You knew it would happen sooner or later, we're just a little surprised it took this long for hackers to release a botnet running on mobile phones. According to Symantec, a piece of malicious software called Sexy Space may be the first documented case.
Like most botnets, Sexy Space relies on quite a bit of user interaction to be effective. Those who ultimately become a zombie in the botnet first receive a text message saying "A very sexy girl, Try it now!" Inside the message is a link that must be clicked, which then asks the potential victim to download software. The software then scours through the user's contact list and sends an SMS with the same message to each person.
Symantec says that this particular botnet is being controlled by a central server, but it remains unclear whether or not the phones respond to remote commands.
We're undoubtedly preaching to the choir on this one, but be wary of any rogue text messages, especially when they ask you to click a link and download software.
"This is a JS engine bug dealing with deep bailing not properly restoring the return value from the result of the (fast native) escape function. We then try to do something with the uninitialized memory and crash in the interpreter," wrote Mozilla's Blake Kaplan in a comment on the bug report.
It didn't take long for researchers to discover that the bug was exploitable and could be used to execute arbitrary code. It's also been squashed in the 3.5.1 update, however researchers have discovered a similar bug that remains. According to Mozilla, it is looking into the issue, but so far doesn't believe the newly discovered bug is exploitable.
Less than a month after release, Firefox 3.5 receives an incremental update bringing the most current stable version to 3.5.1. As might be expected, the 3.5.1 update addresses several security and stability issues, as well as an issue that was making Firefox take a long time to load on some Windows systems, Mozilla says.
"We strongly recommend that all Firefox 3.5 users upgrade to this release," Mozilla said in a statement. "If you already have Firefox 3.5, you will receive an automated update notification within 24 to 48 hours. This update can also be applied manually by selecting 'Check for Updates...' from the Help menu."
On a related note, Mozilla said it is no longer supporting supporting Firefox 2.0.0.x, which "contains known security vulnerabilities." So in other words, pretty much every Firefox user should go grab the latest update.
Last month, a hacker calling himself Hacker Croll infiltrated an administrator's email account who works for Twitter, gaining access to the employee's Google Apps account, where Twitter shares spreadsheets and documents outlining business ideas and various financial details, said Biz Stone, a Twitter co-founder.
After doing so, the hacker sent all sorts of confidential documents to a pair of news blogs: TechCrunch and Korben. While the breach and subsequent sharing of information might have been embarrassing for Twitter, analysts say the attack highlights the bigger problem of people using the same password for ever site they visit.
According to security firm Sophos, 40 percent of Internet users use the same password for every website. And with so many personal details floating around social networking sites, it makes it that much easier for hackers to breach someone's account.
"A lot of the Twitter users are much living their lives in public," said Chris King, director of product marketing at Palo Alto Networks, which creates firewalls. "If you broadcast all your details about what your dog's name is and what hour hometown is, it's not that hard to figure out a password."
This won't come as a surprise to power users, but to avoid being hacked, use strong passwords that combine letters and numbers, change your passwords often, and don't use the same password for every site you visit.
Enter about:config in the browser's location bar
Type jit in the Filter box
If you'd rather not mess around with about:config settings, you can still disable JIT by running Firefox in Safe Mode, which is accessible from the Mozilla Firefox folder.
This week, Microsoft announced that DirectShow ActiveX code in Internet Explorer 6 and 7 that was reserved for future use has finally been used - by malware providers. The DirectShow Video ActiveX control in the msvidctr.dll file can be used to take over your system if you visit an infected website. According to Symantec, thousands of websites (primarily in China and other parts of Asia) have been affected.
Who's vulnerable? According to Microsoft Knowledge Base article 972890, Windows Server 2003, Windows XP SP2, Windows XP SP3, and Windows XP 64-bit edition are at risk if they haven't upgraded to IE8. IE8 is not vulnerable because the DirectShow ActiveX control being exploited was disabled in IE8. But, if you're still running IE7 (or - horrors! - IE6), what now?
