Microsoft Denies it Built 'Backdoor' in Windows 7

Posted by Donster on: 2009-11-20 17:00:26 in category: Virus/Spam/Security News [ Print ]

Don't worry, company tells users; NSA involved only in security compliance standards

By Gregg Keizer @ ComputerWorld

Microsoft today denied that it has built a backdoor into Windows 7, a concern that surfaced yesterday after a senior National Security Agency (NSA) official testified before Congress that the agency had worked on the operating system.

"Microsoft has not and will not put 'backdoors' into Windows," a company spokeswoman said, reacting to a Computerworld story Wednesday.

On Monday, Richard Schaeffer, the NSA's information assurance director, told the Senate's Subcommittee on Terrorism and Homeland Security that the agency had partnered with the developer during the creation of Windows 7 "to enhance Microsoft's operating system security guide."

Read more...

News Source: Email

Browser Security Features Compared

Posted by Donster on: 2009-11-20 16:30:54 in category: Virus/Spam/Security News [ Print ]

By Dennis O'Reilly @ CNET News

Internet Explorer 8, Firefox 3, Google Chrome 4, Apple's Safari 4, and Opera 10 include features that block sites known to host malware and malicious downloads. All but Opera also let you browse without leaving any tracks. But just as important as these protections is ensuring that whichever browser you use is thoroughly patched.

Read on...

News Source: Email

Microsoft Patching Zero-day Windows 7 SMB Hole

Posted by Donster on: 2009-11-16 16:36:07 in category: Virus/Spam/Security News [ Print ]

By Elinor Mills @ CNET News

Microsoft on Friday said it is working on a fix for a vulnerability in the Server Message Block file-sharing protocol in Windows 7 and Windows Server 2008 Release 2 that could be used to remotely crash a computer.

The software giant had said on Wednesday that it was looking at the bug, discovered by researcher Laurent Gaffié, who published proof-of-concept code on a blog.

"Microsoft is aware of public, detailed exploit code that would cause a system to stop functioning or become unreliable. If exploited, this [denial-of-service] vulnerability would not allow an attacker to take control of, or install malware on, the customer's system but could cause the affected system to stop responding until manually restarted," Dave Forstrom, group manager for public relations at Microsoft Trustworthy Computing, said in a statement. "It is important to note that the default firewall settings on Windows 7 will help block attempts to exploit this issue."

Read more...

News Source: Email

Microsoft Patches Critical Hole in Windows Kernel

Posted by Donster on: 2009-11-10 16:07:50 in category: Virus/Spam/Security News [ Print ]

By Elinor Mills @ CNET News

Microsoft on Tuesday issued six security bulletins fixing 15 vulnerabilities, including a critical patch for holes in the Windows kernel and other Windows and Office components that could allow an attacker to take control of a computer.

The critical bulletin affecting the Kernel-Mode Drivers was publicly disclosed and could be used to create a Web page with malware designed to exploit the hole on systems that visit the page, Microsoft said in a blog posting.

"MS09-065, a bug in the Windows kernel, is this month's most serious issue," said Andrew Storms, director of security operations at nCircle. "The vulnerability allows for remote code execution, and the attack code can be embedded inside MS Office files or be hosted on websites. Simply browsing an infected website will compromise unsuspecting users -- not great for all the holiday shoppers looking to get a jump on their shopping. The novelty value of this bug is likely to attract many researchers. A lot of people will try to be the first to publicly post exploit code."

Read more...

News Source: Email

Ad-Aware Caters to Gamers and Entertainment Fans with New Security Solution

Posted by Donster on: 2009-11-05 15:48:23 in category: Virus/Spam/Security News [ Print ]

Ad-Aware Game Edition provides relevant protection while you play. The world’s most trusted anti-malware has been optimized for online gamers and entertainment enthusiasts to provide security against cyber creeps, without interrupting work and play, or straining system resources.

Lavasoft, makers of globally trusted Ad-Aware security software, today announced the release of Ad-Aware Game Edition – a spin-off of its flagship product – aimed specifically to meet the needs of today’s online gamers and entertainment fans with real-time anti-virus and anti-spyware protection, and technology designed to deliver online protection without interruptions or resource strain.

