If you've been worrying about computer security for awhile, you might remember when macro viruses in Microsoft Word and Excel files were at the top of the exploit list. These file formats, along with the omnipresent Adobe Reader PDF format, are once again among the biggest threat vectors being exploited by today's malware, according to a new report from the Microsoft Malware Protection Center. Fittingly, the full report and a condensed key findings version are available in either PDF or Microsoft's own XPS formats. These reports cover the July-December 2008 period.
Some key findings include:
Scareware (which Microsoft calls "rogue security software") is on the rise, including the latest versions of our old friend Antivirus XP.
A slight reduction in unique vulnerability disclosures from 2007, but the High (most serious) category was larger in the second half of 2008 than in the first half of the year or the second half of 2007.
Applications continue to be the biggest target (86.7%, with browsers at 8.8%, and operating systems at only 4.5%)
When the iPod first boomed in popularity there were companies lining up around the block to sell accessories designed for the digital music player, and now it’s the netbook’s turn. The first generation of netbook-oriented accessories officially launched this week, and there’s little doubt that they’ll be the last to jump aboard this gravy train.
Kensington announced five products aimed at users of the tiny portables this week, and while the tiny wired and wireless mice ($14.99 and $24.99 respectively) won’t turn any heads, other items such as the power adapter (with a built in USB port for some extra charging power) do show off some solid insight ($49.99). And, if you’re concerned about your netbook’s safety or looks, you can snag the security lock ($24.99) or the sleeve ($14.99).
You can get all of these starting today off of Kensington’s website, or you can wait around until they end up on store shelves within a couple weeks.
Streetlights didn't stop working, satellites never fell from orbit, and the internet didn't spontaneously combust. So what exactly did the Conficker.c worm manage to accomplish? Up till now, the answer is 'not much,' but Trend Micro warns the worm has started making its move.
It's been just over a week since Conficker.c was supposed to turn machines against man in an epic battle not even Will Smith (the actor, not the Editor-in-Chief) would be able to defeat, and while we can probably put such related fears to rest, Trend Micro security researchers say machines already infected with the worm have begun receiving a new payload through P2P. The payload is being detected as WORM_DOWNAD.E.
"Basically the component it's downloading via peer-to-peer is just a dropper -- so it drops yet another component, which we are in the process of finalizing analysis on now," Trend Micro researcher Paul Ferguson said in a conversation with eWEEK. "It looks like it has some rootkit capabilities, but beyond that right now I can't go into any additional detail, I don't have complete information in front of me."
Conficker.c received much media attention prior to April 1st, when the worm was expected to wreak all kinds of havoc. But April Fool's Day has come and gone without much movement from the worm, which either means the threat was grossly overblown, or its writers are waiting for the dust to settle.
No rest for the weary, especially Windows users. Following the Conficker.c scare that, up to this point, hasn't lived up to the hype, a Microsoft Security Advisory (969136) warns of a newly discovered vulnerability in PowerPoint.
"Microsoft is investigating new reports of a vulnerability in Microsoft Office PowerPoint that could allow remote code execution if user opens a specially crafted PowerPoint file," said the advisory. "At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability."
Microsoft said the vulnerability is caused when PowerPoint accesses an invalid object in memory when parsing a specially crafted PowerPoint file. The security hole makes it possible for attackers to gain the same user rights as the local user.
No fix is currently in place, however Microsoft indicated it may release a patch before the next monthly security update. In the meantime, PowerPoint users are advised not to open or save Office files from un-trusted sources (thanks for that gem, MS!).
The Conficker worm has been generating the big security headlines, but what The New York Times calls a "vast electronic spying operation" reveals an ongoing, very sophisticated cyberespionage campaign that may well represent an even more important threat than Conficker - especially to the Dalai Lama's Tibetan freedom movement.
Researchers at the University of Toronto Munk Center's Citizen Lab summarize GhostNet thus:
Documented evidence of a cyber espionage network— GhostNet—infecting at least 1,295 computers in 103 countries, of which close to 30% can be considered as high-value diplomatic, political, economic, and military targets.
Documented evidence of GhostNet penetration of computer systems containing sensitive and secret information at the private offces of the Dalai Lama and other Tibetan targets.
Documentation and reverse engineering of the modus operandi of the GhostNet system—including vectors, targeting, delivery mechanisms, data retrieval and control systems—reveals a covert, diffcult-to-detect and elaborate cyber-espionage system capable of taking full control of affected systems.
To find out more about how GhostNet works, join us after the jump.
April Fools' Day might be all fun and games for some, but if you manage to fall prey to the Conficker worm, it's no laughing matter. As reported earlier this month by our very own Mark Soper, the third version of Conficker (Conficker.c) is set to wreak havoc tomorrow, April 1st. Here's what you need to know.
