Free Republic

One of the main reasons for the Firefox browser's successful seizure of market share from Microsoft's Internet Explorer is the desire to escape the inundation of PC-slowing spyware. However, spyware experts indicate that with its increased popularity, Firefox itself will become a target for spyware creators, who are already poking at the open source browser alternative. Webroot Vice President of Threat Research Richard Stiennon said he expects there will be spyware for Firefox this year, adding that while the browser was designed to be immune from the spyware infecting IE, Firefox will face a new breed of spyware tailored specifically...

New Browser Trick FoundUses homograph attack to spoof links As members of our Security forum discuss, a new homograph browser trick (see demo page) has been discovered that oddly works in every browser but IE. The trick uses International Domain Name (IDN) character support (using foreign characters that resemble American alphabet letters) to trick your browser into showing fake domain names in hyperlinks and in the address bar. IE doesn't support IDN (though it can via plug-in), so by default isn't vulnerable. More detail in this advisory from the group that discovered it.

All non-Microsoft browers include a flaw that allows URL spoofing using Unicode characters, which can be exploited by phishing scams seeking to steal login information for online banking accounts. The spoofing flaw, which is demonstrated on the web site of the Shmoo Group, works in the Firefox, Mozilla and Opera browsers, as well as the Safari browser for Macs. The spoof exploits flaws in how the browsers interpret Unicode characters. A link using Unicode characters to replace the letter "a" in "Paypal" will display as www.paypal.com in the browser, but send users to www.xn--pypal-4ve.com - which then displays "www.paypal.com" in...

FBI Shuts Down E-Mail Tip Line WASHINGTON, Feb. 4, 2005 The FBI has shut down part of the commercial e-mail system it uses to receive tips from, and communicate with, the public as a precautionary measure because of a security breach, CBS News has learned. The Bureau says none of the computers potentially affected were part of its overall information technology system and no sensitive information was exposed. The FBI is now investigating the situation, reports CBS News Producer Stephanie Lambidakis. The agency bought the e-mail accounts through AT&T; they have fbi.gov names. The FBI has an intranet for its...

Microsoft on Thursday gave early warning that next week's monthly dose of security bulletins and patches will be among its biggest ever. According to the Advance Notification service, which pre-announces upcoming patches but limits the information disclosed, next Tuesday's roundup will include 13 security bulletins, at least three of which will be marked "Critical," the Redmond, Wash.-based developer's most dire warning. Nine of the bulletins affect Microsoft Windows. That's a much-higher-than-normal number, and three times what the company published in January. Other patches will be published to fix bugs in SharePoint Services, Microsoft Office, the .Net Framework, Visual Studio, Windows...

Three nasty new worms are on the loose--all are designed to lower the victim's guard, then pounce. MSN Messenger hit by double-whammy worm The new Bropia offshoot, which uses MSN Messenger to spread, is packaged with a second, more damaging worm. February 3, 2005 Saddam Hussein 'death' photos used as worm bait Mass-mailing worm claims to offer photos that show Saddam Hussein killed after trying to escape from custody. February 3, 2005 Worm uses funny face to distract from danger Will a picture of an old man making a silly face keep you from noticing a Trojan being installed on...

Bropia worm spreads on the back of MSN Messenger 5:04PM A new virus is using the MSN Messenger system to spread. Known as Bropia.A, the worm waits on an infected system until the Messenger window is opened and then sends a copy of itself to contacts, using filenames adaware.exe, VB6.EXE, lexplore.exe and Win32.exe. If a contact accepts the file and runs it, it checks to see if any of the previously mentioned files are present, and if not, places a file called oms.exe on the computer and runs it. This is a variant of Rbot, which installs a backdoor on...

Deciding what the password is Kristi L. Gustafson Albany Times Union Published February 2, 2005 Love. Sex. Money. ... Password. There's a good chance you've typed one, or all, of these terms recently (and not necessarily because you were doing something you shouldn't). You may just have been accessing your e-mail, doing some online banking, shopping or looking in on your 401(k). These four words are the ones people choose most often as passwords, according to Chris Faulkner, CEO of the Dallas-based CI Host, a Web hosting and data center with 215,000 customers worldwide. Those obvious choices put you at...

Adware infections net the purveyors of slimeware software around $3 a year for each infected PC, according to estimates from anti-spyware firm Webroot Software. Using this figure and stats from its own malware auditing services, Webroot guesstimates the illicit advertising market underpinned by adware infection of home and business PCs could be worth up to $1.6bn a year. According to Richard Stiennon, VP of threat research at Webroot, the illicit ad market enjoys approximately the same growth rate as the legitimate market. But that's where the similarities end. "It [adware] has a similar bus model and some of the same...

OKLAHOMA CITY (AP) -- Someone placed surveillance software on sheriff's office computers, apparently enabling unauthorized access to sensitive information about prisoner movements, confidential homeland security updates and private personnel files. Sheriff John Whetsel said Monday Spector Pro, monitoring software designed to track every detail of computer activity, was found last week on three computers in his office. Whetsel said he discovered the software on his own computer when he ran a spyware detector out of curiosity. A scan of all sheriff's computers also found the application on the computers of Maj. John Waldenville and Capt. David Baisden. Waldenville leads the...

