Facebook Password Reset Confirmation Spam — Bredolab, Zbot, Adware

Another cybercriminal group is abusing the face of Facebook in another malware spam blast, fooling users to install banking password stealing malware and adware on their systems.
The message of the email claims to arrive from “The Facebook Team”, but in fact, the spam is spoofed and not from the team at all:
“Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.
Thanks,
The Facebook Team”
The real Facebook Team maintains threat-related information, “what-to-do-if” information, and security related stuff here.
The emails maintain an attachment that may have various names. Here are a some of the attachment names that when unzipped and run, ThreatFire has protected its community against in the past day:
Facebook_Password_e9081.zip
FACEBOOK_PASSWORD_52132.ZIP
Facebook_Password_6dd19.zip
Facebook_Password_4cf91.zip
FACEBOOK_PASSWORD_50573-1.ZIP
Facebook_Password_c92dd.zip
FACEBOOK_PASSWORD_7A343.zip

So what is being sent out? Unfortunately, the AV vendors that are starting to detect this variant do not always identify what they are detecting accurately (lucky that they are detecting it at all!). But in the end, the zipped attachment contains an armored downloader. Some of the spammed downloader executables drop multiple variants of multiple families. Adware, spyware, spambots, why not all of them? They are all money makers for this malware distribution group.
The malware package, in some cases, includes the highly active and highly malicious Zbot family. It seems that the Bredolab protector and dropper/downloader in active development has proven to be effective enough against AV scanner detections, so the crimeware groups are re-wrapping their zbot malware with it. Also interesting is that these two families of malware have recently been distributed by groups that implement methods to remove the other bot from victim systems. It’s been described as another “War of the Bots” with Bredolab v. Zbot. Clearly, this active cybercrime group is a separate one with different aims and no internal wars.

Koobface, Bredolab, and Zbot-distributing cybercrime groups all spoof Facebook and other highly popular social networking sites to deliver their malware to victim systems. Avoid the confusion and install a behavioral based layer of protection like ThreatFire that reliably and effectively prevents Bredolab, Zbot, and other highly dangerous malware families. Surf where you want, PC Tools Facebook group here.

For Scareware, Every Day is Halloween

Halloween is all about tricks, treats and pretending to be something your not. Scareware must think every day is Halloween.

Computer experts are reporting that scareware is on the rise. Scareware - a sneaky hacker technique used to steal personal information and spread viruses - is being found in more and more places online and even on trusted sites, like the New York Times.

"The recent scareware attacks are cropping up everywhere and can be found on even the most trusted Web sties online," said Alison Southwick, BBB spokesperson. "The threat of scareware undermines consumer trust in compromised Web sites, and on the Internet in general, but there are steps computer useres can take to protect themselves."

How Scareware Tricks and Treats

Scareware usually presents itself as a pop up window on your computer that looks like it is from your computer. It gives some message that your computer has been infected with a virus that needs to be removed. Often the message tells you to go to the link provided to purchase and download anti-virus software. Once the software is purchased the download begins. Unfortunately, it is not anti-virus software that is being downloaded, but more viruses and malware.
If that weren't bad enough, now the hackers have your credit care information too.
This senario is playing out all over the internet. It was in mid-September that visitors to the New York Times web site started getting the infected pop up window. The New York Times traced the infected window back to an unauthorized ad. They later found out that the ad space was sold to hackers posing as Vonage.
But The New York Times is not the only site being affected and pop up windows are only half the story with scareware. According to Computer World Magazine, hackers are also "poisoning Google search results." Hackers monitor popular search topics and then create infected web pages with related content. They work to get those to the top of Google search results and when someone clicks a link in the search results - the infamous pop up window appears.

How to Protect Your Computer

Fortunately there are steps that you can take to protect your computer from scareware:

• Never let your guard down. It is a fact that scareware can show up on even the most trusted sites, Google, Twitter, The New York Times, etc.
• Protect your computer. Keep your operating system updated and install a good quality anti-virus program. We recommend the following packages: Norton 360 (includes backup and other features), Norton Internet Security 2010 (good all around option), or avast! (free and good), and keep it up to date. Also make sure that all security patches and updates are installed for your webrowser and programs like Adobe Flash Player.
• Take immediate action during an attack. If a scareware window opens up force close it using the task manager and then run your trusted anti-virus software.

If you clicked on the link and have downloaded the software all is not lost, but things aren't good. The Washington Post offers advice on their Security Fix blog of how to rid your computer of the viruses and malware. But if you aren't computer savvy, you may think about calling a professional to clean up the mess.

