Have you checked your bank account balance online lately? If so, you may want to consider verifying the numbers with a paper statement, because what you see on your computer screen might not be indicative of banking activity that's occurring right under your nose, according to a new security report.
Hackers have a new piece of malware to play with, one which not only picks your online pocket, but also hides the evidence of any wrong doing by rewriting online bank statements on the fly. Once the Trojan horse infiltrates a user's PC, it goes to work by altering the HTML coding before it's displayed in the victim's browser, making sure to erase any evidence of money transfers or other unauthorized transactions.
"The Trojan is hooked into your browser and dynamically modifies the text in the HTML," said Yuval Ben-Itzhak, CTO of computer security firm Finjan. "It's a very sophisticated technique."
A gang targeting customers of leading German banks first began employing the ruse in August and managed to steal Euro 300,000 (about $440,000 USD) in just three weeks. Finjan estimates that the gang using the scheme could potentially steal about $7.3 million annually.
While so far relegated to German banks, Ben-Itzhak warned that this technique is likely to spread to other countries.
Microsoft confirmed on Monday that it would be releasing its free security suite to the public sometime this morning Pacific time, although no specific hour was given for the launch.
Formerly codenamed "Morro," Microsoft's Security Essentials is the company's replacement for Windows Live OneCare, the fee-based security suite that Microsoft axed back in June. Shortly after, Security Essentials was made available in beta form to a limited number of testers.
Not only will Security Essentials be free, but Microsoft said users will not have to register their copy, nor will a time limit be placed on the software.
"Consumers have told us that they want the protection of real-time security software, but that they are confused by trials and renewals and concerned about performance and as a result, too many are unprotected," said Amy Barzdukas, general manager for consumer security at Microsoft in a statement.
The Essentials software runs on Windows XP, Vista, and Windows 7.
The folks over at The Register got a response from Facebook about all the flak they’ve been catching about their Mailbox API. Facebook says that their new API is less intrusive than Gmail’s scanning efforts.
Gmail is known to sift through an email and provide targeted ads depending on what it finds. Facebook claims they will white list approved applications and the user will still need to explicitly grant the application access to their information. Also according to Facebook, the fact that they don’t stand to make money (via ads) means their effort is less litigious than Gmail’s.
They offered that the potential applications of the API might outweigh the risks for some users. One likely use will be to expose your Facebook inbox through POP, making it accessible on devices in a similar way as email applications.
It is still debatable whether it is advantageous to give developers access to potentially sensitive data within Facebook. Which do you think is worse: Facebook’s mailbox API or Gmail’s email scanning?
Facebook has plans to make available an inbox and notification API and security experts everywhere aren’t pleased. The API will expose users’ mailbox messages and notifications to applications developed around the framework.
Graham Cluley, a Sophos senior technology consultant said "the idea of Facebook applications being given free rein to mine users' inboxes and sent folders sends a shiver down my spine” in an interview with The Register. The API is clearly a point of contention for many security analysts who feel that Facebook may be revealing too much to developers.
Ultimately, it is going to come down to how Facebook handles the permissions of these applications. If they skirt the privacy concerns and bury the details in fine print about users’ rights, there will certainly be trouble. However, the liability falls onto the user to make sure their privacy isn’t invaded by their approved applications.
How do you feel about Facebook apps being able to dig into your messages?
If you're an active reader of Maximum PC, you may have seen us recommend SUPERAntiSpyware in the past, and with good reason. The spyware scanner does a good job of detecting and disinfecting nasty malware infections, and it's free (paid version also available).
As of Thursday, SUPERAntiSpyware has begun offering free online scans, a particularly handy option if a malware strain happens to be blocking your spyware proggies from running, as they're prone to do.
"Our new online scanner is a critically important tool for computer users and technicians," said Nick Skrepetos, founder of SUPERAntiSpyware.com. "The new breed of infections we are seeing simply block most, if not all, anti-spyware and anti-virus products from running. This leaves users and technicians in a desperate situation. We have answered the call with our stand alone online "Safe Scan" which will run when other products are blocked."
