Make that late afternoon – it’s been one of those days where finding motivation is tied directly to the number of coffee’s one is allowed. Anyway on to this week’s security tidbits.

Windows ‘fails’ active virus test – SecGuru

Security tools that work with Windows Vista have failed tests to see if they can detect viruses circulating online. Microsoft’s Windows Live OneCare security tool was one of four products that failed independent tests carried out by the Virus Bulletin.

Don’t leave your wireless wide open – WhatPC?

Since receiving a letter turning me down for a credit card I hadn’t applied for, I have become obsessed with identity security. I’m particularly worried about wireless networks because they remain a vulnerable conduit for personal information.

Security Standoff: Vista Versus Apple – Forbes.com

Anyone hoping for some theatrics out of Microsoft Chairman Bill Gates during Tuesday’s RSA security conference in San Francisco was sorely disappointed.

RSA ’07: New threats could hamper traditional antivirus tools – NetworkWorld

An emerging breed of sophisticated malware is raising doubts about the ability of traditional signature-based security software to fend off new viruses and worms, according to experts at this week’s RSA Security Conference in San Francisco

Highly-Critical Flaw Discovered in Trend Micro Products – eWeek

A dangerous buffer-overflow flaw in Trend Micro anti-virus software products was reported by Trend Micro and confirmed by security researchers at iDefense Labs.

Corporate crimeware threat ‘moving to Adobe’ – ZDNet

The launch of Microsoft Office 2007 is likely to force malicious hackers to focus more attention on looking for vulnerabilities in other desktop applications, such as Abobe’s Acrobat Reader, experts told delegates at the RSA Conference 2007 in San Francisco on Wednesday.

Damn it’s been a busy week around the web when it comes to security; so lets not waste any time with chitchat.

New spam trick: Mimic legit newsletters – Inside BayArea

Spammers have something new in their bag of tricks.

Those ubiquitous Viagra ads have been disguising themselves as e-mail newsletters, the kind you get to find out the latest airline deals or keep up with your fantasy football team.

Spammers haven’t actually broken into legitimate marketers’ computer systems to send out the messages. Rather, like the phishing scams that lift the code off the real Web sites of financial institutions, spammers have tweaked legitimate e-mail and sent them through normal spam channels.

The technique appears aimed at bypassing human and software controls

Storm Trojan floods email boxes – ARNnet

Malicious Trojan horse software claiming to provide information on topics like the deadly storms that have battered Europe in recent days infected thousands of computers over the weekend as it spreads rapidly across the globe.

Swedish Bank Struck by Largest Online Phishing Heist – DailyTech

Swedish bank Nordea was the target of one of the largest online heists.  The bank lost between 7 to 8 million Swedish kronor (a little over $1.1 million USD) in a phishing scam that had been taking place over the last 15 months, according to ZDNET UK.

Google’s anti-phishing plugin leaked passwords – Ars Technica

A recent press release from web security provider Finjan Inc. has exposed a security flaw with Google’s anti-phishing browser extension for the Firefox web browser. Apparently, the extension accidentally gathered some users’ e-mail addresses and passwords.

Hackers shifting from e-mail to web, report says – CBC.ca

The growth of user-created web content on sites like YouTube is going to become the hot spot for online security in 2007, security company Sophos PLC predicted Monday.

US, China main sources of malware – Australian IT

THE US and China host nearly two-thirds of spam, viruses and other computer security threats delivered around the world in 2006.
Computer security firm Sophos said 34.2 per cent of the so-called malware last year originated from the United States, with 31 per cent from China. Russia was third, accounting for 9.5 per cent of the threats.

Online fraud ‘now major concern’ – BBC News

Britons fear being ripped-off online more than gun crime, climate change or even contracting MRSA in hospital, a survey has suggested.

Online fraud worries four out of 10 Britons, according to a survey from 3V, an electronic payments company.

