Guard Privacy & Online Security News & Information

About Guard Privacy & Online : Guard Privacy Blog Home : July 2006

July 3, 2006 21:50 - Microsoft's WGA Faces Spyware Lawsuit

Gregg Keizer's blog reports on a California man who has filed a lawsuit in Seattle claiming that Microsoft Windows Genuine Advantage (WGA) anti-piracy software is spyware.

There have been comments in the press and blogs recently about the concerns with WGA... notably what information goes back to Microsoft and the users inability to uninstall the software.

It is these concerns that have featured in the suite...
  1. "Instead of clearly identifying the WGA as an anti-piracy download option, Microsoft labeled the program as an 'update' or a 'high priority update' in its package of automatic security updates," the complaint reads.
  2. Furthermore, "In truth and fact, Microsoft, in its efforts to maximize revenue through anti-piracy measures, mislead consumers and the public as to the true nature, functionality, and operation of its WGA."
  3. "Microsoft effectively installed the WGA software on consumers' systems without providing consumers with any opportunity to make an informed choice about that software," the complaint stated.
Although the Notification tool is still an "opt-in" program, users can refuse it, but that's sometimes difficult depending on how Windows is set up for Automatic Updates. The other part of the two-program WGA, Validation, is automatically downloaded and installed on most Windows machines.

The complaint adds, "WGA is like spyware because it 'phones home'. WGA Verification collects and transmits an enormous amount of sensitive information to Microsoft."

There will be updates as the case progresses

For more about spyware and protection, visit How To Avoid The Main Routes For Computer Spyware Infection
To reference this entry please copy the url in this link: (Permalink)

July 4, 2006 19:41 - Part Of Botnet Gang Arrested

Three men are being charged with conspiracy to infect computers with malware. They are suspected of being members of a group of hackers, known as M00p. They have targeted businesses, spread viruses via emails and taken control of infected computers to form botnets.

The British Metropolitan Police's Computer Crime Unit and the Finnish National Bureau of Investigation reported that they had arrested a 63-year-old man in Suffolk, England, a 28-year-old man in Scotland and a 19-year-old man in Finland.

Police said the gang was responsible for highly-organized criminal activity, evading detection by anti-virus products by creating specialized programs. They were alleged to have targeted UK businesses since 2005, and thousands of computers are thought to have been infected worldwide.

Police said the viruses run in the background on an infected computer without the knowledge of its owner. Once installed, they allowed the criminals to access any private and commercial data stored on the computer and to use the networks of computers for Denial of Service and spam attacks.

The group's name is derived from its practice of leaving the word M00P somewhere in the lines of software code used to deliver its attacks.
Read the article

Studies by security companies have shown that 70 - 80 percent of spam now emanates from zombie PC networks, or 'BotNets'... and much of it comes from IP ranges allocated to the high-speed cable or ADSL accounts of home users.

The reason they are susceptible is that spammers and crackers know that home users are notorious for not keeping their security protection up-to-date. Unfortunately, studies show that the confidence of the perpetrators is justified.

Find out more about how crackers can recruit your computer to their botnets at Is Your Computer A Zombie PC?
To reference this entry please copy the url in this link: (Permalink)

July 5, 2006 15:49 - A Second Lawsuit Against Microsoft's WGA

In under one week, another lawsuit has been filed against Microsoft, charging that Windows Genuine Advantage (WGA) is spyware. WGA is a program designed to check whether a user is running a legitimate copy of the company's operating system software.

I reported here about the first lawsuit, but in an article in The Seattle Times, the attorney behind the first suit said Microsoft had addressed many of his concerns in a software update it issued last week.

This second suit, filed on behalf of a group of Washington businesses and individuals, appears to refer to a test version of WGA.

Before last week's update, WGA "phoned home" to Microsoft's servers once a day, providing information about the user's computer and operating system. This daily communication was not disclosed when WGA was installed and the Washington suit alleges that this fits the definition of spyware offered by at least two computer security groups.

The suit also alleges that users who elected to receive automatic updates from Microsoft "received WGA without user action, as though it was a critical security update, which it is not."

