Security News

StopBadware, an anti-malware effort started at Harvard University’s Berkman Center for Internet and Society, has announced it has begun operating as a standalone non-profit organization.

StopBadware Goes Independent

Google, PayPal, and Mozilla have committed the initial funding to support the launch of StopBadware, Inc.

StopBadware began four years ago as a Berkman center project aimed at engaging the Internet community in fighting software such as viruses or spyware that disregard a user’s choice about how their computer or network connection will be used.

StopBadware works with its network of organizations and individual volunteers to collect and analyze data, to build community momentum for fighting badware.

“If we want to put an end to badware-or even put a dent in it-we have to change the attitudes and behaviors of individuals, organizations, and governments,” said Maxim Weinstein, StopBadware’s executive director.

“That’s no small task, but we know progress is possible by combining the creativity and passion of our BadwareBusters.org community members with the hard facts derived from our Badware Website Clearinghouse.”

The decision to spin StopBadware off from the Berkman Center was made in recognition of the effort’s evolution from research project to mission-driven organization.

“There is still much to do. Badware remains a growing problem, but in the past few years, there’s also been a growing sense that this is a problem we-the Internet community-can and should work together to address. StopBadware is committed to making that happen,” said Weinstein.

Another security scare spread through the Twitter community this morning. Emails sent by Twitter advising members to reset their passwords created a bit of a stir, as account lockouts were occurring simultaneously and people were concerned that the messages had come from phishers.

Twitter Affected By Phishing Scare

The emails stated in part, “Due to concern that your account may have been compromised in a phishing attack that took place off-Twitter, your password was reset. Please create a new password by opening this link in your browser.”

Of course, as it turns out, the emails were legitimate, and the links led people to the official Twitter site. So the bit about the phishing attack occurring off-Twitter should comfort everyone who was anxious about the situation.

Still, it’s understandable that the mention of phishers put a lot of folks on high alert. Furthermore, the word “Twitter” wasn’t capitalized in the subject line of the official email, and typographical slipups of that nature often act as red flags.

Anyway, Twitter wants everyone to know that only a small number of accounts were affected, and that its @help and @spam accounts are useful resources under conditions like these. Twitter provided the standard tips about password strength, too.

NationalCreditReport.com, a provider of credit information and monitoring services, has issued an advisory today warning consumers of online credit report scams.

Consumers could become victims of scams on Craigslist and other online classified sites as a result of responding to what appears to be a legitimate rental property or job posting.

The scams appear on Craigslist and other classified websites offering an apartment for rent or a job posting and consumers respond to the listings via email. Once the consumer’s inquiry is received, the consumer becomes involved in what they believe is legitimate communication between a potential employers or property manager.

The fake employer or property manager will include a link to a free credit report website, asking the consumer to go to the site to get their free report. The consumer is then instructed to email their credit report and/or credit score to the potential employer or property manager so they can “verify their employment or housing history” and proceed with the job or apartment application process.

Sites such as Craigslist.com have also recognized credit report scams and posted their own warnings.

PandaLabs said today it has detected the massive spread of a fake virus alert that targets Facebook users.

Facebook Users Targeted By Fake Virus Alert

The company said it is another attempt by cybercriminals to infect users with fake antivirus programs.

The fake warning is being distributed by email and users are forwarding it or publishing it on Facebook walls, further spreading the hoax.

The text of the fake warning reads:

ALERT >>>>> Has your facebook been running slow lately? Go to “Settings” and select “application settings”, change the dropdown box to “added to profile”. If you see one in there called “un named app” delete it Its an internal spybot. Pass it on. about a minute ago.i checked and it was on mine.

PandaLabs says there is no associated link, but if users search the Internet for more information, they will come across a number of malicious websites designed to download fake antiviruses.

The fake antivirus used in the virus alert is called LivePcCare.

Social media sites allowing user-generated content are a main target for cybercriminals and spammers, according to a new report by Websense about the state of Internet security in Q3 and Q4 of 2009.

