Reliable Answers - News and Commentary

Virus Information News

How To Master CSS

How To Master CSS

"With How To Master CSS, you'll discover how to read stylesheets, how to recognise the best solution and how to translate a graphical design to a real website, simply by watching my fun and sophisticated training videos. Hundreds of people, just like you, worldwide have used my unique multimedia course to fast-track their Stylesheet learning, while having piles of fun in the process. Will you be next?"

It doesn't matter what level you are at now (beginner or intermediate), How to Master CSS is packed full of quality step-by-step lessons, video files, an editor and other resources to get YOU results fast!

      
 Title   Date   Author   Host 

f-secure.com

March 5, 2010

Just when we thought SEO using Flash was as interesting as SEO poisoning can get, it seems it's getting even sneakier...

Imagine a PDF file posted by someone evil online. Of course, Google being Google, the file is recognized as a PDF. Three hours later... Google still says the file is a PDF. Brod (one of our geeky guys here) is attributing this to Google's cache. But is it really a PDF this time around?

blog.commtouch.com

by Avi Turiel

March 4, 2010

No, not really - but a recent outbreak seems to use no technique at all to get recipients to click on a link to a malware-hosting site.

The links lead to sites requiring "the latest version of Macromedia Flash Player". Clicking on the download link or simply loading the page gets you free malware and an all-expenses-paid trip to the nearest botnet. Serves you right for not knowing that Macromedia was acquired by Adobe over 4 years ago.

f-secure.com

March 4, 2010

Remember Microsoft's action against 277 Waledac domains last week? Well, that's one way of going after a botnet... Another way of shutting down a botnet? Arrest the botmasters!

Three Spanish citizens have been arrested for running the "Mariposa" botnet. The three reportedly have no criminal records and have limited hacking skills. Mariposa is a Butterfly Kit based botnet, and the kit is no longer for sale. Details are available from the BBC and The Register. Kudos to those involved in the arrests.

f-secure.com

March 4, 2010

Another day, another news, and well... another SEO poisoning stint. Since a lot of websites use SWF, most users have already installed Flash support in their browsers, thereby also enabling support for the malware behavior. The SWF is of course the key to

f-secure.com

February 23, 2010

Why is it that banking trojans are a problem when all online banks are HTTPS secured and many of them employ multi-factor authentication? The answer: Humans are not digital.

If malware can modify the memory of the browser, or some other application, it can gain control. This is not just a problem for online banking and not just with malware. For example, current MMORPG games typically do quite a bit of the computation needed on the client side. Not all of this computation is graphics processing. This creates the possibility for cheating in games by patching the client or its memory locally on the host (Greg Hoglund and Gary McGraw have written a book called "Exploiting Online Games: Cheating Massively Distributed Systems [2007]" on the subject). Another good example of this "client-side dilemma" is voting. Imagine sitting at home on your couch while using your web browser to vote in your local/state/national elections. If and when this becomes possible, malware may be used to rig votes.

WHIR Web Hosting Industry News

by David Hamilton

February 3, 2010

According to Sophos' Security Threat Report, more than a third of the world's infected sites are hosted in the US, placing it ahead of Russia's 12.8 percent share and China's 11.2 percent.

Sophos warns US hosts to clean up their act by taking better care to weed out malicious websites in their care. Also, webmasters should ensure that their sites are securely coded and properly patched against hackers who try to inject malicious software into their pages.

theregister.co.uk

by Dan Goodin

February 2, 2010

Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.

The revelation comes after the hack was discussed in an anonymous blog post over the weekend. It explained how it was possible to sign an XML-based configuration file using a SSL certificate registered to a fictitious company called Apple Computer. Because the iPhone checks only that the certificate was signed by a trusted CA, or certificate authority, the author's rogue update.mobilconfig file was accepted and executed. The author claimed the hack could be used to change an iPhone's proxy settings, a change that would allow attackers to do much more nefarious deeds such as funnel traffic to servers under their control. Miller said he wasn't sure such an attack was possible, but he didn't rule it out, either.

