Two million password stealers fingered

June 23, 2008 – 5:52 AM

Microsoft’s Malicious Software Removal Tool – a program that removes malware from Windows machines – detected password-stealing software from more than 2 million PCs in the first week after it was updated.

One password stealer, called Taterf, alone was detected on 700,000 computers in the first day after the update. That’s twice as many infections as were spotted during the entire month after Microsoft began detecting the notorious Storm Worm malware last September.

“These are ridiculous numbers of infections my friends, absolutely mind-boggling,” said Matt McCormack, from Microsoft’s Malware Response Centre.

Between 10 June and 17 June, Microsoft removed Taterf from about 1.3 million machines, he said.

Microsoft’s September detections seriously hobbled the Storm Worm botnet, once considered a top Internet threat.

Password stealers such as Taterf are among the most common types of malicious software on the Internet. That’s because there’s big money to be made selling the virtual currencies used in online games for real-world cash.

Read the rest of the story…

Storm Is Back–With Porn Scam

June 22, 2008 – 6:06 PM

Security researchers Friday warned of a new, massive spam campaign that tries to convince users to install the long-running Storm bot Trojan on their PCs.

The new spam blitz is difficult to characterize, said researchers from MX Logic Inc. and F-Secure, because of the nearly 40 different subject heads used by the spammers. “We’ve seen subjects talking about everything from ‘White House hit by lightning, catches fire’ to ‘Italy knocked out of Euro 2008’ and ‘Nokia unveils revolutionary new phone design’,” said an F-Secure researcher in a post to his company’s blog Friday.

F-Secure has posted a text-only listing of the subject headings its researchers have seen in the wild. Among the more outrageous: “Statue of Liberty struck by lightning, catches fire,” ” Obama quits presidential race,” and “Man wakes up from 40 year coma.”

No matter what the subject headings used, all the spam includes a link to a fake version of the pornographic YouTube-lookalike PornTube.com. According to McAfee researchers, the phony site is hosted on multiple compromised legitimate servers.

Once the user’s browser reaches the spoofed site, a pop-up warns that an ActiveX control must be installed to watch the porn videos. The control is, not surprisingly, nothing of the kind, but is instead a variation of the Storm Trojan.

Source:
http://www.pcworld.com/article/id,147394-pg,1/article.html

Corporate Security Worldwide Fails Basic Tests

June 22, 2008 – 5:50 PM

Everyone knows that there’s no such thing as 100 percent security, but it’s unlikely that most businesses realize how insecure they really are. New research on endpoint security shows just how vulnerable corporate networks are.

Eighty-one percent of corporate endpoints probed by IT security and control product vendor Sophos failed basic security tests: They either lacked Microsoft security patches, their client firewalls were disabled, or they missed endpoint security software updates.

For 40 days, Sophos ran its Endpoint Assessment Test, a free online scanning service that checks for endpoint security vulnerabilities. The Endpoint Assessment Test was performed against 583 corporate endpoints from around the world. North America represented 39 percent of the sample base, while the U.K. made up 36 percent, and Australia and Germany were 11 percent and nine percent respectively (five percent were from other countries).

Test results showed that 63 percent were missing at least one Microsoft security patch; more than half (51 percent) of endpoints tested had their client firewalls disabled, and 15 percent had out-of-date or disabled endpoint security software.

“Ultimately, machines that fail such a test represent ‘low hanging fruit’ for cybercriminals and a real danger to their corporate networks,” Bill Emerick, vice president of product management for Network Access Control, said in a statement.

Sophos says thirty-nine percent of those tested were part of an organization with fewer than 100 employees; 36 percent had between 100 and 1,000 employees; and 25 percent were from organizations with more than 1,000 employees.

Source:
http://www.pcworld.com/businesscenter/article/147389/corporate_security_worldwide_fails_basic_tests.html

Tweak Firefox to Display Richer Colors

June 21, 2008 – 6:23 PM

If the digital photo you just uploaded looks more washed out in Flickr than it does in your desktop image editor, that’s because Firefox 3‘s advanced color management capability isn’t turned on by default. To turn it on, type about:config in Firefox 3’s address bar, then click the “I’ll be careful, I promise!” button. Then, in the Filter field, type gfx.color_management.enabled and set that value to true (its default value is false). Restart Firefox. From there on in, your photo colors will be richer than they were. Why isn’t this value true by default? Well, according to Mozilla, you’ll see a 10-15% performance hit using this setting, but if you’ve got a reasonably fast machine, it’ll be worth the better-looking photos. Hit the link below for an extended explanation of Firefox’s color profile support.

Source:
http://lifehacker.com/396742/tweak-firefox-to-display-richer-colors

Cain & Abel v4.9.15 released

June 21, 2008 – 8:40 AM

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. It covers some security aspects/weakness present in protocol’s standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some “non standard” utilities for Microsoft Windows users.

  • Oracle TNS Hashes Password Cracker (Dictionary and Brute-Force Attacks).
  • Added Oracle TNS sniffer filter for DES and 3DES authentications.
  • Fixed a bug in VNC sniffer filter for new RFB protocol versions.
  • Fixed a bug with TCP/UDP/ICMP traceroute and Windows raw socket error code 10022.
  • Fixed a bug in RSA SecurID Calculator for tokens with serial numbers of more than 8 digits.
  • Fixed a bug in Dictionary Attack crackers regarding Mixed Hybrid and Case Permutations variants for each word.
  • Fixed a bug in challenge spoofing and NTLM downgrading when one of the victim hosts is a gateway.
    OpenSSL library upgrade to version 0.9.8h.

Download it here:
http://www.oxid.it/cain.html