Of course, Microsoft has a different story to tell. A Microsoft spokesman said, "We're confident that the allegations made in these suits are without merit. They really do distort the objectives of our anti-piracy program and obscure the real issue here, which is the harm caused by piracy and counterfeiting not only to Microsoft, but to our customers."

Does WGA compromise our attempts to guard privacy? I'll keep you updated as the case progresses.

5 Key Steps For The Most Effective Spyware Protection.
To reference this entry please copy the url in this link: (Permalink)

July 6, 2006 19:43 - A Wireless Router For $5!

A Spanish company, FON, is to sell one million subsidised, wireless routers as part of a plan to turn domestic wi-fi networks into public hotspots. The cost of the wi-fi router? Just $5... providing buyers share their wi-fi Internet connections with their friends, neighbors, or even total strangers.

Today, finding WiFi access is a hit-or-miss affair, with many spots offering fee-based connections. Juergen Urbanski, North American general manager of FON Technology said, "Wi-fi is universal in cities, but access isn't." Urbanski wants to recruit millions of ordinary people who would make WiFi available to anyone within range of the wireless routers in their homes.

The company, which has financial backing from Google and Skype, aims to create public wi-fi networks street by street across the US and Europe.

Mr Urbanski said Fon was aiming to have 50,000 working hotspots worldwide by September, 150,000 by year-end and one million hotspots by the end of 2007. To date, 54,000 people worldwide have signed up, quite a significant increase since 3,000 in February, according to the company.

The router is programmed with software that lets other FON members connect to the router for free Internet access. The router also protects the owner's privacy by blocking access to any other data on his home computer network.

FON will make money by charging non-members about $3 a day for access to the network. Half of this money goes to the FON member whose router is being used.

However, Fon faces challenges -- from technical limitations to legal obstacles...
  • Current wi-fi networks have a limited operating range and Fon will need an army of "foneros" to create thecoverage to provide the hotspots.

  • Internet Service Providers and broadband carriers are also unwilling to allow a user's private broadband connection to be used publicly.
Mr Urbanski said Fon was seeking to win over carriers who lease the underlying internet connections by arguing its strategy could expand the market for wi-fi.
Read the article

Learn more about wireless routers and what to look for in The Best Wireless Router
To reference this entry please copy the url in this link: (Permalink)

July 7, 2006 19:31 - Worm Masquerades As Microsoft's WGA

Sophos, a security company, have detected a new piece of malware that hides and runs as Microsoft's Windows Genuine Advantage (WGA) -- a program used to detect unlicensed versions of its operating system. The report is carried by PC World.

Sophos is classifying it as a worm called W32.Cuebot-K. It spreads through AOL's Instant Messenger (IM) program and has a range of malicious actions. The first action is to try to contact two websites -- probably to download more malware.

Its other effects include disabling other software, shutting down Windows firewall, downloading new malicious programs and performing DDOS (distributed denial of service) attacks.

Worms that spread through IM often appear as messages or links sent from friends to trick a user into clicking on the program. According to Sophos, Cuebot-K propagates by sending itself as a file named "wgavn.exe" to people in the user's "Buddy List".

Sophos said that if installed on a computer, Cuebot-K is registered as a new system device driver service named "wgavn". In the list of services running on the computer, the worm appears as "Windows Genuine Advantage Validation Notification". This is slightly ironic, because as reported here, WGA is facing lawsuits claiming it is spyware.

For more on protection against worms, viruses and Trojans, take a look at What's Key to the Best Antivirus Program?
To reference this entry please copy the url in this link: (Permalink)

July 10, 2006 20:05 - Support For Windows 98 Ends & IE7 Beta 3 Released

Microsoft has announced that there will be no further patches for Windows 98 and that it has released a further test version of its new Internet Explorer 7.

The company said that it will not develop a patch for a critical security flaw in Windows 98, Windows 98 Second Edition, and Windows Millennium Edition. The vulnerability affects Windows Explorer and could allow an attacker to take control of a system through a specially crafted Web site.

"After extensive investigations we found that it is not feasible to make the extensive changes necessary to Windows Explorer on older versions of Windows to eliminate the vulnerability," Christopher Budd, a security program manager at the Microsoft Security Response Center, wrote on a company blog.

