Antivirus 2009 Plus

Antivirus 2009 Plus is the 10,000th fake antivirus program from the Antivirus 200x family..

Antivirus 2009 Plus shares the same traits as it’s inbred family in that it bombards you with fake security alerts for threats that aren’t even on the computer to try in order trick you into buying the full version. You most likely became infected with Antivirus 2009 Plus through a Trojan that came with what you thought was a legitimate download.

Like it’s predecessors, you can remove Antivirus 2009 Plus with these instructions.

(FYI: for some links to software we receive a commission. This is one of them. But we wouldn’t recommend Spyware Doctor if we didn’t think it would help.)

Popularity: 1% [?]

PRIMARY SCHOOLS HIT BY SMUT HACK

Sleaze merchants infiltrate kids’ web pages

UK primary school sites are being targeted by sleazy hackers in an attack that has reportedly resulted in hardcore porn appearing on web pages bearing school logos.

Twenty schools’ sites have fallen victim to the spoofed or defaced web page porn assault, the Times Educational Supplement reports. Many of the sites use Moodle, an open source content management system that is used to create online learning sites, sparking the theory that flaws in older versions of the package have been used to mount the attacks.

Keep reading “Primary schools hit by smut hack” »

Popularity: 1% [?]

NOVELL GROUPWISE BUG THREATENS MASS EMAIL THEFT

A mole’s dream

Security researchers have identified two critical holes in Novell’s GroupWise WebAccess, the web front end for the company’s email and employee collaboration package, that allow malicious hackers to steal user messages with ease. All supported versions of the program are vulnerable.

One vulnerability allows an attacker to forward all of a user’s email simply by sending a specially crafted email, according to Adrian Pastor, an employee for ProCheckUp, a penetration testing firm based in London. The cross-site request forgery bug allows attackers to add new forwarding rules simply by tricking a user into opening the email, no clicking of links necessary.

Keep reading “Novell GroupWise bug threatens mass email theft” »

Popularity: 2% [?]

WINDOWS MEDIA PLAYER FLAW DENIED

Security pantomime

Researchers reckon a security bug in Windows Media Player creates a means for hackers to inject hostile code onto vulnerable systems. However Microsoft has denied this, saying that the bug only creates a means to crash the software without posing a more damaging security risk

Fully patched Windows XP systems running either Windows Media Player 9 and 11 are each potentially vulnerable, according to tests by SecurityTracker. Other configurations may also be affected.

Keep reading “Windows Media Player flaw denied” »

Popularity: 2% [?]

DECT WIRELESS EAVESDROPPING MADE EASY

Security bypass attack

Conversations relayed through cordless household phones might be far easier to snoop upon than previously suspected

A new attack against phones based on DECT (Digital Enhanced Cordless Telecommunication) technology – demonstrated during the Chaos Communication Congress in Berlin earlier this week – might be carried out cheaply using off-the-shelf kit, together with a little know-how. A modified $30 VoIP laptop card running on a Linux portable were used to demonstrate the attack, which relies on using specially outfitted equipment to impersonate legitimate wireless base stations.

Keep reading “DECT wireless eavesdropping made easy” »

Popularity: 2% [?]

BOFFINS BUST WEB AUTHENTICATION WITH GAME CONSOLES

PS3 fleet spoofs SSL certs

Researchers have uncovered a weakness in the internet’s digital certificate system that allows them to forge counterfeit credentials needed to impersonate virtually any website that relies on the widely used security measure

Armed with more than 200 PlayStation 3 game consoles, the researchers are able to create a secure sockets layer certificate for any website of their choosing. The forged certificate causes all the major browsers to display a message indicating the website the user is visiting is legitimate because it’s been vetted by a trusted certificate authority using supposedly robust cryptographic measures.

Such attacks could make it easier for phishers to impersonate the sites of banks and other sensitive online services. The findings were presented Tuesday at the 25th annual Chaos Communication Congress in Berlin by researchers from Centrum Wiskunde & Informatica (CWI) in the Netherlands, EPFL in Switzerland, Eindhoven University of Technology (TU/e) in the Netherlands and independent labs in California.

Keep reading “Boffins bust web authentication with game consoles” »

Popularity: 2% [?]

Transit Agency to Work With Hackers Who Found Vulnerabilities

First gagged, now recruited

A New England transit agency has vowed to work with three Massachusetts Institute of Technology undergraduates whom it had previously sued when they discovered serious flaws in the agency’s electronic payment systems.

The Massachusetts Bay Transit Authority (MBTA) said it would work with Zack Anderson, RJ Ryan, and Alessandro Chiesa to make improvements to the agency’s fare collection system “that will be as straightforward and inexpensive to address as possible.” In August, the MBTA obtained a court order gagging the trio just hours before they were scheduled to speak about the gaping holes at the Defcon hacker conference in Las Vegas.

“It feels really good,” Zack Anderson said on Monday. “I’m glad after all that has happened the lawsuit is behind us.”

Keep reading “Transit agency to work with hackers who found vulnerabilities” »

Popularity: 2% [?]

US Cybersecurity Defenses Fail to Thwart Mock Cyberattack

Pants meet ankles

Critical US electronic systems have failed to withstand a simulated cyberattack.

Participants in a recent cyber-warfare exercise told Reuters that the exercise highlighted problems in leadership, communications and readiness. The two-day exercise brought together 230 government agencies, private firms and other participants. Participants were split into two groups – attackers and defenders – before each developed tactics for attacking and defending critical infrastructure systems, such as those controlling banking, telecommunications and utilities.

The basic scenario involved exercises in electronic disruption accompanying a national emergency, a sequence of events played out in Estonia last year and more recently in Georgia. Defenders drew on established defense procedures but these turned out to be inadequate, for reasons not explained in any detail by participants.

“There isn’t a response or a game plan,” said Mark Gerencser, a senior vice president at the Booz Allen Hamilton consulting service, which organised the simulation. “There isn’t really anybody in charge,” he added, Reuters reports.

Keep reading “US cybersecurity defences fail to thwart mock cyberattack” »

Popularity: 1% [?]

Scareware Mongers Hitch Free Ride on Microsoft.com and Others

Attack of the open redirects

Miscreants are exploiting weaknesses in more than one million webpages operated by the federal government, media companies, and even Microsoft to trick unwitting visitors into installing harmful software that takes over their computers.

Keep reading “Scareware mongers hitch free ride on Microsoft.com and others” »

Popularity: 1% [?]

The Hackers that Stole Christmas

On the third day of Christmas, my true love gave to me:

3 Fake Security Software
2 Zlob Trojans
And a exploitation kit!!!

Cyber criminals are getting into the true spirit of Christmas, by showing selling people the way to steal your money.

Oh the Joy of the holidays and what better way for hackers to cheat the system by using the Christmas season to commit cybercrimes and scam millions of online shoppers. Online shopping is nothing new as we should all know by now. More and more people, including hackers, flock to consumer sites looking for the best deal on anything from iPods and computers to house slippers to “Exploitation Kits”. Cyber criminals have a gift of their own to distribute online but they do not have to look too hard to find it. Hackers have released a web malware exploitation kit which is designed for commercial gains through a Christmas marketing pitch.

Expect the cheesy Christmas movie about a cyber crim discovering Christmas to follow soon.

Read New Exploitation Kit Released By Cybercriminals For The Holidays for the full story as well has tips to avoid falling victim.

Popularity: 3% [?]