What is Conficker?
Conficker is one of the nastiest computer worms in recent history to go on the warpath against Windows-based PCs. First surfacing in October, 2008, Conficker targets Windows 2000, XP, Vista, Server 2003, Server 2008, Server 2008 R2 Beta, and even Windows 7. To date, Conficker has infected over 9 million PCs, shut down French and British military assests, and prompted a $250,000 reward from Microsoft for information leading to the arrest and conviction of the worm's creators.
What Does it Do?
The first two versions of Conficker -- variants A and B -- exploit a vulnerability in the Server Service on Windows-based PCs to take advantage of an already-infected source computer. Once infected, the worm goes to work exploiting the network hole, cracking administrator passwords, prevents access to security websites and services for automatic updates, disables backup services, erases recently saved documents, and among other things, also leaves you vulnerable to other infected machines.
What Happens Tomorrow?
One of the scariest things about Conficker, including Conficker.c, is that its full potential isn't known. Come tomorrow, those infected might be prompted to buy fake sofware products, or it could start monitoring your keystrokes to lift sensitive information like banking passwords. Files could end up deleted, or it might transform your computer into a zombie PC while staying under the radar. Whatever it ends up doing, it won't be good, and you need to take proper precautions right now.
Join us after the jump to find out how to avoid infection, or what you can do if it's already too late. **Now with April 1st Update!**
According to Google, if you’ve got valuable documents out on their Google Docs suite of applications, you shouldn’t worry your pretty little head off. According to them, the alleged issues are smoke and mirrors.
In an official blog post by Jonathan Rochelle, Google Docs’ Product Manager, he explains, “At Google, we treat the privacy and integrity of our users' data with the highest priority. We quickly investigated, and we believe that these concerns do not pose a significant security risk to our users. If you want the details, read on...”
The blog post continues to meticulously break down and debunk the issues that the analyst, Ade Barkah, had brought to their attention.
Though, Google did admit that earlier this month a glitch in Docs caused some user documents to be exposed to those without proper permissions. The problem occurred amongst users that had previously shared documents, but reportedly affected less than 0.05 percent of the documents.
Microsoft's latest browser, Internet Explorer 8, has gotten mixed reviews from MaximumPC.com readers (see comments here and here), but one question that's hard for any individual user to answer about any browser is "how secure is it?"
To find out, Microsoft asked NSS Labs to pit IE8 RC1 against its predecessor, IE7, as well as the following third-party browsers: Firefox 3.0.7, Safari 3.2, Chrome 1.0.154, and Opera 9.64. The objective: find out which browser did the best job at handling so-called social-engineering malware sites - the ones that try to con you into downloading malware disguised as something else ("Adobe Flash update," anyone?).
ComputerWorldreports that IE8 did the best job of fending off attacks from 492 malware-distributing websites, blocking 69% of attacks (details here [PDF link]). If you're not using IE8, join us after the jump to learn how your favorite browser fared.
It was a year ago that security researcher Charlie Miller walked away with $10,000 for hacking into a MacBook Air with Safari in just two minutes during the annual Pwn2Own competition, and earlier this month Miller predicted Safari would be the first to fall at this year's event. Miller made good on that promise this week by using a prepared exploit to gain full control of the device in about 10 seconds.
"It's not easy, but this worked with one click [from the Safari browser]", Miller said.
Miller had discovered the exploit last year, which allows a remote attacker to take over a machine if a user clicks on a malicious URL. Details of the exploit, which Miller isn't allowed to divulge, will be shared with Apple from contest sponsor TippingPoint so that Apple can develop a patch.
On the same day, a 25-year-old computer science student at the University of Oldenburg in Germany demonstrated exploits in IE8, Safari, and Firefox, earning him a cool $15,000 ($5,000 per exploit), along with getting to keep the Sony Vaio P series notebook he used (Miller pocketed $5,000 and a MacBook Air).
While three major browsers succumbed to hacking attempts on day one, no mobile exploits have yet been successful. Mobile exploits carry the biggest reward for contest participants, with TippingPoint offering $10,000 for each successful exploit in the major smartphones.
Just when you might have thought it was safe to start using USB flash drives at work again, the third, and by all accounts, most fiendish version of the Conficker worm that's infected millions of PCs already is set to attack on April 1st, Ars Technicareports. Conficker.C's designed to hide itself even more thoroughly than its older siblings, using tricks such as:
Inserting itself into as many as five Windows-related folders such as System, Movie Maker, Internet Explorer, and others (under a random name, of course)
Creating access control entries and locking the file(s)
Registers dummy services using a "one (name) from column A, one from column B, and two from column C" method
To find out what happens when Conficker.C strikes, join us after the jump.