct this fee from a cheque made out for a considerably larger amount and then wire the remainder to the landlord via a money transfer service.
March 9, 2010 1:33:00 AM CET
Western Union Unauthorized Transaction Phishing Scam – Email claims that money transfer service Western Union has noticed unauthorized transactions on the recipient's credit card and instructs him or her to fill in an attached form in order to verify identity and payment details.
March 8, 2010 1:27:00 AM CET
The WHY Yacht - Luxurious 58x38 Yacht from Wally Herm – Email forward claims that a series of attached images show an innovative and luxurious new yacht of enormous proportions dubbed the WHY 58x38.
March 3, 2010 3:27:00 AM CET
Haiti Earthquake Money Laundering Scam – Email asks the recipient to work as a representative for a Haiti Earthquake disaster aid organization by collecting and processing donated funds.
February 28, 2010 2:40:00 AM CET
Check Out YouTube Request - Facebook Trojan Worm Warning – Message circulating on Facebook warns users not to open a request to checkout a YouTube video because it contains a "trojan worm" that can shut down the infected computer and steal personal information.
February 26, 2010 12:01:00 PM CET
Boy Shot By Step Dad Charity Hoax – Message claims that, every time a text message is sent on, AT&T or Verizon will donate money to help pay for surgery on a 14 year old boy who was shot six times by his stepfather while attempting to protect his young sister.
February 25, 2010 5:21:00 AM CET
Costa Rica Turtle Egg Harvest Protest Email – Email that call for a stop to a supposed "attack against nature" on the beaches of Costa Rica claims that a series of attached photographs depict crowds of people digging up and stealing turtle eggs that they will later sell.
February 23, 2010 4:24:00 AM CET
Mercedes-Benz Test Questions Advance Fee Scam – Email claims that the recipient can be awarded the prize of a new Mercedes-Benz GL-Class GL550 along with three hundred thousand euros simply by replying with the answers to a very short and simply quiz .
Security risks and vulnerabilities
A security risk or a vulnerability is a state in a computing system (or set of systems) which either: allows an attacker to execute commands as another user; allows an attacker to access data that is contrary to the specified access restrictions for that data; allows an attacker to pose as another entity; allows an attacker to conduct a denial of service.
March 12, 2010 10:34:14 PM CET
Update on Security Advisory 981374 – Hi everyone, I’m writing to let you know that we have updated Security Advisory 981374 with new workaround information. We are aware that exploit code has been made public for this issue. As with our last update, Internet Explorer 8 remains unaffected by the vulnerability addressed in the advisory and we continue to encourage all customers to upgrade to this version. On Wednesday we added a workaround to the advisory that helps to mitigate the vulnerability by disabling the peer factory class through the modification of a registry key. With today’s update, we have added a Microsoft Fix It to automate this workaround for Windows XP and Windows Server 2003 customers. As always, customers should test this thoroughly before deploying as certain functionality that depends on the peer factory class, such as printing from Internet Explorer and the use of web folders, may be affected. We have seen speculation that Microsoft might release an update for this issue out-of-band. I can tell you that we are working hard to produce an update which is now in testing. This is a critical and time intensive step of the process as the update must be tested against all affected versions of Internet Explorer on all supported versions of Windows. Additionally, each supported language version needs to be tested as well as testing against thousands of third party applications. We never rule out the possibility of an out-of-band update. When the update is ready for broad distribution, we will make that decision based on customer needs. Please review the advisory for more information. We will keep you posted as additional information becomes available. Jerry Bryant Sr. Security Communications Manager Lead *This posting is provided "AS IS" with no warranties, and confers no rights.*
March 11, 2010 6:05:59 PM CET
VU#280613: Apache mod_isapi module library unload results in orphaned callback pointers – The Apache mod_isapi module can be forced to unload a specific library before the processing of a request is complete,resulting in memory corruption. This vulnerability may allow a remote attacker to execute arbitrary code.
March 11, 2010 4:02:00 PM CET
VU#744549: Microsoft Internet Explorer iepeers.dll use-after-free vulnerability – Microsoft Internet Explorer contains a use-after-free vulnerability in the iepeers.dll file,which may allow a remote,unauthenticated attacker to execute arbitrary code.
