Australians who plan to traverse the Web better make sure they have antivirus and firewall software installed on their PCs, because if they don't, they risk being cut off from the Internet. And if they do manage to get an infection, they can expect their ISPs to disconnect service until they can prove a clean bill of health.
These recommendations come as part of a new plan being kicked around Australia's House of Representatives Standing Committee on Communications. In a report titled "Hackers, Fraudsters, and Botnets: Tackling the Problem of Cyber Crime," the committee spent 260 pages outlining 34 recommendations on how to deal with the growing threat of cyber crime, everything from the above scenario to holding companies financially responsible who release IT products with security vulnerabilities.
"In the past decade, cyber crime has grown from the nuisance of the cyber smart hacker into an organized transnational crime committed for vast profit and often with devastating consequences for its victims," said committee chair Belinda Neal.
Is Australia's House of Representatives on to something here, or are they off their rocker? Hit the jump and sound off.
The tech media has gone into full "told you so" mode after it was discovered that hackers managed to plant a Trojan in the popular Unreal IRC server, proving that Linux users need to worry about malware too.
"This is very embarrassing... We found that the Unreal220.127.116.11.tar.gz file on our mirrors has been replaced quite a while ago with a version with a backdoor (Trojan) in it," an announcement on the Unreal IRC forum states. "This backdoor allows a person to execute ANY command with the privileges of the user running the ircd. The backdoor can be executed regardless of any user restrictions (so even if you have passworded server or hub that doesn't allow any users in)."
While a single outbreak doesn't constitute an insecure OS platform by any stretch of the imagination, perhaps the media has a point. The announcement goes on to state that the "replacement of the.tar.gz occurred in November 2009 (at least on some mirrors," which means it took nearly a year for it to be noticed. What most of the write-ups are insinuating -- and we'll just come out and say it -- is that perhaps this was left unnoticed in the Linux community because of an arrogance that suggests the open source OS is impenetrable. Obviously that isn't the case, but despite reports you may read elsewhere, the opposite isn't true either -- Linux users needn't worry that the sky is falling because of one high profile outbreak.
Be on the lookout for a rogue program masquerading as a piece of software that helps users determine whether or not PCs are compatible with Windows 7, warns security firm BitDefender.
"This actually works because of the interest in Windows 7," said Catalin Cosoi, the head of BitDefender's Online Threats Lab.
BitDefender first discovered the threat on Sunday. At this point, the Trojan is not yet widespread, though BitDefender notes it has been receiving reports of about three installs per hour from its users in the US, Infoworld reports. Like many viruses, this one requires proactive steps on the part of the user, which the malware writers have been able to elicit with the following email:
"Find out if your PC can run Windows 7," the emails read. "This software scans your PC for potential issues with your hardware, devices, and installed programs, and recommends what to do before you upgrade."
Once installed, hackers have free reign over your system, Cosoi warns.
Users of the Japanese file-sharing service Winny are grappling with a new threat today. Trend Micro is tracking a trojan called Kenzero that steals a user's web history and posts it online until such time as the user pays up. The virus is masquerading as illegal copies of explicit Hentai games, assuring the affected individuals likely have at least some embarrassing items in their browser history.
The virus appears to be a game installation screen that requests the personal details of the user. It then posts the web history along with the personally identifiable information. Users are confronted with an email or popup demanding 1500 yen (about $16) to "settle your violation of copyright law" and remove the stolen information from the website.
The website the history is published on is owned by a shell company known to be associated with other malware scams. Security experts warn that paying the ransom is unlikely to result in the removal of the information. It's more probable that the malware makers will just sell the card number. Over 5500 users have admitted to being infected. Might be a good time to update your antivirus, in case Kenzero variants spread.
In just a few days from now, we'll reach the one-year anniversary of the Downadup/Conficker threat's April 1, 2009 trigger date, and just like last year, April Fool's Day will likely pass without seeing the Internet come crashing down.
"Today, one year later, we know that the criminal(s) behind Downadup/Conficker still have the keys to some 6.5 million of these computers, which have not been fixed by their owners, leaving them open to be victimized at any time by cybercriminals," Symantec wrote in a blog post. "We're still seeing the .A and .B variants of the worm continue to spread, albeit at a much reduced rate."
According to Symantec, the infected PCs are being "very closely monitored" by law enforcement and the members of the Conficker Working Group, so even though several million PCs remain vulnerable, all the attention is "likely [to] prevent [Conficker's creators] from further playing out their original criminal plans."
Even still, Symantec says we're still not out of the woods.
"These 6.5 million computers infected with Downadup/Conficker are still much like a load gun, waiting to be fired," Symantec warns.
Soccer fans around the world are eagerly waiting for the 2010 FIFA World Cup to kick off. Soccer's marquee event will virtually transform host nation South Africa into the mecca for the sport's impassioned followers around the world. Like with any other major world event or cataclysm, the internet's dark alleys are filled with people ready to tax the outpouring of human emotion during the World Cup. It is likely that some of their nefarious plans are already afoot, even though there is a fair bit to go before the start of the event.
