Official warning on Windows bugs

The US Department of Homeland Security has urged Windows users to install the latest patches from Microsoft as quickly as possible. In particular it warned about one bug fixed in the latest batch of security updates that, if exploited, could put a PC under the control of an attacker.

Microsoft's recent update fixed 23 flaws found in Windows software.

Many of these bugs are known to malicious hackers and some are already actively exploited on the net.

Get the updates now, go to > Official warning on Windows bugs

Spim, splog on the rise

Spammers target new modes of communication. It always was and always will.

In Spim, splog on the rise "Spim" (instant-message spam) and "splog" (blog spam) are on the rise as spammers aim to "bypass e-mail-based antispam measures and more effectively target recipients based on their age, location and other characteristics," according to mail services company MessageLabs.

Spammers have also been able to take advantage of their ability to profile people on social-networking sites, said MessageLabs CTO Mark Sunner.

How to end the "Skip this Ad" option

If online ads become more entertaining, offer greater interactivity and give users options for length and format, the "Skip this Ad" option may become a thing of the past, according to MediaPost's Dave Morgan.

"I think that there is a good chance that 'Skip the Ad' buttons will disappear some day; and, most significantly, consumers won't even care," he writes.

So, read this article Bringing 'Skip This Ad' To An End and learn how to end the "Skip this Ad" option for good maybe!

Two new World Cup worms appear

Two new email worms are exploiting interest in the World Cup to attack computers and turn them into part of a botnet, SC Magazine UK reports.

The Sixem.A worm spreads using a variety of disguises, including subject lines such as "Naked World Cup game set," "Soccer fans killed five teens" and "Crazy soccer fans," to try and dupe unsuspecting users into clicking on a malicious attachment.

If the attached file is run, it attempts to disable security software on the infected computer and then spread itself to other email addresses.

Another worm, W32.Worm.Zade.A, is a new mass emailing worm that sends itself out as a World Cup themed message. Once a machine is infected with it, it attempts to download and execute a file from a remote server and terminate anti-virus and personal firewall software.

"In this time of football frenzy, we urge all computer users not to open any suspect emails and attachments and get caught off side," said one security expert.

Worm disguised as Windows Genuine Advantage

No matter what, Microsoft seems to be out of luck as far as the WGA tool is concerned, according to PortalIT. The latest addition to the “WGA is malware” scandal is a genuine piece of malware: a worm posing as Microsoft's Windows Genuine Advantage.

According to IT security experts, the Cuebot-K worm only affects AOL Instant Messenger users. The malware has the “Windows Genuine Advantage Validation Notification” display name. It registers itself as a new system driver service dubbed “wgavn” and runs automatically during system startup.

"People may think they have been sent the file from one of their AOL IM buddies, but in fact the program has no friendly intentions. Technical Windows users wouldn't be surprised to see WGA in their list of services, and so may not realise that the worm is using that name as a cloak to hide the fact that it has infected the PC," said Graham Cluley, senior technology consultant at Sophos.

Once installed, the worm disables the Windows firewall, and opens a backdoor to infected computers, thus allowing hackers to gain remote access, launch distributed denial-of-service attacks.

As expected, users are told that removing or stopping the fake “wgavn” service would lead to “system instability”.

Bagle worms, trojans and spyware

Panda's weekly report on viruses and intruders

The Bagle.JP, Bagle.JQ and Sixem.A worms, the Downloader.JFN Trojan, the backdoor Trojan Breplibot.R, the spyware Browsezilla, and the vulnerability discovered in HLINK.DLL, are the subject of this week's report from PandaLabs.

Bagle.JP and Bagle.JQ are worms from the Bagle family, whose first variants appeared in the year 2004. A prime characteristic of this family of worms has been the ability to spread massively by email and the large number of variants launched by the creators. The new Bagle.JP and Bagle.JQ variants spread in a password-protected .zip file attached to an email, which also includes a .gif image with the password needed to open the file. The infection occurs if the user opens the .zip file with the password provided and then runs the file. Both worms collect email addresses from the infected computer in order to spread to other users and have rootkit options to hide their files, processes and registry entries. In addition, they disable a series of processes related with security tools such as antiviruses and firewalls.

Sixem.A is an email worm that uses the subject of the FIFA World Cup as bait. When run, it downloads the Downloader.JGP Trojan onto computers. Among other tactics, it tries to encourage users to open an image supposedly relating to a 'nudist world cup', although this is really an executable file with a double extension. To avoid detection, Sixem.A disables a series of processes related to system security, including antivirus programs and firewalls.

Downloader.JFN is a Trojan that exploits a currently unpatched vulnerability detected in Microsoft Excel that could allow arbitrary code to be run on the computer. The Trojan infects systems through an Excel file created especially to exploit this vulnerability. On opening the malicious Excel file, Downloader.JFN is injected in the Internet Explorer process and then downloads and runs another Trojan. The Trojan cannot spread itself, and requires user interaction in order to infect a computer (e.g. opening an email attachment or file downloaded from a website).

