The Security Resource for Everyone
Security experts discovered a serious vulnerability in late December, through which hackers can attack a fully patched Windows XP or Windows Server 2003 system. The vulnerability involves the OS handling a corrupted Windows Metafile (.WMF) graphic file.
Microsoft has not released a fix for the vulnerability, which has already caused significant damage. Read the rest of this entry »
A small group of individuals doing business under multiple company names has been disseminating spyware by offering consumers free music files, browser upgrades, and ring tones. Embedded in the free programs, however, were small trojans that downloaded dangerous spyware onto each target computer. In other instances, the group also disseminated its malware by causing a program to be installed in consumers’ computers, which would flash warnings about their computer’s security and spyware. Ironically, the warning itself was in fact spyware, and when concerned consumers would click on the warning, they would download spyware into their systems.
One of the group’s products was called Elitebar, a deceptive type of adware that propagates through social engineering methods, Java scripting errors and dialog boxes.
The U.S. District Court for the Central District of California in Los Angeles, at the request of the FTC, shut down the operation as of November 10, 2005. The courts have frozen the organization’s assets, and the FTC will ask that the deceptive practices be barred permanently. The agency claims that the practices are unfair, deceptive, and violate the FTC Act.
According to the FTC complaint, the defendants created software code that tracked the behavior of Internet users, hijacked home page settings, inserted toolbars and advertising side-frames, and generated pop-up ads. The complaint further stated that the malware often interfered with proper functioning of targeted computers.
The case was made with the assistance of Microsoft Corporation, Webroot Software, and Google Inc. The FTC recommends that consumers take steps to address the spyware risk, including setting browser security to detect unauthorized downloads, using anti-virus software and a firewall, downloading free software only from trusted sites, avoiding clicking on links inside pop-up windows or from spam links claiming to offer anti-spyware software, and to consider deploying a legitimate anti-spyware software solution from a trusted company. In addition to deploying anti-spyware programs, consumers and companies can combat spyware by avoiding use of peer-to-peer sites and instant messaging, which are often conduits of spyware.
The FTC action against the group reflects only a small portion of the growing spyware problem. EarthLink reports that the average PC has 28 spyware programs; a Dell report shows that 12 percent of tech support calls were due to the presence of spyware. In most cases, users do not realize they are downloading spyware. It is often downloaded into the computer automatically in the form of a trojan, along with some sort of nominally useful free program. Spyware can also be launched when users click on email attachments or share files through peer-to-peer networks. In can also take the form of “active code” and hidden inside a Web page, so that it launches automatically when the page is viewed. Because of the latter variation, many companies have taken the step of deploying URL filtering, which blocks many sites that are known to host spyware.
Spyware has overtaken viruses as the biggest security threat facing Windows computer users. A survey of Australian and New Zealand consumers conducted by Symantec in 2005 revealed that spyware and adware is creating chaos. Read the rest of this entry »
A Florida-based software company discovered a server containing personal information, including bank account information and social security numbers, from thousands of computers across the country. Obtained through the use of spyware, the data on that server apparently has been, at the least, accessed by identity thieves. Read the rest of this entry »
Nicknamed the “Sheriff of Wall Street” for his widely recognized vigilance in matters of consumer protection and business fraud, New York Attorney General Eliot Spitzer’s office settled a big spam lawsuit against OptInRealBig.com of Colorado last year. Now, he has set his sights on spyware. Read the rest of this entry »
Trend Micro, Inc. has released PC-cillin(TM) Internet Security 2005. It provides additional privacy, dependability, and security functionality for PCs and home networks. Read the rest of this entry »
Poet Samuel Johnson once said that people need to be reminded more than they need to be instructed. Well, get ready for a refresher course in how to protect your PC. Read the rest of this entry »
Imagine walking into your home after a long, hard day at work. You change into your most comfortable (though not most flattering) pair of sweats, grab a box of your favorite cookies, order a pizza with extra grease, and plop down in front of the TV to watch your favorite sitcom. Imagine now that while you were gone, someone broke into your home, installed hidden cameras, and was watching everything you did. It’s demeaning. It’s embarrassing. It’s legal. Read the rest of this entry »
Betcha never saw this one coming.
In a web poll of 117 college students, 92 percent intend to download new software, chat on instant messenger software and/or use peer-to-peer networks while at home over the holiday season. Read the rest of this entry »
There are all kinds of ways to protect your PC: spam blockers, spyware removal programs, and anti-virus software seem necessary nowadays if you own a computer. But what about protecting your PC from electrical surges? This issue in PC security has been ignored for too long, being replaced by sexier, more complicated problems filled with evil spammers and malicious hackers. Well, the silence has lasted too long. If you want to protect your computer, its files, and your family, please read this important article. Read the rest of this entry »