The reason? Fixing the issue would require a complete overhaul of critical operating system components, which could cause application compatibility issues, Budd explained. However, users can protect themselves against attacks by blocking all traffic on TCP Port 139 through a perimeter firewall, Microsoft suggested. Windows uses port 139 for file and printer sharing.

Windows 98 users should remember that all public support for the operating system ends tomorrow, 11th July. Users need to upgrade to a newer version of Windows to ensure their online safety.

Microsoft has also released a Beta 3 version of its latest browser, IE7. It incorporates some changes to features, as well as improved reliability, compatibility and security. It can be downloaded free from Microsoft.
To reference this entry please copy the url in this link: (Permalink)

July 11, 2006 19:45 - How I Was Making Big Money From Identity Theft

The New York Times reported on an interview with the 22 year old Shiva Brent Sharma at the Mohawk Correctional Facility in Rome, N.Y., where he is serving a two to four year term for identity theft. When arrested for the third time, at the age of 20, he had taken over $150,000 in cash and merchandise.

As far back as 2002, Mr. Sharma was using the Internet for data theft through phishinf and pharming -- phony web sites. The Secret Service and the Federal Bureau of Investigation monitor Internet sites where like-minded people from around the world congregate to swap tips about identity theft and to buy and sell personal data. Mr. Sharma frequented these sites giving him the knowledge for his scams.

"Shiva Sharma was probably one of the first, and he was certainly one of the first to get caught," said Diane M. Peress, a former Queens County prosecutor who handled all three of Mr. Sharma's cases. "But the kinds of methods that he used are being used all the time."

U.S. postal inspectors said the biggest money was coming in at the end, as Sharma learned how to buy access to stolen credit card accounts online, change the card holder information and then wire money to himself - sometimes using false identities for which he had created perfect driver's licenses.

"I don't know how much I made altogether, but the most I ever made in a quick period was like $20,000 in a day and a half or something," Sharma said. "It's an addiction," he added. "I get scared that when I get out, I might have a problem and relapse because it would be so easy to take $300 and turn it into several thousand."

That ease accounts for the numbers of identity-fraud victims, who often first learn of the crime from unexplained credit card charges, an empty bank account or worse.

Protect yourself from identity theft with this Identity Theft Protection Information
To reference this entry please copy the url in this link: (Permalink)

July 12, 2006 19:45 - How Direct Revenue Plans To Take Over Your Computer

If you're interested in the machinations of the spyware industry, then the article in Business Week on the inside dealings of Direct Revenue -- a company developing spyware -- is riveting reading. I've only included a small sample of the many insights from the main article.

Direct Revenue are particularly infamous for a category of spyware called adware. These programs track where we go on the Internet and clutter your screen with annoying pop-up advertisements for everything from pornography to Viagra.

Adware uses our computer resources and power, slowing it down and often causing crashes or freezing. By following our surfing habits, adware uses the information to download ads targeted to our interests. This information can also be sold on to other marketers and spammers.

Adware very often piggybacks with freeware... it's estimated that around 75 percent of websites offering free software attempt to install some form of advertising software in visitors' computers. You can find out more about how easy it is to be infected in the article, Adware... The Types And Their Dangers.

Spyware takes an estimated $2 billion a year in revenue, or about 11% of all Internet ad business, says the research firm IT-Harvest. The article reports that Direct Revenue's direct customers have included such giants as Delta Air Lines and Cingular Wireless. It has sold millions of dollars of advertising passed along by Yahoo. Direct Revenue has also received venture capital from the likes of Insight Venture Partners, a respected New York investment firm.

A lawsuit was filed in April by New York Attorney General Eliot Spitzer alleging that Direct Revenue crossed a legal line by installing advertising programs in millions of computers without users' consent.

The company denies any wrongdoing. In a filing in June, it calls the Spitzer suit "much ado about nothing" and defends its past practices as "commonplace" in the industry. It calls its programs "adware" and says it has notified consumers when putting the programs on their computers.

Because of the profits to be had from spyware, Direct Revenue has many imitators and competition is cut throat. So much so, each of the spyware companies writes code within their programs to knock out their competitor's software.

