Security firm Dasient has compiled some interesting numbers regarding the slums of the internet, in particular the number of pages hosting malware. Combined with numbers released earlier this year by Microsoft and Google it leads to a disturbing and messy forecast.
According to the study an estimated 5.8 million pages within 640,000 websites were infected with code designed to impregnate visitors’’ computers with malware. Microsoft released numbers back in April regarding this same statistic claiming only 3 million pages were infected. In approximately 6 to 7 months, the internet garbage pile has close to doubled. During a similar period, Google doubled its blocked site metric to just fewer than 350,000.
The cleaning process isn’t easy because sites are getting re-infected just as quickly as they are getting clean. In fact, 39.6 percent of compromised sites have been compromised in the past and were cleaned up.
Old versions of common programs such as Adobe Flash and Acrobat provide easy targets for exploiting large numbers of clients all at once. "Hackers are starting to see some success from these attacks and whenever they see success, they continue to invest more," said Ameet Ranadive co-founder of Dasient.
Yikes - it was discovered that a vulnerability in a Time Warner cable modem and WiFi router being used by 65,000 customers makes it possible for a hacker to remotely access the device's administrative menu and wreak havoc, To deal with the problem, Time Warner said it hopes to have updated firmware from the router manufacture to push out to customers soon.
"We were aware of the problem last week and have been working on it since," said Time Warner spokesman Alex Dudley.
"From within your own network, an intruder can eavesdrop on sensitive data being sent over the Internet and even worse, they can manipulate the DNS address to point trusted sites to malicious servers to perform man-in-the-middle attacks," Chen wrote on his blog. "Someone skilled enough can possibly even modify and install a new firmware onto the router, which can then automatically scan and infect other routers automatically."
Time Warner said it is working to find out if the same or a similar vulnerability also affects other models.
You probably encounter more shortened URLs these days. These links, while convenient, are also a great way to hide a link to a malicious site. You can blame Twitter for their proliferation. With only 140 characters, tweeting a full link is impractical. Now AVG is stepping up to the plate to offer a method of protection.
AVG’s LinkScanner security product now fully supports shortened URLs. AVG says the LinkScanner system is more reliable than other methods because it tests links in real time. Whether or not it's the best, it is free.
The free malware scanner, Ad-Aware, has also added new features. The new enhancements are aimed at detecting and removing rootkits. A rootkit is a piece of malware that specializes in getting deep into the operating system to avoid detection. Ad-Aware uses heuristic detection to search for these nasty bits of software. It is also able to stop certain types of malware from restoring themselves after a reboot. Ad-Aware is a free download [warning, attempted upsell], and well worth having a look at.
Have you checked your bank account balance online lately? If so, you may want to consider verifying the numbers with a paper statement, because what you see on your computer screen might not be indicative of banking activity that's occurring right under your nose, according to a new security report.
Hackers have a new piece of malware to play with, one which not only picks your online pocket, but also hides the evidence of any wrong doing by rewriting online bank statements on the fly. Once the Trojan horse infiltrates a user's PC, it goes to work by altering the HTML coding before it's displayed in the victim's browser, making sure to erase any evidence of money transfers or other unauthorized transactions.
"The Trojan is hooked into your browser and dynamically modifies the text in the HTML," said Yuval Ben-Itzhak, CTO of computer security firm Finjan. "It's a very sophisticated technique."
A gang targeting customers of leading German banks first began employing the ruse in August and managed to steal Euro 300,000 (about $440,000 USD) in just three weeks. Finjan estimates that the gang using the scheme could potentially steal about $7.3 million annually.
While so far relegated to German banks, Ben-Itzhak warned that this technique is likely to spread to other countries.
My 6-year-old computer is extremely slow and sometimes takes 20 minutes just to start up. The other day it caught a virus, which masqueraded as a firewall and installed itself onto my computer, changing the background to a picture that said I have spyware on my computer. I tried to open my virus-scan program (AOL) but it would not open. I have tried everything I can think of. I took out my hard drive so that it could not get to my files. Now, I have to use my son’s computer for emails. He is a big gamer so it’s really hard to get in the time to use it. Should I wait for Windows 7 to come out before getting a new computer?