The online scanner doesn't run in a browser like many of the online antivirus scanners, and you'll still need to download a nearly 9MB file. But SUPERAntiSpyware says it does not install anything in your Start Menu or Program Files "and does NOT need to be uninstalled."
We gave Safe Scan a spin and it looked and felt just like the regular version of SUPERAntiSpyware. You can download updates, schedule scans, and choose between quick or complete rooting out of spyware.
If you want to kick the tires yourself, you can do so here.
The report (PDF) reveals that 95% of comments that appear on blogs, chat rooms and online forums fall into two broad categories: spam and malicious content. Cyber scoundrels now seem more focused on targeting Web 2.0 websites with user-generated content than ever before. Many of the most frequented internet properties are sites that tolerate user-generated content. And 61% of the top 100 sites either host malicious content or link to it, according to the report.
Spam and malicious content seem to go hand in hand, for Websense Security Labs found that 85.6 of spam mails in circulation during the first half of 2009 contained links to malicious sites.
New Research by Trend Micro suggests that some malware infections hang around for as long as two years in some circumstances. This new data refutes previous estimates that the infection limit was approximately six weeks. Their research consisted of the analysis of over 100 million compromised IPs where they found that four out of five machines remain infected for longer than a month.
They concluded that if machines were not disinfected quickly, that those infections would linger until the machines were disconnected altogether, speculating replacement as the eventual solution.
After further investigation into network botnets, Trend Micro was also able to pinpoint that the majority of identity-theft reports traced back to three agent strains: Koobface, Zeus/Zbot and Ilomo/Clampi. In particular, the hysterically named Koobface botnet updated its infrastructure to use proxies and relays making it nearly impossible to eradicate.
Australia’s Internet Industry Association (IIA) has released a new set of guidelines designed to limit the effect of malware infected computers. The non-mandatory code of conduct instructs ISPs to contact owners of infected PCs and provide advice to fix the problem. Failing that, the ISP may even cut service to the affected PC.
IIA spokesman, Stephen Conroy, points to a recent government program to get users to change their passwords as evidence that not enough is being done. "I think there's about two or three websites doing exactly the same thing and they all assume you've got to log on to the website. It's kind of like a web 1.0 style approach," said Conroy.
Many in government and industry welcome the proposed rules, but some worry about cost. Would ISPs actually be able to deal with the added costs of contacting users and walking them through a malware cleanup? Australian ISP iiNet said it would be happy to adhere to the new standards, if the process could be automated. So, would this policy help, or would droves of customers find themselves disconnected without explanation?
On Friday, Microsoft pushed updates for Windows operating systems that disables the AutoRun feature for non-optical devices.This update affected Windows XP, Vista, Server 2003, and 2008. Microsoft already disables the feature in the, soon to be available, Windows 7 OS.The update was available voluntarily back in August.
AutoRun (and AutoPlay) was originally developed out of convenience to eliminate the need for users to browse the media for the correct file to open.However, recently it has been exploited to automatically run malware and other obtrusive software applications without the users consent.
Interestingly, the update doesn’t cripple removable optical media (i.e. CDs and DVDs) from running AutoRun procedures.So companies, such as U3, who manufacture their devices to represent themselves as CDs are largely unaffected by the update.
Judging by the comments last week, a handful of readers were appalled to find Mac ads here on Maximum PC, while others were amused. No matter how you felt about them, at least they weren't infecting your PC with malware.
"Some NYTimes.com readers have seen a pop-up box warning them about a virus and directing them to a site that claims to offer antivirus software. We believe this was generated by an unauthorized advertisement and are working to prevent the problem from recurring. If you see such a warning, we suggest that you not click on it. Instead, quite and restart your Web browser."
These types of malicious re-directs are nothing new, but for the most part, they've been relegated to seedier sides of the web (porn and warez), and free software sites (screensavers, browser buddies). But apparently they're still a problem for major publishers too.