Maximum PC threat RSS Feed

Threat Update: Spam and Phishing Out, Trojans and Scareware In

Mark Edward Soper — Thu, 09 Apr 2009 18:20:42 -0500

If you've been worrying about computer security for awhile, you might remember when macro viruses in Microsoft Word and Excel files were at the top of the exploit list. These file formats, along with the omnipresent Adobe Reader PDF format, are once again among the biggest threat vectors being exploited by today's malware, according to a new report from the Microsoft Malware Protection Center. Fittingly, the full report and a condensed key findings version are available in either PDF or Microsoft's own XPS formats. These reports cover the July-December 2008 period.

Some key findings include:

Scareware (which Microsoft calls "rogue security software") is on the rise, including the latest versions of our old friend Antivirus XP.
A slight reduction in unique vulnerability disclosures from 2007, but the High (most serious) category was larger in the second half of 2008 than in the first half of the year or the second half of 2007.
Applications continue to be the biggest target (86.7%, with browsers at 8.8%, and operating systems at only 4.5%)
The second half of 2008 saw a big rise in Microsoft security bulletins: over 67% more than in the first half of the year.
US English and Chinese-language browsers were the chief targets of browser-based exploits, accounting for almost 60% of all attacks.
Microsoft-based vulnerabilities accounting for more than 40% of browser-based attacks on systems running Windows XP, but less than 6% on systems running Windows Vista.
Ironically, the most frequently exploited vulnerabilities in Microsoft Office have been patched since 2006, but were targets mainly because up-to-date service packs were not installed.
Adobe PDF-based attacks rose sharply in the second half of 2008, but the attacks cited in the survey are blocked by the current versions of affected products.
Despite the rise in software-borne attacks, lost and stolen equipment continues to be the biggest security risk, amounting to 50% of the incidents listed in the OSF Data Loss Database.
The US, Canada, Europe and Russia continue to lead the world in phishing sites.
Miscellaneous Trojans, followed by Trojan downloaders and droppers are the two most common threat types detected and removed by Microsoft's Windows Live One Care and Forefront Client Security apps in the second half of 2008.
By contrast, older threats such as backdoors, viruses, exploits, and spyware are significantly less of a threat than in 2006 and 2007.

What have you found to be the biggest security threats you face in the office - and at home? Hit Comment and share your security war stories.

Hackers Adulterate Google Video Search Results with Malware

Pulkit Chandna — Tue, 03 Feb 2009 08:07:46 -0600

After Obama’s website, black hats have now managed to sow the seeds of deceit in Google video search results. Security firm Trend Micro has discovered that that about 400,000 queries trigger Google Video search results that “have a single redirection point, and one that eventually leads to malware download and execution.” The black hats have been able to manipulate search results to their advantage using simple SEO techniques. For this purpose, they have reserved several domains and populated them with keywords.

According to Trend Micro, the malware executable, dubbed WORM_AQPLAY.A, proliferates using removable and network drives. The malware executable is disguised as an Adobe Flash installer. The malware only prompts the user to download the malicious Flash installer when he reaches one of the malefic video websites being run by the black hats.

Image Credit: Googlified

Online Scammers Using Obama's Site to Spread Trojan

Pulkit Chandna — Tue, 27 Jan 2009 08:53:23 -0600

Online scammers have contrived an ingenuous way to ride Obama’s rampant wave of popularity. According to Websense Security Labs, certain unscrupulous elements have registered several accounts on my.barackobama.com, the social network on Obama’s website that affords all standard social networking features to users, including personal profiles, groups and blogs.

The charlatans created various accounts on the website and planted a hideous Youtube image with the message, “click here to see movie.” Users who click on the image mistaking it for a Youtube video are redirected instead to a website, which resembles Youtube, but appears to be fraught with pornographic content.

However, when a user proceeds to view one of the videos the website asks the user to download a missing video codec. In its stead is downloaded a Trojan. Further proof of Obama's widespread popularity.

