Safe and Secure

A coalition including Harvard Law School’s Berkman Center for Internet & Society and Oxford University’s Oxford Internet Institute with the support of several prominent tech companies, including Google, Lenovo, and Sun Microsystems and Consumer Reports WebWatch has banded together to fight “badware”, the groups generic term that includes spyware, adware and any other software which “fundamentally disregards a user’s choice over how his or her computer will be used”.

A: StopBadware.org is a “Neighborhood Watch” campaign aimed at fighting badware. We will seek to provide reliable, objective information about downloadable applications in order to help consumers make better choices about what they download onto their computers. We aim to become a central clearinghouse for research on badware and the bad actors who spread it, and become a focal point for developing collaborative, community-minded approaches to stopping badware.

StopBadware.org

A new security flaw has been exposed in Windows involving “Windows Metafiles” which typically have a .wmf filename extension. The flaw is rated as critical and no patch is yet available from Microsoft to fix the security hole. It is recommended that users not open or preview any files witha *.wmf extension and set Internet Explorer security settings to “High”.

The vulnerability has been confirmed on a fully patched system running Microsoft Windows XP SP2. Microsoft Windows XP SP1 and Microsoft Windows Server 2003/SP1 are reportedly also affected. Computers will be infected by programs from the Agent.acd family, if users visit unionseek.com or iframeurl.biz. The malicious programs are downloaded to the victim machine and launched via the WMF vulnerability. Agent.acd will then download other Trojan programs to the victim machine.

Source: Techtree.com India > News > Security > Windows Metafile Flaw Exploited

A new worm making the rounds of all the major Instant Messenging networks attempts to trick you into believing you’ve received a file from a friend. Click the file and you get a picture of Santa - plus a nasty little rootkit installed to your system that could give hackers control of your computer. As with email, you should not open any file attachment unless you are expecting it and know exactly what it is. If a friend sends a link or file by IM, message them back and ask what it is before you open it. If they say they didn’t send anything, it’s almost certainly a virus and should be deleted immediately. If they did send it, you should still scan it with an up to date antivirus program before opening.

The IM.GiftCom.All worm has made an appearance on several messaging networks, including America Online, Microsoft MSN, and Yahoo.

The worm attempts to dupe you into believing that a friend has sent you a link to a harmless file. If you click on the file, you see an image of Santa. While viewing it, the worm attempts to install a rootkit on your system.

Santa Worm Hits Messaging Networks - Computing -

Microsoft revealed a critical security flaw in its Internet Explorer Web browser and an important flaw in its Windows Operating System today. The critical flaw could allow a hacker to take complete control of a users computer.

Microsoft said the vulnerability exists in its Internet Explorer Web browser, which an attacker could exploit to take over a PC by running software code after luring users to malicious Web pages.

Microsoft also issued one other security warning it rated at its second-highest level of “important.”

Fixes can be downloaded at:

www.microsoft.com/security

Technology News Article | Reuters.com

Remember the old adage, “If it sounds too good to be true, it probably is.” Then remember that you have never provided the IRS with your email address. So, when the message comes from “the IRS” that says you have a tax refund and takes you to the “IRS” website to enter credit card details - delete it or forward it to the proper authorities. The current one making the rounds takes advantage of a glitch in a government website to take you to that website first, making the email look more legitimate, but it’s really this simple - the IRS sends refund checks automatically in the mail as long as they have your current address. They don’t send refunds out by email. If you want to make sure you’re getting the refunds you have coming make sure IRS has your current address. If you’re still unsure, contact the IRS directly, but don’t click on phishy emails.

A spam e-mail message has been sent around the world telling people they are eligible for a $571.94 tax refund from the IRS. The e-mail offers a link to a fraudulent IRS Web site, but the link actually goes through a legitimate government Web site that only last month was promoted by President Bush.

“This is more advanced than the typical phish, because the Web link really does–at first–take you to the real tax benefit Web site,” said Graham Cluley, senior technology consultant for U.K. security vendor Sophos. “Unfortunately the way the government Web site has been configured allows the phishers to bounce the unwary in their direction.”

