But today, the team at computer security vendor F-Secure is alerting the community that reports of the bug’s dangerous payload are trickling in. Users with incorrect time settings are already seeing their Office files, PDFs, e-mail archives and compressed folders getting corrupted.

(more…)

Managed security provider BlackSpider Technologies estimated that more than 2.4 million emails containing the Win32.small.cfg Trojan downloader were sent to UK businesses last night.

The malware was sent out in emails claiming to be about an unpaid invoice for a firm in Nottingham.

(more…)

Jim Allchin, co-president of Microsoft’s platform products and services division, told reseller magazineCRN that safety and security, improved user experience, and mobility features will be key additions in Vista. But there will be no anti-virus software, the Windows development supremo said during a questions and answers session with CRN. For unspecified business (not technical) reasons, Microsoft will sell anti-virus protection to consumers through its OneCare online backup and security service.

(more…)

The group, which includes McAfee, Symantec, Trend Micro, ICSA Labs, and Thompson Cyber Security Labs, wants to create standard metrics and common samples of spyware programs that third-party testers can use when evaluating antispyware tools.

The goal is to make it easier for companies to compare and evaluate antispyware products at a time of considerable market confusion over various offerings said David Cole, director of Symantec’s security response group. “In the antivirus space, there are several well-known testing bodies and testers who follow standards and well-thought-through methodologies” for evaluating products, he said.

(more…)

XML-RPC for PHP features in many web application including PostNuke, Drupal, b2evolution, Xoops, WordPress, PHPGroupWare and TikiWiki. Most of these applications have been updated to address the security flaw.

But unpatched systems are at risk from a Linux worm - called Lupper - which exploits the bug to load itself onto vulnerable systems. Anti-virus firms report few reports of the malware which is noteworthy mainly because of the rarity of malware strains targeting Linux systems rather than its risk factor, which is low.

Dubbed Shelob, after the sinister giant spider in J.R.R. Tolkien’s “Lord of the Rings,” the software identifies suspect traffic patterns, identifies the computers involved and then shunts them to a closed virtual LAN. Users get an appropriate Web screen, explaining what’s happened and how to fix their PC or whom to call for help.

Shelob’s inner workings were shown off recently in Orlando, Fla., at Educause, the annual user conference for I.T. professionals in higher education.

The school says that since being rapidly thrown together during the Blaster worm outbreak of 2003, Shelob has helped to keep it free of network or service outages related to virus infections. One limitation is it works only with clients that are plugged directly into the LAN, not wireless about wireless devices.

(more…)

Unfortunately for Sony-BMG, the move may have come too late to dodge the US national pastime: the class action lawsuit. According to News.com, San Francisco law firm Green Welling, are already salivating over this.

“We’re still investigating the case and talking to different people about what happened to them,” said Robert Green, a partner at The Firm. Green’s main argument will be that customers should be informed if an audio CD’s copy protection extends to installing a bunch of software on your PC. Of course they should, though you can image that such ‘consent’ may well be tucked away in a long and confusing End User License Agreement (EULA) full of legalese that nobody will read. Naturally, that is no defence, but is it too much to expect companies to play fairly? Most users just tick the box and click Next.

(more…)

Are we as an industry prepared for such an assault? No. But Trend Micro executives last week said in time, we will be better equipped to take on such attacks.

“You’re seeing computer networks built into everything,” said David Michael Perry, global director of education for the Tokyo-based antivirus firm. “Look at cars. Door locks are increasingly controlled by computer networks. If you lock the keys in the car, OnStar can unlock it for you.” Perry also noted how he can use the Internet to turn down the air conditioner in his house and how TiVo “is nothing but a networked computer.”

(more…)

Usually, not very. In fact, in most cases, they don’t put much additional effort into executing their duties — just enough to get the work done and retain their jobs. According to Ken Shaurette, information security solutions manager at MPC Technology Solutions, however, “a too-often overlooked way to improve these attitudes is to include information security in the job descriptions of employees.” When your organization makes security awareness and policy compliance mandatory, the apathetic trend can be reversed.

When management requires security policy compliance to be a key part of an employee’s job, interest is generated. An added benefit is that security becomes part of the corporate culture. With performance reviews (hence, possible raises) looming periodically, employees are more apt to fit compliance into their daily routine. Knowing that they’re being graded encourages employees to comply with policies.

(more…)