Security firm Sophos is warning PC users of a Trojan horse that has been spammed out, claiming to be a notification that an Apple iPod has been shipped to them, and their account has been charged almost $500. The emails claim that the music player is being shipped via FedEx and that a payment of $479.95 has been received from the recipient’s e-gold account. Attached to the emails is a file called OrderInf.zip, which unpacks to OrderInfo.exe. Executing this file infects the user’s computer with the Dowdec-A Trojan horse that attempts to download further malicious code from the internet. Below is a copy of the email message.  

Dear ,
Please read the following message carefully. We notify that your order was approved and shipped to you via FedEx 2Day Service, track 792531968828.
The amount of $479.95 USD was recieved from your e-gold account.
The details of transaction and specification of chosen product we send you in self-extracting compressed-zip file.
Read it carefully to make sure that there’s no mistakes in characteristics of chosen product.
We appreciate your choice!
According to the rules, refund must be based on your original method of payment. Any requests to refund using e-gold are not accepted, if the payment method was credit card. IPod For Your, Yahoo Shopping

Russ McKinney, a spokesman for the University of South Carolina, says an online security breach could affect as many as 6,000 current and former USC students. USC is reporting that someone accessed USC’s internal servers causing a security breach. USC officials are unaware if any data was actually taken but they released letters advising 6000 people of the breach and possible security concerns. Investigators say the breach occurred in September of 2005, and they did not discover it until this summer. Possible information that could have been taken includes full names of the students, their birthdates, social security numbers and their school addresses.  McKinney said he has not heard of anyone who has been the victim of identity theft due to the incident. “We don’t know,” McKinney said, “They may have.” McKinney said no one has contacted USC concerning that aspect of the incident.

This Trojan downloader is an HTML page which contains a script written in VBS. It is found in web pages.

This Trojan program is designed to artificially boost the number of visits to designated web sites. The Trojan itself is a Windows PE EXE file, packed using FSG. The file may be between 5KB and 36KB. Installation Once launched, the Trojan copies itself to the Windows root directory as svchost.exe:...

Security firm Symantec has discovered a new proof of concept virus that targets the AMD processor rather than targeting operating systems. There are two versions of the worm, one aims at 32-bit and the other at 64-bit AMD processors. Symantec has called them “virus w32.bounds” and “w64.bounds”. Although the worm is just proof of concept code, there are some fears that it could be used as a starting point for creating some kind of malware. If a cybercriminal manages to turn the code into something more destructive, it could mean that they could make a worm that can move across different operating systems. Symantec believes the next stage would be mixing the 32-bit and 64-bit versions of the malware to create a single virus that can target both Intel and AMD families. The technique probably would not be used as a mass attack, but could be quite good as a targeted take-down method, Symantec says. This is interesting because most virus writers do not waste time at going after the chip because its much easier to hit an operating system. A chip attack could be coming soon. 

Online threats have grown and spread into many different things over the years. Who remembers the time when the biggest internet concern was a virus that sent itself to everyone in someone’s address book? It’s sad to say that we wish that is our only concern now. Now cybercriminals don’t just mess up your computer, they mess up your life. They can pilfer confidential information, steal identities, and even pose as legitimate entities. Much of the increase can be attributed to a practice known as “phishing,” which finds crooks stealing consumers’ personal identity data and financial account credentials through “spoofed” e-mails that lead users to counterfeit websites.  Once there, recipients are tricked into divulging financial data such as credit card numbers, account usernames, passwords, and Social Security numbers. In a recent trends report, The Anti-Phishing Working Group received 12,883 reports in March 2005 rose to 18,480 unique phishing reports were received in March 2006. To ward off online threats, conduct regular reviews of your credit card and bank statements. Investing in up-to-date antivirus protection, spam blockers, and firewalls is another strategy.

 A critical software update recently released by Intel has shown to be faulty and takes up excess memory space. The flaw concerns PROSet version 10.5, which is part of Intels drivers that power the wireless hardware in computers. One of the files is not being released correctly causing it to eat up more and more memory space. Intel said they will be releasing a patch to fix this shortly. It is recommended that all users update as soon as the patch is updated so they are not vulnerable to malicious hackers.

According to data from Security Company Webroot, adware still continues to be a burden to home computer users throughout the second quarter of 2006. Spyware scans from webroot show an infection rate of 59 percent. This is the same as the first quarter but is up 14 percent from the end of 2005. The steady infection rate is another indication that home computer users are not using the best anti-spyware tool.

Webroot data shows that system monitors are present on six percent of infected computers during this past quarter. This is the same percentage as the first quarter of 2006. The steady infection rate of system monitors may indicate that system monitors remain a steady income for online criminals. The most common system monitor detected was Perfect Keylogger. Perfect Keylogger is a monitoring tool that records all keystrokes, mouse clicks, and visited sites.

Despite the publicity about the dangers of spyware, infection rates throughout the world are on the rise. Data from Webroot spyware scans reports that 89% of consumer PCs are infected with some form of spyware. In the United States, the average home computer is infected with 30 pieces of spyware. It is strongly urged that all computer users purchase some kind of anti-spyware software. This software can come by itself or be apart of a security suite. Free software is not working. Spyware writers are constantly modifying their programs and most free software programs are not capable of finding the more sophisticated spyware programs.

The IBM Corporation has just announced that it will be purchasing Internet Security Systems Inc. (ISS) for $1.3 billion. IBM is expected to close the deal by the end of the year. ISS provides security solutions to thousands of the world’s leading companies and governments, helping to proactively protect against internet threats across networks, desktops and servers. ISS software, appliances and services monitor and manage network vulnerabilities and exploits and rapidly respond in advance of potential threats. This acquisition advances IBM’s strategy to utilize IT services, software and consulting expertise to help clients optimize and transform their businesses. IBM plans on enhancing ISS to stay ahead of targeted security attacks. 

AOL has fired three employees including their CTO in an effort to overcome their recent disclosure of user data on over 650,000 users. Maureen Govern, AOL CTO and head of the AOL department responsible for releasing user search data, and the researcher and manager were fired, according to a memo from AOL CEO Jonathan Miller. Earlier this month AOL admitted the user information was mistakenly posted on a company site research.aol.com. 

Spyware infection rates have returned to the 2004 peak levels this year. Webroot warns this is due to internet networking sites such as MySpace, which are hotbeds for spyware. Many sites on MySpace contain links that will take you to sites that will download spyare and adware onto your computer. MySpace is such a huge target now because of the ever increasing popularity plus most of the users are youths. They are less skeptical of the sites they visit making them easier targets.

This malicious program spreads as an ELF format file and represents a threat to Linux web servers. The worm spreads via the following vulnerabilities: AWStats Rawlog Plugin Logfile Parameter Input Validation Vulnerability (Bugtraq 10950); XML-RPC for PHP Remote Code Injection Vulnerability...

According to the latest release of Webroot’s State of Spyware report, enterprises are still continuing to get hammered by malicious software. Many corporations now are investing millions into securing their computer systems to stay ahead of the spyware offensive. Not all companies are able to stay ahead. More than 40 companies have reported security breaches just during this past quarter. This translates into a huge loss of revenue for these companies because customers lose their trust in them. The steady infection rate of big companies suggests that these companies are relying on inadequate security software such as freeware to protect themselves. Surprisingly the larger more technological companies lag behind most of the other industries in adopting security technology.