The Conficker worm has been generating the big security headlines, but what The New York Times calls a "vast electronic spying operation" reveals an ongoing, very sophisticated cyberespionage campaign that may well represent an even more important threat than Conficker - especially to the Dalai Lama's Tibetan freedom movement.
Researchers at the University of Toronto Munk Center's Citizen Lab summarize GhostNet thus:
Documented evidence of a cyber espionage network— GhostNet—infecting at least 1,295 computers in 103 countries, of which close to 30% can be considered as high-value diplomatic, political, economic, and military targets.
Documented evidence of GhostNet penetration of computer systems containing sensitive and secret information at the private offces of the Dalai Lama and other Tibetan targets.
Documentation and reverse engineering of the modus operandi of the GhostNet system—including vectors, targeting, delivery mechanisms, data retrieval and control systems—reveals a covert, diffcult-to-detect and elaborate cyber-espionage system capable of taking full control of affected systems.
To find out more about how GhostNet works, join us after the jump.
Microsoft's latest browser, Internet Explorer 8, has gotten mixed reviews from MaximumPC.com readers (see comments here and here), but one question that's hard for any individual user to answer about any browser is "how secure is it?"
To find out, Microsoft asked NSS Labs to pit IE8 RC1 against its predecessor, IE7, as well as the following third-party browsers: Firefox 3.0.7, Safari 3.2, Chrome 1.0.154, and Opera 9.64. The objective: find out which browser did the best job at handling so-called social-engineering malware sites - the ones that try to con you into downloading malware disguised as something else ("Adobe Flash update," anyone?).
ComputerWorldreports that IE8 did the best job of fending off attacks from 492 malware-distributing websites, blocking 69% of attacks (details here [PDF link]). If you're not using IE8, join us after the jump to learn how your favorite browser fared.
Online beguilers are leaving no stone unturned in propagating malware. They have shown remarkable pliancy in adapting themselves to the ever-evolving cyber landscape. They have realized that the best places to ply their diabolical trade are the ones with massive traffic. As nothing rivals social websites in popularity, such cyber haunts have endeared themselves to malware authors.
Ironically, the French had been warned as far back as October to harden their systems, but as we reported last month, millions of PCs hadn't yet been protected by installing KB958644. How bad was the infection, and how was it spread? Hit your afterburners and join us after the jump for details.
When it comes to PC security, you already know the drill: Don't download unknown attachments, avoid clicking on suspicious links, log directly into your online accounts rather than follow a hyperlink, and so forth. These methods work well when dealing with virtual threats, but what happens when miscreants start meshing their malware tricks into the real world?
That's exactly what's going on in North Dakota, where some hybrid car owners have fell victim to fake parking citations left on the windshield. The citations read "PARKING VIOLATION. This vehicle is in violation of standard parking regulations. To view pictures with information about your parking preferences, go to ______," where the blank is filled in with a malicious website. Those who go the website are instructed to download a toolbar to view photos of the ticketed car, but it instead installs a Trojan along with a bogus security alert instructing victims to install a fake antivirus scanner.
On January 31, you may have thought the entire internet had fallen prey to what would have ranked as the fastest spreading worm in the history of the web. That's because for about an hour on Saturday morning, all Google search results were flagged with a warning saying "This site may harm your computer," including Google.com. Clicking a marked site would bring up yet another warning.
So what exactly happened? Well, it wasn't a worm, and the internet wasn't under attack (no more than usual, anyway). Instead, Google said it ultimately boiled down to human error.
"Unfortunately (and here's the human error), the URL of '/' was mistakenly checked in as a value to the file and '/' expands to all URLs," Google explained on its blog. "Fortunately, our on-call site reliability team found the problem quickly and reverted the file. Since we push these updates in a staggered and rolling fashion, the errors began appearing between 6:27 a.m. and 6:40 a.m. and began disappearing between 7:10 and 7:25 a.m., so the duration of the problem for any particular user was approximately 40 minutes."
Google initially said it gets its list of malicious URLs from StopBadware.org, which StopBadware.org said isn't true. After several updates, Google's final statement says it "works with a non-profit called StopBadware.org to come up with criteria for maintaining this list," but that fault untimately fell on Google.
Malware is everywhere. You can't browse on any Internet tech forum without someone mentioning this word (with disdain), usually in search of a remedy after being infected with spyware. No matter how careful you are, we’re guessing that many of you have had malware inadvertently installed on your system and may have even ended up reformatting your computer as a last resort. While that may have been the most thorough solution, it is in a sense admitting defeat. Or worse yet, you took your computer to get cleaned and was charged anywhere from $50-300 -- a high price for humiliation. But don't fret, because you can actually purge your system of malicious software for free! Just follow our comprehensive guide.
Credit card payment processor Heartland Payment Systems, which is based in Princeton, fears that its card data might have fallen in the wrong hands. On Tuesday, it formally warned credit card holders about it and advised them to vet their card statements exhaustively and to report any abuse.
The company has revealed that its computer network was found to be infested with malware. They are nearly convinced that the cardholders’ names and numbers have been stolen. The company hasn’t divulged any technical details of the malware attack.
So, you've decided to log into your bank's website to figure out if you can afford the newest techno-bling shown at CES. Your bank gives you the nod, and you open up another browser tab (or window) to cruise over to your favorite tech reseller. After doing a few price and stock checks, a pop-up window appears: your bank session has timed out - and if you want to double-check your available credit or account balance, you need to log in again. Should you click and go?
To learn how it works, and to learn how to protect yourself, join us after the jump.