UPDATE: An article from Wired magazine's Threat Level blog sheds more light on how web sites are being targeted for malware distribution:
Web ads have become much more advanced over the years and many now include scripts that provide data tracking and other functions. Because of this, crooks are working to have their "ads" run on popular websites. Their ads also contain scripts, but the code displays scareware instead of tracking clicks or views.
In the article, Gawker Media - a major blog network of sites like Gizmodo, LifeHacker, Jalopnik and others - was targeted for ad placement, but fortunately Gawker has a team of geeks that digs into the code of any ads and confirms that it contains no malicous code. I'm guessing the NY Times now is enforcing a similar policy (yep, it is now).
Heaven help us when we visit sites that have no such team of geeks to protect us from malicious ads...

Clampi Trojan Virus Attacks the World of Online Banking

July 2009 not only brought the hopes of fun summer activities, but it also brought the new vicious Trojan virus called Clampi.

Clampi is a newly sophisticated virus designed to attack online banking systems.  And unlike most Trojan viruses this virus can be picked up from trusted sites like blogs, online magazines, search engines and mainstream news websites, not just gambling and pornography sites.  It also is only designed to attack computers running the Microsoft Windows operating system.  So Mac users are safe from Clampi, for now.

Currently, Clampi is tracking over 4,500 financial websites.  Most Trojan viruses usually track 30-40 sites at a time.  Clampi is designed to watch: banks, credit card companies, e-mails, retail sites, utilities, online casinos, wire transfer services, share brokerages, government sites and mortgage lenders. Clampi is also not just limited to the United States.  It has been found attacking in the United States, Britain and other English speaking countries.

How Clampi Operates

Once Clampi has been picked up it settles into your computer and waits.  What does it wait for?  It waits for the user to log on to a bank account, credit card or some other financial website.  Once the login information is entered, Clampi grabs it and shoots it to the cyber criminal's computer.  From there the criminal uses the information to fulfill their desires.  Whether it is taking money from a bank account, using a credit card to make purchases or reek whatever havoc they may.

What Clampi Can Do

Maybe you're thinking that this can't happen to you and maybe it won't. But it has been reported that through the use of Clampi criminals have stolen $75k from a car parts company in Georgia, $30k from a non-profit childcare organization in Seattle, $480k from an online city bank account, $150k from a public school district in Oklahoma, $350k from a Chicago-are school district and $700k from the Western Beaver School District in Pennsylvania. There have also been reports of companies losing anywhere from $10k to $500k because of this one virus. There is really no telling how many people have been victims of the Clampi virus.

What You Can Do

The most important thing you can do is to be proactive about protecting yourself from getting Clampi. Here are some ways to be proactive:

• Protect your computer with security software. It should be a natural part of being online. Make sure that you have the most current version of your anitvirus software and download any necessary patches to keep it current.
• Avoid clicking on suspicious links on blogs, e-mails and social networking sites. If you are not sure that it can be trusted, then don't go there.
• Don't use e-commerce sites that you are not familiar with and use a credit card instead of a debit card when making online purchases.
• Use caution when using a wi-fi network - especially one outside your home, like at an airport or coffe shop. Don't access financial web sites when using wifi in these kinds of locations. Make sure that your connection is password protected so that others cannot hack into your connection. Use WPA2 (or stronger) encryption and strong passwords when setting up your wireless network at home.

URLZone, A Newly Discovered Banking Trojan Rewrites History!!!

Posted by John B. Frank

Well, it's official...Clampi, Zeus and Conficker are NOT alone. I said in earlier posts that it would only be a matter of time before another threat to online banking reared it's ugly head.  No I had to update my War of the World Wide Web graphic to include this one...(below)

I must admit, I didn't think it would happen this quickly.   Again...it avoids detection (see what I mean about prevention being better?) and it takes advantages of the inherent weaknesses in the browser...and the fact that we stupidly (sorry...naivete is no longer an excuse)  continue to "type" versus "swipe" when we authenticate ourselves online. 

Introducing URLZone, a NEW Banking Trojan. You know what IT does? It steals the user's online bank account log-in information, accesses your account, begins draining it and rewrites the code to cover it up. You think I'm kidding right?

Oh...but I'm not...

New Malware Re-Writes Online Bank Statements to Cover Fraud

According to Wired, the malware, called URLZone, infects a computer when the user visits a compromised site, or a site set up by hackers.

Then, the program steals the user's bank account log-in information  (because it is TYPED) and begins draining funds that it then sends to other designated accounts. However, the victim doesn't realize the money is missing because the program rewrites the text in the html code. So, when the browser displays the page, it looks like either no money has been stolen or just a small amount has been transferred.

Think it's time to start accessing our online bank accounts without typing yet?  No?  Read on:

The new Trojan, called URLZone, features a number of innovations not widely seen in Internet crime. For example, the Trojan can estimate precisely how much money to steal based on how much dough you have in your account, and can even siphon money in small increments to evade detection.

"It's a next generation bank Trojan," Yuval Ben-Itzhak, chief technology officer at Finjan, a cyber-security firm, told CNET News.com. "This is part of a new trend of more sophisticated Trojans designed to evade anti-fraud "detection" systems.