Breplibot.R is a backdoor Trojan that opens a communication port on computers and connects to an IRC server to receive commands that allow remote control over the infected computer. It makes a call to the netsh command to prevent being blocked by the firewall. Breplibot.R also requires user intervention in order to spread, (e.g. opening an email attachment or file downloaded from a website or P2P networks). This worm has been detected attached to messages that refer to an alleged oil fraud involving George W. Bush and Tony Blair.

Browsezilla is an Internet browser that can be downloaded from numerous web pages. When installed, it installs the adware PicsPlace on computers, which in turn connects users, without their knowledge, to certain adult content web pages. This generates an artificial number of hits on these websites, with the consequent financial benefits to the owners of the websites and the creators of Browsezilla. The consequences for users that install this browser are primarily unnecessary bandwidth usage caused by the hidden connection to these web pages. In addition, users could find themselves unjustly accused of visiting these pornographic websites.

PandaLabs has also warned this week of a vulnerability discovered in HLINK.DL, a library used by several Microsoft Office programs, such as Microsoft Excel. Exploits of this vulnerability have been detected that can infect computers using a specially-crafted Excel file. This document could be distributed by email or downloaded from a website. There is currently no patch available for this vulnerability, and users are therefore advised to treat all Excel files received with caution, regardless of their origin.

For more information and evaluation versions of all Panda Software solutions, visit http://www.pandasoftware.com/

Microsoft faces second spyware lawsuit

A second class-action lawsuit filed in less than a week against Microsoft alleges that a central pillar of the company's anti-piracy effort — installed automatically on millions of computers — amounts to spyware, according to a Seattle Times report.

But the attorney behind the first suit, filed on behalf of a Los Angeles man, said the company addressed many of his concerns in a software update it issued last Tuesday.

The second suit, filed Friday on behalf of a group of Washington businesses and individuals, appears to refer to a test version of Windows Genuine Advantage (WGA), a Microsoft program that is designed to check whether a user is running a legitimate copy of the company's operating system software.

Before it was updated, WGA "phoned home" to Microsoft servers once a day, delivering information about a user's computer and operating system. This daily communication was not disclosed when WGA was installed and fits the definition of spyware offered by at least two computer security groups, the Washington suit alleges.

It also states that users who elected to receive automatic updates from Microsoft "received WGA without user action, as though it was a critical security update — which it is not."
Microsoft disputes the allegations.

"We're confident that the allegations made in these suits are without merit," said Microsoft spokesman Jim Dessler. "They really do distort the objectives of our anti-piracy program and obscure the real issue here, which is the harm caused by piracy and counterfeiting not only to Microsoft, but to our customers."

The plaintiffs in the Washington suit — two businesses and three individuals who are "owners and users of computers running genuine licensed Microsoft Windows XP software" — are seeking class-action status against the company. The class would include all U.S. computer owners and users who have WGA software installed on their computers, according to the complaint.

Attorneys in the case could not be reached Monday.

Scott Kamber, an attorney representing the Los Angeles plaintiff, said the changes in the latest version of WGA, which include elimination of the daily "phone home" and a clearer licensing agreement, were a vindication.

"Microsoft knew it was wrong and that is why they changed it within 24 hours of us filing our complaint," Kamber said.

Dessler said the updates to WGA had nothing to do with the lawsuits.

"The program really has evolved to take into account customer feedback," Dessler said. It was "carefully developed to address privacy in a manner that is respectful to our customers and is entirely lawful."

PayPal fixes phishing hole

PayPal has fixed a flaw in its Web site to block a sophisticated scam designed to obtain sensitive data from members, CNET reports.

By exploiting the flaw, attackers were able to redirect people from a PayPal Web page to an online trap located in South Korea. The page actually has a real PayPal URL, but hosts malicious code that presents a message warning members that their account had been compromised. It then redirects them to a phishing Web site.

At the malicious, information-thieving Web site, people are asked for their PayPal login information. Subsequently, they are urged to enter their Social Security number and credit card details.

"As soon as we became aware of this scheme, we changed some of the code on the PayPal Web site. So this scheme, or any scheme like it, can no longer be effective," a PayPal spokesperson said.

PayPal is working with the Internet service provider that hosts the malicious site to get it shut down. The company has no information on how many people may have fallen victim to the scam.

Phishing on the rise in U.S.

The number of phishing emails sent to American online banking customers in order to steal passwords and account details increased significantly last month, Computing reports.

A new survey reveals that 62% of all phishing scams were aimed at US banks and credit unions, while the number of identity fraud attacks against European and other financial institutions dropped.

Some 40% of non-US focused attacks were aimed at non-English speaking countries, with Spain, Germany and The Netherlands the biggest targets.

According to the survey, the majority of scams were still launched by criminals using internet service providers in the United States. Germany beat China to become the second worst country in terms of hosting phishing attacks.

Microsoft warns of seven new patches on the way

More on Micosoft > Microsoft warns of seven new patches on the way

It's almost that time of the month again. On July's Patch Tuesday, on the 11th, Microsoft is to provide fixes for seven security concerns that cover a range of vulnerabilities affecting Windows and Office, some of which have been deemed to be 'critical'.

