If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

It is always good news when the government can close down a spyware company.

The reason that I am so against these spyware companies so much is that as a computer support specialist I always see people accidentally get spyware that gives up their personal information as well as usually slowing down their computer radically.

The change nowadays is that there are no features given for this hit on privacy and performance. There used to be a day when at least you would get cute cursors or a search toolbar in exchange for your personal information but now you get nothing for it.

An operation that placed spyware on consumers’ computers in violation of federal laws will give up more than $2 million to settle Federal Trade Commission charges.

Under a stipulated final judgment and order, the defendants are permanently prohibited from interfering with a consumer’s computer use, including but not limited to distributing software code that tracks consumers’ Internet activity or collects other personal information, changes their preferred homepage or other browser settings, inserts new advertising toolbars or other frames onto their browsers, installs dialer programs, inserts advertising hyperlinks into third-party Web pages, or installs other advertising software code, file, or content on consumers’ computers.

The defendants also are permanently prohibited from making misleading representations regarding the performance, benefits, features, cost, or nature or effect of any type of software code, file, or content, including misrepresenting that the code is an Internet browser upgrade or other computer security software, music, song, lyric, or cell phone ring tone.

The order names Enternet Media Inc., Conspy & Co. Inc., Lida Rohbani, Nima Hakimi, and Baback (Babak) Hakimi, all based in California, whose software codes were “Search Miracle,” “Miracle Search,” “EM Toolbar,” “EliteBar,” and “Elite Toolbar.”
Read the rest of this entry »

How to avoid spyware

Just when you thought you were Web savvy, one more privacy, security, and functionality issue crops up — spyware. Installed on your computer without your consent, spyware software monitors or controls your computer use. It may be used to send you pop-up ads, redirect your computer to websites, monitor your Internet surfing, or record your keystrokes, which, in turn, could lead to identity theft.

Many experienced Web users have learned how to recognize spyware, avoid it, and delete it. According to officials at the Federal Trade Commission (FTC), the nation’s consumer protection agency, all computer users should get wise to the signs that spyware has been installed on their machines, and then take the appropriate steps to delete it.

The clues that spyware is on a computer

• a barrage of pop-up ads


• a hijacked browser — that is, a browser that takes you to sites other than those you type into the address box


• a sudden or repeated change in your computer’s Internet home page


• new and unexpected toolbars


• new and unexpected icons on the system tray at the bottom of your computer screen


• keys that don’t work (for example, the “Tab” key that might not work when you try to move to the next field in a Web form)


• random error messages


• sluggish or downright slow performance when opening programs or saving files

The good news is that consumers can take steps to lower their risk of spyware infections. Indeed, experts at the FTC and across the technology industry suggest that you:

• Update your operating system and Web browser software. Your operating system (like Windows or Linux) may offer free software “patches” to close holes in the system that spyware could exploit.


• Download free software only from sites you know and trust. It can be appealing to download free software like games, peer-to-peer file-sharing programs, customized toolbars, or other programs that may change or customize the functioning of your computer. Be aware, however, that some of these free software applications bundle other software, including spyware.


• Don’t install any software without knowing exactly what it is. Take the time to read the end-user license agreement (EULA) before downloading any software. If the EULA is hard to find — or difficult to understand — think twice about installing the software.


• Minimize “drive-by” downloads. Make sure your browser security setting is high enough to detect unauthorized downloads, for example, at least the “Medium” setting for Internet Explorer. Keep your browser updated.


• Don’t click on any links within pop-up windows. If you do, you may install spyware on your computer. Instead, close pop-up windows by clicking on the “X” icon in the title bar.


• Don’t click on links in spam that claim to offer anti-spyware software. Some software offered in spam actually installs spyware.


• Install a personal firewall to stop uninvited users from accessing your computer. A firewall blocks unauthorized access to your computer and will alert you if spyware already on your computer is sending information out.


• If you think your computer might have spyware on it, experts advise that you take three steps: Get an anti-spyware program from a vendor you know and trust. Set it to scan on a regular basis — at least once a week — and every time you start your computer, if possible. And, delete any software programs the anti-spyware program detects that you don’t want on your computer.

For more information about protecting your computer and your personal information online, visit www.onguardonline.gov.

SANS has a great article by one of their on duty handlers. This is how to make sure that you do not expose one of those HP Jet Direct networking units that plugs into the back of an HP printer.

HP JetDirect based printers are extremely popular in academia and elsewhere around the Internet. As such, they need to be protected from malicious use as we do with the general computers and other network devices on our networks.

Note: the concepts presented in this Tip of the Day may be used in other network printers, though I haven’t messed with other varieties enough to know the details.

My first suggestion is to firewall off printers from Internet access. Force connections to the printer originate from your locally managed network, or through a VPN authenticated computer residing elsewhere.

