Security

Avira TechBlog: Thanksgiving and according holidays are very close – a time in which many people have the time to do (online) shopping. The cyber criminals are eager for their share, so it’s time to remember some safety measures. We are expecting to see spam and phishing campaigns luring the recipients to visit malicious web sites. These web sites usually look quite legal and official. As precaution, don’t follow links from emails to online stores and online payment systems, but use bookmarks or type in the addresses directly into the browser’s address bar. And of course just visit shops which you already know. Some scams can be identified by very low prices – if they look too good to be true, they usually are! ...

VirusTotal has just coded a Google Chrome browser extension to interact with VirusTotal. The extension adds an option to the context menu to analyze links with VirusTotal’s URL analysis engine. Unlike the VTzilla Firefox extension, it does not embed an additional “Scan with VirusTotal” option in the browser’s file download dialog (mainly because Chrome’s API does not allow to do so). Having said this, it does include a top menu bar popup that enables quick VirusTotal searches and direct submission of the page being viewed to VirusTotal. ...

Apple has issued the latest update to its Mac OS X operating system, bringing Snow Leopard users up to Mac OS X 10.6.5. Enhancements include improved Microsoft Exchange reliability, and a variety of performance and stability improvements. But what’s probably most interesting to you is that the update also includes important security fixes. Well over 100 different vulnerabilities are reportedly patched by Mac OS X 10.6.5 – if you want to see the gory details (or at least, those details which Apple is prepared to make public) view their knowledgebase article. ...

In 2009, naked photographs of American baseball star Grady Sizemore circulated on the internet after being stolen from the email account of his then girlfriend, Playboy Playmate Brittany Binger. A total of 15 photos were circulated – some showing Sizemore posing in his bathroom mirror wearing a suit, but others that showed him nude or only partially clothed. In one of the pictures, still easily available on the web, the Cleveland Indians’ star is using a coffee mug to protect his err.. modesty. ...

Oh look, Microsoft is late to the party again? They are finally launching full-session SSL encryption to Hotmail a mere 2 years after Google did the same thing for Gmail. It looks like the release of FireSheep really has had an impact on web-application vendors due to the amount of mainstream media coverage it got and the sheer number of downloads. At least they are doing something and I hope more vendors follow and give users an option to force full-session HTTPS connections for all web properties. ...

With the expanding amounts of storage available on cell phones, mp3 players, digital cameras, and gaming devices it’s no surprise that malware is increasingly being transmitted over USB. avast! Software is reporting that out of 700,000 attacks reported by its Community IQ system in October, one in eight were exchanged over USB connections. “Cyber-criminals are taking advantage of people’s natural inclination to share with their friends and the growing memory capacity of USB devices,” says avast! virus analyst Jan Sirmer. ...

Will believe that? I hope you don’t

There are always peculiar things malware researchers discover while analyzing new samples. VirusTotal 24/43 Let’s remember the filename as HD Porn TV for later Our victim runs it thinking they will see the latest porno in HD quality. Instead they get a new browser ‘theme’ with a Turkish flavor: Internet Explorer: Firefox: The bad guys hijack Winsock: And filter traffic through: ...

Tom Kelchner, Sunbelt blog: Alert reader Laurie (my boss actually) forwarded a copy an email she received from a friend. It said the sender was “…pleased to announce the newest version of Antivirus 2010 for Windows.” There was a link to click, of course. Something called “Antivirus 2010” for sale in November is very odd for three reasons: It’s nearly 2011 and legitimate AV companies are putting out their 2011 versions. There was a rogue security product last year called “Antivirus 2010.” (VIPRE detection: FraudTool.Win32.Antivirus2010 (v)) Although a lot of companies make a product named Anti-Virus 2010, they usually put their name in front of it, such as “Kaspersky Anti-Virus 2010” or “Norton AntiVirus 2010.” The Antivirus 2010 rogue graphic interface from 2009: ...