HackrNews

SEATTLE (Reuters) – Computer users’ growing fear of worms and viruses could be behind a recent spike in attacks on PCs via bogus security software, according to a Microsoft Corp report published on Wednesday. As the Conficker worm and other malicious software — known as malware — have grabbed headlines, more computer users have been looking for security programs online, some of which turn out to be agents for viruses themselves. Out of hundreds of millions of PCs monitored by the world’s largest software maker for its twice yearly Security Intelligence Report, seven of the 25 top security threats came in the form of fake security programs. In the last six months of 2008, Microsoft said it cleared 4.4 million PCs of the most successful bogus security program, which goes under the name of Win32/Renos. That is a 67 percent increase over the first half of 2008, said George Stathakopoulos, head of product security at Microsoft’s Trustworthy Computing Group. Fear of Conficker “could be a part of it,” said Stathakopoulos, explaining the sudden jump in attacks from what Microsoft calls “rogue” security software, or “scareware”. According to the report, more security-conscious consumers are being tricked by insistent or alarming pop-up warnings into paying for protection which, unknown to them, is actually malware designed to steal personal information. The phenomenon of “scareware” is a headache for bona fide security software makers such as Symantec Corp, McAfee Inc and Trend Micro Inc. But these companies in turn have played a role in raising fears about malware such as Conficker, and have reaped a windfall from worried computer users buying their products. Conficker, a program that works its way into a PC and allows it to be controlled remotely, is believed to have infected millions of PCs, but no significant disruption has yet occurred. Overall, Microsoft’s report shows that instances of software security problems — what it calls “unique vulnerability disclosures” — actually fell 3 percent in the second half of last year from the first half. But the number defined as “high severity” rose 4 percent. The report only reflects PCs using Microsoft systems, and does not include Linux operating systems or Apple Inc computers. The report, and guidance on how to avoid viruses, is available at www.microsoft.com/sir

Vijay Mukhi, President of the Foundation for Information Security and Technology says, “The terrorists know that if they use machines at home, they can be caught. Cybercafes therefore give them anonymity.”

“The police needs to install programs that will capture every key stroke at regular interval screen shots, which will be sent back to a server that will log all the data.

The police can then keep track of all communication between terrorists no matter, which part of the world they operate from.This is the only way to patrol the net and this is how the police informer is going to look in the e-age,” added Mukhi.

Is anyone talking about the societal implications of this sort of wholesale surveillance? Not really:

“The question we need to ask ourselves is whether a breach of privacy is more important or the security of the nation. I do not think the above question needs an answer,” said Mukhi.”As long as personal computers are not being monitored. If monitoring is restricted to public computers, it is in the interest of security,” said National Vice President, People Union for Civil Liberty.

Security experts at RSA have come across a new tool that automatically creates sophisticated phishing sites, a sign that cybercrooks are getting increasingly professional.

The tool, which RSA calls the “Universal Man-in-the-Middle Phishing Kit,” is available on underground online marketplaces for about $1,000, Jens Hinrichsen, RSA’s product marketing manager for fraud auction, said in an interview Wednesday.

“Unlike other phishing kits which have been in existence for quite some time, this kit is unique because with a very simple user interface you can choose whatever site you’d like to spoof,” Hinrichsen said. “The arms race continues; we on the security side have to continue to escalate resources and invest in technology.”

Phishing scams are a prevalent online threat that typically use fraudulent Web pages and spammed e-mail messages to trick people into giving up personal information such as user credentials or credit card data.

Using the new kit, a fraudster only has to enter variables such as which site should be spoofed and where the fraudulent page will be hosted. The tool then produces a dynamic Web page in the PHP (hypertext preprocessor) scripting language. The fraudster hosts this page somewhere on the Web, typically on a compromised Web server or a free Web host, and lures people to it with spammed e-mail messages or other links.

Unlike traditional phishing Web sites that have static Web pages designed to look like a real online bank or other trusted site, the dynamic page created by the phishing kit actually pulls in the current Web site of the target organization and displays it. However, any data entered is captured by the miscreants, Hinrichsen said.

“Once you enter your credentials, it would be intercepted by that server where the PHP file is hosted,” he said. At the same time, the victim is actually logged in to the legitimate site and may never know he’s been phished.

Shrewd phishers monitor the log-in process to validate that the data they capture is legitimate, Hinrichsen said. An incorrect username and password combination would be discarded. Also, the man-in-the-middle-style attack lets the miscreants continue to eavesdrop on the victim’s interactions with the legitimate Web site, according to RSA.

The most popular phishing targets are banks and online payment services such as PayPal. Auctioneer eBay is also a common target. Fraudsters run phishing scams to collect personal information that can be used for identity fraud.

Phishing protection is becoming common. The latest versions of Firefox and Internet Explorer include phishing shields. Also, security firms such as Symantec and McAfee sell antiphishing software.

Protection technologies typically rely on a list of known bad Web sites and display a warning when a user surfs to one of those. This means, however, that a brand-new fraudulent site won’t be detected. In general, people should be cautious when following links to any site that requires a log in. It is better to type in the address or use a bookmark.

A hacker stole sensitive data from a computer in the offices of French far-right leader Jean-Marie Le Pen, police said, fueling his fears that rivals used it to try and keep him out of the presidential race.

The security breach at Le Pen’s National Front party headquarters comes as the campaign intensified ahead of the April and May election with several candidates facing smear scandals in recent weeks.

Le Pen, who shocked France by finishing second in the 2002 presidential election, is struggling to secure the backing of at least 500 elected officials needed to run this time round.

He says he has been the target of a well-prepared offensive to persuade the officials, including mayors, not to sign and asked police to open an investigation after suspecting that a mole might have leaked the names of his potential backers.

After a visit to the headquarters of his National Front party on Friday, the police said the list of officials who had agreed to back Le Pen had been stolen by a hacker.

The hacker had gained access using an Internet site specializing in breaking entry codes. A National Front employee who used the computer that was hacked into was detained but later released.

News of the electronic break-in, came just a week after the Socialist party demanded an investigation into what it said was a spate of burglaries targeting its campaign team.

Le Pen has until March 16 to gain the sponsorship of at least 500 of France’s 42,000 elected representatives, including parliamentarians and mayors, to become a candidate.

He says he is 100 short and has accused a far-right rival of trying to poach his sponsors.

Despite his success in 2002, when he won 16.8 percent of the vote, Le Pen’s National Front party does not have any mayors and he has criss-crossed France for months to find backers.

Supporters of mainstream conservative candidate Nicolas Sarkozy have appeared increasingly uneasy at the prospect of Le Pen being blocked from running.

They believe National Front supporters will prove a vital pool of potential voters in an expected second-round run off between Sarkozy and Socialist candidate Segolene Royal, and fear a high abstention rate if Le Pen is shut out of the first round.

Among other candidates who may not make the sponsorship grade are anti-globalization leader Jose Bove who says he has accumulated just 350 signatures. Greens candidate Dominique Voynet says she has 500 pledges, but only 15 returned forms.

The candidates fear some mayors will not come good on their promises and say they need at least 600 pledges to feel safe.

Source: Reuters

© 2007 Reuters Limited. All rights reserved.