Report

Sophos Labs: There are two stories that have been the focus of much speculation that have come to some closure today. New information confirming many peoples suspicions about Aurora and Stuxnet have been reported by Wikileaks.org and Reuters. As has been widely reported Wikileaks began releasing over 250,000 previously secret diplomatic cables that it is assumed they received from PFC. Bradley Manning. Most of the cables are as uninteresting as reading your friends Yahoo! mail. ...

You might want to steer clear of the following fake security program, being promoted as a “Windows Trojan Removal Kit” but actually hijacking your PC in the form of the ThinkPoint rogue with a mixed (24/43) detection rate. The file is currently being offered up by your typical “fake security scan” pages, such as microsoftwindowssecurity152(dot)com. Those familiar with this particular rogue will be aware that it tends to stick with domains similar to the one above. ...

Over the last few days, some news organizations have been saying that Stuxnet source code is available on the black market, and that clearly therefor there is an impending Internet Armageddon. This is patently silly, on a number of levels, but silly none-the-less. First thing is that I flat-out don’t believe Stuxnet source is available for sale on the black market or anywhere. Remember how often I say that if something sounds too good to be true, it’s not true? Well, the opposite applies too. If something sounds too bad to be true, it’s not true either. We really don’t know who built Stuxnet, or who the intended target was, be we may rest assured that whoever put that much work into it, isn’t selling it, at any price. It’s actually more probable that some no-honor-among-thieves bad guy is scamming fellow bad guys. “Sure, this is Stuxnet source code. Prove otherwise.” ...

Thomas Wegele, Virus Researcher from Avira wrote: In this month’s ITW malware set from the Wildlist organization two new variants of W32/Ramnit appeared. W32/Ramnit is a Worm spreading via infected executable files and infected HTML Files. It is a quite widespread malware – which is why we decided to dig deeper into it. Upon execution the malware creates a new file in the directory where it was started. This file is named “mgr.exe”. It then gets executed and creates a copy of itself in “C:%ProgramDir%\Microsoft\WaterMark.exe” which also gets executed after creation and in turn infects the EXE, DLL and HTML files found on the system and tries to connect to a server. ...

The Swedish Appeals Court upheld the conviction and jail sentences of three co-founders behind the infamous The Pirate Bay service. Peter Sunde, Fredrik Neij and Carl Lundstrom all received one-year jail sentences and $4.2 million in fines from a Swedish lower court earlier in the year. After the court ruling, Neij has been given a 10-month sentence, Sunde received an eight-month sentence, and Lundstrom was given a four-month sentence. A different defendant will be sentenced at a later date because he was unavailable due to illness. ...

That’s possibly the most unlikely headline I’ve ever had to write in my computer security career, but never mind.. My guess is that regular readers of the Naked Security site might not be ardent fans of Justin Bieber – but chances are that some of you have young daughters or nieces who can’t get enough of the pint-sized pop hamster. If that’s the case then they might be intrigued by a message that is spreading virally across the Facebook social network claiming to be footage of… and how can I put this delicately? I don’t think I can.. Justin Bieber with an erection. ...

Miley Cyrus is eighteen years old since yesterday. I don’t know if her father, legendary “Achy Breaky Heart” singer Billy Ray Cyrus, will be joining in her birthday celebrations, but I imagine he’ll be quietly wiping away a tear as his daughter finally becomes officially an adult (at least as far as the age of consent in her home state of Tennessee is concerned). The pop singer and Hannah Montana star has had her fair share of encounters with the world of cybercrime during her short life. ...

Thousands of Facebook users are warning each other about a Christmas Tree virus said to be spreading in the form of a rogue application on the social network. The only problem with this warning? It’s utterly bogus. Here’s a typical message being shared widely on Facebook: WARNING!!!!!!…..DO NOT USE THE Christmas tree app. on Facebookplease be advised it will crash your computer. Geek squad says its oneof the WORST trojan-viruses there is and it is spreading quickly.Re-post and let your friends know. THANKS PLEASE REPOST! ...

Yesterday, Apple pushed out the much anticipated update to its mobile operating system – iOS 4.2. Although most of the headlines have focused on new functionality Apple has introduced, such as bringing folders and multi-tasking to the iPad, there’s a much more important reason why you should be considering updating your Apple iPhone, iPod Touch or iPad. Security. According to an Apple knowledgebase article, iOS 4.2 includes more than 40 security fixes designed to better protect iPhone, iPod Touch and iPad users. ...

 The Information Commissioner’s Office (ICO) has fined two organizations for serious breaches of the Data Protection Act – the first to be issued under new tougher guidelines in the UK. The security breach at Sheffield-based firm A4e happened in June 2010, after the company issued an unencrypted laptop to an employee in order to do work from home. The laptop was subsequently stolen from the employee’s house. That wouldn’t have mattered too much, of course, if the laptop hadn’t contained sensitive information. Unfortunately it carried personal data relating to 24,000 people who had used community legal advice centers in Hull and Leicester. ...