Archive for the ‘PC Security’ Category
January 23rd, 2009 | 
Author: 
Yahoo has taken new steps to sharpen its Webmail service’s antispam capabilities, including the adoption of two commercial technologies and the testing of an open-source system, the company said Tuesday.
Abaca announced that Yahoo will use its e-mail security technology designed to detect malicious phishing and spam messages and filter them out of Yahoo Mail inboxes.
Meanwhile, Return Path said separately that Yahoo will implement its Complaint Feedback Loop, a service that notifies legitimate e-mail marketers whenever end users tag their messages as spam, so that they can investigate why, such as using an incorrect mailing list, and take corrective action…
Posted in 
A nasty worm has wriggled into millions of computers and continues to spread, leaving security experts wondering whether the attack is a harbinger of evil deeds to come.
US software protection firm F-Secure says a computer worm known as “Conficker” or “Downadup” had infected more than nine million computers by Tuesday and was spreading at a rate of one million machines daily.
The malicious software had yet to do any noticeable damage, prompting debate as to whether it is impotent, waiting to detonate, or a test run by cybercriminals intent on profiting from the weakness in the future.
“This is enormous; possibly the biggest virus we have ever seen,” said software security specialist David Perry of Trend Micro…
Breaking news: something’s happening to the internet, right now. We’re just not quite sure what.
Interoute, the internet networks company, reports that three of the four internet sub-cables that run from Asia to North America have been damaged.
These carry more than 75 per cent of traffic between the Middle East, Europe and America. It’s hard to gather what this actually means – is it that the internet is down or (more likely) significantly slower than usual between the Middle East and America? (If you’re reading this, let’s face it, the internet has not shut down altogether)…
The drumbeat of news, and Microsoft’s own warnings that attacks were on the rise, prompted some to recommend that IE users abandon the browser for an alternative, such as Mozilla’s Firefox, Opera Software’s Opera or Google’s Chrome.
“That advice just wasn’t merited,” argued Schultze, “particularly with the patch coming.”
Kandek urged people to apply the patch immediately and said that enterprises should be able to deploy the fix without much testing. “You should be able to roll it out with your normal patch process,” he said. “I think any fallout should be minor. Fixes for Word, PowerPoint and especially IE, you should be able to [deploy] quickly without much testing necessary.”
The patch is available for users of Windows 2000, XP, Vista, Server 2003 and Server 2008 and can be downloaded and installed via the Microsoft Update and Windows Update services, as well as through Windows Server Update Services…
Microsoft says it will discontinue sales of its subscription PC security service and instead offer free software to help protect computers from viruses, spyware and other threats.
With the move, the software giant appears to be taking aim at McAfee and Symantec, its chief rivals in the PC security market.
Microsoft plans to halt sales of its Windows Live OneCare service on June 30. The service being discontinued costs $US49.95 a year and covers up to three PCs.
The new security program, which the company has code-named “Morro”, will be available as a free download in the second half of next year…
Global spam levels have dropped by as much as 75 per cent following the shutdown of a US web host that provided the backbone for most of the world’s spam.
The bust has sent spammers scrambling and, although it occurred on Tuesday in the US, spam volumes remain down today, security companies say.
The web host, McColo, counted customers including “international firms and syndicates that are involved in everything from the remote management of millions of compromised computers to the sale of counterfeit pharmaceuticals and designer goods, fake security products and child pornography via email”, The Washington Post reported…
Security
vendor AVG said Thursday that the company will offer a free year of service, after its antivirus software misidentified a key Windows system file as malware.
Earlier this week, AVG identified user32.dll as a generic Trojan, offering to delete it. Those that did risked putting their PC into an endless reboot cycle.
AVG later apologized and offered workarounds for affected users.
Thursday, the company went one further. “As a follow-up to the rapid distribution of recovery instructions and repair CDs, AVG Technologies is offering all affected users a free license or license extension as follows,” AVG said in a statement.
Essentially, the offer covers a free year of AVG 8.0 service, or a free upgrade for AVG 7.5 users. The upgrade also includes users of the free AVG antivirus service. Not all customers will receive the license, just “affected users,” AVG said. The company said it will contact affected customers beginning Nov. 24, and advise them of how to obtain the free year of service…
Attacks on operating systems may be decreasing since last year, but attacks on applications, incidents of malware, and unwanted software are rising and account for 90 percent of vulnerabilities, according to the Microsoft Security Intelligence Report, released Saturday.
The amount of malware and unwanted software removed from computers increased 43 percent in the first half of the year, according to the 150-page report, now in its fifth installment. Thirty percent of that malware was Trojan-based, usually in the form of a computer worm or virus disguised as another application that erases data, corrupts files, and reinstalls itself after being disabled.
China had the highest percentage of browser-based attacks at 50 percent, with the United States following with 23 percent. China’s infection rate of 6.6 percent, a 41 percent increase from the second half of 2007, was a bit lower than industry experts expected…
Microsoft on Thursday responded to user outrage over a new anti-piracy plug-in that blacks out the screen of computers loaded with pirated software.
“We are extremely grateful for our users’ attention. At the same time, we believe there are numerous misunderstandings about the Windows Office Genuine Advantage program,” the company said, responding to concerns that the software tool was notifying Microsoft of the identity of users who had installed non-authentic copies of Windows XP. Microsoft sought to soften users’ reaction to a “black screen” and reminder that they should use legitimate Microsoft products with an open letter in Chinese to its users, sent to IDG News Service by e-mail and published by numerous Chinese media outlets.
“We absolutely guarantee that we will not in any way collect the user’s name, e-mail address, or any other information that can be used to identify the user,” Microsoft said. The company said that participation in the Windows Genuine Advantage program is voluntary, and that users’ computers will not be deactivated or otherwise affected…
Microsoft fixed a critical bug in its Windows operating system Thursday, saying that it is being exploited by online criminals and that it could eventually be used in a widespread “worm” attack.
Microsoft took the unusual step of issuing an emergency patch for the flaw, several weeks ahead of its regularly scheduled November security updates, saying that it is being exploited in “limited targeted attacks.”
“It is possible that this vulnerability could be used in the crafting of a wormable exploit. If successfully exploited, an attacker could then install programs or view, change, or delete data; or create new accounts with full user rights,” Microsoft said in a bulletin released Thursday morning.
The flaw lies in the Windows Server service, used to connect different network resources such as file and print servers over a network. By sending malicious messages to a Windows machine that uses Windows Server, an attacker could take control of the computer, Microsoft said…