March 10, 2010 3:08:06 AM CET
TA10-068A: Microsoft Updates for Multiple Vulnerabilities – Microsoft Updates for Multiple Vulnerabilities
March 9, 2010 7:02:03 PM CET
March 2010 Security Bulletin Release – Today we are releasing two Important security bulletins addressing eight vulnerabilities in Windows and Microsoft Office. Both bulletins have an aggregate Exploitability Index rating of “1” so we recommend that customers deploy these updates as soon as possible. The Microsoft Exploitability Index provides additional information to help customers prioritize deployment of monthly security bulletins. A summary of today’s security updates can be found on the Microsoft Security Bulletin webpage. MS10-016 addresses one vulnerability in Windows Movie Maker. Both Windows XP and Windows Vista ship with affected versions (2.1 and 6.0 respectively). Version 2.6 is also vulnerable and can be freely downloaded and installed from the web. Customers who install 2.6 on any supported platform, including Windows 7, will be offered the update. In order to take advantage of the vulnerability, a user would need to open a specially crafted Movie Maker project file. These are files with the .mswmm file extension. The MS10-016 bulletin also calls out Microsoft Producer 2003 in the affected products list. Producer 2003 is a free download with limited distribution. At this time, we are not offering an update for Producer 2003. Our standard approach is to produce updates that can be deployed automatically for all affected products at the same time but Producer 2003 does not offer a means for automatic update. Based on our investigation, we determined that the best way to protect the vast majority of customers was to release an update addressing the components that shipped with Windows. While we continue to investigate Producer 2003, we recommend that customers either uninstall the application or apply an available Microsoft Fix It to disassociate the project file type from the application to add an extra layer of security. MS10-017 affects all currently supported versions of Microsoft Office Excel. It also affects Office 2004 and Office 2008 for Mac, the Open XML File Format Converter for Mac, supported versions of Excel viewer and SharePoint 2007. As with most Office vulnerabilities, a user would have to open a specially crafted file in order to be exploited. Since both of today’s bulletins require user interaction, we give them both a “2” on our deployment priority scale: Our Severity and Exploitability Index slide offers additional guidance to help customers prioritize this month’s bulletins: In the following video, Adrian Stone and I give a brief overview of today’s bulletins: More listening and viewing options: Windows Media Video (WMV) Windows Media Audio (WMA) iPod Video (MP4) MP3 Audio High Quality WMV (2.5 Mbps) Zune Video (WMV) Today we also re-released MS09-033 to add Virtual Server 2005 to the affected products list. Customers who have already installed the update for affected products do not have any additional actions. Additionally, we continue to to monitor the threat landscape around Security Advisory 981169 regarding a vulnerability in VBScript that could allow remote code execution. We are not currently aware of any active attacks but encourage customers to review the advisory and apply the suggested workarounds where possible. Customers that are running Windows 7, Windows Server 2008, Windows Server 2008 R2, and Windows Vista are not affected. Please join us tomorrow for a public webcast where Adrian Stone and I will go in to detail on these bulletins and answer customer questions with the help of the engineers who worked to produce them so please plan to join us. Date: Wednesday, March 10 Time: 11:00 a.m. PST (UTC -8) Registration: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032427711 Thanks! Jerry Bryant Sr. Security Communications Manager Lead *This posting is provided "AS IS" with no warranties, and confers no rights.*
March 9, 2010 5:28:00 PM CET
Security Advisory 981374 Released – Hi everyone, Today we released Security Advisory 981374 addressing a publicly disclosed vulnerability in Internet Explorer 6 and Internet Explorer 7. Internet Explorer 8 is not affected by this issue. Customers using Internet Explorer 6 or 7 should upgrade to Internet Explorer 8 immediately to benefit from the improved security features and defense in depth protections. Additionally, Internet Explorer 5.01 on Windows 2000 is not affected. At this time, we are aware of targeted attacks seeking to exploit this vulnerability against Internet Explorer 6. Internet Explorer Protected Mode in Internet Explorer 7 running on Windows Vista helps to mitigate the impact of this issue. Additionally, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration. This mode sets the security level for the Internet zone to High. This is a mitigating factor for Web sites that you have not added to the Internet Explorer Trusted sites zone. Please review the Security Advisory for additional workarounds which include modifying the Access Control List (ACL) on iepeers.dll (the affected component), setting the Internet and local Intranet security zones to "high", configuring Internet Explorer to prompt before running Active Scripting, and enabling Data Execution Prevention (DEP) where possible which makes it difficult to successfully exploit the vulnerability. As always, we are investigating this issue and will take appropriate action to protect customers when we have finalized a solution. This may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs. Anyone believed to have been affected can visit: http://www.microsoft.com/protect/support/default.mspx and should contact the national law enforcement agency in their country. Those in the United States can contact Customer Service and Support at no charge using the PC Safety hotline at 1-866-727-2338 (PCSAFETY). Additionally, customers in the United States should contact their local FBI office or report their situation at: www.ic3.gov. Customers should follow the guidance in the advisory and our Protect Your PC guidance of enabling a firewall, getting software updates, and installing antivirus software (learn more by visiting the Protect Your PC web site). International customers can find their Regional Customer Service Representative http://support.microsoft.com/common/international.aspx. We are also working with our Microsoft Active Protections Program (MAPP), the Microsoft Security Response Alliance (MSRA), authorities and other industry partners to help provide broader protections for customers. Together with our partners, we will continue to monitor the threat landscape and will take action against any web sites that seek to exploit this vulnerability. The Security Advisory will be updated with any new developments so if you are not already subscribed to our comprehensive alerts, please do so in order to be alerted by email when new information is added. Please review the advisory for additional details and if the situation changes, we will provide an update here on the MSRC blog. Jerry BryantSr. Security Communications Manager Lead *This posting is provided "AS IS" with no warranties, and confers no rights.*
March 9, 2010 4:27:31 PM CET
VU#154421: Energizer DUO USB battery charger software allows unauthorized remote system access – The software available for the Energizer DUO USB battery charger contains a backdoor that allows unauthorized remote system access.
