Showing posts with label COMPUTERS. Show all posts
Showing posts with label COMPUTERS. Show all posts

Thursday, July 30, 2009

Extra '&' in Microsoft development code gave hackers IE exploit

Company's security development expert confirms reports by outside researchers

By Gregg Keizer, ComputerWorld
Microsoft yesterday confirmed that a single superfluous character in its own development code is responsible for the bug that has let hackers exploit Internet Explorer (IE) since early July.

A pair of German researchers who analyzed a vulnerability in a Microsoft-made ActiveX control came to the same conclusion three weeks ago.

"The bug is simply a typo," Michael Howard, a principal security program manager in Microsoft's security engineering and communications group, said in a post Tuesday to the Security Development Lifecycle (SDL) blog. Howard, who is probably best known for co-authoring Writing Secure Code, went on to say that the typo -- an errant "&" character -- is the "core issue" in the MSVidCtl ActiveX control.

FOR COMPLETE STORY, PLEASE CLICK HERE.



~Sandy G.
Posted by at No comments:
Labels: , , , , , , , ,

Researcher reveals massive 'professional thieving' botnet

A nasty piece of malware that's infected up to a million PCs is stealing financial information from consumers and businesses at an alarming rate, a noted botnet researcher said today.

By Gregg Keizer, ComputerWorld
A ferocious piece of malware that's infected up to a million PCs is stealing a "tremendous" amount of financial information from consumers and businesses that log on to their bank, stock broker, credit card, insurance, job hunting and favorite e-shopping sites, a noted botnet researcher said today.

"Clampi is the most professional thieving pieces of malware I've ever seen," said Joe Stewart, director of malware research for SecureWorks' counter-threat unit. "We know of few others that are this sophisticated and wide-ranging. It's having a real impact on users."

The Clampi Trojan horse has infected anywhere between 100,000 and 1 million Windows PCs, said Stewart -- "We don't have a good way of counting at this point," he acknowledged -- and targets the user credentials of 4,500 Web sites.

FOR COMPLETE STORY, PLEASE CLICK HERE.



~Sandy G.
Posted by at No comments:
Labels: , , , , , , , , , , ,

Monday, July 27, 2009

The 10 most damaging botnets in the U.S.

America's 10 most wanted botnets ranked by size and strength


By Ellen Messmer, Network World
Botnet attacks are increasing, as cybercrime gangs use compromised computers to send spam, steal personal data, perpetrate click fraud and clobber Web sites in denial-of-service attacks. Here's a list of America's 10 most wanted botnets, based on an estimate by security firm Damballa of botnet size and activity in the United States.


No. 1: Zeus


3.6 million compromised U.S. computers. The Zeus Trojan uses key-logging techniques to steal sensitive data such as user names, passwords, account numbers and credit card numbers. It injects fake HTML forms into online banking login pages to steal user data.

No. 2: Koobface


2.9 million compromised U.S. computers. This malware spreads via social networking sites MySpace and Facebook with faked messages or comments from "friends." When a user is enticed into clicking on a provided link to view a video, the user is prompted to obtain a necessary update, like a codec -- but it's really malware that can take control over the computer.

FOR COMPLETE STORY, PLEASE CLICK HERE.



~Sandy G.
Posted by at No comments:
Labels: , , , , , , , , , , , , , , , ,
Subscribe to: Posts (Atom)