WHIR Web Hosting Industry News

by David Hamilton

February 1, 2010

According to multiple reports by online researchers, including Internet watchdog group Shadow Server and SecureWorks malware research director Joe Stewart, these sites experienced an unexpected rise in traffic by several million hits spread out across sev

"This might be a big deal if you're used to only getting a few hundred or thousands of hits a day or you don't have unlimited bandwidth," Shadow Server notes in a blog post. Shadow Server went on to suggest that the Pushdo botnet, which recently underwent changes to its core code, was likely the perpetrator, causing infected nodes to create junk SSL connections to approximately 315 different websites. This attack, Shadow Server notes, is not the typical distributed denial of service operation, and it seems that knocking sites offline wasn't the end goal. "The bots seem to start to initiate an SSL connection and a bit of junk to the websites and then disconnect," they stated. "They do not actually request an resources from the website or do anything else other than repeat the cycle periodically. They are doing this to hundreds of sites all day long. We find it hard to believe this much activity would be used to make the bots blend in with normal traffic, but at the same time it doesn't quite look like a DDoS either." Given the nature of the attack, it remains unclear why Pushdo unleashed the torrent.

WHIR Web Hosting Industry News

by David Hamilton

January 29, 2010

Following the president's State of the Union address, a hacker infiltrated 49 House of Representatives websites of both political stripes to post an obscene message insulting President Barack Obama.

House chief administrative officer spokesman Jeff Ventura told the press that while most House websites are managed totally by House technicians, individual offices are permitted to contract with a third party to manage new features and updates. The sites that succumbed to the online attack were managed by GovTrends, a private vendor based in Alexandria, Virginia. Ventura told the AP that, while performing an update, GovTrends left itself vulnerable, letting the hacker penetrate individual member sites and committees overnight. This let the attacker leave a message insulting the president, who spoke at the House Wednesday night. The message read that it was "from Brasil," however, the true origins of the attack are unclear, as well as any specific political motivations.

WHIR Web Hosting Industry News

by David Hamilton

January 28, 2010

In an important milestone, the three organizations spanning business, government and non-profit sectors have enabled DNSSEC information to now be served by L-Root, one of the Internet's 13 root servers, operated by ICANN.

According to the announcement this week, ICANN collaborated with the Commerce Department's National Telecommunications and Information Administration and VeriSign, Inc. in an effort to bolster the deployment of DNSSEC in the root zone of the Domain Name System, which is vitally important to the proper operation of almost all services on the Internet. DNSSEC deployment in the root zone is the biggest structural improvement to the DNS to happen in two decades according to ICANN. The Internet's technical community has been widely involved in the rollout of DNSSEC to make sure that any unintended consequences of the deployment can be identified and mitigated promptly. ICANN engineers executed a maintenance procedure to introduce DNSSEC data into L-Root between 1800-2000 UTC on Wednesday. The maintenance was completed as planned. The reaction of the root server system as a whole to the change is being closely monitored, with root server operators performing extensive data collection and analysis coordinated by DNS-OARC, the Domain Name System Operations Analysis and Research Center.

      

Help keep this page up-to-date. Submit a Virus Information News link for inclusion on this page.

Carschooling by Diane Flynn Keith
Carschooling

Take me to the top

We invite you
to visit:

Professional Web Hosting and Design Services: 12 Point Design Local Homeschool provides the most up-to-date support group listings in a geographical and searchable index Budget Homeschool Kidjacked -- To seize control of a child, by use of force SaferPC dispels security misunderstandings and provides you with a solid understanding of viruses and computer security Reliable Answers - developer information, current news, human interest and legislative news Twain Harte Times - Twain Harte, CA - The closest you can get to Heaven on Earth Cranial Laser & Neurolymphatic Release Techniques (CLNRT) - Experience dramatic pain reduction At Summit Chiropractic our mission is to improve your quality of life - We know that health is much more than just not feeling pain Visit UniveralPreschool.com to learn about your preschool options.
Reliable Answers.com/virus/news.asp
Google