More Symantec Source Code Released

Category: General News, Bugs / Virus
Posted: February 9, 2012 11:30AM
Author: Guest_Jim_*

About a month after source code for the Norton 2006 antivirus software was released by hackers, source code for Symantec’s pcAnywhere software has been published. As this software is currently in use, the danger of exploitation is far greater. However, the sequence of events has allowed Symantec prepare, at least partially, for this.

Starting on January 18, a hacker claiming to have the source code started negotiations with Symantec. The email thread of the negotiations has been posted online for everyone to see, which is, supposedly, what the hacker wanted. YamaTough, the hacker, has stated he never intended to accept any payment from Symantec and was going to post the source code regardless. The negotiations were just to embarrass the company by showing what it would do to protect itself. However, YamaTough actually was not in communication with Symantec, but law enforcement.

As the negotiations were taking place, Symantec used the time to patch the software as best it could, to make the code dump as useless as possible. Despite the company’s efforts though, these two recent hacks are surely going to hurt it.

Symantec Source Code Hacked

Category: Bugs / Virus
Posted: January 9, 2012 08:28AM
Author: Guest_Jim_*

For those of you using Norton Antivirus software, this is not the news you want to hear, though it is not as bad as it could be. Symantec has confirmed some of the source code for Norton has been found by a group of hackers, and posted online. The code has since been removed from where it was posted, though it can still be found via other means. Also, Symantec has stated the code is related to two older versions of Norton, one of which is no longer sold.

The fear is a hacker using this information to craft a virus to defeat or even exploit the antivirus. Knowing how the software identifies malicious processes can allow one to work around it, but hopefully everyone is using an unaffected version. However the potential damage this code can cause is only something Symantec can know.

The hackers are from India and call themselves The Lords of Dhamaraja. Symantec has stated the code was not gotten from their system but from a third party. Supposedly the source was Indian military intelligence servers, according to the hackers.

New Draft on Protecting the BIOS

Category: Bugs / Virus, Science & Technology
Posted: January 6, 2012 11:01AM
Author: Guest_Jim_*

As overclockers we are quite aware of the utility of the BIOS. It starts before the operating system, so changes made in it are independent of the software on the hard drive. This not only makes it powerful when trying to get the most out of a machine, but also makes it a potential target to hackers and virus writers.

This past September, Mebromi was found; the first known piece of malware made to infect the BIOS. Fortunately a method to remove this Trojan has been created, but it does still show it is possible to attack this fundamental component of a computer.

The NIST has released a draft of its security publication on how to secure and monitor the BIOS. This should lead to the development of products to maintain the integrity of a computer’s BIOS as well as methods to deploy them.

Security Update

Category: General News, Bugs / Virus
Posted: December 16, 2011 07:07AM
Author: Guest_Jim_*

Instead of this post being a 'Viral Update' I’m making it a 'Security Update' because the focus is going to be less about viruses than previous updates.

A key part to the Internet is the Domain Name Server, DNS, which converts a domain name, like overclockersclub.com, into an IP address, 207.182.132.170. They are like phone books telling you where a company's building is by looking up the name. The content on a site is not always at a single IP address though. Continuing the phonebook analogy, the company warehouse could be in another city, but you don't necessarily see that from the phone book. This presents opportunities for hackers to intercept communications between a user and a server.

Since 2004 though, a part the Department of Homeland Security and its partners have been working on the Domain Name System Security Extensions (DNSSEC) project. This is to identify and validate these other servers. Already many registars have adopted DNSSEC and US military .mil sites are to be DNSSEC signed starting this month.

As a compliment to DNSSEC, OpenDNS, a leader in DNS security measures, has released its new DNSCrypt service as a "technology preview." Currently only available for Macs, this software will encrypt all of your DNS traffic. This is to prevent anyone from tampering with or otherwise intercepting communication between your computer and an OpenDNS server (obviously you will need to use its service to use the tool). This, so-called, "last mile" is quite vulnerable to man-in-the-middle attacks, especially as the information is sent in plain text, but both DNSSEC and DNSCrypt are steps towards securing it.

