Friday, February 10, 2006

Weekly Virus & Trojan Report

In this week's report we look at three new Trojans, Diamin.DU, Banker.CAB and PGPCoder.D.

Diamin.DU is designed to establish phone connections with premium-rate numbers, with potentially serious financial consequences for the affected user. However, it can only affect computers that use a modem to connect to the Internet, as it modifies the dial-up network access settings.

Diamin.DU is easy to recognize, as when it is run, it displays several windows in Italian. As with most Trojans, Diamin.DU does not spread automatically using its own means.

It needs an attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, floppy disks, CD-ROMs, e-mail messages with attached files, Internet downloads, etc.

Banker.CAB is a Trojan designed to affect users of certain Brazilian banking services. It monitors if the user accesses websites belonging to these banks, in order to obtain passwords.

Then, it sends the data it has gathered to certain email addresses where hackers can collect them and use them fraudulently.

PGPCoder.D is a Trojan that encrypts all the files with a wide range of extensions. The user will not be able to open those files until they are decrypted by a specific application for which they, needless to say, have to pay.

In order to inform users how to buy this application, PGPCoder.D creates texts files in the computer with an email address to contact.

That's it for this week's virus and trojan recap. Let's be careful out there!

Thursday, February 09, 2006

Denial of Service Attack Nets 2-Year Prison Sentence

Madrid, February 9, 2006 - According to several publications in Spain, the author of a distributed denial of service attack (DDoS) that affected over three million Internet users has been sentenced to two years in prison and also faces a fine of 1.4 million euros.

This was the sentence received by a twenty-six year old Spanish man who, after being expelled from the "Hispano" IRC chatroom for disobeying rules, created a worm aimed at collapsing that network through distributed denial-of-service attacks.

The attacks spread for several months, affecting Internet service providers like Wanadoo, ONO or Lleida Net, as well as IRC-Hispano.

Several spokespeople have highlighted that this one of the first sentences related to this type of criminal activity in Europe and the most significant crime of this type committed in Spain, affecting 33 percent of Internet users.

Wednesday, February 08, 2006

Microsoft Patches XP ACL Vulnerability

Microsoft has released a security bulletin reporting a vulnerability that can be exploited to gain privilege escalation in Windows XP SP1 and Windows Server 2003.

Access Control List (ACL) is an IT security concept used to refer to access rights for a certain object. In Windows, for example, we can set the read or write privileges of a user for a certain file.

The vulnerability reported in the Microsoft security bulletin could allow an authenticated user to carry out a privilege escalation attack.

This would allow the attacker to gain privileges for objects, which in theory, that user should not be able to access.

Microsoft confirms that the vulnerability does not affect Windows XP with Service Pack 2 and Windows Server 2003 with Service Pack 1.

Therefore, users are recommended to install the latest service packs and security patch to mitigate this and other potential risks.

The security bulletin also includes details of how to modify the ACLs in affected services to mitigate possible attacks on potentially vulnerable systems. Y

ou can get full details at:http://www.microsoft.com/technet/security/advisory/914457.mspx

Monday, February 06, 2006

FireFox Patches Critical Security Hole

The Mozilla Foundation has published a security update that prevents eight vulnerabilities in version 1.5 of the popular browser Firefox.

Mozilla has assigned one of the vulnerabilities a critical severity rating, whereas three of them are considered moderate and four of them low.

The critical flaw allows an attacker to inject XML code in the localstore.rdf file, which makes the browser carry out tasks without the user's authorization at startup, allowing total control of the system.

The vulnerabilities considered moderate allow arbitrary code to be run. One of these flaws is an integer overflow in E4X, SVG and Canvas. There is also a code execution problem when dynamically changing the style of an element from position:relative to position:static.

A corrected denial of service problem could be used by a malicious user to render an application unusable using a malicious website with a long title. The browser of a user that visited this website would close whenever the user tried to access it.

The updates can be downloaded using the automatic update feature in the browser or directly from the Mozilla website at http://www.mozilla.com/firefox/

The information published by Mozilla Foundation about the flaws is available at http://www.mozilla.org/security/announce/

Sunday, February 05, 2006

Spyware Removal - Free Spyware Download

Spyware Removal - Free Spyware Download: You'll be amazed at the amount of adware and spyware that infests your PC. Adware gets added by dozens of programs like Kazaa, Morpheus, Bonzi Buddy, and others of the same ilk.

Spyware is secretly placed on your computer without your consent or knowledge by unscrupulous websites and dangerous downloads.

You're not safe online without spyware detection and removal. But, to actually be safe from then on, you need a spyware blocker to prevent its return.

Many programs detect and remove spyware, but very few include the necessary blocking capability.

In this article, we're covering the top three commercial spyware removers on the market. We've analyzed the test results and are ranking those top three as good, better, and best. "

Click the link above to read the rest of this article...