The infected machines ended up with a bank Trojan – in this case, the URLzone bank Trojan. This nasty piece of crimeware has the following features:

• It logs credentials and activities of bank accounts
• It takes screenshots of webpages served by the websites mentioned before Installed on the victims’ machines, it steals money from the compromised accounts
• It hides its fraudulent transaction(s) in the report screen of the compromised account
• Its C&C server sends instructions over HTTP about the amount to be stolen and where the stolen money should be deposited
• It also logs and reportson other web accounts (e.g., Facebook, PayPal, Gmail) and banks from other countries

A Trojan horse is a type of malware -- or malevolent software -- that allows criminals unauthorized access to the user's computer system. Details of URLZone appear in a new report by Finjan's Malicious Code Research Center.

URLZone takes advantage of vulnerabilities in web browsers, including Firefox and Internet Explorer, then executes a program on Windows systems -- which means if you're running a Mac, you're safe. For now!

Google stalks your social circle

Google took its beach towel down to the social networking pool yesterday with the release of its latest Facebook-apeing Web 2.0-stylie search tool.
Mountain View announced a new Google Labs experiment - dubbed “Social Search” - that creepily helps users probe more “relevant public content” from their “broader social circle”. The company has already been improving search results to make them more personally tailored to an individual surfer’s stalker needs.“With Social Search, Google finds relevant public content from your friends and contacts and highlights it for you at the bottom of your search results,” said Google in a blog post.
The tool allows users to see search results for a simple query, such as New York, that includes any friends that might have referenced the city in their blog. Social Search can also be filtered so that only results of content from a person’s “social circle” are shown.

In a move to silence privacy critics of Social Search, Google pointed out that all the information it pools together via the tool was already “published publicly on the web”.
“What we've done is surface that content together in one single place to make your results more relevant,” it said.
Google has stitched a user’s friends and contacts list into a public Google profile, which grabs info from the likes of Twitter. Anyone interested in using the tool needs to first sign up to a Google account - if they don’t have one already, that is.
“If you use Gmail, we'll also include your chat buddies and contacts in your friends, family, and coworkers groups. And if you use Google Reader, we'll include some websites from your subscriptions as part of your social search results,” said the firm. ®

Mass web infections spike to 6 million pages

An estimated 5.8 million pages belonging to 640,000 websites were infected with code designed to launch malware attacks on visitors, according to a report released Tuesday.
The numbers, compiled over the third quarter by security firm Dasient, represent a significant jump in number of legitimate websites that have been compromised. According to numbers Microsoft released on April, some 3 million pages were infected. The number of sites blocked by Google more than doubled between December and August, to almost 350,000.

"The bad guys are significantly taking advantage of attacking servers so they can distribute their malware to a very, very large number of clients," said Dasient co-founder Ameet Ranadive. "A lot of these infections are complex and often pretty obfuscated, so it's difficult for experienced webmasters to figure out what parts of their site have been infected and then to remediate it."

To understand just how hard it is for webmasters to clean up the mess, consider this: In the third quarter, 39.6 percent of compromised sites had been reinfected after trying earlier to clean up the malware. Criminals are often able to attack a site repeatedly because webmasters fail to change passwords or patch vulnerable web applications that led to the initial exploit.
Eleven days ago, ScanSafe, a separate security firm that announced Tuesday it is being acquired by Cisco, reported that more than 2,000 websites were compromised by a mass web infection known as Gumblar. Many of those sites were likely hit in earlier waves and simply reinfected, a ScanSafe researcher said at the time.
An estimated 54.8 percent of the attacks observed by Dasient involved malicious javascript that was injected into compromised sites. iFrames that silently redirected users to malicious sites came in second at 37.1. Dasient has cataloged more than 72,000 unique malware infections involving websites.
The attacks are growing in popularity because they allow criminals to reach large numbers of victims with a minimum amount of effort. For end users who fail to install the latest versions of Adobe Reader, Adobe Flash and other software on their machines, the attacks often result in a "browse and get compromised" scenario, in which their systems are surreptitiously infected simply by visiting the site.
"Hackers are starting to see some success from these attacks and whenever they see success, they continue to invest more," Ranadive said. ®

Rogue trader calls for smarter regulation to avert disaster

By John Leyden
The Register
26th October 2009

RSA Europe 2009 - Nick Leeson, the rogue trader who bankrupted a bank before it became fashionable, said that unless the quality of regulation improves, further financial disasters such as the Barings Bank collapse he precipitated are inevitable.

Leeson, told journalists at the RSA Europe conference on Thursday that little has changed in the 14 years since his actions resulted in losses in excess of 827m ($1.3bn) and the collapse of Barings in 1995. He told delegates that fraud management systems with appropriate knowledge-based rules are the only way to expose the cavalier risk taking he carried out during three years at Barings.

Better regulation - not tighter or looser regulation - was needed, Leeson argued.

