Security

APcSecure is a new rogue from the WiniGuard clone factory.

The European Network and Information Security Agency (ENISA) has released a report that says 95 percent of all email is now spam. The report was based on surveying last year of email traffic by about 100 service providers in 30 countries. ENISA Executive Director Dr. Udo Helmbrecht said: “Spam remains an unnecessary, time consuming and costly burden for Europe. Given the number of spam messages observed, I can only conclude more dedicated efforts must be undertaken. _ _ “Email providers should be better at monitoring spam and identifying the source. Policy-makers and regulatory authorities should clarify the conflicts between spam-filtering, privacy, and obligation to deliver.” ...

System Defender is a rogue antispyware program, or a PC infection made to look like real security software. System Defender is a scam designed to trick people out of their money. If your PC has been infected with System Defender, you will most likely experience the following symptoms: System scans that report numerous infections, yet requires purchase of System Defender before it will remove the infections (These are fictitious scan results) Alerts and Pop-Up system warnings stating the PC is infected and recommend purchase of System Defender (These warnings are fake) Web browser redirecting to random websites (these websites are owned by cyber thieves and will further infect your PC) System Defender will prevent other programs from opening, stating they are infected (The programs are not infected) System Defender is a very serious computer infection and should be removed from infected machines immediately.

ProtectSoldier is the latest rogue antispyware program released by cyber thieves to terrorize PC users. ProtectSoldier is phony security program that trick people into buying the software with false security warnings and system scans. By displaying false system warnings, pop-up alerts warning of infections, and system scans that state the PC has numerous infections, cyber thieves rip people off by demanding the user buy the program to remove the supposed infections.

ArmorDefender is the latest rogue antispyware program released by cyber thieves to terrorize PC users. ArmorDefender is phony security program that trick people into buying the software with false security warnings and system scans. By displaying false system warnings, pop-up alerts warning of infections, and system scans that state the PC has numerous infections, cyber thieves rip people off by demanding the user buy the program to remove the supposed infections.

Antivirus360 is a phony antivirus program, designed to rip people off. Cyber thieves who created phony software like Antivirus360 use scare tactics to frighten people into buying the software. Antivirus360 will show false security warnings and scan results stating the PC is infected and request payment for the software to remove the supposed infections. Antivirus360 is a complete scam and a potentially very dangerous PC infection that should be remove from infected computers.

ProtectDefender is a new clone of the WiniGuard family.

Security firm Imperva of Redwood Shores, Calif., found a unique way to gage the quality of the passwords that Web users select: they analyzed the 32 million passwords in the unencrypted file of passwords that miscreants stole from the servers of RockYou.com in December and posted on the Internet. RockYou creates and distributes entertainment widgets that work with social networking networks. What they found wasn’t good, according to their report. “Key findings: — About 30% of users chose passwords whose length is equal or below six characters. _ _ — Moreover, almost 60% of users chose their passwords from a limited set of alpha-numeric characters. _ _ _— Nearly 50% of users used names, slang words, dictionary words or trivial passwords (consecutive digits, adjacent keyboard keys, and so on). _ _ _ The most common password among Rockyou.com account owners is “123456”. ...

Now here’s an interesting turn of events. In the middle of all the attention to the “Operation Aurora” attacks, we’re now seeing new targeted attacks that are using this very event as the lure to get the targets to open a malicious attachment! Here’s the email we saw: The attachment Chinese cyberattack.pdf (md5: 238ecf8c0aee8bfd216cf3cad5d82448) is a PDF file which exploits the CVE-2009-4324 vulnerability in Adobe Reader (again, this is the one which was patched last week). ...

We just blogged about a highly targeted attack against military contractors. Now we saw one against the intelligence sector. This attack was done with a PDF file. Again. It was targetting the CVE-2009-4324 vulnerability. Again. When opened, the PDF file (md5: c3079303562d4672d6c3810f91235d9b) looked like this: What really happens in the background? Just like last time, the exploit code drops a backdoor in a file called Updater.exe (md5: 02420bb8fd8258f8afd4e01029b7a2b0). Now, what is the document talking about? President’s day? DNI Information Sharing Environment? We don’t know, but a quick web search tells us that apparently there is going to be an Intelligence fair & expo in Germany next month. ...