Maximum PC Mcafee RSS Feed

At Least Five Countries Arming Themselves for Cyberwar

Paul Lilly — Tue, 24 Nov 2009 11:30:56 -0600

It's the Cold War all over again, only this one's taking place in cyberspace. According to a report by security firm McAfee, there are a growing number of governments all around the globe preparing for potential cyber conflicts with other countries, DailyTech reports.

"There are at least five countries known to be arming themselves for this kind of conflict," McAfee Europe analyst Greg Day told the BBC. "To go to physical war requires billions of dollars. To go to cyber war most people can easily find the resources that could be used in these kinds of attacks."

Targets of such attacks are likely to be a nation's infrastructure, and the U.S., which is known to have an operating manual outlining the rules of cyber engagement, is also known to have used hack attacks alongside ground operations during the Iraq war. The UK, Germany, France, China, and North Korea are the five other countries actively developing their own capabilities.

"In physical warfare it's pretty clear who has which weapon and how they are using them," said Chris Wysopal, chief technology officer at Veracode which advises many governments on security. "In the networked world that attribution is incredibly difficult."

Phishing Scams and Worms on the Rise, Social Networks to Blame

Paul Lilly — Mon, 02 Nov 2009 12:35:03 -0600

Phishing and worms go together like, well, fishing and worms. But unlike the latter, you're the prey, and it can be particularly dangerous swimming in social networking waters, suggests a new report by Microsoft and McAfee.

The two software makers noted a sizable spike in phishing attacks during the months of May and June, driven in large part by hackers concentrating their efforts on social networking sites. Other popular targets included gaming sites, banking portals, and e-commerce.

While Trojans still topped the charts, Microsoft noted that worms are becoming much more prevalent, rising from fifth place in the second half of last year to now being the second most prevalent category of threats. Much of the rise can attributed to Conficker, which still has most security experts puzzled.

For those still clinging to XP, Microsoft noted that infection rates for Vista were significantly lower than for XP.

Image Credit: serc.carleton.edu

McAfee AV Patch Leaves Some Computers Unbootable

Paul Lilly — Wed, 10 Jun 2009 09:00:44 -0500

Oopsy-daisy! According to complaints on McAfee's message board, a mandatory service pack for the company's antivirus VSE 8.7 software has left some machines unbootable. The update, which was issued on May 27 and later pulled on June 2, was intended to squash minor security bugs, but also inadvertently flagged some Windows system files as malware.

"McAfee removed Patch 1 for McAfee VirusScan Enterprise 8.7i from its download servers out of precaution after a potential issue with the update was discovered," McAfee said in a statement. "A very small number of customers reported trouble with the patch on a limited number of computers."

McAfee went on to say that it's working on identifying the cause of the false positives and, once resolved, will repost the mandatory update.

What's the Energy Cost of 62 Trillion Spam Emails?

Paul Lilly — Fri, 17 Apr 2009 09:59:07 -0500

Most of us view spam as an annoyance with the greatest cost associated with junk email being our time. However an even bigger price is being paid by the environment, a problem underscored by the startling amount of junk email that now flutters across the web. We're talking about 62 trillion spam messages in 2008 alone, according to a report released by McAfee.

In terms of the environment, McAfee researchers say each piece of junk email emits 0.3 grams of carbon dioxide (CO2), or a combined 17 million metric tons of CO2 for all spam-related emissions in 2008.

"The amount released into the atmosphere is significant," said Dave Marcus, director of security research for McAfee. "Spam has a big carbon footprint. It's something people be aware of."

Most of the spam-related greenhouse gas emission -- 80 percent -- comes from the energy used by PC users to view, delete, and sort for legitimate messages, McAfee says. The silver lining here is that by taking steps to reduce spam, you not only reclaim your inbox, but also can have a noticeable impact on the environment.

Adobe Patches Zero-Day Vulnerability

Justin Kerr — Sun, 15 Mar 2009 12:59:32 -0500

If you haven’t done so already, make sure your Adobe reader has checked for, and downloaded the latest updates. Adobe has finally released a patch for the zero day scripting vulnerability in its PDF software. The patch for version 9 hit the net a bit earlier than expected, but not a moment too soon to combat this now critically exploited weakness which has been in the wild now since December 2008. The patches for Version 7 & 8 are still planned for March 18th and users of this version would be advised to either upgrade to 9.1 or consider Foxit Reader.

