Virus Information News

[First]  [Previous] |    10     11     12     13     14     15     16     17     18     19    | [Next]  [Last] of 172 page(s)

New Zero-Day Threats and High Spam Levels: MessageLabs Report

WHIR Web Hosting Industry News

January 22, 2010

According to a report released last week by Symantec, 83.4 percent of spam at the end of 2009 originated from botnets. Around 900 million spam emails, originated from free webmail accounts, and more than 79 percent of webmail spam came from three well-kno

"Despite the best efforts of the webmail providers to prevent this abuse of their services, there is still a viable market in the underground economy for buying and selling legitimate and usable webmail accounts," Symantec Hosted Services MessageLabs Intelligence senior analyst Paul Wood said in a statement. Last month, a new zero-day vulnerability in a popular version of a .PDF viewer was found to target high-level individuals in the public sector, education, financial services and large international corporations. It arrives as a .PDF file containing embedded malicious Javascript code. The attack also had a social engineering aspect -- the attack varied according to the individual and organization being targeted, making it seem legitimate. MessageLabs Intelligence actually blocked the first versions in November 2009, protecting Symantec Hosted Services customers from the attack before it began.

U.S. enables Chinese hacking of Google

CNN

by Bruce Schneier

January 23, 2010

In order to comply with government search warrants on user data, Google created a backdoor access system into Gmail accounts. This feature is what the Chinese hackers exploited to gain access.

Google's system isn't unique. Democratic governments around the world -- in Sweden, Canada and the UK, for example -- are rushing to pass laws giving their police new powers of Internet surveillance, in many cases requiring communications system providers to redesign products and services they sell. Many are also passing data retention laws, forcing companies to retain information on their customers. In the U.S., the 1994 Communications Assistance for Law Enforcement Act required phone companies to facilitate FBI eavesdropping, and since 2001, the National Security Agency has built substantial eavesdropping systems with the help of those phone companies. Systems like these invite misuse: criminal appropriation, government abuse and stretching by everyone possible to apply to situations that are applicable only by the most tortuous logic. The FBI illegally wiretapped the phones of Americans, often falsely invoking terrorism emergencies, 3,500 times between 2002 and 2006 without a warrant. Internet surveillance and control will be no different.

Facebook Mischief

F-Secure Weblog

by Sean

January 26, 2010

Facebook recently published a nice new feature: Reply to this email to comment on this status.

But is it secure? As it turns out, based on our testing, anyone can use the Reply To address, from any e-mail account.

ICANN Announces DNSSEC Deployment in Root Zone of DNS

WHIR Web Hosting Industry News

by David Hamilton

January 28, 2010

In an important milestone, the three organizations spanning business, government and non-profit sectors have enabled DNSSEC information to now be served by L-Root, one of the Internet's 13 root servers, operated by ICANN.

According to the announcement this week, ICANN collaborated with the Commerce Department's National Telecommunications and Information Administration and VeriSign, Inc. in an effort to bolster the deployment of DNSSEC in the root zone of the Domain Name System, which is vitally important to the proper operation of almost all services on the Internet. DNSSEC deployment in the root zone is the biggest structural improvement to the DNS to happen in two decades according to ICANN. The Internet's technical community has been widely involved in the rollout of DNSSEC to make sure that any unintended consequences of the deployment can be identified and mitigated promptly. ICANN engineers executed a maintenance procedure to introduce DNSSEC data into L-Root between 1800-2000 UTC on Wednesday. The maintenance was completed as planned. The reaction of the root server system as a whole to the change is being closely monitored, with root server operators performing extensive data collection and analysis coordinated by DNS-OARC, the Domain Name System Operations Analysis and Research Center.

Leaders Call for Review After 49 House Websites Defaced

WHIR Web Hosting Industry News

by David Hamilton

January 29, 2010

Following the president's State of the Union address, a hacker infiltrated 49 House of Representatives websites of both political stripes to post an obscene message insulting President Barack Obama.