Security News and Blogs
Miscelaneous security news from around the world, published by well-known security authorities.
March 12, 2010 6:57:36 PM CET
Facebook Users Suffer From ‘Fram’ – About a year or so ago one of the “McMarketeers” decided it would be fun to run a campaign against “fram”–spam that friends send you. As you might guess, we in the Labs have no friends, so it was no problem for us to ridicule the idea. However, around the coffee machine the other [...]
March 12, 2010 11:41:00 AM CET
How to use Facebook safely – Plug information leaks and surf in safetyOnline data thieves will jump at the chance to harvest even the most innocuous personal information. PC Advisor demonstrates how to tighten up Facebook security.
March 12, 2010 11:31:33 AM CET
Malware Gets Smart with Vodafone Smartphone – Security researchers recently unveiled findings about malware that came preinstalled on a Vodafone mobile phone handset. Its memory card was also believed to carry malware. A leading mobile telecommunication company, Vodafone, has been taking the heat for packing malware straight out of the box on their HTC Magic Android smartphones. The recipient of one of [...]Post from: TrendLabs | Malware Blog - by Trend MicroMalware Gets Smart with Vodafone Smartphone
March 12, 2010 11:02:37 AM CET
More Adobe Exploits in the Wild – Researchers from Microsoft recently unearthed exploits targeting the CVE-2010-0188 vulnerability. On February 16, Adobe released a security advisory describing a vulnerability in Adobe Reader and Acrobat 8.X and 9.X. Once the vulnerability is exploited, attackers gain the capability to perform denial-of-service (DoS) attacks on affected systems. Doing so can cause applications and even systems to crash. [...]Post from: TrendLabs | Malware Blog - by Trend MicroMore Adobe Exploits in the Wild
March 12, 2010 9:57:00 AM CET
ICANN boss criticised for DNS scare story – Exec says DNS could fail at any timeICANN president and CEO Rod Beckstrom has been criticised for his "inflammatory" comments suggesting that the Domain Name System (DNS) that underpins the internet is not as secure as it used to be.
March 11, 2010 5:20:50 PM CET
Malicious Web Attack Using Executable With facebook.com in Name – As we were working through URLs identified as suspicious due to our GTI technology, one of the URLs that presented itself was an average “.com” site that loaded a php. As we processed this – it was interesting to see that this php actually reached out to download a file that ended with the string [...]
March 11, 2010 9:07:43 AM CET
New IE Zero-Day Exploit (CVE-2010-0806) – Hot on the heels of this month’s security bulletin, a new vulnerability exploit surfaces with a malware in tow. The new zero-day vulnerability, as described in a previous post, prompted Microsoft to release Security Advisory (981374) while investigations are still underway. This Internet Explorer (IE) vulnerability exists due to an invalid pointer reference bug [...]Post from: TrendLabs | Malware Blog - by Trend MicroNew IE Zero-Day Exploit (CVE-2010-0806)
March 11, 2010 7:50:10 AM CET
Twitter Spam: Getting slim with slim URLs – In October 2009 we were writing about twitter spam and I was trying to make a brief definition of this kind of spam: It follows a lot of users , has 1 post and is followed only by a few persons. Well, this changed now, because the theme became much more interesting for the people [...]
March 11, 2010 7:44:30 AM CET
Exploit Code for IE 0-day vulnerability – Exploit code for the the zero-day vulnerability in Internet Explorer has been added to the Metasploit framework. According to an email HD Moore wrote to ZDNet’s Ryan Naraine, the exploit works quite reliable – successful 50% of the times on Windows XP with SP2 and SP3 with IE7 and deactivated Data Execution Prevention (DEP). The security [...]
March 11, 2010 6:41:21 AM CET
It Seems Obvious To Me…. – If you listen to IT Security experts, they will regularly tell you to make your passwords difficult to guess. They will also tell you ensure it is not short, and has a mixture of alphabetic, numeric & special characters in it – and certainly don't use a word that is found in the dictionary. Why do [...]