Privacy breaches – Globe and Mail

When Canadian Imperial Bank of Commerce stepped forward last week and revealed it had lost a hard drive containing information on almost half a million mutual fund customers, it incited some predictable hand-wringing. How do sensitive computer files simply disappear from an office? How did CIBC, a bank that was sanctioned for lax privacy systems a scant two years ago, mess up yet again? And, most important, how prevalent have these sorts of security breaches become in the age of online banking and debit transactions?

Webroot: Vista’s Defender stops only 16% of spyware – InfoWorld

Users who put their faith in Vista’s new security features and Microsoft’s Windows Defender antispyware product may find themselves under attack from spyware all the same, according to the results of a study by Webroot, a leading antispyware vendor and Microsoft competitor.

After Stormy Start, Worm Turns to Love in Major New Attack – InfoZine

Experts at SophosLabs™, Sophos’s global network of virus, spyware and spam analysis centers, have warned of a major new malicious attack occuring against internet users since 14:00 GMT. New variants of the Dorf malware family (earlier incarnations of which purported to be breaking news of deaths caused by European storms) are now using disguises associated with love and greeting cards.

Gee .. no earth shattering Windows security issues, no groundbreaking hacking news. You’d almost think it had been a quiet week security wise.

Zombie Computers Clog the Web with Spam – ConsumerAffairs.com

Email inboxes are being clogged with what seems like a huge increase in unwanted spam messages. Consumers may wonder where all these messages could be coming from. In truth, they most likely are coming from other consumers’ computers — maybe even their own.

“Many computer users do not realize that hackers are using their machines to send bulk e-mails by the millions,” said Lydia Parnes, Director of Consumer Protection at the Federal Trade Commission.

Attack code out for ‘critical’ Windows flaw – ZDNet Asia

Computer code that exploits a security vulnerability in Windows has been published on the Internet, making it more urgent for users of the operating system to patch.

The attack code exploits a flaw in the way Windows handles Vector Markup Language, or VML, documents, which are used for a type of high-quality graphic on the Web. The bug lies in a Windows component called “vgx.dll” that supports these files.

Forget privacy in age of Internet – Freep.com

Got a secret?

Chances are, it’s out there somewhere in the Internet ether.

And sooner or later, it’s probably going to turn up on the computer screen of someone you never dreamed would see it.

Identity theft and key logging main security threats for 2007 – Computer Active

Key logging and online phishing scams will be the main security threats this year, a McAfee whitepaper claims.

Identity theft is a growing trend, and McAfee has found that key logging has risen by 250 per cent since 2004. It also found that the number of online scam alerts had risen by 100 per cent – from 176 incidents in January 2004 to 17,600 in May 2006.

Computer Security: The New Wave – BusinessWeek.com

Antivirus technology is a crock. It fails to prevent computers from getting infected with viruses, and this failure contributes to many other security woes that plague the world’s computers.

Because viruses spread, hackers find it easier to compromise computers, identity theft is better enabled, and computer fraud is easier to perpetrate. Virus-infected computers become a resource for hackers to exploit. Some hackers assemble and control networks of thousands of such computers and use them to distribute huge volumes of spam, mount sophisticated phishing attacks, and launch targeted “denial of service” attacks on companies.

Dang it’s been a busy week on the security front, so cold or no cold let’s get to it.

Hacking 2.0: Today’s Hackers Target Web, For Money – Read/WriteWeb

Web Security firm Finjan has just released their Q4 2006 report on web threats, which includes describing two cases of web 2.0 hacker attacks, on Wikipedia and MySpace. What’s more, the report says that hacking the Web is very much a commercial activity nowadays – which is keeping Web security companies like Finjan on their toes heading into 2007. The report also makes some predictions around web security for 2007.

Make sure files you’ve deleted are truly gone – SignOnSanDiego.com

Sooner or later, the computer is going to need an upgrade. You’ll copy its vital files onto the new device and then recycle the now-obsolete hardware.

But what about those files? Did you delete them? Are they really gone? You had personal and credit information on there for friends, family and clients.

The answer far too often is that no, the files aren’t really gone. In the bad old days when everyone tossed their old technology in the trash, the dirt, moisture and bulldozers at the landfill provided a form of identity protection, but at a huge toxic price.