The link in the phishing e-mail goes to a forged IRS Web site that asks for a Social Security number, tax return filing code and credit card details including security code and PIN.

Phishers use IRS tax refund as bait | CNET News.com

The latest threat to hit the internet is a variant of the Sober worm that passes itself off as an email from the CIA or FBI. Several different assessments rate the threat from this worm as anywhere from medium to severe.

This variant of Sober generates e-mails that purport to be from the CIA or FBI. These messages tell the recipient they have been looking at illegal Web sites and should answer some questions in the e-mail’s attachment. If the attachment is opened, the computer is infected, and the virus sends copies of itself to any e-mail addresses found on the hard drive.

Latest Sober threatens e-mail gateways | Tech News on ZDNet

The SANS Institute has released its 2005 Top-20 Internet Security Vulnerabilities and this year a new category - Cross Platform Applications - takes the spotlight. Of particular concern and new to the list this year is backup software which often deals with a company’s or individual’s most sensitive data.

Four years ago, the SANS Institute and the National Infrastructure Protection Center (NIPC) at the FBI released a document summarizing the Ten Most Critical Internet Security Vulnerabilities. Thousands of organizations used that list, and the expanded Top-20 lists that followed one, two, and three years later, to prioritize their efforts so they could close the most dangerous holes first. The vulnerable services that led to worms like Blaster, Slammer, and Code Red have been on these lists.

Source: SANS Top 20 Vulnerabilities - The Experts Consensus

Following is a list of Sony BMG Music CDs affected by the copy protection software or “rootkit” which creates a security vulnerability, information on Sony’s recall program and further uninstall information. Note that the list is provided by Sony and offered here without guarantee of any sort. There may be additional CDs from Sony or from other vendors with the same or similar programs not on the list.

CD’s Containing XCP Content Protection Technology:

ARTIST ALBUM ITEM NUMBER(S) UPC(S)
1 A Static Lullaby Faso Latido CK92772 827969277225
2 Acceptance Phantoms CK89016 696998901629
3 Amerie Touch CK90763 827969076323
4 Art Blakey Drum Suit CK93637 827969363720
5 The Bad Plus Suspicious Activity? CK94740 827969474020
6 Bette Midler Sings the Peggy Lee Songbook CK95107 CK74815 827969510728 828767481524
7 Billy Holiday The Great American Songbook CK94294 827969429426
8 Bob Brookmeyer Bob Brookmeyer & Friends CK94292 827969429228
9 Buddy Jewell Times Like These CK92873 827969287323
10 Burt Bacharach At This Time CK97734 827969773420
11 Celine Dion On Ne Change Pas E2K97736 827969773628
12 Chayanne Cautivo LAK96819 LAK96818 LAK95886 037629681921 037629681822 037629588626
13 Chris Botti To Love Again CK94823 827969482322
14 The Coral The Invisible Invasion CK94747 827969474723
15 Cyndi Lauper The Body Acoustic EK94569 827969456927
16 The Dead 60’s The Dead 60’s EK94453 827969445327
17 Deniece Williams This Is Niecy CK93814 827969381427
18 Dextor Gordon Manhattan Symphonie CK93581 827969358122
19 Dion The Essential Dion CK92670 827969267028
20 Earl Scruggs I Saw The Light With Some Help From My Friends CK92793 827969279328
21 Elkland Golden CK92036 827969203620
22 Emma Roberts Unfabulous And More: Emma Roberts CK93950 CK97684 827969395028 827969768426
23 Flatt & Scruggs Foggy Mountain Jamboree CK92801 827969280126
24 Frank Sinatra The Great American Songbook CK94291 827969429129
25 G3 Live In Tokyo E2K97685 827969768525
26 George Jones My Very Special Guests E2K92562 827969256220
27 Gerry Mulligan Jeru CK65498 74646549827
28 Horace Silver Silver’s Blue CK93856 827969385623
29 Jane Monheit The Season EK97721 827969772126
30 Jon Randall Walking Among The Living EK92083 827969208328
31 Life Of Agony Broken Valley EK93515 827969351529
32 Louis Armstrong The Great American Songbook CK94295 827969429525
33 Mary Mary Mary Mary CK94812 CK92948 000768353721 827969294826
34 Montgomery Gentry Something To Be Proud Of: The Best of 1999-2005 CK75324 CK94982 828767532424 827969498224
35 Natasha Bedingfield Unwritten EK93988 827969398821
36 Neil Diamond 12 Songs CK94776 CK97811 827969477625 827969781128
37 Nivea Complicated 82876671562 828766715620
38 Our Lady Peace Healthy In Paranoid Times CK94777 827969477724
39 Patty Loveless Dreamin’ My Dreams EK94481 827969448120
40 Pete Seeger The Essential Pete Seeger CK92835 827969283523
41 Ray Charles Friendship CK94564 827969456422
42 Rosanne Cash Interiors CK93655 827969365526
43 Rosanne Cash King’s Record Shop CK86994 696998699427
44 Rosanne Cash Seven Year Ache CK86997 696998699724
45 Shel Silverstein The Best Of Shel Silverstein CK94722 827969472224
46 Shelly Fairchild Ride CK90355 827969035528
47 Susie Suh Susie Suh EK92443 827969244326
48 Switchfoot Nothing Is Sound CK96534 CK96437 CK94581 827969653425 827969643723 827969458129
49 Teena Marie Robbery EK93817 827969381724
50 Trey Anastasio Shine CK96428 827969642825
51 Van Zant Get Right With The Man CK93500 827969350027
52 Vivian Green Vivian CK90761 827969076125