Image Credit: Websense Security Labs

Monster.com Warns Users against Fresh Security Breach

Pulkit Chandna — Tue, 27 Jan 2009 08:40:36 -0600

Leading jobs portal Monster.com has warned its users against a fresh instance of private information theft, which happens to be the second such case in the past 18 months. The security breach has not only tarnished its security record further but also dealt a heavy blow to the trust that users have posited in it.

It issued the warning on its website, in what appears to be a less-frequented section, and opted against directly contacting the users. The company began its statement by downplaying the security breach: “as is the case with many companies that maintain large databases of information, Monster is the target of illegal attempts to access and extract information from its database.”

It claims to have taken the necessary “corrective steps” immediately after discovering the security breach. It has asked users to reset their passwords on their own, though they will eventually be forced to make the change. The company says that the exposed data includes user IDs and passwords, email addresses, names, phone numbers, and some basic demographic data. Resumes and sensitive data is said to be safe.

Monster.com has also advised users that they need to be more vigilant and watch out for specious emails claiming to be from the company.

Latest Phishing Scam Preys on Surfers’ Morbid Curiosity

Pulkit Chandna — Fri, 09 Jan 2009 18:12:25 -0600

Internet shenanigans are keeping abreast with the latest developments around the world and using it to their advantage. An email doing the rounds around the internet hoodwinks the recipient into believing that it is from CNN. The clandestine email ostensibly contains a link to a “graphic” video of the ongoing Israel-Hamas conflict. However, the fake website contains a Trojan that betrays the user’s sensitive data, according to the RSA.

The author of the phishing attack has tried to make the website as plausible as possible. Upon visiting the link, the user is greeted with a message asking him to update his Adobe Flash Player. If the user lends his countenance to the download, a Trojan is downloaded instead of the latest version of Flash

Image Credit: Cnet

Microsoft Dismisses Reports of WMP Vulnerability

Pulkit Chandna — Wed, 31 Dec 2008 07:24:45 -0600

Microsoft has gone on record to rebuff an alleged vulnerability in Windows Media Player that could facilitate remote code execution. The company said that it found all such reports regarding a WMP vulnerability to be false.

The reports of the vulnerability first surfaced after researcher Laurent Gaffie detailed the alleged threat and furnished the proof-of-concept code to make his case. Gaffie’s decision to go public with his findings without informing Microsoft hasn’t gone down well with the company.

After investigating the claims Microsoft acknowledged, in a blog post, that the proof-of-concept code does force WMP to crash but it can not be used for remote code execution.

Malware Threat to iPhone, Android to Rise in 2009, Says ESET

Pulkit Chandna — Tue, 30 Dec 2008 08:08:15 -0600

It is common knowledge that smartphones are fast emerging as a dainty prey for malware proliferators. But a recent press release by IT security firm ESET, which spelled out some of the potential threats in 2009, might have iPhone and Android users worried in particular.

ESET warned in the press release that it expects both the iPhone and Android to become more vulnerable to malware. The company also expects both the smartphone platforms to fall prey to mobile browser exploits that might target their WebKit-based browsers.

The security firm has prognosticated an increase in fake antivirus extortion in 2009. “Some of the major antivirus companies have seen their websites spoofed over the last couple of months,” according to David Harley, Director of Malware Intelligence at ESET. The real threat lies in the fact that internet charlatans are leaving no stone turned in their bid to appear as credible as possible.

Image Credit: MondoTechBlog

Blackhat Exploiting Lax URL Redirects

Pulkit Chandna — Mon, 29 Dec 2008 14:26:42 -0600

An anonymous blackhat hacker is unabashedly exploiting an unattended vulnerability in URL redirect notifications to redirect internet users to malicious websites. As most websites, including the major ones, merely issue a notification to users that they are being redirected to another URL without scrutinizing that particular website, users remain sitting ducks to such attacks.

The nefarious attacker has gone a step further by employing SEO techniques to increase the standing of his spyware-bearing websites with search engines. Security analyst Gary Warner says that the threat can be rooted out, if redirects are tempered to only accept referrals from verified websites. However, he expects the threat to persist due to regulatory inaction.

Image Credit: Enor