We can reduce the risk of spyware infection by using effective software as per a spyware remover evaluation and other security measures... and by steering clear of free online goodies!
To reference this entry please copy the url in this link: (Permalink)

July 13, 2006 19:18 - Identity Theft And Fraud Spreads To 'Phones

Our caller ID, the display on our telephones that flashes up who's calling you, may not be telling us who's really there. That's because of technology that can be bought on the Internet which allows callers to exhibit a false name and number. It's known as identity spoofing.

An real-life example is people receiving fraudulent calls claiming they missed jury duty and asking for their Social Security number. The calls seemed legitimate because the telephone number of the local courthouse showed up on caller ID.

The concern for us is that if a call appears to be coming from our bank, credit card company or a government agency, would we be persuaded to give up financial data? Of course, if it is a scammer that we give this information to, it could be used to open new bank accounts or for loans and credit card applications.

Because of recent high-profile cases of ID spoofing, the "Truth in Caller ID Act of 2006" passed through the House of Representatives on a voice vote and is expected to receive broad support in the Senate. The bill would make it illegal for callers to manipulate their name or number and would give the Federal Communications Commission authority to impose fines of up to $10,000 per violation. Victims would also get the right to sue for damages.

Protecting yourself

  1. Don't give out personal information such as your Social Security number, driver's license number, credit card account number or bank account numbers over the phone.

  2. Banks, credit card companies and government agencies don't call people asking them to confirm or update this kind of information. They usually contact people by letter.

  3. If you think the call may be legitimate, ask the caller to send you a letter specifying the information sought. Or call back the business or government agency. Get the phone number yourself -- don't rely on the number displayed.

  4. Getting an unlisted telephone number and signing up for the Federal Trade Commission's Do Not Call registry may reduce the likelihood of getting these calls.
Read the article.

Identity Theft Protection Information

To reference this entry please copy the url in this link: (Permalink)

July 14, 2006 22:32 - Cyber Criminals Have Changed Tactics With Spam And Spyware

Spam is again on the increase, spyware is accelerating and viruses and phishing are down... according to the second quarter report of 2006 by MessageLabs.

However, the report concludes, "Cyber threats have become smarter and much more targeted to evade detection for far longer."

The report goes on to say, "It is certainly true that the cyber-criminals’ hunger for financial gain and stolen intellectual property has fuelled the development of criminal malware at a breakneck pace." Its findings are that viruses, spyware and spam are converging to become interdependent, with the boundaries between almost impossible to distinguish.

Let's particularly take a look at what's on the increase -- spam and spyware...

Spam seems to have had a rejuvenation. The majority of online users now guard privacy and potential security breaches by protecting email with sophisticated spam filters, which has caused a plateauing of traditional spamming.

However, other forms of electronic communication aren't as well protected... an increasing number of spammers are now targeting blogs with spam blogs, or 'splogs', mobile text messaging, instant messaging (IM), and social-networking sites, such as My Space, according to the MessageLabs' report. For instance, it is estimated that 10% of IM is spam.

The research also indicated that spammers have begun to develop more sophisticated and malicious software to harvest e-mail addresses and steal the identity of victims.

With social-networking sites, such as MySpace, spammers create false profiles which contain links to automated IM that entice unwary users to web cam sites. Here, the spammers either advertise their products and services or attempt to install spyware on visitor's computers.

Anti-spam vendors must also be rubbing their hands with glee... instant messaging, blogs, spam and websites are going to increasingly require protection against these new forms of spam.

Regarding spyware, twelve months ago MessageLabs reported intercepting low numbers of carefully crafted dangerous trojan attacks. At the time, these attacks had been tracked at around one or two per week increasing to around three to four per week earlier in this year.

In the second quarter of 2006 however, these attacks have risen and are now at a rate of one a day. These attacks are highly targeted, often exploiting vulnerabilities in specific applications and constructed to evade detection by traditional anti-virus software.

It is now thought that, whereas zombie PCs were used to disseminate spam, viruses and denial of service attacks, they are now complicit in spreading spyware. The spyware is used for profitable gain by gathering very personal information, such as age, sex, location, bank and websites used to target the victim.

Review On Spyware And Adware Removal
To reference this entry please copy the url in this link: (Permalink)

July 17, 2006 19:22 - Paypal User? Watch Out For These 'Phone Phishers

We're hearing more and more these days about those fraudsters using emails -- supposedly from our bank, other financial institutions, etc -- to try to trick us into visiting the supposed company's website to reveal personal information that can be used for identity theft or fraud.

