The Fix It tool "is an easy, one-click solution that will help protect your computer right away. It will not affect your ability to browse the Web, and it does not require a reboot of your computer," Yunsun Wee, Trustworthy Computer Director at Microsoft, said in a blog post. "This will not only reinforce the issue that the Fix It addressed, but … Read more
Users of Internet Explorer versions 6 through 9 are grappling with another security flaw without a fix, but Microsoft has a few suggestions to help shore up protection.
Uncovered this past weekend, the security hole could compromise the PCs of IE users who surf to a malicious Web site. Microsoft said it's already aware of attacks that have tried to take advantage of this weakness.
Since no fix is yet available, it's up to users of IE to protect themselves. A new Microsoft Security Advisory offers several recommendations.
To start, the usual advice always applies. Make sure you'… Read more
A previously unknown security hole in Internet Explorer 7, 8 and 9 is being actively exploited to deliver a back door trojan known as "Poison Ivy," researchers warned.
Security blogger Eric Romang, who uncovered the vulnerability this weekend, wrote on his blog yesterday:I can confirm, the zero-day season is really not over yet. Less than three weeks after the discovery of the Java SE 7 0day, aka CVE-2012-4681, potentially used by the Nitro gang in targeted attacks, a potential Microsoft Internet Explorer 7 and 8 zero-day is actually exploited in the wild. Romang found an attack that … Read more
Kaspersky Lab has published an update in its investigation of the Flame cyber-espionage campaign, which the security experts discovered in May.
The research, which Kaspersky conducted in partnership with IMPACT, CERT-Bund/BSI and Symantec, identified traces of three previously undiscovered malicious programs.
Specifically, Symantec has highlighted forensic analysis of two of the command-and-control (C&C) servers behind the W32.Flamer attacks that targeted the Middle East earlier this year.
Here's what the group found after analyzing the C&C servers:The two servers were set up on March 25, 2012, and May 18, 2012.The servers … Read more
Despite warnings that some Chrome users are seeing today, Joshua Topolsky wants to assure readers of The Verge that his site is not rife with malware.
The problem apparently began this morning when visitors to the tech news site using Google's Web browser were greeted with a message informing them that The Verge contained content from SBNation.com, a site the Web giant accused of distributing malware. (SBNation, a sports news site, is a Verge sister site.) "Your computer might catch a virus if you visit this site," the notice warned.
However, Topolosky, the editor in chief … Read more
Microsoft has found malware on new computers its employees purchased in various cities in China as part of an investigation into the security of the supply chain. That finding led researchers to a botnet called Nitol and a court order giving the company permission to take technical measures to disrupt the botnet.
The effort, dubbed Operation b70, began in August 2011 when it decided to see if there was any merit to claims that counterfeit software and malware were being installed on computers by suppliers before they hit the retail shelves in China. So, the company had employees go into … Read more
The hackers behind the cyberespionage attacks on Google and more than 30 other companies three years ago are still going strong and seem to have a steady stream of weapons in their arsenal in the form of rare unpatched vulnerabilities known as zero-days, Symantec researchers said today.
The group has used exploits for four zero-day vulnerabilities in attacks over the past few months against targets across a variety of industries, including energy, aeronautics, and financial, and particularly manufacturers of components sold to defense contractors, the security provider said in a blog post.
"This group is focused on wholesale theft … Read more
After pleading guilty last year to creating a botnet that wreaked havoc on about 72,000 computers, Joshua Schichtel was sentenced to prison today. The Department of Justice announced that Schichtel received a 30-month prison sentence for "selling command-and-control access to and use of thousands of malware-infected computers."
Schichtel was a unique hacker. Rather than infecting computers for his own benefit, he instead sold botnets to customers who must have not had the tech know-how to create their own malware.
"Individuals who wanted to infect computers with various different types of malicious software (malware) would contact Schichtel … Read more
The online world is under siege. Computers, laptops, and mobile devices are increasingly being attacked by worms, viruses, botnets, Trojans, spam, and more.
According to a new report by McAfee (PDF), Malware is multiplying at a faster pace now than any other time in the last four years. There has been a 1.5 million increase in malware over last quarter, along with growth of newer threats, including "ransomware" attacks, thumb drive corrupters, and botnets.
While Windows PCs remain the hardest hit, there's a growing trend of attacks on Apple's Mac devices and Android smartphones.
"… Read more
What's up with all the malware aimed at the Middle East?
For the second time in two weeks a virus outbreak has been reported at an energy company in that region. Qatari liquified natural gas producer RasGas said its corporate network and Web site were down after getting hit by a virus on Monday. Earlier this week the Saudi Aramco oil company confirmed that its network was hit by a virus two weeks ago, shutting down 30,000 workstations. Neither company identified the virus, but in at least one of the cases it is believed to be malware known … Read more