Malware Hunts Down and Deletes MP3s

March 8, 2008 – 6:58 PM

Security experts have discovered a worm that might just be the recording industry’s dream application: it hunts down and deletes MP3s on infected PCs.

Security companies say the worm is only low risk, although its unusual payload could give a nasty surprise to an ardent music fan. The motivation of the hackers who created it are unclear.

“The authors of this worm are more likely to be teenage mischief makers than the organized criminal gangs we typically see authoring financially-motivated malware these days,” said Graham Cluley, senior technology consultant for the security vendor Sophos PLC.

“As such, it’s not something we would lose an awful lot of sleep over, but there are some lessons that computer users should learn to minimize the chances of infection,” he said.

The worm spreads via removable flash drives, reminiscent of the way viruses spread via floppy disks decades ago. That may be an attempt by the authors of the worm to bypass e-mail filters and Web gateway filters that block malicious software, Cluley said.

Symantec Corp., which calls the worm W32.Deletemusic, said in an advisory that the worm copies itself to all drives on a PC. It also creates an autorun file to start itself whenever a user accesses a drive.

The worm affects PCs running Windows 2000, 95, 98, Me, NT, Server 2003, XP and Vista, Symantec said. Users could disable the autorun feature in Windows that automatically launches programs on CDs or USB drives, Cluley said.

It’s not the first malicious software to go after music files. Two years ago, researchers saw the Nopir-B worm, which posed as a utility to make copies of DVDs. Once on a machine, it displayed an anti-piracy graphic and tried to delete MP3s and other files.

Last year, a Trojan horse program called Erazer took the destructive activity a step further, wiping out MP3s as well as movies, Cluley said.

http://www.pcworld.com/article/id,135375/article.html?tk=nl_dnxnws

New Database Attack Revealed

March 8, 2008 – 6:58 PM

Researchers at Core Security Technologies are to demonstrate an attack that could allow hackers to extract private information from databases — without requiring any bugs in the database management software.

The demonstration, on Wednesday at Black Hat USA in Las Vegas, will involve timing attacks, a technique for breaking ciphers. It’s effective against databases using BTREE, the most popular database indexing algorithm and data structure, and will use MySQL for demonstration purposes, Core researchers said.

Currently, data breaches are usually the result of bugs in front-end web applications or misconfigured authorization and access control permissions, Core said, but the timing attack doesn’t need any such bugs to work.

“The new attack relies solely on the inherent characteristics of the indexing algorithms used by most commercial database management systems,” said Core researchers Ariel Waissbein and Pablo Damian Saura in a note on the presentation.

In cryptography, the timing attack is a technique where the attacker analyses the time taken to execute cryptographic algorithms, using the analysis to discover information about how the cryptographic system is implemented and help find a way to crack the system.

Saura and Waissbein’s approach is similar: their attack involves performing record insertion operations, typically available to all database users — including anonymous users of front-end web applications — and analyzing the time it takes to perform different kinds of insertions.

By analyzing the different timings, attackers can deduce what was inserted previous to the attack, Core said.

On the plus side for organizations with database systems, Core said the attack is “theoretical” and would be difficult to implement, since the attacker would need to have information about the structure and settings of the database to carry it off.

Another complicating factor is that on a “live” database other users could be making insertions at the same time, affecting the results of the timing analysis.

The point is for organizations to be aware that such attacks are possible, so that they can be on their guard, Core said.

The demonstration will include a review of BTREE and will explain how Saura and Waissbein discovered the vulnerability, Core said.

http://www.pcworld.com/article/id,135339/article.html?tk=nl_dnxnws

Vista Performance and Reliability Pack Unofficial Release

March 8, 2008 – 6:57 PM

Thanks Nekrosoft for the news on this major update to Windows Vista that should for most of us improve the speed and reliability of Windows Vista significantly!Please note: These fixes break all current methods of bypassing driver singing requirements except the good old F8 during boot (that you have to do every single time you start vista)

IF you are using Rivatuner, atitool and or Peerguardian on 64bit vista, you will have to use F8 every single time to disable driver signing requirements to use those two programs. x86 version is unaffected.

These updates should go official on the next patch Tuesday (in one weeks time). Please read more for the download links and information on these updates.

