HackrNews

Scammers are sending bogus email disguised as a Microsoft security alert, in a criminal attempt to trick users into purchasing a rogue scanner (aka scareware). The fraudulent email reads as follows:

———————–

Starting April 1st 2009 the ‘Conficker’ virus started infecting Windows users very quickly. Microsoft was advised by your Internet provider that your system is showing signs of being infected.

In order to prevent further infection we advise running a full antispyware scan on your computer.

We are giving all effected Microsoft Customers with a free tool to remove the infection from their system.

Please visit the Microsoft System Security Scan website by clicking here (REMOVED) to start scanning your computer.

The scan will complete in under a minute and will prevent your information from being compromised. We appreciate your prompt cooperation.

———————–

Those who click the link and visit the site will be presented with a fake warning that their system is infected. Clicking anywhere on the site points to the download of the scareware.

Windows Live Search in Italy has been taken over by hackers according to reports. Security experts at Sunbelt software claim that certain queries typed into the search engine point to sites run by hackers. ‘It looks like the malware people have practically taken over Live search in Italy. 95 per cent or more of the following search results lead to extremely nasty malware and exploit sites,’ writes Alex Eckelberry. Rather than infiltrate Microsoft’s servers, the hackers appear to have employed SEO tactics to hijack the results of searches of specific keywords. Searches such as ‘online multimedia encyclopedia’, ‘online house insurance’ and ‘milan jacket’ land the searcher with a list of unsavoury sites.

Once the users were on the Live.com site apparently they were served up links to malware sites. The search engine itself was used as a conduit for sending people to the malicious search pages. This is yet another reason why search engines shouldn’t index XSS. Even if the site is benign, they would be indexing links to malicious pages on benign sites. Anyway, interesting read, and it’s scary that the SEO community is now dabbling in hacking as well. It was only a matter of time.

A possible security vulnerability in Windows Mail could let attackers run applications on PCs running
Vista. 

An attacker could send an e-mail with a malicious link that, when clicked on, would execute a program on the PC without warning, according to a description of the problem published Friday on a widely read security mailing list called Full Disclosure. Windows Mail is the successor to Outlook Express, Microsoft’s free e-mail client, and ships with
Vista.

Microsoft is investigating the issue, a company representative said in an e-mailed statement. “As a best practice, users should always exercise extreme caution when clicking on links in unsolicited e-mail from both known and unknown sources,” the representative said.

Depending on what the malicious link tells Windows Mail to do, the threat to Vista users could be significant, said Dave Marcus, security research and communications manager at software maker McAfee. “Theoretically, attackers can do a lot of things; they will be able to pass any command through it,” Marcus said.

However, the risk is mitigated because Vista is not widely used, Marcus said. “I don’t think they will see a lot of exploitation simply because there is so little
Vista deployed,” he said. “I think Microsoft would take this seriously and wrap this up in their next patch.”

Vista has been available to consumers since late January. Since then, Microsoft has issued one security update for the operating system to repair a “critical” vulnerability in the scanning engine for Windows Defender, the built-in antispyware tool.

Microsoft is not aware of any attacks that actually attempted to use the newly reported Windows Mail vulnerability, it said. Upon completion of its investigation, the company could issue a security update or provide guidance in another way, the representative said.

Source ZDnet News

another trojan, this time targeting MSN Live logins for. The trojan has been made public by some kind citizen calling himself “Our Godfather” on the BitTorrent network.

The sad thing is…I guess it works and hundreds of people will have installed it.

Malware designed to steal users’ Windows Live Messenger password has been released onto the net. The password stealer was released for download via BitTorrent earlier this week by a hacker using the handle “Our Godfather”.

The malware comes in the form of an IMB download confirmed by anti-virus firm Sophos as containing a password-stealing Trojan horse. Victims would need to be tricked into downloading and executing the malware, which might be renamed in a bid to disguise its identity, in order for the exploit to work.

It works a bit like the common phishing schemes, but it uses actual software to emulate the MSN Messenger login screen rather than a web-page.

“It displays a fake Windows Live Messenger Login Screen and prompts for login details. Username and password are captured and stored in C:\pas.txt,” explained Sophos senior technology consultant Graham Cluley.

Sophos has named the malware as MSNfake-M and added protection against the code to its security software packages. Other anti-virus firms can be expected to follow suit.

Another reason to use Sophos I guess, they are always ahead of the curve on this stuff.