As we get wise to this type of email and software developers produce aids to help us spot phishing and pharming websites, so the phishers alter tactics again.

I reported here on 13th July that phishing had spread to 'phones. A variation of this technique -- reported by Sophos -- has been experienced by PayPal users, who receive a spoofed email that the recipient's account has been the subject of fraudulent activity. However, rather than directing the user to visit a bogus website, they are asked to phone and verify the details of their card.

At the other end of the 'phone they hear a message asking them to type in their account number. If incorrect details are entered, the recording directs the user to enter their number again, adding a false sense of security and legitimacy.
To reference this entry please copy the url in this link: (Permalink)

July 18, 2006 22:03 - New Spy Sweeper Adds More Protection Including From Rootkits

Webroot Spy Sweeper has been upgraded to version 5.0, to provide easier management and user interface. But most importantly of all, the company claims to have increased the product's spyware detection, bringing in improved keylogger and rootkit targeting.

Here's a summary of the features...
  • Easier to Use
    The company has simplified the Spy Sweeper interface for new users, whilst advanced users still can configure the program to suit their needs.
  • Smart Shields
    These shields are set up to prevent spyware from being installed by warning you of any changes to your computer's functions. This version organizes the growing collection of shields into critical, recommended, and optional.
  • New Keylogger Shield
    New is the keylogger shield which prevents the recording of all keystrokes on your computer, including usernames, passwords, credit card numbers, e–mail content, and IM conversations.
  • Smarter Spy Installation Shield
    The enhanced Spy Installation shield scans all files attempting to download to your PC. If spyware is detected, it will prevent its installation.
More information and Spy Sweeper Free Trial
To reference this entry please copy the url in this link: (Permalink)

July 19, 2006 19:15 - The Blue Pill... Your Computer Will Not Recover From This Malware

Imagine malware, such as a Trojan or a keylogger, that remains undetectable even if its algorithm code is publicly known. In other words, it is so obscure that nothing you are using to guard privacy and online security can locate it -- even if its signature is known.

The malware just carries on doing what it's programmed to do, such as converting your PC to a zombie computer to spew out DOS attacks or spam, stealing your financial data and passwords... in fact, think of what you wouldn't want to happen to your computer and know that it could!

Well, it seems as though this nightmare could come true...

The Blue Pill
"Joanna" has blogged that she'll be talking about her technology, called 'Blue Pill', and demonstrating a working prototype for Vista x64 -- the upcoming Microsoft platform to replace Windows -- at the end of July at the SyScan Conference in Singapore.

All the current rootkits and backdoors are based on a concept. Once the concept is known, the malware, including rootkits, can theoretically be detected. Blue Pill is not based on a concept and so cannot be detected. It also does not rely on a vulnerability within the computer's operating system, browser etc.

Joanna's blog also states Blue Pill is not going to be available for download, but has been developed exclusively for COSEINC Research who are planning to organize trainings.
To reference this entry please copy the url in this link: (Permalink)

July 20, 2006 20:08 - IBM Accused Of Hacking -- Or Was It Spoofing?

A boutique Washington, D.C.-based law firm, Butera & Andrews, is accusing IBM of hacking into its e-mail system. The firm claimed that an employee from IBM hacked into the firm's email system earlier this year, and information such as documents, emails and other sensitive data was completely breached said the firm.

It is seeking unspecified damages and repayment of more than $61,000 that it paid to investigate the alleged break-in and repair its e-mail system, according to a copy of the suit. The suit states that Butera & Andrew's machines were hacked in November of 2005 and that more than 42,000 break-in attempts were made from over 80 IP (Internet Protocol)addresses that belong to IBM.

However, security experts know that crackers use spoofing - a technique where the cracker uses a false IP address, so it appears as though they originate from another network or computer. It is this process which IBM is using to request a full dismissal of the case, stating, "Indeed, plaintiff's argument would be akin to holding AOL liable for intentional misconduct any time an IP address registered to AOL."

In other words, IBM are saying there is no "real" evidence, in that the Butera and Andrews cannot prove that the hacks originated from their networks.

