Brian Czarny joins Webroot

By Alan Harten

Webroot, provider of security software for consumers, enterprise and SME markets, today announced the appointment of Brian Czarny as Vice President of Solutions Marketing.
Czarny will be involved in advancing Webroot’s innovations in the security software as a service (SaaS) market by leading product management and product marketing.
“With malware threats growing 500% year over [...]

Malware targets Oympic emails

By Brian Turner

MessageLabs has reported that it has identified at least thirteen different Olympic themed attacks, using email to try and fool users into downloading trojans.
With legitimate-sounding email subject titles such as “The Beijing 2008 Torch Relay” and “National Olympic Committee and Ticket Sales Agents”, some attacks purport to be from the International Olympic Committee, based in [...]

Tibet struggle usurped to install rootkit

By Dave Nixon

A cartoon that mocks the efforts of a Chinese gymnast at the Olympic games is the most recent tactic used by cyber-criminals to infect Windows PCs, according to McAfee’s Avert labs.
While the movie files, which show the cartoon followed by images supporting a free Tibet, are playing, a keystroke logging tool, hidden by a [...]

Browser attacks becoming more sophisticated say experts

By Janine de Blois

Security experts at the RSA Conference 2008 warn that browser attacks are becoming more sophisticated. Infected websites can allow a browser to be taken over in bot-like fashion.
For example on a virtual world site, an avatar could walk out on the screen, turn off mouse and key controls-making it difficult stop the attack. [...]

Websites blacklisted by iFrame attacks

By Dave Nixon

Up to 80 percent of websites flagged as malevolent by anti-virus and search engine indexes are genuine businesses, according to security experts.
Experts said while the security industry is on top of usual spam and phishing attacks, more endeavor needs to be put into preventing and eliminating so-called drive-by-downloads.
The attacks allow hackers to transmit [...]

HP ProLiant floppy drives contaminated with malware

By Dave Nixon

HP has been selling USB-based hybrid flash-floppy drives that were pre-infected with malware, the company said last week in a security announcement.
Dubbed “HP USB Floppy Drive Key,” the device is a combination flash drive and compact floppy drive, and is intended to work with various models of HP’s ProLiant Server line. HP sells two [...]

Number of viruses to reach one million by end of the year

By Dave Nixon

The overall number of viruses is set to reach one million by year’s end, according to security experts.
Malware writers have been made to create original types of viruses and exploits more frequently as businesses and individuals develop security practices, the experts said.
Sophos chief technology officer Paul Ducklin said about 25 percent of unique [...]

Welsh government website serves malware

By Dave Nixon

A Welsh government website has been hacked to serve up malevolent JavaScript, a signal that the wave of attacks first spotted last month are enduring, analysts from security vendor Sophos warned Friday.
The process of attack is comparable to one that recently victimized pages within Trend Micro’s website, said Graham Cluley, senior technology consultant for Sophos.
Trend [...]

Finjan discovers website offering volume purchase of stolen credit cards

By Janine de Blois

“If further proof were needed that there is a very serious problem facing the card acceptance and processing industry, this is it,” said Yuval Ben-Itzhak, chief technology officer at Finjan.
“Prices are segmented depending on whether a card is a Classic Visa or MasterCard, a premium account such as a Gold, Platinum or Business/Corporate [...]

Widespread “Chinese JavaScript Attack” infects security website

By Janine de Blois

Last week hackers attacked over 20,000 web pages including Trend Micro.
Mike Sweeny, a spokesman for Trend Micro confirmed a portion of their sight had been hacked saying, they took down the affected pages and took corrective action.
The object of the attack is to steal passwords sent via Internet Explorer. [...]

Trojan circulating in unpatched Excel documents

By Janine de Blois

A vulnerability in Excel, which has been known publicly since January, has been exploited by a so-far small scale attack.
Several security companies have published a warning against the Trojan that is circulating via email.
So far eight different file names have been detected for the exploit, including OLYMPIC.XLS and SCHEDULE.XLS.
Most [...]

“Mebroot” infects master boot record (MBR) steals banking information

By Janine de Blois

Mebroot has been deliberately installed at websites controlled by the criminals and targets those website visitors who have not patched their computers with the latest security updates from Microsoft.
Leading security firm iDefense has said that Mebroot was discovered in October 2007, but only started to be used in a series of attacks in early [...]

InfoJack trojan Infects mobile devices running Windows CE

By Janine de Blois

InfoJack disables Windows Mobile application installation security. It sends the infected device’s serial number, operating system, and other information to the author of the Trojan.
Infected devices are then subject to further malware as it automatically downloads and installs unsigned applications without user knowledge. It also changes the homepage.
It has widely been distributed [...]

Mobile phone users held to ransom by malware

By Isabelle Chaize

A code called Kiazha.A is currently targeting Symbian mobile phones in China. Unlike most malwares which aim to make the headlines and create a name for the author, this one is profit-driven.
It works by removing all sent and received text messages, and unless users pay about $7 it threatens to disable the handset permanently. The [...]

Teenage cyber criminals are a serious threat masterminding large botnets

By Janine de Blois

18-year old Owen Thorn Walker of New Zealand, aka “AKILL”, has been released on bail after being accused of setting up a botnet in the Netherlands that infected 1.3 million computers.
The leader of a group of programmers, he is charged with two counts of accessing a computer for dishonest purposes, damaging with [...]

Social networking sites attacked by hackers

By Isabelle Chaize

Social networking sites such as Myspace and Facebook are being targeted by hackers. According to security firm Fortify Software, hackers have indentified an easy way to attack such sites by exploiting buffer overloads in software such as Aurigma ActiveX, used for uploading images.
Rob Rachwald, director of product marketing at Fortify Software, warned that the instructions [...]

Key addition to Firefox 3.0 Beta 3-default Malware Protection

By Janine de Blois

Malware Protection, a new tool released with Firefox 3.0 Beta 3, blocked a couple of popular add-on sites for its own browser. Much like the anti-plishing tool, the anti-malware tool works from a blacklist created by Google. The list includes both sites known to intentionally distribute malware as well as sites that [...]

Legitimate Sites the Source of Most Malware

By Dave Nixon

According to a senior security researcher the majority of websites producing malware are legitimate. Dan Hubbard, Websense’s vice president of security research, said that exceptionally, legitimate sites taken over by hackers outnumber malicious ones.
51 percent of the sites it categorised as malicious in the second half of 2007 had been compromised and then [...]

Plishing attack on banking website appears legitimate

By Janine de Blois

Netcraft warns of new plishing attack that has taken place on an Italian banking website. Cross site scripting has made the attack very difficult to detect even with automated security filters.
Using an url which works on the JavaScipt function on the bank’s own Login page the url appear legitimate. The SSL certificate [...]

Publicity Leads to Crime Hubs Downfall

By Dave Nixon

According to a new whitepaper published by volunteer group, the Shadowserver Foundation, publicising the existence of criminal malware networks populating the Internet may be one of the best and simplest ways in fight against them.
The foundation, which analyzes the actions of the Russian Business Network (RBN), a chief crimeware hub which suddenly disappeared from [...]

Next Page »