As an ambitious 25-year-old, Lesson travelled over to Singapore in 1992 to establish a business for Barings in the futures and derivatives market. Early successes were soon replaced by losses which Leeson disguised by pushing losses into an error account (called 88888). He covered these losses by obtaining an overdraft, with daily funds from London keeping the bank afloat as the losses and overdraft swelled. It was only when other banks called in the debt that the situation collapsed.

Guardian job website hit by hackers

By Warwick Ashford
ComputerWeekly.com
26 Oct 2009

The Guardian has notified around 500,000 users of its UK jobs website that their personal details may have been compromised in a hacker attack.

Users have been advised to take precautionary measures including contacting a credit reference agency and the UK fraud prevention service Cifas to ensure their information is not being used.

The Guardian claims in reports that the "sophisticated and deliberate hack" was stopped while still in progress.

According to a security notice posted on the Guardian jobs website, administrators of the site have identified how the site was hacked and has taken steps to prevent a recurrence.

No technical details have been released because these are part of the investigation being conducted by the central e-crime unit at Scotland yard, a spokesman said.

Socialite Charged with Hacking Voice Mail

The Early Show
Oct. 21, 2009

(CBS) - Most of us carry a cell phone to stay in touch. But, as CBS News Science and Technology correspondent Daniel Sieberg reports, you might be surprised to learn just how easy it is to violate your privacy or even trick you.

A high-profile publicist is accused of hacking into the voice mail of some other women, including one who dated her ex-boyfriend.

Former Dolce & Gabbana publicist Ali Wise is accused of hacking into the voice mail of a romantic rival after the woman started dating Wise's ex-boyfriend.

Wise used free software called "SpoofCard" to gain access to the voice mails. The program also lets you disguise your voice and make it appear as though you're calling from a different number.

Wise's lawyer, Ed Kratt, told CBS: "SpoofCard is readily available on the Internet to anybody who wants to use it. One of the issues is whether Ali realized what she was doing was unlawful and the answer to that is clearly she did not."

Military`s Intranet Vulnerable to NK Hacking

The Dong-A Ilbo

OCTOBER 24, 2009

The military's intranet is vulnerable to attacks by North Korean hackers, a lawmaker from a minor party said yesterday.

Rep. Lee Jin-sam of the minor conservative Liberty Forward Party said, "North Korean hackers attacked our military's intranet in the Ulchi Freedom Guardian in August after the Defense Security Command warned troops of hacker attacks in advance."

"As a result, part of major intranets of the Air Force and Navy were frozen for several hours, and important data, including more than 1,000 cases of intelligence and grade 2 classified data, were leaked."

Lee was speaking at the annual parliamentary inspection of the Defense Ministry and the Joint Chiefs of Staff.

Computer failure paralyses Swiss ministries

The Times of India

26 October 2009

GENEVA: Complicated computer problems at key Swiss government ministries have paralysed work at several offices since Friday, a government spokesperson said.

The foreign ministry was hardest hit by the information systems failure and likely will face severe computer restrictions Monday.

The finance and interior ministries will fare better and be back at work when the week starts, Karolina Kohout, a spokeswoman for the Federal Office of Information Technology told the Swiss News Agency Sunday.

Speculation is rife in the Swiss media that the problems were brought on by a hacker. The errors were first noticed Friday. The government has not commented on those reports.

Obama declared the swine flu outbreak a national emergency

WASHINGTON – President Barack Obama declared the swine flu outbreak a national emergency, giving his health chief the power to let hospitals move emergency rooms offsite to speed treatment and protect noninfected patients.

The declaration, signed Friday night and announced Saturday, comes with the disease more prevalent than ever in the country and production delays undercutting the government's initial, optimistic estimates that as many as 120 million doses of the vaccine could be available by mid-October.

Health authorities say more than 1,000 people in the United States, including almost 100 children, have died from the flu, known as H1N1, and 46 states have widespread flu activity. So far only 11 million doses have gone out to health departments, doctor's offices and other providers, according to the Centers for Disease Control and Prevention officials.

Administration officials said the declaration was a pre-emptive move designed to make decisions easier when they need to be made. Officials said the move was not in response to any single development.

Health and Human Services chief Kathleen Sebelius now has authority to bypass federal rules when opening alternative care sites, such as offsite hospital centers at schools or community centers if hospitals seek permission.

Some hospitals have opened drive-thrus and drive-up tent clinics to screen and treat swine flu patients. The idea is to keep infectious people out of regular emergency rooms and away from other sick patients.

Hospitals could modify patient rules — for example, requiring them to give less information during a hectic time — to quicken access to treatment, with government approval, under the declaration.

It also addresses a financial question for hospitals — reimbursement for treating people at sites not typically approved. For instance, federal rules do not allow hospitals to put up treatment tents more than 200 yard away from the doors; if the tents are 300 yards or more away, typically federal dollars won't go to pay for treatment.