Zombie computers and botnets – a growing threat that won’t go away – IT Wire

Thanks to browsers and operating systems filled with security flaws, along with the ever present threat of malware and spyware, computer systems in homes and offices around the globe are being harnessed by bad hackers and criminal gangs and syndicates.

Botnets, which have been around for some time now and are an increasingly growing threat to all Internet users, can also be used to send spam to us all, using individual’s computers to send out spam messages, making the originators of the spam that much harder to track down. They’re also used to scan our PCs for banking and other financial information, or install keyloggers to capture the passwords we use every day, to be used in identity theft and to commit other crimes

Hack Attack: Seven New Year’s Resolutions for your PC – Lifehacker.com

At the start of every new year, people the world over make resolutions to better themselves, with fitness, health, money, and career goals at the forefront of our minds. But what about your poor, neglected PC? Couldn’t it use, at the very least, a few resolutions toward better health and fitness?

Today, I’ve compiled a list of 7 PC resolutions – those nagging PC activities you should engage in more often but don’t – to help you and your computer start off the new year on the right foot. From defragging and backing up your hard drive to organizing your documents, this is a roundup of best practices and automation tools straight from the Lifehacker vault.

Vista flaw discovered, risk believed low – MSNBC.com

Windows Vista, the new computer operating system that Microsoft Corp. is touting as its most secure ever, contains a programming flaw that might let hackers gain full control of vulnerable computers.

(MSNBC is a joint Microsoft-NBC Universal venture.)

Microsoft and independent security researchers, however, tried to play down the risk from the flaw, which was disclosed on a Russian site recently and is apparently the first affecting the new Vista system released to larger businesses in late November.

Malware creators turn code protection technique to their advantage – IT Business.ca

A technique for coding designed to protect software against reverse engineering that is being exploited by malicious code writers is growing in popularity, according to a report released this week.

According to Finjan Inc.’s Web Security Trends Report for Q4 2006, dynamic code obfuscation as a method of hiding malicious code is becoming more popular with hackers.

New Online Fraud Tool Kit Discovered – 27B Stroke 6

Fraud detectors at RSA Security have found a demo of a new online fraud toolkit that automates the process of setting up fake websites that sit between a user and a real site, such as a bank, she is trying to access with passwords or other authentication. Users must first click on a fake link, usually embedded in a “phishing” email for the fake website to load and steal the username and passwords.

VeriSign Offers Hackers $8,000 Bounty on Vista, IE 7 Flaws – eWeek

VeriSign’s iDefense Labs has placed an $8,000 bounty on remote code execution holes in Windows Vista and Internet Explorer 7.

The Reston, Va., security intelligence outfit threw out the monetary reward to hackers as part of a challenge program aimed at luring researchers to its controversial pay-for-flaw VCP (Vulnerability Contributor Program).

Spam and botnet levels continue to soar – SC Magazine

The number of spam messages jumped to a record 94 per cent of all email on the internet last month, research from Postini reveals.

More than 25 billion spam messages were blocked in December, an increase of 144 per cent from the previous year.

This rise in spam is linked to a virus released by hackers in late December, called the ‘Happy New Year’ worm, which infected high numbers of computers with botnets and then pumped out spam, experts at the email management company claim.

Malware now hiding in search results – ARNnet

Victims of malware infection often have little chance of researching what has hit them using search engine results, security company Prevx has discovered.

The company analyzed 250,000 malicious filenames from a total database of 30 million listed by search engines during 2006, and found that a growing number were using clever file-naming techniques to avoid easy search detection.

Saddam spam hides Trojan malware – PC Authority

Clips of former dictator’s execution used to spread malware.

Security firms are warning that Trojan malware installers are being placed inside emails claiming to offer videos of the hanging of former Iraqi leader Saddam Hussein.

Symantec and F-Secure have issued warnings to users that emails are being sent out which advertise video footage of the execution. The user is then prompted to install a .exe or .scr file which contains the malware.