Well, it's another opportunity for the lawyers to make money!
The article

Click here for an explanation of how malicious hackers target our PCs, what the effects are and how we can protect ourselves.

To reference this entry please copy the url in this link: (Permalink)

July 21, 2006 19:49 - Some Anonymizers Can Lead To Identity Theft And Fraud

When visitors to my website, "Guard Privacy & Online Security", read my articles on anonymous surfing, I warn them to avoid web-based proxy anonymizers, particularly the free, open lists. The reason?... the lack of guaranteed security for your passwords, financial data etc, that are stored on these servers.

There's an interesting article in ...Security Pro News about CGI (or HTTP) proxy sites, that concurs with these sentiments, and also puts into context the risks we can face. Here's a summary...

The Risks Of Web-Based Proxies
CGI Proxy sites relay your information without revealing who you are -- you are anonymous to the web site you are visiting, as the web site server records the IP address of the proxy server, not your real IP address. The web site also cannot determine your browser type, language settings, set cookies on your computer and Java scripts may be restricted.

However, the proxy server keeps a log of all the activity including... web pages visited, user names, passwords, addresses, credit card numbers or anything else entered on the website surfed through a cgi proxy. This data is exactly what people want to hide on the Internet, but by using an open proxy site, the information is delivered to the CGI proxy site owner.

In most cases, you can trust the web site you're visiting more than a web-based proxy service. For instance, visiting Yahoo mail from a web-based proxy site, Yahoo is less likely to criminally use information on users collected from its websites than a small website operator hosting a free CGI Proxy script.

While logging into your Yahoo account and not revealing your location (IP) to Yahoo may increase your privacy, the price you pay is sharing all of your information with the CGI proxy site owner... which could be sold on ans so compromise your efforts to guard privacy and security.

How To Be Anonymous And Secure
As I explain in my articles, there are a number of different types of anonymization techniques. Some offer great flexibility in the number of web applications you can use, remaining both anonymous and secure.

For instance, VPN (Virtual Private Network) is becoming more affordable for the home/office and offers the most secure, anonymous connection available. One of the leading providers of this technology is Steganos and their . You'll need to click on the "International" button at the top of the page to switch the language to English.

To find out more about anonymous surfing -- what it is, how it works, the different types and whether or which one is right for you -- take a look at Commercial and Free Proxy Anonymizers.
To reference this entry please copy the url in this link: (Permalink)

July 24, 2006 18:41 - Vulnerabilities Auctioned Online

A study by the Malicious Code Research Center (MCRC) of Finjan Inc; has shown online auctions are being used by cyber crooks to sell off system and software vulnerabilities.

Vulnerabilities Traded
The crooks identify new vulnerabilities but don't share the information with the vendors of the products, who could then fix the weakness. Instead, they're out to make money by selling the information to crackers and scammers. They, in turn, will use the information to write malicious code to breach these vulnerabilities.

Examples of Auctions
In its report, Finjan includes examples it has found of postings, such as this one from "Full Disclosure", an un-moderated forum where software vulnerabilities are detailed and discussed...

"So I just found another vulnerability. This time working on the latest patched up Internet Explorer version 6.0. It allows for my code to be run... Let the bidding begin."

It's not just the niche websites that are used by these crooks either. For instance, a few months back, eBay pulled an ad selling vulnerability information about Microsoft's Excel.

Legitimate Vulnerability Purchasing
However, there is a market where vulnerabilities are purchased by legitimate companies. An example is TippingPoint, who have bought vulnerability information for up to $2000 to help other security vendors protect from potential attacks. The company deals with security researchers, validating the information they receive and then helping clients to develop patches or defenses.

I suppose it's better to have the "good guys" capturing this information, but I can't help feeling that companies such as TippingPoint are stimulating the search for vulnerabilities that wouldn't normally see the light of day... and may be pushing up the market price for this information.

Internet Privacy Security... How To Decide What's Essential

To reference this entry please copy the url in this link: (Permalink)

July 25, 2006 16:49 - Phishers Crack Two-Factor Authentication

Two-factor authentication uses a password-generating device along with conventional passwords. Banks have been urged to use the system by US federal regulators as one way of making more secure the customer login process against online account fraud.