Firefox Add-Ons Caught With Malware

The report found that 95 percent of user generated comments to blogs, chat rooms and message boards are spam or malicious.

Websense identified 13.7 percent of searches for trending news/buzz words (as defined by Yahoo Buzz & Google Trends) led to malware. Search engine optimization poisoning attacks target the top searches allowing hackers to drive traffic to their sites.

Overall, comparing the second half of 2009 with the same period in 2008, there has been an average growth of 225 percent in malicious websites. Malware authors continue to capitalize on website reputation and exploiting user trust with the second half of 2009 revealing 71 percent of websites with malicious code are legitimate sites that have been compromised.

“Malicious hackers are really focusing their efforts to ensure they’re driving their victims straight to them, said Dan Hubbard, Chief Technology Officer, Websense.

“By poisoning search results and focusing on Web 2.0 sites, their efforts are often more efficient and effective. The blended nature of today’s threats combined with compromised legitimate sites, takes full advantage of an increased perception of trust when using search engines and interacting with friends or acquaintances online.”

Other highlights from the report include:

–Websense Security Labs found that 35 percent of malicious Web attacks included data-stealing code, demonstrating that attackers are after essential information and data.

–Websense Security Labs found that 35 percent of malicious Web attacks included data-stealing code, demonstrating that attackers are after essential information and data

–Websense Security Labs identified that 85.8 percent of all emails were spam.

Around 4,600 Firefox users who followed the rules in terms of acquiring add-ons (meaning not getting them from all over the ‘Net) may still have picked up some malware. Mozilla admitted today that two add-ons available through the official Add-on for Firefox page came with unwelcome companions.

Firefox Add-Ons Caught With Malware

Master Filer and Version 4.0 of Sothink Web Video Downloader contained Trojan code aimed at Windows users, according to a post on the Mozilla Add-ons Blogs. It explained, “If a user installs one of these infected add-ons, the trojan would be executed when Firefox starts and the host computer would be infected by the trojan. Uninstalling these add-ons does not remove the trojan from a user’s system.”

Another troubling fact is that the add-ons were available for a very long time (Mozilla cited download numbers from 2008 and 2009 in addition to this year).

Fortunately, a relatively large number of antivirus programs can detect the malware. Antiy-AVL, Avast, AVG, GData, Ikarus, K7AntiVirus, McAfee, Norman, and VBA32 products have all proven capable of sniffing it out.

Also, as of now, Mozilla’s using three scanners to inspect add-ons that are uploaded to its site. Just one was in place when Master Filer and Sothink Web Video Downloader 4.0 were introduced.

The Infineon SLE 66 CL PE chip can be found in a lot of products, including smart cards, the Xbox 360, and normal computers. It’s a good chip, too, with lots of security measures in place. But it could perhaps use a few more, as a researcher has figured out how to compromise it.

Infineon Chip’s Weakness Discovered

Christopher Tarnovsky, who works for Flylogic Engineering, employed electron microscopy to achieve the feat. Tim Wilson reports, “Using a painstaking process of analyzing the chip, Tarnovsky was able to identify the core and create a ‘bridge map’ that enabled the bypass of its complex web of defenses, which is set up to disable the chip if tampering occurs.”

Then, “After creating the map, he used ultra-small needles to tap into the data bus – without disturbing the protective mesh – and essentially ‘read’ all of the chip’s stored data, including encryption keys and unique manufacturing information.”

Obviously, this isn’t a quick, easy, or inexpensive procedure. It took Tarnovsky about nine months to perfect his approach, and electron microscopes don’t exactly litter the floor of the average hacker’s house (new units often sell for at least $70,000).

It looks like Infineon either has some work to do or some admissions to make, though.

Interesting research: Target prevalence powerfully influences visual search behavior. In most visual search experiments, targets appear on at least 50% of trials. However, when targets are rare (as in medical or airport screening), observers shift response criteria, leading to elevated miss error rates. Observers also speed target-absent responses and may make more motor errors. This could be a speed/accuracy tradeoff…