Viral Update

Category: Bugs / Virus
Posted: December 1, 2011 11:25AM
Author: Guest_Jim_*

Focusing on smartphones in this update, and because of the information available today, I felt like posting this a day early.

The CarrierIQ issue was first found mid-November, but it is getting some new life in the media this week. This piece of mobile-phone software exists on many smartphones of different brands and operating systems (Android, iOS, and Blackberry) and, on the surface, doesn’t seem too bad. It collects some metrics to give your service provider, so they can improve their service. Of course, what’s above and below the surface are very different. This software, which can be hidden from the user and difficult to remove, can collect keystrokes, location data, apps being used, and web addresses visited.

On some phones the software can be turned off, but not all, and on Android phones, manually removing the software can require root access. The software developer states they do not collect information except for what directly relates to improving handset performance and quality. Still, the abilities this software has would likely be tempting to many malware writers. (A search of CarrierIQ gives many sources of further information.)

Also, from North Carolina State University comes a security analysis of multiple Android based smartphones. Specifically the researchers looked to see how pre-loaded apps can introduce backdoors on the phone, which hackers can utilize. These applications are meant to improve user-experience such as notifying a user to missed calls or text messages. The researchers found the vanilla Android phones had, "no real problems," but HTC’s Legend, EVO 4G, Wildfire S, Motorola’s Droid X, and Samsung’s Epic 4G were not so lucky. Of those, the EVO 4G had the most vulnerabilities.

This was discovered earlier in the year and the manufacturers were notified immediately. For these phones, the best way to stay safe is to install the security patches they get and only install apps you trust.

Viral Update

Category: Bugs / Virus
Posted: November 18, 2011 10:18AM
Author: Guest_Jim_*

Previously discussed in the November 4th Viral Update item, the Duqu Trojan is back again. When Symantec first analyzed the malware, they had found similarities in it to the Stuxnet Trojan, leading them to believe they were both written by the same people. Stuxnet had the potential to damage a nation’s infrastructure, and also appeared to target Iran’s nuclear facility. Iran has come out to say Duqu has hit its computers but also that it is deploying a fix.

From Kaspersky Labs comes some more information about Duqu, an intriguing timeline. Part of the code found on some infected machines relates to a driver from 2007, suggesting Duqu has possibly been in development for years. From another analysis of an infected machine came code relating to a 2008 driver. What’s more, Kaspersky Labs has found parts of the Trojan are actually written specifically for their target. This adaptation also includes different servers being contacted by different versions of the Trojan, making it harder to stop.

In other malware news, since July there has been a 472% increase in malware for the Android mobile operating system. Of the malware attacks though, only 7.2% occur in the US, far behind China at 64%. These attacks can come in the form of malicious apps and sites that exploit code used specifically in mobile software. So, as always, exercise caution with what you open and install.

After four week of these news posts, tell us what you think. Should these weekly updates continue, or should a ‘as-needed’ approach be adopted?

Viral Update

Category: Bugs / Virus
Posted: November 11, 2011 12:24PM
Author: Guest_Jim_*

Obviously the biggest news for computer security of the past week is the hacking of Steam. Right now the best thing for the user to do is change your Steam password, and once the Steam forums are back up, put in a new one there too. Also, monitor your credit card information, if you had that information in Steam.

From McAfee’s Threat Activity page we find numerous new Trojans, and all considered a low level threat. Many of these are password stealers but are still considered low level threats likely because they are easy to avoid.

Always be careful about what websites you visit, email attachments you open, networks you connect to.

Viral Update

Category: Bugs / Virus
Posted: November 4, 2011 04:07PM
Author: Guest_Jim_*

For the second viral update we will be focusing on the Duqu Trojan. An installer for the malware was found by Hungarian research firm CrySys and has been analyzed by Symantec. A computer can be infected by a Microsoft Word document that exploits a kernel vulnerability. Once infected, a computer will attempt to spread the virus throughout its network, including to computers without a direct Internet connection. Duqu seems to be targeting corporations and is stealing information to possibly create another Stuxnet-like worm. This speculation and several similarities in the code of Duqu and Stuxnet leads the Symantec researchers to believe both pieces of malware were written by the same people.