Unfortunately in academia, we rarely know the IP address of every network printer on our network. And I would suspect that in the corporate world that this can be true without very strictly enforced policies. Even if you know every printer and its IP on your network today, tomorrow it could be different after someone brings a new super fast, color, duplexing, with mailbox output tray, hard drive, extra fonts, bluetooth, infrared, firewire, usb, network, mp3 playing, digitial media card reading, all-in-one, scanning, faxing, washing-the-dishes-in-the-kitchen-sink printer and installed it without your knowledge or approval.
Read the rest of this entry »

Microsoft has been working on Internet Explorer 7 for quite a while now and has also released a few test versions to let people try out. after a few problems it looks like Microsoft is getting ready to move everyone to Internet Explorer 7 using the Automatic Updates that you usually recieve patches through.

This new pushing of a big application is really new and also is a bit of a departure of Microsoft as in the past they have trumpeted all of the new features and put up a download link, I know this is how I got IE4, IE5, and IE6. Now we will really we how popular the automatic updates are as everyone could get this update to Internet Explorer in less than a week.

Microsoft has put up more info on the Internet Explorer 7 upgrade push on their site. And the release will probably happen sometime in the next couple of months.

Attack code exploiting a recently-patched vulnerability in Microsoft’s Windows operating system has been posted to the Internet, prompting concerns of a widespread attack.

Patch for MS06-040 can be found here

The software was added to the widely used Metasploit project–a favorite of both security researchers and malicious hackers–at around 1 a.m. Thursday morning Pacific Time, according to H.D. Moore, the Metasploit project leader. “It works very reliably against Windows 2000 and Windows XP systems that do not have SP2 [Service Pack 2] installed,” he said in an e-mail.

Security experts had worried that the Windows Server services vulnerability–described in Microsoft Security Bulletin MS06-040–could be used in a widespread worm attack. Windows Server services are generally enabled by default on Windows systems, and are used for common network applications like file sharing and printing.

The bug was patched on Tuesday in one of 12 Microsoft security updates.

Government Warning
On Wednesday the U.S. Department of Homeland Security (DHS) took the unusual step of warning PC users to make sure they had installed this patch. The DHS statement warned that the vulnerability “could impact government systems, private industry and critical infrastructure, as well as individual and home users.” This statement can be found online.

“This is a great opportunity for an unskilled hacker to launch a worm,” said Marcus Sachs, deputy director with research group SRI International’s Computer Science Laboratory. “A skilled hacker will use the vulnerability to quietly infect millions of computers for the purposes of sending spam, stealing credit card numbers, or countless other subversive activities,” he said in an e-mail interview.

Microsoft executives were not immediately available to comment on the Metasploit code. In a blog posting dated early Thursday, Microsoft Security Response Center Program Manager Christopher Budd, said his company was seeing “very, very limited exploitation of the vulnerability.”

Microsoft’s patch had been downloaded by about 100 million users in the first 30 hours, he added. Budd’s post can be found here.

Metasploit’s Moore believes that any worm based on the MS06-040 vulnerability will probably not be as widespread as the Zotob worms, which made headlines last year after taking down computers at CNN, SBC Communications, and American Express.

The vulnerability exploited by Zotob “was actually much more reliable and affected a wider range of systems,” Moore said. With this latest malware, “the only shops that really need to worry are those running older XP clients or 2000/NT desktops,” he said.

Thanks to Information Week for this info on some really nasty Windows holes that need to be patched now.

Microsoft on Tuesday published 12 security bulletins for Windows and Office that patched 23 vulnerabilities, 16 of which the Redmond, Wash. developer tagged as “critical.” Both the number of bugs disclosed and the tally of critical fixes broke previous records.

Ten of the updates addressed flaws in Windows, while 2 affected Microsoft Office or one of its bundled applications. According to security analysts, several of the bulletins patch vulnerabilities that are already being exploited in the wild, including one used to attack the PowerPoint presentation maker just days after July’s security updates were revealed.

Security analysts immediately pegged MS06-040 bulletin as the fix to apply first.

In an alert to customers of its DeepSight threat system, Cupertino, Calif.-based Symantec noted that MS06-040, which fixes a flaw in Windows’ Server service, should be patched pronto. “At least one exploit for the issue has already been developed, and as such may be released soon,” Symantec stated. “The issues can be exploited by an anonymous user against Windows XP SP2 to execute arbitrary code, making it a prime candidate for a worm.”

Mike Murray, director of research at vulnerability management vendor nCircle, was even more adamant about MS06-040’s potential. “We’ve seen these kinds of service vulnerabilities before, and for one reason or another, [worms] haven’t turned up,” said Murray. “But all is lined up for this to be a big one.”

The bug, which affects all currently supported versions of Windows, including fully-patched Windows XP SP2 and Windows Server 2003 SP1, is similar, but not identical to the 2003 RPC vulnerability that led to the MSBlast worm.

“We won’t know for about 24 hours exactly how dangerous this is, but it could end up presenting a major problem,” Murray said. “It looks like Windows’ authentication isn’t needed, so an anonymous user could launch from outside the network.”