Administration officials said those rules might not make sense while fighting the swine flu, especially if the best piece of pavement is in the middle of a parking lot and some medical centers already are putting in place parts of their emergency plans.

The national emergency declaration was the second of two steps needed to give Sebelius extraordinary powers during a crisis.

On April 26, the administration declared swine flu a public health emergency, allowing the shipment of roughly 12 million doses of flu-fighting medications from a federal stockpile to states in case they eventually needed them. At the time, there were 20 confirmed cases in the U.S. of people recovering easily. There was no vaccine against swine flu, but the CDC had taken the initial step necessary for producing one.

"As a nation, we have prepared at all levels of government, and as individuals and communities, taking unprecedented steps to counter the emerging pandemic," Obama wrote in Saturday's declaration.

He said the pandemic keeps evolving, the rates of illness are rising rapidly in many areas and there's a potential "to overburden health care resources."

The government now hopes to have about 50 million doses of swine flu vaccine out by mid-November and 150 million in December. The flu virus has to be grown in chicken eggs, and the yield hasn't been as high as was initially hoped, officials have said.

"Many millions" of Americans have had swine flu so far, according to an estimate that CDC Director Dr. Thomas Frieden gave Friday. The government doesn't test everyone to confirm swine flu so it doesn't have an exact count. He also said there have been more than 20,000 hospitalizations.

New Adsense Alternative

new adsense alternative. referred members 80% of the revenue share! instead of 60% non referrered, join today http://tinyurl.com/iremove09

China Expands Cyberspying in U.S., Report Says

By SIOBHAN GORMAN
The Wall Street Journal
OCTOBER 23, 2009

WASHINGTON -- The Chinese government is ratcheting up its cyberspying operations against the U.S., a congressional advisory panel found, citing an example of a carefully orchestrated campaign against one U.S.
company that appears to have been sponsored by Beijing.

The unnamed company was just one of several successfully penetrated by a campaign of cyberespionage, according to the U.S.-China Economic and Security Review Commission report to be released Thursday. Chinese espionage operations are "straining the U.S. capacity to respond," the report concludes.

The bipartisan commission, formed by Congress in 2000 to investigate the security implications of growing trade with China, is made up largely of former U.S. government officials in the national security field.

The commission contracted analysts at defense giant Northrop Grumman Corp. to write the report [1]. The analysts wouldn't name the company described in the case study, describing it only as "a firm involved in high-technology development."

The report didn't provide a damage assessment and didn't say specifically who was behind the attack against the U.S. company. But it said the company's internal analysis indicated the attack originated in or came through China.

Botnet click fraud at record high

By Dan Goodin in San Francisco
The Register
23rd October 2009

Malware-infected computers are increasingly being used to perpetrate click fraud, according to a study released Thursday that found their contribution was the highest since researchers began compiling statistics on the crime.

In the third quarter of this year, 42.6 percent of fraudulent clicks were generated by computers that were part of botnets, compared with
36.9 percent the previous quarter and about 27.6 percent in the same period of 2008. The increase comes as criminals trying to profit from click fraud take advantage of new advances in malware that make the practice harder to detect.

"As the botnets get more sophisticated, they're able to perpetrate more click fraud," said Paul Pellman, CEO of Click Forensics, the advertising auditing firm that prepared the report. "They're finding new ways of being distributed, and that's reflected in the data."

The jump in botnet use over the past year comes as the overall amount of click fraud dropped, from 16 percent of all paid ads in Q3 of 2008 to
14.1 percent last quarter. That means manual forms of click fraud, in which large numbers of individuals engage in the practice, has decreased by an even larger margin. Many of those people get paid to knowingly gin the advertising results, while others are tricked into it.

Time Warner Cable Exposes 65, 000 Customer Routers to Remote Hacks

Forwarded from: *Hobbit*

And why was a similar hue and cry not raised two+ years ago over Actiontec's similar backdoor they deliberately built into DSL modems branded for Verizon?

http://techno-fandom.org/~hobbit/pix/vzdsl/

Zurich security breach affects 51,000 customers

By Gill Montia
Insurance Daily
October 22, 2009

Zurich Insurance plc has announced that it has written to around 51,000 general insurance customers and other parties in the UK regarding the loss of a back-up data tape in South Africa.

The tape, which also holds details of customers and other parties in South Africa and Botswana, was lost in August 2008 during a routine transfer to a data storage centre.

Zurich says its investigation have revealed deficiencies in the management of data tape security procedures.

The letters set out the recommended precautionary measures that customers can take as well as the steps that Zurich UK has in place to support policyholders.

Feds' Security Spending On a Roll: Over 8 Percent Growth Over Next Five Years

By Kelly Jackson Higgins
DarkReading
Oct 22, 2009

The U.S. federal government's IT security spending will jump from $7.9 million to $11.7 billion in 2014 thanks to tightening federal security regulations, a 300 percent jump in attacks on feds' networks and systems during the past five years, and the Obama administration's emphasis on security, according to new data from research firm Input.