Microsoft has been made aware of the virus and will issue a patch as soon as it can. The server Duqu appeared to be contacting has also been taken offline. As there is no work-around or removal strategy for this virus yet, the best strategy is diligence and not opening files from unknown sources.

Most other viruses found recently are less worrying and of low risk.

Viral Update

Category: General News, Bugs / Virus
Posted: October 28, 2011 03:25PM
Author: Guest_Jim_*

This is the first in what will possibly become a regular series of posts giving information on newly found viruses, trojans, and malware in general. The current sources of information are McAfee’s Virus Information site, Trend Micro’s Threat Encyclopedia, and Avast’s Summary of Virus Reports. Feel free to post comments giving additional sources, what you think of this new feature, and if we should continue to do it.

From all sources the newly found threats have low risk level, however even though much of the malware alone is not a danger, it is designed to enable others to collect private information from an infected computer, or download other malware, which may cause further damage. Of course not all of the malware discovered can be listed here, as there are too many to list.

The W32/Sality virus for Windows was found and added to McAfee’s Virus Information site on October 20, and, according to Avast’s virus reports, has already been detected on over 3% of the machines scanned. This virus is likely to modify Windows’ security settings, prevent access to the task manager, and prevent access to the registry editor. It also appears to rewrite processes in memory and connect to an external domain.

Trend Micro’s encyclopedia lists TROJ_SHADOW.AF found on the 19th. While the risk rating and distribution potential are both low, the potential damage is high as it appears to attack antivirus programs to patch the data with malware code. It also uses specific APIs to collect system information and may be related to the STUXNET malware. The Trojan TROJ_DUQU.DEC also listed on Trend Micro’s encyclopedia is similar in its damage potential and relation to STUXNET, but was found on the 21st.

Security Holes in Amazon Webservices Found and Fixed

Category: Bugs / Virus, Science & Technology
Posted: October 28, 2011 03:25PM
Author: Guest_Jim_*

Researchers at Ruhr-University Bochum found security issues with Amazon Webservices (AWS) which, if exploited, could cripple one’s privacy in the cloud. While the holes were only found in AWS, the researchers believe they may exist in many other cloud services.

The current security systems used to protect data in the cloud often come at the expense of performance, and as the services try to find an acceptable balance, others look for weaknesses. One hole the researchers found was exploited with XML signature wrapping attacks. The result was the researchers took the administrative rights of a cloud customer, enabling them to do things like add and delete images. Another exploited hole was found in the AWS and Amazon shop interface. Using cross-site scripting attacks, the researchers were able to gain complete access to customer data, including authentication data and passwords. This demonstrates the vulnerability of using a common login system, like Amazon.

These holes have already been sealed in every service the researchers notified, but by having existed, they prove the point that cloud data is not yet secured perfectly.

TDL-4: Invincible Botnet?

Category: Bugs / Virus
Posted: June 30, 2011 06:12PM
Author: Tyrium

Security firms have cracked down on various forms of malicious software as of late due to the recently elevated amount of threats. Upon doing so, many of the firms have run into seemingly indestructible botnets. These enormous networks of infected systems are numerous, and while many have been dismantled, one of the largest may just be too tough to crack. TDL-4, the fourth version of the malicious TDL software, has an infected network of nearly four and a half million machines. As well, the infected systems communicate through an encryption code created by the makers of TDL-4. The encryption is robust enough to have thwarted all efforts to break it. Without a way to break through, security companies have no way of breaking apart the network, which, at 4.5 million strong could cause serious problems in a short amount of time. Also, as commands can be issued to the network from any of the infected systems, completely decentralizes the network and makes the botnet seemingly impregnable.

AutoRun Malware: THE END IS NEAR!

