Advice

GFI Labs Blog: We’ve noted this before, but Microsoft needs to get a handle on ad placements on Bing. Ok, so Bing isn’t the most widely used search engine, but remember that Yahoo plays a part here as well. In this case, we’re talking Sirefef (ZeroAccess aka Max++), probably the nastiest piece of malware circulating on the ‘net right now. Sirefef kills any attempt to remove it, and is nearly impossible to clean (short of booting onto a rescue disk and performing cleanup actions, or reformatting). ...

Microsoft Malware Protection Center: We’ve had reports of a new worm in the wild and that generates increased RDP traffic for our users on port 3389. Although the overall numbers of computers reporting detections are low in comparison to more established malware families, the traffic it generates is noticeable. The worm is detected as Worm:Win32/Morto.A and you can see a detailed description of at http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3aWin32%2fMorto.A. Morto attempts to compromise Remote Desktop connections in order to penetrate remote systems, by exploiting weak administrator passwords. Once a new system is compromised, it connects to a remote server in order to download additional information and update its components. It also terminates processes for locally running security applications in order to ensure its activity continues uninterrupted. Affected users should note that a reboot may be required in order to complete the cleaning process. ...

Sunbelt: Facebook recently published a guide for it’s users on how to secure their online accounts from anything that threatens one’s Facebook security. Among those covered are Wall, Chat, and Comment spams, weak passwords, fake applications, and account hacking. Personally, I’m quite happy that Facebook is actually doing something that concerns user security, despite it being quite late come to think about it. Still, better to have something than nothing. ...

This article is originally posted at Norman Security Blog, Credit to my friend ‘Pondus’ for sharing. Introduction During recent months, we have seen several examples of attempts and suggestions to restrict access to different types of net resources, and in some cases the Internet itself. Is this a method that accomplishes its end, or is it more of a “shooting the messenger” type of action? We shall give some examples and discuss different issues in this article. ...

Sophos Labs: Twitter users are being hit today by messages claiming to link to a new app from Twitter which will track your stalkers. However, the messages are really designed to steal your Twitter usernames and passwords. Here’s a typical message that users are seeing: Twitter finally released an app that tracks your “Stalkers” get it here [LINK] If you click on the link you are taken to what appears to be a legitimate Twitter page, asking you to confirm your username and password before the “Stalkers” app can access your account. ...

Posted by the Stop. Think. Connect. Campaign on Homeland Security Cyber predators are real. They use the anonymity of the Internet to target victims, especially today’s youth, with unwanted solicitations, harassment, and fraud. It’s important that parents discuss ways to stay safe online with their children, particularly before they use social networking sites. US-CERT offers the following tips for parents to help ensure their children stay safe online: Monitor computer activity – Keep your computer in an open area and be aware of what your children are doing, including who they’re talking to and what websites they’re visiting. Inform children of online risks – Discuss appropriate Internet behavior that is suitable for the child’s age, knowledge, and maturity. Talk to children about the dangers and risks of the Internet so that they recognize suspicious activity and secure their personal information. Keep lines of communication open – Let your children know that they can approach you with any questions or concerns about behaviors or problems they may have encountered on the Internet. Stop. Think. Connect. Protect yourself and help keep the web a safer place for everyone. For more information on Stop.Think.Connect., please visit www.dhs.gov/stopthinkconnect. ...

Sophos Labs: Millions of blog owners around the world are being advised to consider their password security, after WordPress.com was hacked. To its credit, Automattic – the company behind the WordPress.com blogging platform – didn’t mince its words or try to apply any spin to the incident, explaining it had suffered a “low-level (root) break-in to several of [its] servers, and potentially anything on those servers could have been revealed.” ...

H-Online: In a post on the project’s security announce mailing list, Ubuntu Release Manager Kate Stewart has reminded users that the desktop version of Ubuntu 8.04 LTS, code named Hardy Heron, will reach its end of life in May. Version 8.04 of the Debian-derived Linux distribution was released on 24 April 2008. Based on the 2.6.24 Linux kernel, it placed a stronger focus on stability and ease of use, rather than on new features, and included the GNOME 2.22 desktop environment, as well as a new installer that allowed Ubuntu to be installed directly under Windows without having to boot from CD or re-partition the hard disk. Built-in applications included version 2.4 of the OpenOffice.org office suite, Firefox 3.0 Beta 5, the F-Spot photo manager and the GIMP image editor. After 12 May 2011, no new updates, including security updates and critical fixes, will be available. The server edition of Ubuntu 8.04 LTS will continue to be supported until May 2013. ...

H-Online: In a post on their home page, the Flock developers have announced that support for their Chromium-based social web browser will officially be discontinued on 26 April 2011. Thanking their “loyal users” for their support, the developers encourage the Flock community to migrate to another browser. Flock began life as a cross-platform browser start-up in April 2005. Distinguishing itself from other browsers, Flock automatically managed updates and media from several popular social services, including MySpace, Facebook, Bebo, Digg, YouTube and Twitter. ...

SophosLabs wrote: Do you want to know the total number of times that your Facebook wall has been viewed? Are you curious as to who may be stalking you on Facebook? If so, you’re a prime candidate for scammers who are exploiting that desire to put money into their own pockets. Here are the latest messages spreading virally between thousands of Facebook users who have fallen for the scam: ...