Symantec also reminded users that a similar bug was responsible for one of the biggest worm attacks ever. “The vulnerable service is the same used by the Blaster worm in past years,” the alert read. Nine of the dozen bulletins were labeled as critical, Microsoft’s most dire rating. Among them were several that plugged various holes in Web-rated components of Windows. Internet Explorer, Microsoft’s browser, accounted for more than a third of the total bugs (8 out of 23), and 5 of the critical 16 in MS06-042. Even the most secure version of the browser, IE 6 for Windows XP SP2, was hit with 3 critical fixes.

“Just like always, we’re seeing all this Web stuff,” said Murray. “We’re back to the monthly IE vulnerabilities fix.”

According to Symantec, 3 of the 8 bugs in IE had been disclosed before Tuesday, 4 let attackers introduce their own code to a compromised system, and 3 can be exploited to gain access through lower IE security settings.

Chris Andrew, vice president of security technologies at PatchLink, took a different tack than his rival Murray and touted the browser bugs as those to fix first. “The importance of the browser should mean getting it patched ASAP,” said Andrew.
Read the rest of this entry »

Spyware is software installed on your computer without your consent to monitor or control your computer use. Clues that spyware is on a computer include a barrage of pop-up ads, a browser that takes you to sites you don’t want, unexpected toolbars or icons on your computer screen, keys that don’t work, random error messages, and sluggish performance when opening programs or saving files.
To lower your risk of spyware infections:

* Update your operating system and Web browser software, and set your browser security high enough to detect unauthorized downloads.
* Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly.
* Download free software only from sites you know and trust. Enticing free software downloads frequently bundle other software, including spyware.
* Don’t click on links inside pop-up windows.
* Don’t click on links in spam that claim to offer anti-spyware software; you may unintentionally be installing spyware.
Read the rest of this entry »

Security researchers at software maker MessageLabs contend that malware writers, hackers and other cyber-criminals are combining multiple forms of IT threats in an attempt to amplify their efforts.

In the company’s latest IT security intelligence report, MessageLabs experts said that criminals are converging their attacks across multiple communications channels, such as e-mail, instant messaging networks and Web sites, and are also pulling together information-gathering techniques, including spyware, spam and phishing schemes, as they seek new ways to menace businesses and consumers.

As businesses and home users have become increasingly savvy about traditional threats delivered via e-mail attachments, criminals are finding new ways to lure end users to consume their attacks, according to the report. Researchers specifically cited a growth in the number of threats that use spam e-mail messages or IMs to distribute links to Web sites where malware or spyware is secretly downloaded to end users’ computers.

Criminals are also using data garnered from PCs already infected with their botnet virus code to refine their other spam and spyware efforts, said Paul Wood, senior analyst with New York-based MessageLabs. At the end of the day attackers are using any means they can find to build more detailed profiles of individuals in the name of committing identity theft or other forms of fraud against them, he said.
Read the rest of this entry »

Spam is again on the rise, led by a flood of junk images that spammers have crafted over the past few months to trick e-mail filters, according to security vendors.

Called “image-based” spam, these junk images typically do not contain any text, making it harder for filters that look for known URLs or suspicious words to block them.

Instead of a typed message, users will see only an embedded .gif or .jpeg image file urging them to buy pharmaceuticals or invest in penny stocks.

Antispam vendor Cloudmark Inc. says that half of the incoming spam is now image-based on the “honeypot” systems it puts out on the Internet to lure spammers. “About a year-and-a-half ago we started seeing a little bit of it, but it wasn’t until the past six months that it became a serious issue for many antispam companies,” said Adam O’Donnell, a senior research scientist with the company.

Image-based spam has jumped from about 1 percent of all spam messages in June 2005 to around 12 percent today, according to Craig Sprosts, senior product manager with IronPort Systems Inc.

Its growth is helping to fuel a global resurgence in spamming, Sprosts said. The total number of spam messages sent daily is up 40 percent since April, Sprosts said. Much of this new spam is coming from a “relatively small group of spammers with control over very large zombie networks,” of hijacked computers, he said.
Read the rest of this entry »

Identity theft is a serious crime. How does it happen?
Identity theft occurs when someone uses your personal
information without your permission to commit fraud or other
crimes. While you can’t entirely control whether you will become
a victim, there are steps you can take to minimize your risk.

If you think your identity has been stolen, here’s what to do:

1. Contact the fraud departments of any one of the three consumer reporting companies to place a fraud alert on your credit report. The fraud alert tells creditors to contact you before opening any new accounts or making any changes to your existing accounts. You only need to contact one of the three companies to place an alert. The company you call is required to contact the other two, which will place an alert on their versions of your report, too. Once you place the fraud alert in your file, you’re entitled to order free copies of your credit reports, and, if you ask, only the last four digits of your Social Security number will appear on your credit reports.

2. Close the accounts that you know or believe have been tampered with or opened fraudulently. Use the ID Theft Affidavit (PDF, 56 KB) when disputing new unauthorized accounts.

3. File a report with your local police or the police in the community where the identity theft took place. Get a copy of the report or at the very least, the number of the report, to submit to your creditors and others that may require proof of the crime.

4. File your complaint with the FTC. The FTC maintains a database of identity theft cases used by law enforcement agencies for investigations. Filing a complaint also helps us learn more about identity theft and the problems victims are having so that we can better assist you.