Symantec recently discovered a “targeted attack” that quite clearly tries to exploit the mounting soccer fever. Thankfully, the attack was thwarted before it could cause any damage. The attackers tried to drop their malicious payload using an email message ostensibly sent by a legitimate African Safari organiser, Greenlife. To the untrained eye, the sender had attached a “highly informative World Cup Travel Guide” with the message. But in reality the attached file was a modified variant of the real Greenlife's actual PDF guide. The actual PDF document was first debased with malicious code to exploit a recently patched vulnerability in Adobe Reader before being forwarded as an attachment.
“The patch for this critical rated vulnerability was released by Adobe on February 16, 2010. Since then we have observed a large number of targeted attacks attempting to exploit this vulnerability. Proof-of-Concept exploit code is available in the Internet which is contributing to the large number of observed attacks,” Daren Lewis, a Symantec employee wrote on the MessageLabs Intelligence blog.
Targeted attacks are known to be precise and less spammy. For instance, Symantec only has to deal with less than 100 such attacks every day, despite it blocking around 500,000 malicious emails per day. Such attacks usually target organizations, with people at the top of the pecking order more likely to be attacked first. This way the attackers can gain access to a pretty large chunk of that organization's sensitive information. In this case, the malicious email was sent to a person only identified as “a user in a major international organisation that brings together governments from all over the world.”
One way to put your system at risk is to zip across seedier sides of the Web visiting a bunch of porn sites, but there's an bigger threat, according to McAfee. In a new study, the security firm says that downloading digital music is twice as dangerous as visiting triple-X sites.
McAfee claims just 9 percent of adult sites are riddled with malware, adware, and spam, compared to 19 percent of digital music sites. The reason? It's harder to make a buck selling music than it is peddling porn.
"The tier-one adult sites are doing phenomenally well as businesses, and because of that they very much have their house in order," McAfee senior product manager Mark Maxwell told The Los Angeles Times.
Stalking certain celebrities online is pretty risky too. According to McAfee, searching for Britney Spears turns up more dangerous sites than searching for Lindsay Lohan. And here's your quirky stat for the day: searching for Brad Pitt and Jennifer Aniston is 36 percent more likely to bring up suspect sites than searching for Brad Pitt and Angelina Jolie.
Alright, I'll admit it. I finally got hit with a virus.
Well, sort-of. I first thought that the strange "YOUR COMPUTER IS NOT PROTECTED" icon in my taskbar was some indication that my antivirus software of-choice had finally flipped out for good. Double-clicking on the icon brought up an obviously fake replica of Windows Security Essentials that, more annoyingly, wouldn't close no matter how many times I clicked on it. Over and over, my machine would be assaulted with "*.exe is not secure!" messages. My Internet sessions grinded to a halt no matter which browser I tried using. I started to fear for the safety of my World of Warcraft account.
As it turns out, I only got nailed with an annoying piece of malware. But after running through a number of analysis and removal techniques (which ultimately failed, as I had managed to disable the malware's process from starting up as-is using good ol' msconfig), I had amassed quite a list of rootkit removal programs, hardcore malware eliminators, and antivirus applications that were more surgeons in training than general practitioners.
I now share them with you.
Look, it's easy enough to install a common antivirus scanner on your system and call it a day. But you, like me, might forget to do so throughout the course of your PC building life. Or, worse, your system might become compromised in such a way as to render your analytical tools entirely useless. In that case, it's time to roll up your shirtsleeves and get crackin' with the digital equivalent of bleach for your mucked-up PC. Join me after the jump, and I'll share with you some of my favorite advanced freeware and open-source applications for virus and malware elimination!
Surely you are aware the p2p networks are crawling with nasty malware. It’s almost enough to make you go elsewhere for your copyrighted public domain content. The MPAA and RIAA are of the opinion that people running torrents are a bunch of pirates that deserve what’s coming to them. The makers of Limewire, however, feel differently and have licensed the AVG antivirus engine to provide real-time scanning of downloaded files.
Limewire accesses both the Gnutella and BitTorrent protocols. The pro version of the software will be the one getting the security upgrades. Users of the free edition will still be on their own. Files scanned with the integrated scanner will be labeled as “Protected by AVG”. The software will make no distinction between legal and illegal files.
Look, we’re all for fewer people having malware and getting caught up in botnets, but is paying for a p2p app with integrated virus scanning the way to do it? Maybe suggest your p2p loving friends use a free security solution like Microsoft Security Essentials instead.
Pretty soon you won't even be able to buy a toaster without worrying that it might be infected with malware. We're not quite at that point yet, but you can add an Energizer USB battery charger to the growing list of devices on the potentially contaminated list.
It's not the gadget itself, but the software that comes with Energizer's Duo Charger, model CHUSB. According to Carnegie Mellon University's Computer Emergency Response Team (CERT), Energizer has been unkowingly distributing a backdoor Trojan since 2007.
The software was designed to let users check the status of batteries inserted into the charger, but it's the inclusion of a nasty DLL file (Arucer.dll) that's troubling. Once infected, the malware could download and execute files, send a directory listing to the remote attacker, send files to a remote attacker, and make changes to the registry.
Energizer, now aware of the problem, has discontinued sale of the product and is advising consumers "that downloaded the Windows version of the software to uninstall or otherwise remove the software from your computer," in addition to removing the Arucer.dll file.