“Gamers and online entertainment fans are in a high risk group in terms of computer security – spending long periods of time connected to the Internet, at risk from opportunistic cyber thieves. At the same time, there’s a struggle to find security solutions that won’t impact online experience. The Game Edition was developed specifically with the needs of this niche market in mind, giving users the ability to protect their privacy and security from cyber crooks as they work and play in full-screen mode,” says Lavasoft CEO Jason King.

PRESS RELEASE

News Source: Email

Microsoft to Fix Six Holes in Windows, Office

Posted by Donster on: 2009-11-05 15:31:20 in category: Virus/Spam/Security News [ Print ]

Source: CNET News

Microsoft said on Thursday it will issue patches next week for six vulnerabilities, including three critical Windows holes and two important holes in Office.

Affected software includes Windows 2000, XP, Server 2003, Vista, Server 2008, Office XP, Office 2003, 207 Microsoft Office System, Office 2004 for Mac, and Office 2008 for Mac, the company said in an advisory.

November's Patch Tuesday is a stark contrast to the record number of fixes issued last month--13 bulletins for 34 vulnerabilities.

News Source: Email

Sophos Finds Windows 7 UAC Fails to Block 7 out of 10 Pieces of Malware

Posted by Donster on: 2009-11-05 15:26:23 in category: Virus/Spam/Security News [ Print ]

Antivirus protection still necessary, says firm

By Jason Mick @ DailyTech

One of the most unpopular features of Windows Vista among casual users was the User Account Control (UAC). Ironically, while the UAC provoked irate comments from these users, like "why is my computer asking me to approve everything", the feature was one of the most appreciated features by power users as it gave them much more control over their security and ability to prevent inappropriate actions.

With Windows 7, Microsoft pledged to go the OS X route on this topic, tuning down the UAC's warnings to a lesser level. Many security firms complained about this approach and Microsoft relented slightly, restoring some of the UAC's warnings, in particular a warning about the disabling the UAC altogether (experts showed that attackers could disable the UAC without prompting the user in early builds of Windows 7).

While these changes helped make Windows 7's release edition more secure than the test builds, the UAC's default setting is still neutered compare to Vista's robust solution, indicates Sophos Senior Security Adviser Chester Wisniewski. He's just completed a study of attacking Windows 7 with malware and seeing how the new UAC responds.

Of the ten pieces of malware tested, Windows 7 wouldn't install two of them. Of the remaining eight only one generated a UAC warning, allowing the user to disallow its installation.

Read more...

News Source: Email

Latest Security & Internet News

Posted by Donster on: 2009-11-02 17:36:36 in category: Virus/Spam/Security News [ Print ]

We have a few important Security articles on new Scams, Trojans, Phishing, Worms, etc that all our readers should be made aware of. Stay safe and read the articles posted via the links below.

News Source: Email

Kaspersky Tool Detects Malware in Twitter Links

Posted by Donster on: 2009-10-29 15:12:39 in category: Virus/Spam/Security News [ Print ]

By Elinor Mills @ CNET News

Kaspersky unveiled a new tool on Thursday called "Krab Krawler" that analyzes the millions of tweets posted on Twitter every day and blocks any malware associated with them.

The tool looks at every public post as it appears on Twitter, extracts any URLs in them and analyzes the Web page they lead to, expanding any URLS that have been shortened, Costin Raiu, a senior malware analyst at Kaspersky, said in an interview.

The company is scanning nearly 500,000 new unique URLs that appear in Twitter posts daily, he said. Of those, anywhere between 100 and 1,000 are malware attacks. Twitter has also been targeted by the Koobface virus which posts malicious links from infected users' accounts.

About 26 percent of the total posts contain URLs, and many of those lead to spam sites that are marketing products or services and aren't considered malware, according to Raiu. Tens of thousands of different accounts are posting spam links, most likely from accounts created by bots, he said. The most frequent URLs posted lead to online dating sites, he added.

