Dang it’s been a busy week on the security front, so cold or no cold let’s get to it.
Hacking 2.0: Today’s Hackers Target Web, For Money – Read/WriteWeb
Web Security firm Finjan has just released their Q4 2006 report on web threats, which includes describing two cases of web 2.0 hacker attacks, on Wikipedia and MySpace. What’s more, the report says that hacking the Web is very much a commercial activity nowadays – which is keeping Web security companies like Finjan on their toes heading into 2007. The report also makes some predictions around web security for 2007.
Make sure files you’ve deleted are truly gone – SignOnSanDiego.com
Sooner or later, the computer is going to need an upgrade. You’ll copy its vital files onto the new device and then recycle the now-obsolete hardware.
But what about those files? Did you delete them? Are they really gone? You had personal and credit information on there for friends, family and clients.
The answer far too often is that no, the files aren’t really gone. In the bad old days when everyone tossed their old technology in the trash, the dirt, moisture and bulldozers at the landfill provided a form of identity protection, but at a huge toxic price.
Zombie computers and botnets – a growing threat that won’t go away – IT Wire
Thanks to browsers and operating systems filled with security flaws, along with the ever present threat of malware and spyware, computer systems in homes and offices around the globe are being harnessed by bad hackers and criminal gangs and syndicates.
Botnets, which have been around for some time now and are an increasingly growing threat to all Internet users, can also be used to send spam to us all, using individual’s computers to send out spam messages, making the originators of the spam that much harder to track down. They’re also used to scan our PCs for banking and other financial information, or install keyloggers to capture the passwords we use every day, to be used in identity theft and to commit other crimes
Hack Attack: Seven New Year’s Resolutions for your PC – Lifehacker.com
At the start of every new year, people the world over make resolutions to better themselves, with fitness, health, money, and career goals at the forefront of our minds. But what about your poor, neglected PC? Couldn’t it use, at the very least, a few resolutions toward better health and fitness?
Today, I’ve compiled a list of 7 PC resolutions – those nagging PC activities you should engage in more often but don’t – to help you and your computer start off the new year on the right foot. From defragging and backing up your hard drive to organizing your documents, this is a roundup of best practices and automation tools straight from the Lifehacker vault.
Vista flaw discovered, risk believed low – MSNBC.com
Windows Vista, the new computer operating system that Microsoft Corp. is touting as its most secure ever, contains a programming flaw that might let hackers gain full control of vulnerable computers.
(MSNBC is a joint Microsoft-NBC Universal venture.)
Microsoft and independent security researchers, however, tried to play down the risk from the flaw, which was disclosed on a Russian site recently and is apparently the first affecting the new Vista system released to larger businesses in late November.
Malware creators turn code protection technique to their advantage – IT Business.ca
A technique for coding designed to protect software against reverse engineering that is being exploited by malicious code writers is growing in popularity, according to a report released this week.
According to Finjan Inc.’s Web Security Trends Report for Q4 2006, dynamic code obfuscation as a method of hiding malicious code is becoming more popular with hackers.
New Online Fraud Tool Kit Discovered – 27B Stroke 6
Fraud detectors at RSA Security have found a demo of a new online fraud toolkit that automates the process of setting up fake websites that sit between a user and a real site, such as a bank, she is trying to access with passwords or other authentication. Users must first click on a fake link, usually embedded in a “phishing” email for the fake website to load and steal the username and passwords.
VeriSign Offers Hackers $8,000 Bounty on Vista, IE 7 Flaws – eWeek
VeriSign’s iDefense Labs has placed an $8,000 bounty on remote code execution holes in Windows Vista and Internet Explorer 7.
The Reston, Va., security intelligence outfit threw out the monetary reward to hackers as part of a challenge program aimed at luring researchers to its controversial pay-for-flaw VCP (Vulnerability Contributor Program).
Spam and botnet levels continue to soar – SC Magazine
The number of spam messages jumped to a record 94 per cent of all email on the internet last month, research from Postini reveals.
More than 25 billion spam messages were blocked in December, an increase of 144 per cent from the previous year.
This rise in spam is linked to a virus released by hackers in late December, called the ‘Happy New Year’ worm, which infected high numbers of computers with botnets and then pumped out spam, experts at the email management company claim.
Malware now hiding in search results – ARNnet
Victims of malware infection often have little chance of researching what has hit them using search engine results, security company Prevx has discovered.
The company analyzed 250,000 malicious filenames from a total database of 30 million listed by search engines during 2006, and found that a growing number were using clever file-naming techniques to avoid easy search detection.
Saddam spam hides Trojan malware – PC Authority
Clips of former dictator’s execution used to spread malware.
Security firms are warning that Trojan malware installers are being placed inside emails claiming to offer videos of the hanging of former Iraqi leader Saddam Hussein.
Symantec and F-Secure have issued warnings to users that emails are being sent out which advertise video footage of the execution. The user is then prompted to install a .exe or .scr file which contains the malware.
Hey, like this post? Why not share it with a buddy?