Computer Security Articles

Dutch GPS and navigation software giant, Tom Tom, recently took what I consider to be a small privacy step for the company, but a giant privacy step for mankind.Faced with evidence that the Dutch police have been using anonymised trip data from Tom Tom users to assist in enforcing speeding laws, Tom Tom CEO Harold [...]

Read the full story

Google’s top-trending Anglophone search term right now is, understandably, “osama bin laden dead”. Google officially describes its hotness (you couldn’t make this stuff up) as volcanic.The short version, according to the LA Times, is that bin Laden was tracked to a “comfortable mansion surrounded by a high wall in a small town near Islamabad, Pakistan’s [...]

Read the full story

After some months since the last blog post about the TDL rootkit, we have to come back and write again about this nasty threat that is targetting both 32 bit and 64 bit versions of the Windows operating system, succesfully bypassing all the security countermeasures implemented in the 64 bit version of Windows that should [...]

Read the full story

I just saw an article by Mathew Schwartz for Information Week focused on a series of articles by Aleksandr Matrosov, Eugene Rodionov and myself for Infosec Institute.The articles are actually based on previous analyses of TDL3 and TDL4 by Aleksandr and Eugene, but even if you’ve seen those, you might find the aggregation of older and [...]

Read the full story

Just a few days ago, two major web browsers have been updated to fix security vulnerabilities which may allow attackers to infect the computer with malware just by visiting a hacked website.Google released version 11 of the Chrome web browser. 18 of the more than 20 security holes which get closed with this release are [...]

Read the full story

It’s starting to seem like Facebook can’t win against those who wish to use their service to scam, spam and simply cause trouble. Over the last day or so, a new type of attack has been spreading using the phrase “OMG! I Can’t believe JUSTIN Bieber did THIS to a girl”.It leads to a page [...]

Read the full story

Yesterday, five weeks after shipping Firefox 4, the Mozilla project published the new browser’s first-ever security update. The Firefox version number bumps up to 4.0.1.The update fixes 50-odd bugs in total, amusingly including three fixes listed as specific to OS/2. Ironically, the latest official release of the OS/2 port of Firefox, dubbed Warpzilla, hasn’t yet [...]

Read the full story

A while back we noticed that malware authors seem to have a thing for Chuck Norris. And why not: Chuck Norris kicks ass! We have been monitoring the situation carefully and have found several malware that show some sort of interest or tribute towards Mr.Norris.We started thinking; if our automation can detect malware by looking [...]

Read the full story

This message may repeat. This message may repeat. For those of us old enough to have fond memories of the phonograph, the phrase “broken record” may come to mind.Yes, more user information has been leaked and in a totally preventable fashion. A season ticket sales representative for the New York Yankees accidentally emailed a spreadsheet [...]

Read the full story

As we all know, compromised sites play an important role in web distributed malware, acting as the conduit, guiding user traffic to further malicious content. Sometimes, the attackers get lucky, and succeed in compromising a high profile, popular site. Another way to increase the number of users exposed to the attack is to compromise advertising [...]

Read the full story

In the wake of the press reports concerning the recent data breaches at Sony and Epsilon, some organizations are getting the wrong idea about modern online attacks. The media largely chooses to cover mass-scale losses that affect large numbers of consumers from trusted brands.While it is important to raise awareness about keeping your data safe [...]

Read the full story

In the absence of a genuine ticket to the real event, Facebook users are encouraging each other to reveal their Royal Wedding Guest name.Here’s a typical message that is currently being spread by well-meaning users across the social network: In honor of the big wedding on Friday, use your royal wedding guest name. Start with [...]

Read the full story

Instantly this news became? very fruitful? for all kinds of cybercriminals. Here is? some of the proof we found:1) SEO optimized Google image searches leading to a malicious site with the exploit for the “Help Center URL Validation Vulnerability“. The exploit drops into the system a malicious executable file which is a password stealer malware.?At [...]

Read the full story

Real-world events occasionally generate a massive number of online searches. Japan’s recent earthquake and the subsequent tsunami that followed is a good example of a sudden event that turned the world’s attention to Google. And as topics trend in Google’s search results, Search Engine Optimization (SEO) attacks are attempted. Our March 11th post urged caution [...]

Read the full story

Recently,we found many malwares using a smarter way to inject the specified dll into system related to IME management. Comparing to the old IME injection tricks, it is much more difficult to be discovered by users or anti-virus companies.As we known, at the beginning of last year, many Chinese users found they could not use [...]

Read the full story

The Royal Wedding of Prince William and Catherine Middleton that will be held tomorrow, on April 29, will attract the attention of many people around the world, and has become a trending topic on various websites, especially the social networking sites.No doubt, it also became an easy target for the malware authors to spread their [...]

Read the full story

As we have seen with many major events in the past, news of the British Royal Wedding is currently being used by cyber criminals to bolster their spam campaigns and push rogue antivirus software through black hat search engine optimization (SEO) techniques. Spam campaignsWe have blogged previously about “snowshoe” spammers targeting the upcoming British Royal Wedding [...]

Read the full story

Two weeks ago, the Federal Bureau of Investigation (FBI) obtained a court order in Connecticut, USA. This court order allowed the FBI to undertake an anti-cybercrime operation of a sort which had never been authorised before in America.Not only did the cops seize various US-based Command and Control (C&C) servers belonging the Coreflood botnet, but [...]

Read the full story

Who would have thought it? A free anti-virus program for Apple Macs being named best anti-malware solution ahead of those security products for boring old Windows.Well, that’s exactly what happened at the SC Magazine Awards Europe 2011, held last week at the London Hilton on Park Lane.Over 530 of the industry’s top companies saw Sophos [...]

Read the full story

Sony has published a new blog entry, confirming that credit card details which could have been stolen in the recent hack of the PlayStation Network were encrypted.Sony reassured users of the PlayStation Network that “all credit card information stored in our systems is encrypted”, but underlined that it cannot rule out the possibility that the [...]

Read the full story

Another Facebook spam mail pretending that your password is not safe, currently circulating on Internet. The subject is: FaceFacebook Support. Personal data has been changed!ID55733. The email comes with an attachment called New_Password_IN33494.zip.The zip file (New_Password_IN33494.zip) contain New_Password.exe file, Quick Heal detects this file as a “Trojan.Menti.gen”.New_Password.exe tries to fool the victim as it seems [...]

Read the full story

You probably saw that whole “Obama birth certificate” thing yesterday.You’re also aware this means hunting around for pictures of his birth certificate is going to result in Rogue AV files popping up.The first page of Google Image Search:Click to EnlargeThat one in the middle was (until a little while ago) using a java exploit to [...]

Read the full story

XBox Live currently has a warning issued in relation to “phishing attacks” in the Modern Warfare 2 game. However, information is frustratingly thin on the ground leading to much confusion as to what the attack is, how it takes place, what to avoid and so on.Things I have seen in the past:* Social engineering attempts [...]

Read the full story

After discovering an external intrusion, the persons in charge took the worldwide network and the Qriocity services offline on April 20th 2011. Since then, none of the games can be played online anymore, some offline games can’t even be played offline due to the lack of network functionality, not to talk about the possibility to [...]

Read the full story