Read more...

News Source: Email

Nigerian Police Crack Down on Scammers, Shuts Down Hundreds of Websites

Posted by Donster on: 2009-10-23 17:00:14 in category: Virus/Spam/Security News [ Print ]

By Paul Lilly @ Maximum PC

Nigeria has long been a hotbed for scams - either that, or we've all made a terrible mistake by not wiring over thousands of dollars to unknown recipients for a multi-million dollar payout down the line. Believe it or not, people still fall for it, so we're pleased as punch that Nigeria's anti-corruption police force has stepped up to the plate with some major busts.

"Over 800 fraudulent email addresses have been identified and shut down, "Economic and Financial Crimes Commission (EFCC) boss Farida Waziri said in a statement. "There have been 18 arrests of high profile syndicates operating cyber-crime organizations."

Read more...

News Source: Email

Microsoft Fixing Bing Bug That Helped Spammers

Posted by Donster on: 2009-10-23 16:42:40 in category: Virus/Spam/Security News [ Print ]

By Elinor Mills @ CNET News

Microsoft on Wednesday said it is fixing a bug in Bing that allowed spammers to bypass spam filters and distribute malicious links.

Researchers at Webroot Software discovered a spam campaign earlier this week that used the search engine's own redirection mechanism and a link-shrinking technique to send people to spam Web pages, according to a post on the Webroot threat blog.

The problem is with how Bing formats links in RSS feeds. The redirect from Bing to the spam site is not obfuscated, allowing scammers to append anything to the end of the Bing redirect URL and thus trick spam filters, said Andrew Brandt, a threat researcher at Webroot.

Read more...

News Source: Email

Windows 7 Default User Account Control Worries Experts

Posted by Donster on: 2009-10-23 15:56:02 in category: Virus/Spam/Security News [ Print ]

By Elinor Mills @ CNET News

Corporate IT departments should be pleased with new security measures in Windows 7, but consumers are still at risk of getting hit by malware despite changes in the User Account Control (UAC) feature designed to help people be smarter when using applications, security experts say.

Probably the most talked about security change in Windows 7, scheduled for public release on Thursday, are modifications to the UAC, which was introduced in Vista. The UAC was designed to prevent unauthorized execution of code by displaying a pop-up warning every time a change was being made to the system, whether by the operating system or a third-party application.

Vista users complained that they were bombarded with the warnings and security experts speculated that as a result, many people were just ignoring them or turning them off.

Read on...

News Source: Email

Symantec: Millions of PC Users Tricked by Scareware

Posted by Donster on: 2009-10-20 17:12:59 in category: Virus/Spam/Security News [ Print ]

Online criminals are making millions of pounds by convincing computer users to download fake anti-virus software, internet security experts claim.

Source: BBC NEWS

Symantec says more than 40 million people have fallen victim to the "scareware" scam in the past 12 months.

The download is usually harmful and criminals can sometimes use it to get the victim's credit card details.

The firm has identified 250 versions of scareware, and criminals are thought to earn more than £750,000 each a year.

Read more...

News Source: Email

New Ad-Aware Internet Security from Lavasoft Puts Power in Hands of People

Posted by Donster on: 2009-10-13 16:49:11 in category: Virus/Spam/Security News [ Print ]

News Source: TweakTown

New Ad-Aware introduces advanced Genotype detection to combat the latest forms of malware, cutting-edge malware removal technology, and new community-based initiatives - giving PC users the power to use the Internet how, when, and where they want.

Well-known anti-spyware pioneer Lavasoft today announced the global release of Ad-Aware Internet Security with virus, spyware, and rootkit protection, the latest version of their flagship product that combines leading anti-spyware technology with traditional anti-virus detection for comprehensive malware protection against cyber threats.

“Like all Lavasoft products, each new version of Ad-Aware is designed specifically with the wants and needs of our users in mind. But, with this release, we’re going a step further by not only releasing a product that gives users the power to protect their privacy with advanced technology and easy-to-use functionality, we’re also introducing new community-based initiatives that give even more power to the people – to the millions of Ad-Aware users across the globe,” explains Lavasoft CEO Jason King.