Notes from Sony:

• Sony will shortly be releasing new versions of these titles without the XCP software. You therefore need to check this list for both the name of the album and the item number (which can be found on the spine of the CD). If the item number is not listed below, your CD does not contain XCP content protection. Please note, DualDiscs do not use XCP content protection and are therefore not included in this program.
• Two titles, Ricky Martin’s “Life” and Peter Gallagher’s “7 Days in Memphis” were released with a content protection grid on the back of the CD packaging but XCP content protection software was not actually included on the albums.

Sony has instituted a recall or “exchange program” which allows CD purchasers to receive a rootkit free replacement CD by mail and to download MP3s of the music on the CD while waiting for the replacement. Details here.

Final note: The web based uninstall program provided for the software actually creates a larger security vulnerability by installing a Visual Basic script called “CodeSupport”. More information, including a CodeSupport detector and information on deleting Code Support, is available from Freedom To Tinker.

Keyloggers, hidden software loaded on computers, were used to commit over 6,000 acts of theft last year. The average cost per victim was over $3,600 with most victims being responsible for at least part of the financial expense and averaging over 80 hours spent dealing with the thefts.

The iDefense data indicates keyloggers have risen from only 300 in 2000 to 3,753 in 2004 and, more recently, to a record 6,191 this year — a jump of 65 percent since last year. IDefense senior engineer Ken Dunham told TechNewsWorld that advances in attacker techniques and technology are also alarming.

Technology News: ID Security : More Keyloggers Swiping Identity Info

You may recall a couple of days ago the news of a worm spreading a “root kit” via AOL Instant Messenger. The root kit allows other software, such as a “backdoor”, to hide from antivirus and security software. Yesterday it was revealed that approximately 20 Sony music CD titles contained a root kit designed to hide anti-piracy software. Aside from the implication that one of the largest corporations in the home electronics business is itself engaged in an activity that would result in arrest and jail time if done by a teenager at home, the root kit installed by the CD reportedly has security vulnerabilities that make the infected computer vulnerable to other hacking attacks. So the latest security threat is - “shrink wrap” licensing agreements on CDs and DVDs and not from porn companies, but from mainstream major corporations.

The root kit can not be uninstalled using standard Windows uninstall and removing the files manually corrupts files so the the computers CD drive stops working. It’s also reported that removing the files manually completely breaks the new Windows Vista, the beta version of the next version of the Windows Operating System.

Sources:
Removing Sony’s CD “rootkit” kills Windows
Sony’s CD Copy Protection Problems