Four of the seven patches will address problems uncovered in the Windows operating system, while three will deal with flaws in Microsoft Office.

Does spam work?

Does spam work?

It Seems Somebody Is Clicking on That Spam The click-through rates for e-mail spam vary wildly from sector to sector, with approximately 5.6% of adult entertainment solicitations receiving clicks, as compared to .02% of pharmaceutical spam e-mails.

E-mail versus RSS

E-mail versus RSS > A World Without Spam? Can't believe it though.

While Real Simple Syndication feeds offer some advantages that e-mail lacks, including the ability for marketers to push updated information without worrying about spam filters or other delivery issues, it is not without its downsides.

RSS is relatively easy and inexpensive, but is less useful than e-mail in terms of targeting likely prospects and offering personalization, writes OMMA Magazine's Lynn Russo.

New French law attacks all technology innovators

A US technology association has labeled a new French law requiring "interoperability" of devices like Apple's iPod music player as "attack on intellectual property rights" of all companies.

But a New French law attacks all technology innovators: US group Americans for Technology Leadership, a group that includes major US firms like Microsoft, said the new law approved by France's Parliament remains troublesome despite the last-minute modifications.

Global alliance seeks more flexible copyright system

Global alliance seeks more flexible copyright system In Digital Age, Advancing a Flexible Copyright System

An alliance of scientists, lawyers and artists has been working toward a "creative commons" that allows artists to decide if they'd like to share rights to their work or retain those rights.

New technology is the impetus behind this reexamination of intellectual property, and the founders of the Creative Commons system hope that new policies and business models will allow a more flexible approach to copyrights.

Police arrest suspected virus writers

The Metropolitan Police, acting in conjunction with Finnish law-enforcement authorities, arrested three suspected virus writers on Tuesday.

Police arrest suspected virus writers The Metropolitan Computer Crime Unit, the Finnish National Bureau of Investigation (NBI Finland) and the Finnish Pori Police Department collaborated to arrest the men, who are all suspected of being members of the M00P (M - zero - zero - P) cybercriminal gang.

A number of computers have been seized at residential addresses in England, Scotland and Finland, in addition to the suspects' servers, the Met said.

Microsoft's Windows Genuine Advantage Notifications Service Goes Live

Microsoft's Windows Genuine Advantage (WGA) notifications service has moved out of pilot testing and will now reach out and touch millions of mainstream Windows XP users in the coming months.

WGA is software distributed through Microsoft's Automatic Update and Windows Update that identifies fake or counterfeit versions of Windows and informs those who fail validation how to get a legal copy of Windows. The updated WGA Notifications package was released Tuesday.

Microsoft's Windows Genuine Advantage Notifications Service Goes Live > The first phase of WGA Notifications, which alerts customers that run Windows software deemed to be counterfeit or illegal, was launched in Norway and Sweden in November 2005 and in five additional countries last February.

In April, Microsoft expanded the pilot program to a segment of Windows XP customers in the U.S., United Kingdom, Malaysia, Australia and New Zealand. As of this week, the pilot phase of the program ends and Microsoft will do a phased roll-out globally to all Windows XP users, Microsoft said.

MySpace under fire over children's access

Law enforcement officials from around the U.S. have called on News Corp.'s MySpace.com to take steps to verify the ages of persons signing up to use the social networking site, as a means to ensure that kids under the site's allowable age are not gaining access.

MySpace Receives More Pressure To Limit Children's Access to Site MySpace, one of the most-visited sites on the Internet, is facing a growing chorus of critics. Although wildly popular with teenagers, it has also been used by sexual predators to contact young potential victims.

Nude worm tempts World Cup fans

Football fans are being warned about a malicious worm that uses world Cup themed e-mails to infect Windows PCs.

A Nude worm tempts World Cup fans called The Sixem-A worm is spread in messages with subject lines such as "Naked World Cup game set" and "Crazy soccer fans".

Once installed, the worm attempts to disable security software, leaving the computer open to further attack. So, take your measures!

MySpace tightens age restrictions

The new restrictions aim to make it more difficult for older users to befriend younger members previously unknown to them.

Users of 18 and above will no longer be able to request to be added to a 14 or 15 year-old's group of friends unless they already know the teenager's e-mail address or full name.

Members will also be given an option that will mean they can only be contacted by users within their age group.

In addition, all users, no matter what their age, will also be given the option of making only partial profiles available to people they do not know. Read all the facts and figures here > MySpace tightens age restrictions

For Microsoft, Biggest Set of Patches Since February 2005

On Tuesday, Microsoft released a slew of patches to fix eight "critical" security flaws in Windows and Microsoft Office.

The patches released yesterday mark the biggest security update from Microsoft since February 2005. Read more at > For Microsoft, Biggest Set of Patches Since February 2005

Altogether, there are 12 patches dealing with 21 security vulnerabilities, addressing issues in Windows, Internet Explorer, Word, PowerPoint, and Exchange Server. Notably, this month's set of patches includes fixes for a critical zero-day flaw in Microsoft Word and an Internet Explorer flaw relating to how the browser deals with ActiveX controls.