PRESS RELEASE

News Source: Email

Windows 7 Critical Holes Fixed in Record Patch Tuesday

Posted by Donster on: 2009-10-13 16:35:59 in category: Virus/Spam/Security News [ Print ]

By Elinor Mills @ CNET News

Microsoft released a record number of 13 bulletins for 34 vulnerabilities on Patch Tuesday--and the first critical update for Windows 7--as well as fixes for zero-day flaws involving Server Message Block (SMB) and Internet Information Services (IIS).

The most severe of the three SMB flaws, which were first reported last month, could allow an attacker to take control of a computer remotely by sending a specially crafted SMB packet to a computer running the Server service. Exploit code for one of the SMB holes has been posted to the Web, Microsoft said.

Read more...

News Source: Email

Microsoft Readying Biggest-Ever Patch Tuesday for Next Week

Posted by Donster on: 2009-10-09 16:11:21 in category: Virus/Spam/Security News [ Print ]

Source: Maximum PC

It's a good thing most of use have long since moved on from dial-up, because come Tuesday, Microsoft said it will send out its largest-ever number of security updates to fix and plug holes in every version of Windows, including the first update for Windows 7 RTM. Internet Explorer, Office, SQL Server, Forefront Security client, and some developer tools will also be in the mix.

"Thirteen is not a lucky number," said Andrew Storms, director of security operations at nCircle Network Security, in response to the monster update scheduled for October 13. "They've been a busy bunch at Microsoft, that's for sure."

Microsoft will ship 13 updates in all next week, eight of them considered critical. That's enough to break the record of 12 updates shipped in February 2007 and October 2008.

Five of the updates will affect Windows 7, even though the OS has yet to formally launch. However, enterprises with volume licenses, party hosts, and others have been able to obtain and run the finalized the OS for awhile now.

News Source: Email

Unbelievable: "123456" Most Common Hotmail Password

Posted by Donster on: 2009-10-07 16:17:35 in category: Virus/Spam/Security News [ Print ]

By Paul Lilly @ MaximumPC

Over 10,000 Hotmail email accounts were leaked to the web earlier this week as the result of a massive phishing scam, which may not have taken a whole lot of effort. After all, if you're going to choose "123456" as your password, compromising your account is like shooting fish in a barrel.

In this case, there were 64 said fish in a barrel full of over 10,000 compromised Hotmail accounts, making it the most commonly used password of the bunch, according to a researcher who combed through all the posted accounts.

Read more...

News Source: Email

Avoid Being a Victim of an E-mail Phishing Scam

Posted by Donster on: 2009-10-07 16:08:51 in category: Virus/Spam/Security News [ Print ]

By Larry Magid @ CNET News

A recent phishing scam resulting in usernames and passwords of Microsoft's Hotmail, Google's Gmail, and possibly accounts of AOL and Yahoo users being posted online is cause for concern for anyone who uses any of those services. Rather than panic, though, there are simple ways to avoid becoming a victim or being further victimized, if your account has already been compromised.

Microsoft and Google said the compromised information likely came as a result of a phishing scam, through which millions of people are sent e-mail (often warnings about a fake security breach), asking them to click on a link to take them to a Web site so that they can enter their correct information.

Read more...

News Source: Email

AVG 9.0 Now Available, Claims 50% Faster Speed

Posted by Donster on: 2009-10-05 17:11:18 in category: Virus/Spam/Security News [ Print ]

By Paul Lilly @ MaximumPC

AVG Technologies today announced the newest version of "the world's most popular free anti-virus software," AVG 9. For several years, AVG freebie security software had been a favorite in the enthusiast community (and among several Maximum PC staffers), but many -- us included -- felt that version 8 was a step in the wrong direction. In our antivirus roundup from a year ago, we noted that AVG Internet Security 8.0 (the full fledged paid security suite) consumed more RAM and dragged down system performance more than any other AV program we tested.