Category: Bugs / Virus
Posted: June 19, 2011 10:51AM
Author: zackhaf

Back in February, Microsoft released a series of updates for Windows Vista and XP Service Pack 3. With this update, the AutoPlay feature within the AutoRun used for USB devices was disabled. This prevents a virus from taking advantage of this set of features and also brings Vista and XP SP3 up to date with similar protections found in Windows 7. The data shows a decrease in incidents by 1.3 million over three months when compared to the three months right before the update. Windows XP SP3 saw a 62% decrease, Vista SP1 saw a 68% decline, and Vista SP2 saw a decrease of an amazing 82%. Although this is a drastic improvement, many see this as way past due. Although the AutoRun feature may have been convenient, the outcome should have been easily predicted.

Apple Goes After Mac Defender

Category: Bugs / Virus
Posted: June 1, 2011 01:06PM
Author: bp9801

I'm sure by now you've all heard about the Mac Defender "virus" that is hitting Mac users. Mac Defender poses as an antivirus program and then once you download it, you get bombarded with spam. The reason for that is because Mac Defender isn't an antivirus program but rather a nasty bit of malware only targeting Macs. People have complained to Apple about it, and now, it seems Apple is finally doing something about it. When OS X 10.6 Snow Leopard launched, Apple saw fit to grace it with a quarantine program that works much like an antivirus program on a Windows computer. Now, Apple is updating it with daily background processes, so you no longer have to wait for Apple to roll out a new security update to be protected. Apple is aiming this feature primarily at Mac Defender, but it is also a precautionary measure in case more malware starts hitting Macs.

Macintosh Computers Hit With Virus, Apple Does Nothing

Category: Bugs / Virus
Posted: May 21, 2011 07:32PM
Author: IVIYTH0S

As the Macintosh line of computers gain popularity, it also grabs more attention from virus developers. If you remember learning earlier in the month there has been a pretty successful virus going around named Mac Defender, which tricks careless Mac users into downloading its scareware. Once installed the software will periodically open up the browser and display pornographic images, or may tell the user they need to buy the full version to get rid of their virus infestation. Many users would quickly turn to their AppleCare representatives to help them but would quickly learn that this would not be the answer. Ed Bott from zdnet.com had a chat with one of the head AppleCare specialists on exactly what has been going on with this new Mac epidemic. The representative said that their office has been overwhelmed with calls regarding the new virus. AppleCare has been ordered not to assist the affected customers in removing the malware from their machines. Apple states that it should not be relied on for every problem that comes along, and that antivirus software should be the one to deliver the fix.

Fake Mac OS X Antivirus Program Discovered

Category: Operating Systems, Bugs / Virus
Posted: May 3, 2011 01:43PM
Author: Charles Coggins III

MAC Defender, a fake antivirus software was discovered by Intego (security firm) on Monday. The fake antivirus software shows the infected user that it has found viruses on the Mac, and in order to get rid of the viruses one would need to buy the Mac Defender software. If an inexperienced user bought this program it could possibly end up taking the user's credit card information and send it off to scammers. The creators of Mac Defender have also used SEO poisoning to pump up the ranking of the Mac Defender website in order to make the unsuspecting user think it is a legit website and program. If a user visits the malicious webpage a window will appear and tell the user they have been infected and an automatic download of Mac Defender will show up asking the user to unzip and install the file. You can help to prevent yourself from accidently executing a malicious file by making sure your web browser is not set to automatically open downloaded files.

Malware Designers Take Advantage of Osama Bin Laden's Death

Category: Internet, General News, Bugs / Virus
Posted: May 2, 2011 07:25PM
Author: IVIYTH0S

As Osama bin Laden's death rockets pass the recent royal wedding as the most popular news headlines, malware creators capitalize on the opportunity to snag unsuspecting searches of related information. Many of them have been using a loophole related to the way Google categorizes high ranking or most popular search hits to set traps for the users. Two malicious groups, ***-antivirus.cz.cc/fast-scan/ and ***pe-antivirus.cz.cc/fast-scan/, have been attempting to upload virus ridden Rogueware which touts to be the 'Best Antivirus' this year. Others have been aiming to mislead users by informing them that they need a newer update of VLC's browser plugin, when the link is clicked however, it will download Hotbar which is riddled with adware. A third tactic of entrapment is one where the malware masterminds will post links on popular social networking sites luring their victims by posing as breaking news updates.