"We see this as a bright spot in federal spending," says John Slye, principal analyst at Input, which expects a compound annual growth rate of 8.1 percent for security from 2009 to 2014. "[Security] seems fairly immune to some of the economic pressures we're seeing...factors like the huge risk of exposure to the government and that security has taken front and center in the Obama administration" are some of the reasons for this spending, he says.

Input says the top 10 executive branch departments -- the Office of the Secretary of Defense, U.S. Air Force, Homeland Security, Army, Navy, Department of Energy, Health and Human Services, Justice Department, Treasury Department, and Commerce Department -- account for 65 percent of all federal IT spending.

Not surprisingly, intelligence agencies and the Defense Department lead overall federal IT spending growth, with an annual growth rate for spending of 8.4 percent and 8.2 percent, respectively, followed by civilian agencies at 7.9 percent. Intelligence spending will jump from
$1.9 billion this year to $2.8 billion in 2014; Defense, from $3.8 billion to $5.6 billion; and civilian, from $2.3 billion to $3.4 billion.

Security services represents the biggest chunk of the federal security spending budget, with $4.4 billion today versus $2.7 billion for software, and less than $1 billion for equipment. According to Input, the services sector will hit $6.6 billion in 2014; software, $3.9 billion; and equipment, $1.2 billion.

Almost half ISO 27001 'compliant' firms break basic security requirements

Almost half of businesses that claim compliance with ISO 27001 are sharing privileged user accounts and breaking other standard guidance, according to a survey of IT managers.

Some 47 percent of firms in the UK said they were compliant with the standard. But forty-one percent of these said that they were using various non-compliant practices.

Bad practice by privileged users is putting European data at "high risk", according to the 'Privileged user management - it's time to take control' report. These practices included use of default user names and passwords, the granting of wider access than is necessary, failure to monitor the users, and an ignorance around the existence of privileged users in the first place.

Two hundred and seventy European IT managers, including 45 in the UK, were interviewed for the survey that was conducted by Quocirca.

Windows 7 Finally Officially Released Tomorrow...

Direct for the microsoft site

"You told us what you wanted in the next version of Windows and we listened. On October 22, Windows 7 will be widely available and you can see the results for yourself. We’re updating this site to get you a lot more information about what’s in it, how to use it, and, of course, how to buy Windows 7. So come back. Get a look at the operating system you helped design."

More Rouge Antivirus stuff...

Alaska Day and SEO Attacks

SEO attacks driving users to rogue AV sites isn't exactly new, but it does seem to be getting more widespread. Now, the "bait" they use to draw in unsuspecting users isn't just related to major world events or well-known holidays.

October 18th is Alaska Day, an official state holiday in the northern US state of Alaska, when many towns will take part in big Alaska Day festivities. It's not a well-known holiday, even in the US. Still, someone's taking advantage of it to do some social engineering.

Anyone searching for "Alaska Day" information may see the following website:



Hmm, "reptiles of alaska"? Sounds rather intriguing. If you click on the link though, as with most of these cases, the visitor gets redirected to a final webpage that displays fake alerts and a image of a fake scan:





The redirection path followed is:



As usual, F-Secure Internet Security 2010 users are protected with our Browsing Protection feature.


WebSecurity post by — Chu Kian

 

Fake Facebook, Fake Video, Fake CAPTCHA

Watching videos on Facebook is a popular activity, so it's not surprising to find dozens of fake copycat sites being used to infect unsuspecting viewers with malware.

Here's one fake Facebook site with a malicious JavaScript that uses the old "Flash Player upgrade installation" trick — but with a slight twist.

As usual, the viewer thinks they're going to see a video, if they just upgrade their Player:


But first they have to download and install the "upgrade":



The unusual thing is, this "upgrade" comes with a CAPTCHA pop-up:



The request is displayed at random times and doesn't actually do anything. Anything entered into the field by the user results in this being displayed:



The screen will close after a few tries, but will still continue to appear off and on.

While the user is having dubious fun with the CAPTCHA test, the malware copies a couple files to C:\Windows, deletes itself, and creates a few Registry keys.



We detect the malware as Trojan:W32/Agent.MDN.

Our Browsing Protection blocks the whole fake Facebook website entirely. As usual though, be careful when you're surfing.


WebSecurity post by — Choon Hong

Scanti-ly Clad - Another Rogue Out There

Anyone who’s seen a system infected by a rogue security program doesn’t need to be told how annoying they can be, as they attempt to scare, threaten, cajole, hector, harangue, pester, aggravate, intimidate, badger, harass and generally nag* the user into paying to register the fake software. And even among rogues, there are few that are quite as annoying as Win32/FakeScanti, which is this month’s addition to the Malicious Software Removal Tool (MSRT).
*I realize I’m being more than a little repetitive here.  But this still pales in comparison to how repetitive your average rogue can get.