To gain access to a user's account, a potential thief must know not only the user's password, but also the code generated by the security device -- which generally changes every minute. Sounds pretty foolproof, doesn't it? Except that a recent attack against Citibank shows phishers are even finding a way to crack this technique, so reported The Washington Post.

A false security warning was sent to customers of Citibusiness service, and urging targets to visit a website. There, they were asked to enter their account details, password and also the code generated by their token. As the fraudulent site was automated, it used the information to log onto the real Citibusiness login site and allowed fraudsters access to the compromised accounts.

The site was traced to Russia and has since been shut down. However, it highlights just how successful and sophisticated phishing techniques and the technical support behind them have become. While there are customers who are able to be tricked into responding to these emails, so attacks of this kind will continue.

This must be an absolute head-ache for the financial institutions. Public confidence in online financial transactions is at an all time low due to the risks of financial and identity theft and fraud. To boost confidence, these financial institutions have introduced all manner of tightened security.

These new password tokens were seen as a step-wise increase in security and expected to raise confidence of customers. How security against socially engineered attacks by phishers can ever be effective, when customers respond to these emails, is a question that probably cannot be answered.

If you're looking to find out more about financial and identity theft and fraud -- and to learn how to protect yourself from these threats -- you can't do better than to read the articles at Identity Theft Protection Information To Protect Our Name
To reference this entry please copy the url in this link: (Permalink)

July 26, 2006 16:58 - Image Spam Significantly Increases

Image spam is on the rise once again as spammers have found that images can sneak past older spam screening software that only checks for spam based on keywords.

Security software vendor, Marshal, says that image spam now accounts for one third of all sparm. Up to May of this year it was between 15-17%, but then doubled in June.

Postini, a messaging company, attributes this increase to spammers testing the reaction of spam filters to image spam, seeing it get through, and so converting their word spam to images.

About 50% of this spam is accounted for by pornographic images, with pharmaceuticals, such as Viagra, also increasing. Up-to-date filters are able to check these images but Marshal's director of product management, Bradley Anstis, says "Spammers are turning to new variants in an attempt to get past the more advanced anti-spam solutions. We've seen image randomization methods that indiscriminately place dots within the image or change colors to fool signature-based anti-spam products".

To back up their contention, Marshal have identified a new strain of image spam which is impervious to most anti-spam software. The strain contains multiple images that act like pieces in a puzzle. The recipient's email client reassembles the pieces in the right order and displays them as one image. The company says spammers are also beginning to use more obscure image file formats such as the picture file format PNG.
To reference this entry please copy the url in this link: (Permalink)

July 27, 2006 20:30 - Internet Explorer Exploit Infects 1 Million MySpace Users

More than one million MySpace visitors may be experiencing spyware and adware problems as a result of clicking on a banner advertisement for patio furniture posted on the site.

Michael La Pilla, an analyst for VeriSign iDefense, was on MySpace when he discovered that the ad, posted by a site called, called for an exp.wmf. La Pilla contacted MySpace and was told that the company's defense team had already taken the ad down and were working to find its source.

What's The Vulnerability?
This ad exploited a flaw in Microsoft's Internet Explorer browser, which was patched in January of this year to prevent the vulnerability with Windows Meta Files (WMF). The Firefox browser is unaffected.

Ken Dunham, director of the rapid-response team at iDefense, said for unpatched browsers, visiting a page with the banner ad causes a download of a Trojan horse program. However, users with the patched browser see a prompt asking to download a file called "exp.wmf" when visiting a page with the advertisement.

iDefense said the infections caused by the ad were through a server in Turkey hosting the adware. The server appeared to track the number of machines infected with the adware, and indicated that 1.07 million computers had downloaded the program.

What Happens If You're Infected?
There are at least 600 Web sites that take advantage of the WMF vulnerability, Dunham says. Once it starts to run, the Trojan horse in the banner ad causes infected machines to contact at least five Web sites to download spyware. This spyware consists of adware, which puts on screen unwanted pop-up ads, and monitoring spyware which tracks a user's online activity and can steal passwords and financial data, etc.

What About Protection?
The MySpace recommendation states, "We strongly urge all Internet users to follow basic Internet security practices such as running the latest version of the Windows operating system, installing the latest Windows security patches, and running the latest anti-spyware and anti-adware software. If users have applied the simple patch available from, they will not be vulnerable to this criminal act."