If you're an active reader of Maximum PC, you may have seen us recommend SUPERAntiSpyware in the past, and with good reason. The spyware scanner does a good job of detecting and disinfecting nasty malware infections, and it's free (paid version also available).
As of Thursday, SUPERAntiSpyware has begun offering free online scans, a particularly handy option if a malware strain happens to be blocking your spyware proggies from running, as they're prone to do.
"Our new online scanner is a critically important tool for computer users and technicians," said Nick Skrepetos, founder of SUPERAntiSpyware.com. "The new breed of infections we are seeing simply block most, if not all, anti-spyware and anti-virus products from running. This leaves users and technicians in a desperate situation. We have answered the call with our stand alone online "Safe Scan" which will run when other products are blocked."
The online scanner doesn't run in a browser like many of the online antivirus scanners, and you'll still need to download a nearly 9MB file. But SUPERAntiSpyware says it does not install anything in your Start Menu or Program Files "and does NOT need to be uninstalled."
We gave Safe Scan a spin and it looked and felt just like the regular version of SUPERAntiSpyware. You can download updates, schedule scans, and choose between quick or complete rooting out of spyware.
If you want to kick the tires yourself, you can do so here.
The report (PDF) reveals that 95% of comments that appear on blogs, chat rooms and online forums fall into two broad categories: spam and malicious content. Cyber scoundrels now seem more focused on targeting Web 2.0 websites with user-generated content than ever before. Many of the most frequented internet properties are sites that tolerate user-generated content. And 61% of the top 100 sites either host malicious content or link to it, according to the report.
Spam and malicious content seem to go hand in hand, for Websense Security Labs found that 85.6 of spam mails in circulation during the first half of 2009 contained links to malicious sites.
New Research by Trend Micro suggests that some malware infections hang around for as long as two years in some circumstances. This new data refutes previous estimates that the infection limit was approximately six weeks. Their research consisted of the analysis of over 100 million compromised IPs where they found that four out of five machines remain infected for longer than a month.
They concluded that if machines were not disinfected quickly, that those infections would linger until the machines were disconnected altogether, speculating replacement as the eventual solution.
After further investigation into network botnets, Trend Micro was also able to pinpoint that the majority of identity-theft reports traced back to three agent strains: Koobface, Zeus/Zbot and Ilomo/Clampi. In particular, the hysterically named Koobface botnet updated its infrastructure to use proxies and relays making it nearly impossible to eradicate.
Australia’s Internet Industry Association (IIA) has released a new set of guidelines designed to limit the effect of malware infected computers. The non-mandatory code of conduct instructs ISPs to contact owners of infected PCs and provide advice to fix the problem. Failing that, the ISP may even cut service to the affected PC.
IIA spokesman, Stephen Conroy, points to a recent government program to get users to change their passwords as evidence that not enough is being done. "I think there's about two or three websites doing exactly the same thing and they all assume you've got to log on to the website. It's kind of like a web 1.0 style approach," said Conroy.
Many in government and industry welcome the proposed rules, but some worry about cost. Would ISPs actually be able to deal with the added costs of contacting users and walking them through a malware cleanup? Australian ISP iiNet said it would be happy to adhere to the new standards, if the process could be automated. So, would this policy help, or would droves of customers find themselves disconnected without explanation?
Judging by the comments last week, a handful of readers were appalled to find Mac ads here on Maximum PC, while others were amused. No matter how you felt about them, at least they weren't infecting your PC with malware.
"Some NYTimes.com readers have seen a pop-up box warning them about a virus and directing them to a site that claims to offer antivirus software. We believe this was generated by an unauthorized advertisement and are working to prevent the problem from recurring. If you see such a warning, we suggest that you not click on it. Instead, quite and restart your Web browser."
These types of malicious re-directs are nothing new, but for the most part, they've been relegated to seedier sides of the web (porn and warez), and free software sites (screensavers, browser buddies). But apparently they're still a problem for major publishers too.