Positive Technologies, a security firm based in Moscow, reported on Friday that it has uncovered a hole in the Data Execution Protection (DEP) security measures in Microsoft Windows XP Service Pack 2. Microsoft touted the DEP as a key development in the security updates of SP2 before it was released in August of 2004. DEP is designed to prevent hackers from tricking the operating system into running a program loaded surreptitiously into the computer's memory (usually via buffer overrun). In a report called "Defeating Microsoft Windows XP SP2 Heap protection and DEP bypass," Positive Technologies said that it found two...

A new worm, Cisum.A, is spreading through network connections, throwing insults as it goes. Once a computer is infected a message is displayed in a new window stating, "YOU ARE AN IDIOT!!!" Additionally, an MP3 file plays a message with the same phrase and repeats it every 5 seconds. The malware also disables any anti-virus and firewall software that is on the PC. In a strange twist, Cisum.A also looks for Bagle or Netsky infections and attempts to remove them. The virus is currently rated as a low threat by Panda Software

BALTIMORE - Matthew Green starts his 2005 Ford Escape with a duplicate key he had made at Lowe's. Nothing unusual about that, except that the automobile industry has spent millions of dollars to keep him from being able to do it. Mr. Green, a graduate student at Johns Hopkins University, is part of a team that plans to announce on Jan. 29 that it has cracked the security behind "immobilizer" systems from Texas Instruments Inc. The systems reduce car theft, because vehicles will not start unless the system recognizes a tiny chip in the authorized key. They are used in...

* A Russian security company claims it found a way to beat a security measure in Microsoft's Windows XP Service Pack 2, a major update aimed at securing customers' PCs. The SP2 measure, known as Data Execution Protection, is intended to prevent would-be attackers from inserting rogue code into a PC's memory and tricking Windows into running the program. However, in a paper published Friday, Moscow-based Positive Technologies said two minor mistakes in the implementation of the technology allow a knowledgeable programmer to sidestep the protection. The company notified Microsoft of the problem Dec. 22, but it apparently decided not...

Security experts are tracking a new malware variant, targeting the MySQL open-source database, which has likely infected thousands of Windows systems. According to a report posted on the SANS Institute's Internet Storm Center site by SANS chief technology office Johannes Ullrich, the attacking code is a variant of an existing strain of nework "bot" known as "Wootbot." This variant is especially notable, said experts, since it is one of the first to target MySQL. As with similar types of malware, the bot runs in the background, allowing MySQL to run normally while it contacts a remote Internet Relay Chat (IRC)...

"A report on the Australian whirlpool forum suggest that a worm is currently taking out MySQL servers running on Windows. We have seen this happen with MSSQL before (not just 'Slammer', but also SQLSnake that used SA accounts without password). The SANS Internet Storm Center suggests that a rise in port 3306 scans can be attributed to the new worm, and is asking for observations to help figure this out. It appears the worm creates a file called 'spoolcll.exe'."

A malicious script that spies on Apple Mac users was discovered over the weekend. The malware, which has been dubbed ‘Opener’ by Mac user-groups, disables Mac OS X’s built-in firewall, steals personal information and can destroy data. Security experts say these traits are common among the thousands of viruses targeting Microsoft’s ubiquitous Windows operating system but are virtually unheard of amongst the Apple Macintosh community. Paul Ducklin, Sophos’ head of technology in the Asia Pacific, told ZDNet Australia that the malware, which Sophos calls Renepo, is designed to infect any Mac OS X drives connected to the infected system and...

Lexus cars may be vulnerable to viruses that infect them via mobile phones. Landcruiser 100 models LX470 and LS430 have been discovered with infected operating systems that transfer within a range of 15 feet. It is understood the virus could affect the navigation system of the Lexus models, it transfers onto them via a Bluetooth mobile phone connection. It is still unclear whether the cars in question use the Symbian operating system which has recently been under attack from various worms and viruses. Vulnerable operating systems are increasingly moving onto a number of different devices. Last year the Slammer worm...

Antivirus specialist GeCad Net is warning that it has found a problem with Microsoft's most recent software patch for Windows. The Bucharest, Romania-based security service provider said that a critical patch issued by Microsoft in its MS05-001 bulletin earlier this month fails to resolve all of the security issues surrounding the HTML Help ActiveX control in Windows. Microsoft distributed the fix, along with additional security updates, to address the threat of attackers placing and executing malicious programs such as spyware on affected computers. GeCad, which sold its antivirus software business to Microsoft in 2003, said that the patch has not...

Getting headline news sent via e-mail is a common activity that a new worm in the wild is hoping to take advantage of. Security firm Sophos this week reported the discovery of a worm that takes headlines from the CNN Web site and attempts to install a Trojan on the recipient's PC. Sophos has called the worm Crowt-A(W32/Crowt-A). In addition to taking the subject from the CNN news site, it also takes message text, which further helps create the facade of legitimacy. As with many worms, the malicious code is contained in an attachment that is used to deploy its...