But what about those already infected? Well, spyware can be difficult to remove, even for security savvy users. However, there are clear steps that can be taken to clear the problem, involving the right antivirus, firewall, browser, patches, and antispyware programs -- yes, programs! My tests and others show that no one spyware remover will detect and remove all spyware.

Read more about these steps at Review On Spyware And Adware Removal... 5 Key Steps To Spyware Protection
To reference this entry please copy the url in this link: (Permalink)

July 28, 2006 16:29 - Judge Rejects Dropping AT&T Wiretap Case

Yesterday, a federal judge rejected a request from the head of U.S. intelligence to dismiss a lawsuit against AT&T charging the company with illegally allowing the government to monitor phone and e-mail communications.

During April, AT&T had asked the court to dismiss the case. Two weeks later the U.S. government also asked the federal judge to dismiss it, citing its state secrets privilege.

John Negroponte, U.S. director of intelligence said in a filing that disclosure of case information "could be expected to cause exceptionally grave damage to the national security of the United States."

The judge wrote, "The very subject matter of this action is hardly a secret. Public disclosures by the government and AT&T indicate that AT&T is assisting the government to implement some kind of surveillance program."

He went on to say, "The compromise between liberty and security remains a difficult one. But dismissing this case at the outset would sacrifice liberty for no apparent enhancement of security."

The lawsuit was brought by the privacy rights group Electronic Frontier Foundation in February. The EFF said the program allows the government to eavesdrop on phone calls and to read e-mails of millions of Americans without obtaining warrants.

They are seeking an injunction that would order the government to stop the program.

If you want some background to the case, go to my earlier blog at Government Program Eavesdrops On American's Phones.
To reference this entry please copy the url in this link: (Permalink)

July 31, 2006 18:44 - Ransomware... The Worsening Threat We Should Fear

Ransomware is a term used for blackmailing viruses. Whereas the first forays into ransomware used simple encryption techniques, the writers of these programs are now using more secure encryption algorithms. Although, at the moment, antivirus companies can decrypt these algorithms relatively easily, the stakes are getting higher as the malware writers employ increasingly longer bit keys.

What's The Risk?
Kaspersky, in its report Malware Evolution: April - June 2006, states that "if RSA (or any other similar algorithm which uses a public key) were to be appropriately implemented in a new creation, antivirus companies might find themselves powerless, even if maximum computing power were to be applied to decrypting the key."

In other words, anyone getting infected with ransomware either have to trash their computer and it's contents.. or pay up the ransom demand to receive the key to unlock the code.

What Is Ransomware?
Currently, ransomware normally arrives by email and uses social engineering -- a tempting or persuasive message, such as a job offer -- to trick the recipient into opening the attachment.

In the case of the ransomware, Gpcode, the attachment contains a Trojan, which downloads Gpcode to the computer. It then scans all accessible directories and encrypts files and mail client databases. Gpcode and the Trojans used to install it then self-destruct, leaving a file called readme.txt in all the folders which contain encrypted files. This text file provides information on how to contact the virus writer and pay the ransom for the decryption code.

What Precautions Can You Take?
Kaspersky Lab warns that even if the original authors of ransomware are tracked down, there's nothing to prevent other malicious user from implementing these techniques to make money.

Although security companies continue to work towards developing approaches that make it impossible for malicious users to encrypt or archive users' data, computer users need to take preventative measures...
  • For instance, users can neutralize ransomware attacks by regularly backing up documents and email databases
  • Never open emails or attachments unless you know the sender
  • Ensure you automatically update your antivirus and antispyware with the latest threat updates
  • Although Kaspersky are the author of this report and have led the way in de-encrypting ransomware, they also develop the best anti-virus for Trojan removal. As the threat of ransomware is growing, installing Kaspersky Antivirus Personal is worth considering if you are looking to change your current software.

    For more information, take a look at at Kaspersky Antivirus Personal.
To reference this entry please copy the url in this link: (Permalink)

June 2006 « 


RSS Feed For This News

Guard Privacy Blog Home | Archives| Internet Privacy & Security Risks... News! | Guard Privacy... Hot New Topics | Spyware & Spyware Blockers... News! |