Review

This article is originally posted at Norman Security Blog, Credit to my friend ‘Pondus’ for sharing. Introduction During recent months, we have seen several examples of attempts and suggestions to restrict access to different types of net resources, and in some cases the Internet itself. Is this a method that accomplishes its end, or is it more of a “shooting the messenger” type of action? We shall give some examples and discuss different issues in this article. ...

gHacks: One “by-product” of the rapid release cycle of the Firefox web browser is the version number increase that goes along with every new release of the web browser. Firefox this year jumped from Firefox 3 all the way to the latest version Firefox 8, and we are not even at the end of the year. Mozilla interestingly enough plans to hide the version number in the Firefox web browser. Asa Dotzler added an entry to Bugzilla to remove the version of the browser from the about Window dialog in the browser. ...

Sophos Labs: Twitter users are being hit today by messages claiming to link to a new app from Twitter which will track your stalkers. However, the messages are really designed to steal your Twitter usernames and passwords. Here’s a typical message that users are seeing: Twitter finally released an app that tracks your “Stalkers” get it here [LINK] If you click on the link you are taken to what appears to be a legitimate Twitter page, asking you to confirm your username and password before the “Stalkers” app can access your account. ...

BetaNews: There is a lot of buzz about a recent set of tests by NSS Labs that show the Smartscreen reputation system in Internet Explorer 9 head and shoulders and most of the rest of the body above the competition in blocking malware on the web. I think the results of the test are even more important than they seem, considering previous reports that Microsoft plans to make Smartscreen a base part of Windows 8. This would extend parts of the protection to any executable hitting the file system. This would be big news. ...

Norman Security Blog wrote a good article about Fake AVs and their new variants and how to protect ourselves, Credit to my friend, Pondus, for sharing this: Background Fake antimalware has become a profitable industry for the cybercriminals. New variants appear on a daily basis, and new techniques for tricking the users are fine-tuned. A few weeks ago we wrote in our security article – Cybercriminals focus on new targets – about fake antimalware for Apple’s Mac OS X operating system. In its security update 2011-003 for Mac OS X, available 31 May, Apple enhanced considerably its protection against malware. This includes the ability to automatically download new malware signatures, similar to the functionality found in standard antimalware tools. This signifies that Apple now regards its Mac OS X platform as a serious target for cybercriminals. ...

Gizmodo: OS X Lion is coming to the Mac App Store, ushering in a new era of digital distribution for their desktop operating system. And rumors are flying that iOS devices will soon receive over-the-air updates. If we had to smash these two pieces of information together and speculate about the future a little bit, we’d say Apple is heading down a path to automatic background updates for all of their operating systems. Hardcore nerds would hate this to be sure, but for the average user, it’s a good thing. ...

Since 2003, the number of exploitable vulnerabilities has fallen considerably in Microsoft’s Office suite. H-Online: Independently of each other, security specialists Dan Kaminsky and Will Dormann from Carnegie Mellon University’s CERT have found that, in the past few years, the number of flaws and exploitable vulnerabilities in individual versions of Microsoft Office has fallen dramatically, achieving results that are even below those ofOpenOffice. However, their findings should be treated with caution, as they are based on automatic evaluations and say little about the actual threat potential. ...

SophosLabs: Are you in the habit of having complete strangers email you naked pictures of themselves? That’s the only reason I can think of that you can legitimately explain why your computer has been infected by the latest malware attack that has been spammed out around the world. Users are seeing messages in their inbox, which attempt to trick recipients into opening the attached file with the promise of a nude photo. ...

Avira TechBlog: The malware authors every now and then send us virus researchers some messages. For example in the compiled binary itself, or as debug output. Now we found a Zbot Trojan variant which tries to evade detection by carrying a digital certificate and therewith looking more legitimate. And this certificate is registered to “DetectMe! 🙂 ”, also adding random data behind the certificate. We see hints like these regularly – malware authors proposing names for their malicious creations or suggesting a place where a signature based detection would be suitable. Of course, such hints are ignored by us for detection but make us smile for a short time. ...

Prevx Blog: In the last couple years there have been three major players who dominated the scene in the field of the kernel mode rootkit development. They are Rustock rootkit – with its latest build discovered in the wild in 2008 – MBR rootkit – firstly discovered in January 2007 – and TDL rootkit, which can be considered the most advanced kernel mode rootkit to date, able to infect both x86 and x64 versions of Windows operating system. ...