We first saw a variant of Win32/FakeScanti back in early March of this year, when it went by the name of ASC Antivirus. There was then very little activity on the FakeScanti front until late July, when we noticed a file, which we detect as TrojanDownloader:Win32/FakeScanti, downloading a new version of the scanner going by the name of Windows Antivirus Pro. This version was proactively detected by the signatures added in March. Since then there has been a steady stream of new files, but only one name change, to Windows Police Pro. Apart from the name change, the user interface, and even the list of alleged “malware” detected by this rogue, has remained identical:

FakeScanti has your usual grab bag of popups, system tray balloons, and dialog boxes (and there are many examples of these in our Win32/FakeScanti description) all reporting malicious activity, and recommending that the reported threats be removed. Of course, if you want this to happen, then naturally you have to pay:

These popups tend to pile up on the screen at a rapid rate, and dismissing any one of these results in the confirmation dialog below, which also needs to be closed. Notice how the placement of the Purchase and Continue buttons is swapped compared to the dialog above.

Win32/FakeScanti also uses a number of other tricks common to many other rogues, such as the display of a fake version of the Windows Security Center, or blocking access to certain web sites:

It uses a number of other methods in an attempt to convince users that the system is infected. These include:

• Periodically rebooting the system
• Preventing other executables from running

It does this by associating the .exe extension with desot.exe, one of the files installed by Win32/FakeScanti. As a result, when an attempt is made to run one of these files, the filename is passed to desot.exe, which will decide whether it is allowed to run, and display a message box such as the one above if not.

• Using Active Desktop to place text on the desktop background

• Displaying error messages which resemble the “Dr Watson” Windows system error dialog

The “Fix it” button launches the fake scanner. The other buttons do not do anything.
As we've mentioned before, if you're concerned about the veracity or legitimacy of a particular antivirus scanner, it's a good idea to check if the product in question has received any industry-recognized certification. Virus Bulletin VB100 is a good place to start, but there are other industry-recognized testing and certification bodies that are good for this kind of verification. If you're looking for security software for your computer, you could also visit http://www.microsoft.com/windows/antivirus-partners for a list of security software providers.
If you believe you are infected, we encourage you to use the Windows Live OneCare safety scanner to check your PC for malware and to help remove them from your system.  In addition we encourage you to submit any suspicious files to the MMPC team for analysis. If you don’t already have active, up-to-date Anti-malware protection remember that our new security product - Microsoft Security Essentials – runs quietly in the background and never asks you for payment.
--David Wood

VISTA_32_BIT_BLACK(HAT)_EDITION_2009.iso

Posted Tuesday, October 20, 2009 3:10 PM by mmpc
As we’ve mentioned before, your average user is the most at risk of getting infected these days. So, with the release of Microsoft Security Essentials recently en masse, we’re really able to see some of the fruits of our labour over the last few years. We’re very pleased to see such a positive response to MSE, with many new home users giving it a try, which as you can imagine, makes us all happy little Vegemites*.
As you might expect, we see pretty different infection types from home-users versus the enterprise. Generally, infection vectors for the home user are web-based; either via malicious websites or by being enticed to download something that is, how you say ‘not so much with the good’.  The term ‘home user’ generalises – computer-based experience of these users covers a broad spectrum. The savvier of these computer users, one would expect, would have a better chance of avoiding infection. However this is not entirely true; as we’ve mentioned in previous posts, savvy computer users actually open themselves up to more risks while they’re exploring the deeper darker depths of what the Internet has to offer.
To wit, after MSE’s release, we’ve seen a spike in a particular variant of Win32/Bifrose – Backdoor:Win32/Bifrose.EO. Why, you ask? Well, it seems that the malware authors (or perhaps an unsuspecting pirate) are distributing a ‘cracked’ version of Windows that comes pre-infected for your convenience – labelled, fittingly, “Vista Black Edition”. Just to clarify, this means computer users are downloading an ISO of pirated Microsoft software (and saving to disk on a Genuine Windows system) and a free Microsoft anti-virus product is alerting them to a potential infection in their freshly stolen software. I’m not really sure if ‘irony’ really emphasises the situation enough. But hey, at least the Windows is free**, right?
What’s even more interesting (read: funny) is that despite this, it seems this isn’t enough to stop people from trying to utilize their ill-gotten gains. Underground forums are teeming with helpful hints on how to disinfect your newly acquired (though somewhat ‘not as advertised’) software. No doubt some of the instructions include using other pirated software products.
So you see kids, illegal software is seldom free of all cost. Chances are you’re paying for it in ways you didn’t consider.
Matt McCormack
MMPC Melbourne
*The team down in Australia at least
** Disclaimer: “Free” may be changed at any time to actually mean “cost you”, with one or more of the following words appended to the end: passwords, bandwidth, login information, bank account details, email accounts, credit rating, dignity, ...