Although Microsoft doesn't have a software patch, it's offering the next best thing: visit KB article 972890 to download and run Microsoft Fix it control 50287 to work around the problem (the same site also offers Microsoft Fix it control 50288 to disable the workaround). The woraround and disable workaround controls are distributed in .msi installer files. Microsoft also recommends the workaround for Windows Vista and Windows Server 2008 users who are still running IE7.
If you want to learn more about what the workaround changes, you can visit the Microsoft Security Advisory (972890) page. This page lists the CLSID values that must be changed. This information can be incorporated into a .reg file, or can be distributed to multiple PCs in a domain using Group Policy. For additional information, see Security Focus article 35558.
Networking in Windows 7 builds upon the drastic remodeling that occurred in Windows Vista. However, although some of the basic networking features in Windows 7 are similar to those in Windows Vista, many networking features have been improved in Microsoft's latest operating system. And, if you are moving up from Windows XP, you will find that Windows 7's network interface is a completely different animal than you've encountered before. Whether you're moving up from Windows Vista or Windows XP, join us after the jump to learn what's new and better in the main building blocks of Windows 7 networking.
Social networking is all fun and games until someone hijacks your social security number, sells it to the seedy underground world of cyber-crime, and ultimately destroys your credit. But does that really happen?
According to a new study, it very well could. Researchers at Carnegie Mellon University showed how social security numbers can be guessed using information found in sites like Facebook, MySpace, and other popular Web portals. And it's not just a freak occurrence, either. Using information culled from such sites, researchers were able to predict, on the first try, the first five digits of a person's social security number 44 percent of the time for 160,000 people born between 1989 and 2003.
"We live in a precarious time, where knowledge of a Social Security number, along with other information about one's name and date of birth, is sometimes sufficient to impersonate another individual," said Alessandro Acquisti, the study's lead author, in an telephone interview with Bloomberg.
Sites like Facebook leave personal information visible by default when creating a profile, and it's the birth data that is particularly telling, as the first three digits are assigned based on where a person lived at the time of obtaining a Social Security card. Using this information, Acquisiti said "the first five digits are easy to predict."
Many of our readers were taken off-guard when we rated Norton Internet Security 2009 a 9/Kickass in last year's antivirus roundup, and we even admit to being surprised at Norton's transformation from a resource-heavy sloth to a lean and competent antimalware package. We hope the trend continues, and we'll have a chance to see if it does now that Symatec has released beta versions of its upcoming 2010 releases to the public.
The new version features a new protection model codenamed Quorum and will put a heavier focus on reputation-based malware detection. While it won't replace existing signature-based detection for known threats, Norton says the reputation model can detect zero-day malware that's never been seen before.
"Our new approach changes the rules by both enhancing traditional security techniques to make them more aggressvie and by making it dramatically more difficult for attackers to evade detection by simply changing their malware," said Rowan Trollope, Symantec senior vice president, Consumer Business Unit.
Other features include an overhaul to parental control and spam filtering, more detailed information provided by Norton Insight, which identifies known good programs for faster scanning, and a new feature called Autopsy, which is designed to help the user understand what just happened when Norton automatically removes an infection.
Panda Security's free Cloud Antivirus, released in beta form just a couple of months back, has apparently been well received with "millions" of downloads. Based on feedback from those who have participated, Panda this week released the second beta for what it refers to as the first free cloud-based antivirus thin client.
Several new features and fixes have been added to the newest beta, some of which include:
Undo option for the Recycle Bin to recover deleted detections for a period of 3 days in case of false positives
Synchronous real-time Cloud scan
A response control mechanism that prevents programs from executing before they can be scanned
Background and on-demand scans no longer run simultaneously, improving overall scan times
For a full list of fixes of changes, as well as download instructions, see here.
No word yet on when the final release of Version 1.0 will go live, however Panda did say it plans to release a third beta sometime around September.