Adobe Admits To Flash Security Vulnerability

Category: Internet, General News, Bugs / Virus
Posted: April 12, 2011 10:12AM
Author: IVIYTH0S

Recently Adobe has announced there is a security exploit where hackers use a common Microsoft Word document to take advantage of a bug in Flash Player.

The hackers have been placing some nasty Flash based code within the Word documents, and even in some Excel spreadsheet files. When these files are opened, they sniff out important company information and pass it off to the hackers via the network. The document will link itself to multiple recipients within a corporation's email list. The most common discovery of the file was under the name of Disentangling Industrial Policy and Competition Policy, as to bait the unsuspecting to open it and have the hackers' plans reach fruition. The hackers would tailor the title of the email and respective document to anything related to their next victim's background.

The infected file extensions extend to even Adobe's own Acrobat PDFs, though there has not been any reports of malicious PDFs recorded as of yet. Some business owners have contemplated discontinuing use of Flash but cannot due to its deep roots in the world of computers. The companies must all live with stringent security checks on email attachments.

Super Talent Prepares DataGuardian Password-Protected USB Drives

Category: Storage / Hard Drives, Bugs / Virus
Posted: February 11, 2011 12:34AM
Author: Daryn Govender

USB flash drives have evolved greatly over the years, overtaking the humble CD-ROM and floppy disk as a portable storage medium. Many people rely on flash drives to transport data, and this new-found convenience has come at a great cost; security. Chances are that your USB flash drives are not protected against unauthorized users or malware attacks. Super Talent is aiming to rectify this problem among flash drive users and is preparing a solution; its upcoming DataGuardian USB flash drive series. The new series is password-protected via an onboard utility, allowing your data to be accessed by you when you need it. The drive also blocks auto-run malware attacks, which are the number one method of distributing viruses on USB flash drives. Chief Operating Officer of Super Talent, CH Lee went on to say:

"We developed the DataGuardian based on input from our customers. Security is a basic need for portable data storage and so is the ability to use it anywhere. The challenge was to make it simple. The DataGuardian does just that".

The DataGuardian series uses a USB 2.0 interface and will be available in 8GB, 16GB and 32GB variants.

 

New Critical Vulnerability for Adobe Software

Category: Bugs / Virus
Posted: October 28, 2010 05:35PM
Author: CowKing

Another security flaw has been found in Adobe's software affecting users that open a PDF file with Flash content on it. Adobe Flash Player 10.1.85.3 and earlier, Adobe Flash Player 10.1.95.2 and earlier for the Android OS, Adobe Reader 9.X, and Adobe Acrobat 9.X are all affected by this virus. This vulnerability affects Windows, OS X, Linux, Solaris, and Flash Player for Android. A patch for this issue is being worked on and will arrive November 9 for Adobe Flash Player and November 15 for Adobe Reader and Adobe Acrobat. Version 8 of Adobe Reader and Adobe Acrobat are confirmed not to have this vulnerability. For those wanting to take the extra step to defend themselves against an attacker, there is a workaround by deleting or altering the authplay.dll file in Adobe Reader or Acrobat.

The full write-up from Adobe on this issue can be found here.

Android Game App Contains Trojan Experts Say

Category: Mobile, Bugs / Virus
Posted: August 17, 2010 04:05PM
Author: Dale Shuck

Security experts from Symantec and F-Secure have issued warnings concerning the Android gaming application called Tap Snake. According to researchers, the application is more than meets the eye. Besides being a free snake game reminiscent of 1970s era video game, the application can also act as a client for the GPS Spy commercial spying program. The tip off is that the app attempts to access GPS services on the phone and will run unnoticed in the background even if the user tries to disable the game.

In order for the spying capabilities to work, a individual would have to register an email address and key and then gain physical access to the device running Tap Snake in order to set up the game's spying features. Once this happens, Tap Snake will phone home and report its location every 15 minutes to a server running on the free Google AppEngine service.

Tap Snake earns a Trojan rating from these security companies due to the fact it is not up front about its spying capabilities. Fortunately, the risk to users is fairly low as some one need physical access to the target device in order to enable spying. Another good reason to set a password lock on your mobile device.

Fake Anti-Virus Programs make up 15% of all Malicious Software says Google Study

Category: Bugs / Virus
Posted: April 28, 2010 03:49PM
Author: Ben Grantham

The pervasiveness of fake anti-virus programs on the web, which often advertise themselves through browser pop-ups claiming a user needs to download protection for their computers, is well known. Warnings about these kinds of dangers are nothing new, though a study conducted by Google that analysed 240 million web pages over 13 months concluded that these fake anti-virus programs made up 15% of all malicious software.

Users who don't know any better may act on pop-ups claiming their systems are infected, along with an offer of software that can cure the problem. When this is downloaded, it often comes bundled along with other malware and users may even be asked to register the fake anti-virus for a fee. Google uses tools that attempt to filter websites offering such software, but the rate that hackers alter the domains used means that they can avoid detection.

Once again, the best defence is an educated user. So if you have friends or family who may fall victim to these kinds of scams, then be sure make them aware of the dangers. Getting them to install genuine anti-virus software (should they not already have it) and telling them they shouldn't need anything else (no matter what web pop-ups may tell them) would be a good start.

Espionage Ring Tracked Back to China

Category: Internet, Bugs / Virus
Posted: April 6, 2010 06:23AM
Author: Dale Shuck

Researchers in the U.S. and Canada have managed to track a cyber-espionage ring based in China. The group, known as Shadow, apparently targeted computers in several countries including systems belonging to other governments including those of India and Pakistan. The ring was traced back to Chengdu, in China's Sichuan province. The individuals or groups behind the ring used social media and blogs to control the computers which have previously been compromised with malware. While other countries were affected, the primary target seemed to be the Indian government and military.

Be Aware of Fake Security Software

Category: Bugs / Virus
Posted: October 19, 2009 12:13PM
Author: Ben Grantham

According to a report by security software firm Symantec, software that tricks users into believing it is protecting them could potentially be installed on tens of millions of machines. Users are encouraged to download such programs with fake security alert pop-ups (something you are likely familiar with) on websites that then go on to offer software to protect against attacks, sometimes free and even sometimes for a fee. Of course, these programs are exactly the kind of thing they claim to defend against, in some cases exposing machines to be taken over for use in botnets. Symantec found a considerable variety of scam software, carrying legitimate sounding names such as Antivirus 2010. It said that around 43 million downloads were attempted in one year, but couldn't be sure how many were successful. It was also surprised to find out how sophisticated some of the tactics used in order to get users to download the software were. For example, scam software makers have been known to operate affiliate models that allow agents convincing people to download the programs to earn money.

While I'm sure most of our members will already be wise to this kind of deception, it reinforces the need to be sure where your software is coming from, and that the source is a reputable one.

Snow Leopard Bug Could Leave You with no User Data

Category: Bugs / Virus
Posted: October 12, 2009 07:25PM
Author: Ben Grantham

Operating system bugs can often have undesirable consequences. The possibility of losing all of your user data is pretty high up on the list of things you would rather didn't happen, but that is what some users have been reporting after upgrading to Snow Leopard, the latest version of Apple's Mac OS X. The problem has been cropping up when users, intentionally or accidentally, have logged into the 'guest' account. After logging out of this account and back into a normal one, they have found settings have been reset and all of the user data wiped along with it, leaving an empty directory under "Users/username". Even worse, it appears that there is no easy way to recover the lost data, with users having to resort to external backups (assuming they have them).

At the moment, disabling the guest account is a possible workaround for the problem. Anyone who had the guest account enabled when upgrading from Leopard to Snow Leopard could potentially be affected. Apple has now confirmed it knows about the problem, which says only occurs in extreme cases, and that it is working on a fix.

Exploits Increasing for Apple Computers

Category: Bugs / Virus
Posted: July 30, 2009 03:20PM
Author: Nick Harezga

Mac security researcher Dino Dai Zovi has unveiled a new Mac exploit referred to as Machiavelli at the Black Hat conference. This attack takes aim at computers that have already been infected through Safari. Once the hacker has infiltrated the system, encrypted data such as bank account information is at their fingertips. This exploit comes at the same conference that an SMS vulnerability was revealed for the iPhone. Several of the experts at Black Hat stated that once enough effort is put into Mac exploits, they could become as vulnerable as Windows computers.

Hackers Taking Advantage of Death of Michael Jackson

Category: Bugs / Virus
Posted: June 27, 2009 06:56AM
Author: Nick Harezga

Within minutes of the announcement of his death, internet users with malicious intent were trying to take advantage of people who wanted more information. The attacks originated mostly from e-mail, which some people apparently still open and download from without knowing the sender. One of the scams promised breaking news, but really just confirmed the user to be signed up for spam. Another contained an embedded video that when launched would run several malicious programs in the background. Another site downloaded a virus to the users computer that would stop any program before Windows was able to launch it.

Apple Finally Fixes Java Exploit

Category: Bugs / Virus
Posted: June 15, 2009 03:53PM
Author: Nick Harezga

Apple has released a fix for the Java code that was shipped with the Mac OS X Operating System. An exploit in the code could allow someone to execute malicious code on a computer through a Java applet, allowing the hacker to steal information or turn the computer into a zombie. Apple was made aware of the issue nearly six months ago, but did nothing until now. Professionals in the computer security industry have long been trying to get Apple to be better about handling issues that arise, but they are still lackluster in that area. This isn't the first time a situation like this has arisen and experts fear it won't be the last. Programmers are releasing code to take advantage of exploits that Apple fails to patch to demonstrate the seriousness of the issues. I wonder when Apple will include this information in the Mac vs. PC commercials.

Worm Attacks United States Marshals

Category: Bugs / Virus
Posted: May 25, 2009 06:37PM
Author: Brentt Moore

Just like the Conficker worm, another worm known as Neeris targets computers that are unpatched and infects themselves upon those machines. On Sunday, the United States Marshals were attacked by the Neeris worm on many of their computers. The systems that were infected had to be shut down by IT workers to prevent further spreading of the problem. As of right now, this situation is being blamed on the United States Marshals using a backlevel antivirus software, Trend Micro OfficeScan 5.0, as well as patches not being applied to the computers. The fix has been worked on since yesterday when the problem was found, though the whole attack seems rather odd since the patch for the Neeris worm has been out since October of last year.

Zeus Botnet Shutdown By Operator

Category: Bugs / Virus
Posted: May 8, 2009 12:46PM
Author: Nick Harezga

100,000 PCs infected with the Zeus family of malware were recently hit with the dreaded BSOD. The writers of the malware included a command that would allow them to corrupt the operating system of the host computer. Opinions as to why the operators of the botnet issued the command are varied. Some believe that the operators wanted more time to put their stolen information to work, while others believe that the botnet was hijacked by other cyber criminals. The damage done to the operating system doesn't appear to have affected the registry or Trojan that is used to infect the systems.

Number of 'Zombie' Computers on the Increase

Category: Bugs / Virus
Posted: May 6, 2009 03:33PM
Author: Ben Grantham

Unfortunately 'Zombie' computers aren't nearly as cool as you might first imagine them to be. They are computers which have been hijacked by cyber-criminals and security vendor McAfee says that it has detected twelve million cases since January of this year. According to McAfee's reports, that puts the number of infected computers up 50% since 2008, with more un-detected cases likely to be out there. It was also reported that the US hosted the largest number of infected computers, with 18% of the total. China isn't too far behind, making up just over 13%. With the expansion of botnets, cyber-criminals have a lot of power to tap into, which can enable them to distibrute large quantities of malicious malware.

While a number of countries have now begun the process of establishing comprehensive strategies with regard to cyber-security, a recent report from Deloitte Touche Tohmatsu (DTT) has emphasized the requirement for a globalized approach to the problem and that solutions need to be implemented with some urgency. It is notable that president Obama has publically made the issue a priority, though it is thought that the release of a 60-day review ordered soon after he took office has been delayed by the recent H1N1 flu crisis. Greg Pellegrino, a global public sector industry leader Deloitte said "This issue is moving so quickly, and with so much at stake economically and in terms of safety and security for people, we don't have 100 years to figure this out."