938979 Vista Performance and Reliability Pack
This update resolves a number of individual issues which may be affecting some computers running Windows Vista. These issues have been reported by customers using the Error Reporting service, product support, or other means. Installing this update will improve the performance and responsiveness for some scenarios and improves reliability of Windows Vista in a variety of scenarios. Some examples of the improvements contained in this update are:

  • Improves performance in resuming back to the desktop from the Photo and Windows Energy screensaver.
  • Resolves an issue where some secured web pages using advanced security technologies may not get displayed in Internet Explorer on Windows Vista.
  • Resolves an issue where a shared printer may not get installed if the printer is connected to a Windows XP or Windows Server 2003 system and User Access Control is disabled on the Vista client.
  • Resolves an issue where creating AVI files on Vista may get corrupted.
  • Improves the performance in calculating the ‘estimated time remaining’ when copying/moving large files.
  • Improves performance in bringing up Login Screen after resuming from Hibernate.
  • Resolves an issue where synchronization of offline files to a server can get corrupted.
  • Resolves a compatibility issue with RAW images created by Canon EOS 1D/1DS Digital SLR Camera which can lead to data loss. This only affects RAW images created by these two specific camera models.
  • Resolves an issue where a computer can lose its default Gateway address when resuming from sleep mode.
  • Improves the performance when copying or moving entire directories containing large amounts of data or files.
  • Improves the performance of Vista’s Memory Manager in specific customer scenarios and prevents some issues which may lead to memory corruption.

938194 Vista Compatibility and Reliability Pack
This update resolves a number of individual issues which may be affecting some computers running Windows Vista. These issues have been reported by customers using the Error Reporting service, product support, or other means. Installing this update will improve the reliability and hardware compatibility of Windows Vista in a variety of scenarios. Some examples of the improvements contained in this update are:

  • Improved reliability and compatibility of Vista when used with newer graphics cards in several specific scenarios and configurations.
  • Improved reliability when working with external displays on a laptop.
  • Increased compatibility with many video drivers.
  • Improved visual appearance of games with high intensity graphics.
  • Improved quality of playback for HD-DVD and Blue-Ray disks on large monitors.
  • Improved reliability for Internet Explorer when some third party toolbars are installed on Vista.
  • Improved Vista reliability in networking configuration scenarios.
  • Improved the reliability of Windows Calendar in Vista.
  • Improved reliability of systems that were upgraded from XP to Vista.
  • Increased compatibility with many printer drivers.
  • Increased reliability and performance of Vista when entering sleep and resuming from sleep.

http://www.neowin.net/index.php?act=view&id=41691

MySpace Hosting 29,000 Sex Offenders

March 8, 2008 – 6:57 PM

News Corp.’s popular MySpace.com social networking site hosted Web pages for at least 29,000 known sex offenders as of July 2007, North Carolina’s Attorney General said Tuesday.

North Carolina Attorney General Roy Cooper’s office said in a statement that based on MySpace’s own estimates, the number of registered sex offenders with MySpace pages under their own names was four times more than the company’s previous estimate.

Cooper is proposing that North Carolina pass legislation to ban registered sex offenders from using social networking sites that allow minors, and strengthening other anti-child pornography and criminal penalties for Internet solicitation of minors and children for sex. The proposal also suggests that social networking sites’ underage users be required to get parental permission before registering and posting personal information.

Young people have been the early adopters and most avid users of social networking sites, making them targets for sexual predators.

MySpace said it would provide sex offender data to state attorneys general in late May, after first saying it would not make such disclosures. Cooper did not say when MySpace had provided the data.

The site has come under attack not only for the risque content posted by some of its members, but by allegedly providing a venue for sexual predators targeting children. Connecticut Attorney General Richard Blumenthal estimated in May that at least 5,000 sex offenders were registered for MySpace using their own names, with an unknown number using false identities.

Blumenthal and Cooper have been the most vocal attorneys general in linking MySpace and sexual predation.

Last year, North Carolina’s State Bureau of Investigation arrested a police officer for the alleged rape of a 14-year-old girl he lured using MySpace, Cooper’s office said.

http://www.pcworld.com/article/id,135051/article.html?tk=nl_dnxnws

PayPal Security Key

March 8, 2008 – 6:56 PM

Add an extra level of security when you log in with the PayPal Security Key.

We protect your account with one of the highest levels of online security available. Now you can add even more protection with the PayPal Security Key.

https://www.paypal.com/securitykey