Performance shouldn't be a problem with AVG 9.0, at least according to AVG's claims. The AV maker says version 9.0 runs 50 percent faster than the previous version, while also improving performance and ease of use.

Read more...

News Source: Email

Security Essentials Fares Well in AV-Test Trial

Posted by Donster on: 2009-10-02 16:49:40 in category: Virus/Spam/Security News [ Print ]

By Lance Whitney @ CNET News

Microsoft's new Security Essentials software has passed at least one exam so far--a review by security testing firm AV-Test.org.

Using the latest version and definition updates of Microsoft Security Essentials (MSSE) downloaded from the Web, AV-Test ran the product through a series of tests on Sept. 29 and 30 to judge its effectiveness at fighting malware.

Read on...

News Source: Email

Microsoft Security Essentials Goes Public, Free Anti-Virus Software For All

Posted by Donster on: 2009-09-29 15:07:24 in category: Virus/Spam/Security News [ Print ]

By FiXT @ HardwareCanucks

Microsoft Security Essentials, independently certified by West Coast Labs, is backed by the company’s global security response team and is built on the same award-winning core security technology found in the company’s security solutions for businesses. It requires no registration, trials or renewals and will be available for download directly from Microsoft at http://www.microsoft.com/security_essentials.

“Consumers have told us that they want the protection of real-time security software but we know that too many are either unwilling or unable to pay for it, and so end up unprotected,” said Amy Barzdukas, general manager for consumer security at Microsoft. “With Microsoft Security Essentials, consumers can get high-quality protection that is easy to get and easy to use — and it won’t get in their way.”

Read more...

News Source: Email

Microsoft to Release Free Security Software Soon

Posted by Donster on: 2009-09-21 15:59:51 in category: Virus/Spam/Security News [ Print ]

By Ina Fried @ CNET News

Microsoft plans to release the final version of its free antivirus software soon, according to a note sent to testers late Sunday.

"The final version of Microsoft Security Essentials will be released to the public in the coming weeks," Microsoft said in the note.

Microsoft first announced its plans for the product, then code-named Morro, last November, at the same time the company said it was scrapping its paid Windows Live OneCare product.

Read more...

News Source: Email

Microsoft Sues Over Malicious Online Ads

Posted by Donster on: 2009-09-18 17:05:29 in category: Virus/Spam/Security News [ Print ]

The software maker says it filed five lawsuits Thursday to try to slow the growing threat.

By Ina Fried @ CNET News

Aiming to crack down on a growing problem, Microsoft said it filed five lawsuits Thursday against parties it suspects of posting online advertisements laden with malicious code.

Microsoft has tried to work with ad networks to thwart such "malvertising" in the past, but this is the first time it has gone to court.

"Our filings in King County Superior Court in Seattle outline how we believe the defendants operated, but in general, malvertising works by camouflaging malicious code as harmless online advertisements," Microsoft Associate General Counsel Tim Cranton said in a blog posting.

Read more...

News Source: Email

COMCASTIC! Comcast Caught Disconnecting Competitor's Service

Posted by Donster on: 2009-09-18 16:56:37 in category: Virus/Spam/Security News [ Print ]

Comcast Contractors Caught Disconnecting Competitor's Service Then Peddling Wares

By Phil Villarreal @ The Consumerist

Danley and dozens of other Springfield Cable customers, including Mayor Robert Walker, have had their service disconnected by contractors working for Comcast for the past several weeks, said Springfield Police Chief Phillip Thorne. One customer had her Springfield Cable service cut off four separate times, he added.

Read more...

News Source: Email

Windows 7's XP Mode Cripples Malware, Gives Attackers Headaches

Posted by Donster on: 2009-09-16 17:05:16 in category: Virus/Spam/Security News [ Print ]

The new version of Windows is stacking up to be the most secure to date

By Jason Mick @ DailyTech

No computer system is completely secure. Inherent insecurities exist in even the most secure systems, be it in the form of exploitable features in the operating system code or the big organic “insecurity” sitting in front of the machine, typing on the keyboard. That said, Windows 7 is shaping up to be much more secure than its predecessors.

Read more...