The news was posted by Adobe blogger David Lenoe. "Today, we posted the Adobe Reader 9.1 and Acrobat 9.1 update, which resolves the recent JBIG2 security issue (CVE-2009-0658), including the 'no-click' variant of the vulnerability." "We encourage all Adobe Reader users to download and install the free Adobe Reader 9.1."

For those that haven’t been following the details of the exploit, the vulnerability is a result of an array indexing error in the processing of JBIG2 streams. Hackers have found a way to corrupt arbitrary memory using the PDF format and take control of compromised systems. The lesson learned here if we didn’t know it already, don’t take candy, or PDF’s from strangers.

New Adobe Reader Exploit Reminds us why we Love Foxit

Justin Kerr — Sun, 22 Feb 2009 18:41:26 -0600

Adobe’s PDF reader and creator software continues to be under a seemingly endless attack, and a new vulnerability has the security community very worried. A critical flaw in all editions of its PDF reader and creator software will allow attackers to crash the application and gain control of a person’s computer. This vulnerability has been acknowledged by Adobe, but a fix is still rumored to be 2-3 week away. Initially the company will be working to patch version 9, but will eventually include fixes for version’s 7 & 8 as well.

According to the McAfee security blog, malicious PDF documents are already in the wild, and have been appearing across the web since early January. PDF exploits are of significant concern to the security community since the reader software interfaces very closely with web browsers. In many cases PDF documents are opened within a new browser tab, and displayed even with a user’s consent. According to Symantec this attack has primarily been directed towards government agencies and large corporations, it is not widespread as of yet.

Symantec also offers some tips on how to combat the problem by disabling JavaScript, but here at Maximum PC we much prefer just using Foxit Reader as an alternative. This lightweight solution weighs in at only 3 MB and (to the best of our knowledge) is unaffected by the exploit. It’s so good in fact, it made our list of 32 Totally Essential (and free) Apps for Every New PC.

McAfee to Acquire Network Security Company

Paul Lilly — Wed, 24 Sep 2008 11:06:36 -0500

Believe it or not, there are security options out there other than AVG. McAfee, being one of them (surely you've run across McAfee on an OEM rig or two), announced plans to acquire network security vendor Secure Computing for around $465 million. The move, according to McAfee, is intended to beef up the company's network security portfolio.

"Today's announcement of this pending acquisition is a natural extension of McAfee's security-only focus," Dave DeWalt, CEO and president of McAfee, said in a statement. "We expect the pending combination of McAfee and Secure Computing will create an annual projected combined revenue of just under $500 million in the network security segment of our SRM (security risk management) portfolio."

Before the acquisition can go through, it must first pass regulatory approvals and get the green light from Secure Computing's stockholders, all of which is expected to be finalized by the end of the year.

Image Credit: McAfee

MySpace and Facebook Users Targeted by New Koobface Worm

Mark Edward Soper — Mon, 04 Aug 2008 15:07:27 -0500

MySpace and Facebook users now have bigger worries than whether Wordscraper will stay online: two new worms, known as the Koobface family, are attacking Windows users of these popular social networking (or "Notworking" sites, as our friends at The Inquirer call them). These new worms pose a threat to the peace of mind of people like Zac Koobface (a real Facebook user, by the way).

Kapersky Labs was the first to detect these worms: Net-Worm.Win32.Koobface.a (targets MySpace) and Net-Worm.Win32.Koobface.b (targets Facebook). McAfee refers to both worms as W32/Koobface.worm, while Symantec uses the terms W32.Koobface.A and W32.Koobface.B.

Both worms send comments or messages to other users of the service. The messages or comments contain alleged links to humorous YouTube files (such as "Paris Hilton Tosses Dwarf On The Street"). When the user clicks on the link, the link redirects to a website that displays an error message claiming the user needs an updated codec to enable the Adobe Flash player to play the video. The alleged Flash player update (codecsetup.exe) contain the worm.

When the Koobface.A worm runs, it configures itself to run automatically when the system starts, checks for MySpace cookies, and if it finds them, modifies the user's profile by adding links to malicious sites that contain the worm. To learn more about Koobface.A and Koobface.B, check the McAfee and Symantec links earlier in this article.

If you use Kapersky, McAfee, or Symantec antivirus, the latest virus definitions will detect and stop these worms. If you use other antivirus or anti-malware programs, check for updates daily - and don't click on funny video links from other MySpace or Facebook users. The results just aren't very funny.

Original illustration by the author.