House chief administrative officer spokesman Jeff Ventura told the press that while most House websites are managed totally by House technicians, individual offices are permitted to contract with a third party to manage new features and updates. The sites that succumbed to the online attack were managed by GovTrends, a private vendor based in Alexandria, Virginia. Ventura told the AP that, while performing an update, GovTrends left itself vulnerable, letting the hacker penetrate individual member sites and committees overnight. This let the attacker leave a message insulting the president, who spoke at the House Wednesday night. The message read that it was "from Brasil," however, the true origins of the attack are unclear, as well as any specific political motivations.

CIA, PayPal Among Organizations Hit by SSL Assault

WHIR Web Hosting Industry News

by David Hamilton

February 1, 2010

According to multiple reports by online researchers, including Internet watchdog group Shadow Server and SecureWorks malware research director Joe Stewart, these sites experienced an unexpected rise in traffic by several million hits spread out across sev

"This might be a big deal if you're used to only getting a few hundred or thousands of hits a day or you don't have unlimited bandwidth," Shadow Server notes in a blog post. Shadow Server went on to suggest that the Pushdo botnet, which recently underwent changes to its core code, was likely the perpetrator, causing infected nodes to create junk SSL connections to approximately 315 different websites. This attack, Shadow Server notes, is not the typical distributed denial of service operation, and it seems that knocking sites offline wasn't the end goal. "The bots seem to start to initiate an SSL connection and a bit of junk to the websites and then disconnect," they stated. "They do not actually request an resources from the website or do anything else other than repeat the cycle periodically. They are doing this to hundreds of sites all day long. We find it hard to believe this much activity would be used to make the bots blend in with normal traffic, but at the same time it doesn't quite look like a DDoS either." Given the nature of the attack, it remains unclear why Pushdo unleashed the torrent.

iPhone vulnerable to remote attack on SSL

theregister.co.uk

by Dan Goodin

February 2, 2010

Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.

The revelation comes after the hack was discussed in an anonymous blog post over the weekend. It explained how it was possible to sign an XML-based configuration file using a SSL certificate registered to a fictitious company called Apple Computer. Because the iPhone checks only that the certificate was signed by a trusted CA, or certificate authority, the author's rogue update.mobilconfig file was accepted and executed. The author claimed the hack could be used to change an iPhone's proxy settings, a change that would allow attackers to do much more nefarious deeds such as funnel traffic to servers under their control. Miller said he wasn't sure such an attack was possible, but he didn't rule it out, either.

US Wins Dirtiest Web Hosting Country Title: Sophos Report

WHIR Web Hosting Industry News

by David Hamilton

February 3, 2010

According to Sophos' Security Threat Report, more than a third of the world's infected sites are hosted in the US, placing it ahead of Russia's 12.8 percent share and China's 11.2 percent.

Sophos warns US hosts to clean up their act by taking better care to weed out malicious websites in their care. Also, webmasters should ensure that their sites are securely coded and properly patched against hackers who try to inject malicious software into their pages.

Sprechen Sie SSL?

f-secure.com

February 23, 2010

Why is it that banking trojans are a problem when all online banks are HTTPS secured and many of them employ multi-factor authentication? The answer: Humans are not digital.

If malware can modify the memory of the browser, or some other application, it can gain control. This is not just a problem for online banking and not just with malware. For example, current MMORPG games typically do quite a bit of the computation needed on the client side. Not all of this computation is graphics processing. This creates the possibility for cheating in games by patching the client or its memory locally on the host (Greg Hoglund and Gary McGraw have written a book called "Exploiting Online Games: Cheating Massively Distributed Systems [2007]" on the subject). Another good example of this "client-side dilemma" is voting. Imagine sitting at home on your couch while using your web browser to vote in your local/state/national elections. If and when this becomes possible, malware may be used to rig votes.

SEO Poisoning Sites Use Flash for Redirection

f-secure.com

March 4, 2010

Another day, another news, and well... another SEO poisoning stint. Since a lot of websites use SWF, most users have already installed Flash support in their browsers, thereby also enabling support for the malware behavior. The SWF is of course the key to

[First]  [Previous] |    10     11     12     13     14     15     16     17     18     19    | [Next]  [Last] of 172 page(s)