At the ShmooCon hacker conference in Washington, D.C., last week two security researchers showed the very sensitive information that people inadvertently make available over peer-to-peer networks. In their presentation, “Information disclosure via P2P networks: Why stealing an identity via Gnutella is like clubbing baby seals,” pen testers Larry Pesce and Mick Douglas said they found…
Peter Coogan at Symantec put up a very interesting blog post yesterday about a crimeware kit called SpyEye v1.0.7 (on sale now on Russian sites — $500) that has a module that will kill a Zeus bot infection on a victim’s computer so the bot created by SpyEye can take it over. In September, Computer Weekly…
Clients of escorts and call girls are usually aware of the the risks presented from STIs. However, SophosLabs has been monitoring a different type of infection risk for clients of escorts in Indian cities. The Troj/JSRedir-AR infection has morphed slightly: If you look at the variable ‘o[e]‘ (two-thirds of the way down) you will see…
Security blogger Brian Krebs is reporting that some Windows XP users are reporting blue screen of death on reboot after installing Microsoft’s Tuesday patch KB977165 (MS010–15: “Vulnerabilities in Windows kernel could allow elevation of privilege.”) “Turns out, a non-trivial number of XP users are reporting that their systems suffer from the dreaded Blue Screen of…
It has been barely two days since Google announced their new social integration and messaging tool called Google Buzz. Today we saw the first example of malware, W32/Zuggie-A, pretending to be Google Buzz. Analysis of W32/Zuggie-A gives the impression of a hastily assembled worm, really a modification of the W32/SillyFDC family of worms but with a twist. When…
Jerome Segura at ParetoLogic blogged about this yesterday: a rogue security product with a web page that tries to imitate that of the German AV company Avira (check out the red umbrella and the type face.) Hmmm. If this company has been providing “20 Years of Total Protection” how come its web site was just…
SAN FRANCISCO – Deep inside millions of computers is a digital Fort Knox, a special chip with the locks to highly guarded secrets, including classified government reports and confidential business plans. Now a former U.S. Army computer-security specialist has devised a way to break those locks. The attack can force heavily secured computers to spill…
Our good friends at Broomfield, Colo., security firm eSoft have found an interesting scam to trick Internet users into installing the Hotbar adware: a fake Firefox download site. The eSoft researchers are theorizing that an affiliate of Pinball Publisher Network (PPB). is responsible. Pinball bought the Zango assets after that pestilent operation failed last spring….
Microsoft has announced in Advisory (980088) that there has been a publicly disclosed vulnerability in Internet Explorer, versions 5 through 8. Users not running Internet Explorer in Protected Mode are at risk of having information, in files with predictable names, accessed by attackers. This vulnerability cannot be exploited to execute remote code or used for…
Facebook started rolling out a new home page and navigation menus earlier today. And whenever Facebook adds new features, in this case the Applications and Games dashboards, there’s usually a new privacy setting as well. This is what part of the new Applications dashboard looks like. All Facebook has raised some privacy concerns regarding the…