Scareware Serving Conficker.B Infection Alerts Spam Campaign

A fake "conficker.b infection alert" spam campaign first observed in April, 2009 (using the following scareware domains antivirus-av-ms-check .com; antivirus-av-ms-checker .com; ms-anti-vir-scan .com; mega-antiviral-ms .com back then) is once again circulating in an attempt to trick users into installing "antispyware application", in this case the Antivirus Pro 2010 scareware.

This campaign is directly related to last week's Microsoft Outlook update campaign, with both of these using identical download locations for the scareware.

The following is an extensive list of the domains involved in the campaigns:
abumaso3tkamid .com - Email: drawn@ml3.ru
afedodevascevo .com - Email: sixty@8081.ru
alertonabert .com - Email: flop@infotorrent.ru
alertonbgabert .com - Email: vale@e2mail.ru
alioneferkilo .com - Email: va@blogbuddy.ru
anobalukager .com - Email: chalkov@co5.ru
anobhalukager .com - Email: humps@infotorrent.ru
bufertongamoda .com - Email: kurt@8081.ru
buhafertadosag .com - Email: bias@co5.ru
buhervadonuska .com - Email: vale@e2mail.ru
bulakeskatorad .com - Email: bias@co5.ru
bulerkoseddasko .com - Email: bias@co5.ru
buleropihertan .com - Email: def@co5.ru
celiminerkariota .com - Email: morse@corporatemail.ru
certovalionas .com - Email: kurt@8081.ru
dabertugaburav .com - Email: def@co5.ru
elxolisdonave .com - Email: curb@cheapmail.ru
enkafuleskohuj .com - Email: kerry@freemailbox.ru
ertanueskayert .com - Email: xmas@co5.ru
ertonaferdogalo .com - Email: kerry@freemailbox.ru
ertu6nagertos .com - Email: recipe@isprovider.ru
ertubedewse .com - Email: weak@infotorrent.ru
ertugasedumil .com - Email: chalkov@co5.ru
ertugaskedumil .com - Email: humps@infotorrent.ru
ertunagertos .com - Email: def@co5.ru
erubamerkadolo .com - Email: kerry@freemailbox.ru

fedostalonkah .com - Email: bias@co5.ru
ftahulabedaso .com - Email: raced@corporatemail.ru
gumertagionader .com - Email: seize@e2mail.ru
huladopkaert .com - Email: chute@infotorrent.ru
iobacebauiler .com - Email: roy@corporatemail.ru
itorkalione .com - Email: pygmy@8081.ru
julionejurmon .com - Email: jacob@freemailbox.ru
julionermon .com - Email: pygmy@8081.ru
konitorsabure .com - Email: chalkov@co5.ru
konitorswabure .com - Email: humps@infotorrent.ru
lersolamaderg .com - Email: chalkov@co5.ru
lersolamgaderg .com - Email: humps@infotorrent.ru
linkertagubert .com - Email: kerry@freemailbox.ru
lionglenhrvoa .com - Email: sixty@8081.ru
liposdakoferda .com - Email: leaf@corporatemail.ru
lopastionertu .com - Email: cues@e2mail.ru
nebrafsofertu .com - Email: humps@infotorrent.ru
nuherfodaverta .com - Email: morse@corporatemail.ru
nulerotkabelast .com - Email: dealt@8081.ru
nulkersonatior .com - Email: dealt@8081.ru
obuleskinrodab .com - Email: xmas@co5.ru
ofaderhabewuit .com - Email: kerry@freemailbox.ru
okavanubares .com - Email: chalkov@co5.ru
okaveanubares .com - Email: humps@infotorrent.ru

onagerfadusak .com - Email: cues@e2mail.ru
orav4abustorabe .com - Email: drawn@ml3.ru
oscaviolaner .com - Email: larks@freemailbox.ru
ovuiobvipolak .com - Email: sixty@8081.ru
ovuioipolak .com - Email: bias@co5.ru
paferbasedos .com - Email: chalkov@co5.ru
pafersbasedos .com - Email: humps@infotorrent.ru
polanermogalios .com - Email: dealt@8081.ru
rdafergfvacex .com - Email: jacob@freemailbox.ru
rtugamer5tobes .com - Email: drawn@ml3.ru
rtugamertobes .com - Email: kw@co5.ru
scukonherproger .com - Email: kazoo@isprovider.ru
shuretrobaniso .com - Email: frail@infotorrent.ru
tarhujelafert .com - Email: raced@corporatemail.ru
tavakulio5nkab .com - Email: recipe@isprovider.ru
tavakulionkab .com - Email: def@co5.ru
tertunavogav .com - Email: la@freemailbox.ru
tertunwavogav .com - Email: drawn@ml3.ru
tsabunerkadosa .com - Email: humps@infotorrent.ru

tsarbunerkadosa .com - Email: humps@infotorrent.ru
tubanerdavaf .com - