Archive for October, 2007

Many security researchers have come to the conclusion that there is really no good way anymore to protect home users from getting infected with malware. Many websites require to run code in addition to simply rendering HTML. This code can be doing things you wouldn't want done in the background. More...

The people behind Storm have added a 40 byte encryption to their command-and-control traffic between the bot-herder and bots, leaving security analysts even more at loss than before. This recent development has lead to the assumption that Storm's botnet might be sold to scammers or denial-of-service attackers. In order to sell the botnet, it would have to be divided into pieces, most probably by scrambling the Overnet P2P traffic (Storm, unlike most other bot-creating malware, doesn't use IRC for it's command-and-control traffic and instead uses P2P, making it even more difficult to track). More...

Many companies present new security software, people learn about cyber safety, so times should be getting harder for the attackers. However it’s the other way around: the amount of cyber attacks is still rising and security software developers need to brace up to keep step with malware. A review of Microsoft report disclosed rising number of trojan based attacks. More...

Previously unknown RealPlayer exploitation was discovered last week. So far, it can be told that unpatched vulnerability affects the latest versions of RealPlayer and RealPlayer 11 BETA, although older versions may also be vulnerable. Furthermore, an ActiveX object in the RealPlayer component ierpplug. More...

The time when hacking and cracking were occasional free time activities of solitary guys has passed. According to Mark Sunner of the MessageLabs, cyber crimes became a job for organized gangs since the year 2003. The tendency to combine efforts is still popular and it’s a big threat for everyone that has internet connection. More...

Scammers are getting better at avoiding filters by using file formats not generally blocked or difficult for filters to disassemble. First there was "image spam", then the spam that used the PDF file format. And now the newest version of MP3 spam is spreading rapidly. More...

A team of researchers from Carnegie Mellon monitored the underground markets, where viruses and stolen data are sold to the highest bidder, for seven months and developed automated techniques to catalogue the activities of criminals, who, the team said, even offer updates and tech support for their malicious creations. The buyer would contact the black market vendors using email or private IM. The payments are delivered through non-bank payment services such as e-gold, which make the criminals difficult to track. More...

Due to the recent outbreak of skype-using malware (none of which was extremely succesful), a new niche in the security field arose, and that is Skype security. The niche has been plugged by the first program, which is Skype Defender. The only problem is, Skype Defender is malware itself. More...

One of the methods of phishing your personal information is to direct you to a spoofed site, that looks exactly how it's supposed to, but the appearance is just a trick to lead you to a site designed specifically to collect your personal info. Firefox released an add-on that will help identify sites that have been spoofed - it's Locationbar². What it basically does is helping casual computer users to identify fake sites and detect phishing scam. More...

When we hear the word "keylogger" (short for keystroke logger), malicious software comes to mind. I for one have felt contempt towards keyloggers ever since someone stole something from Valve, thus delaying the day of HL2's release by a significant margin. . More...