Firefox users targeted by rare piece of malware

Researchers at BitDefender have discovered a new type of malicious software that collects passwords for banking sites but targets only Firefox users.

The malware, which BitDefender dubbed “Trojan.PWS.ChromeInject.A” sits in Firefox’s add-ons folder, said Viorel Canja, the head of BitDefender’s lab. The malware runs when Firefox is started.

The malware uses JavaScript to identify more than 100 financial and money transfer Web sites, including Barclays, Wachovia, Bank of America, and PayPal along with two dozen or so Italian and Spanish banks. When it recognizes a Web site, it will collect logins and passwords, forwarding that information to a server in Russia.

Firefox has been continually gaining market share against main competitor Internet Explorer since its debut four years ago, which may be one reason why malware authors are looking for new avenues to infect computers, Canja said.

Source:
http://www.networkworld.com/news/2008/120408-firefox-users-targeted-by-rare.html?fsrc=rss-security

Posted in Internet, Privacy, Security, Software | No Comments

Unprotected computer rendered unusable in under two hours

In just under two hours an unprotected computer was rendered unusable through online attacks in an experiment in Auckland today.

The experiment was designed to show what a household with a computer put itself at risk of everyday, and was carried out by NetSafe and IBM.

It was carried out to mark International Computer Security Day yesterday.

During the two-hour experiment, four New Zealanders ranging from a teenage boy to a senior citizen went about their online day-to-day tasks on poorly secured computers.

NetSafe and IBM monitored more than 112 direct attempts to attack the four computers over two hours.

The first probes happened within 30 seconds of the computers going live and the first attempt at intrusion happened within the first two minutes.

The first computer became unusable after an hour and 40 minutes.

Source:
http://nz.news.yahoo.com/a/-/top-stories/5183587

Posted in General BS, Hardware, Internet, Security | No Comments

Beware an Orkut Trojan

Google’s social-networking website Orkut has been used to spread a malicious Trojan, says Websense.

According to an alert from the security firm, the hoax message, which has been received by a number of Orkut users and is written in Portuguese, looks like it comes from a lonely Orkut member looking for love and features a number of links which appear to link back to the social-networking site.

However, Websense urges Orkut users not to click the links as they result in the Trojan ‘imagem.exe’ being downloaded. This subsequently opens the Orkut login page while a password-stealing Trojan called ‘msn.exe’ is downloaded in the background.

Source:
http://www.pcworld.com/article/154668/beware_orkut_trojan.html?tk=rss_news

Posted in Internet, Security | No Comments

Rootkit unearthed in network security software

Researchers have unearthed rootkit-like functionality in an enterprise security product.

Network security software from a Chinese developer includes processes deliberately hidden from a user and, even worse, a hidden directory, Trend Micro reports. Files in the hidden directory could exist below the radar of antivirus scanners, potentially creating a stealthy hiding place for computer viruses that their creators might seek to exploit.

Trend Micro has written to the software developers involved in what looks like a case of misguided software design, rather than anything worse. Pending a fix from software developers, Trend Micro has slapped a “hacking tool” warning on the rootkit-like component of the network security tool (called HKTL-BRUDEVIC).

It doesn’t name the developers except to say they are the same firm which bundles rootkit-like software with USB storage devices featuring fingerprint authentication.

Source:
http://www.theregister.co.uk/2008/11/28/network_security_rootkit/

Posted in Coding, Internet, Privacy, Security, Software | No Comments

Gmail security and recent phishing activity

We’ve seen some speculation recently about a purported security vulnerability in Gmail and the theft of several website owners’ domains by unauthorized third parties. At Google we’re committed to providing secure products, and we mounted an immediate investigation. Our results indicate no evidence of a Gmail vulnerability.

With help from affected users, we determined that the cause was a phishing scheme, a common method used by malicious actors to trick people into sharing their sensitive information. Attackers sent customized e-mails encouraging web domain owners to visit fraudulent websites such as “google-hosts.com” that they set up purely to harvest usernames and passwords. These fake sites had no affiliation with Google, and the ones we’ve seen are now offline. Once attackers gained the user credentials, they were free to modify the affected accounts as they desired. In this case, the attacker set up mail filters specifically designed to forward messages from web domain providers.

Several news stories referenced a domain theft from December 2007 that was incorrectly linked to a Gmail CSRF vulnerability. We did have a Gmail CSRF bug reported to us in September 2007 that we fixed worldwide within 24 hours of private disclosure of the bug details. Neither this bug nor any other Gmail bug was involved in the December 2007 domain theft.

We recognize how many people depend on Gmail, and we strive to make it as secure as possible. At this time, we’d like to thank the wider security community for working with us to achieve this goal. We’re always looking at new ways to enhance Gmail security. For example, we recently gave users the option to always run their entire session using https.

Source:
http://googleonlinesecurity.blogspot.com/2008/11/gmail-security-and-recent-phishing.html

Posted in Internet, Security | No Comments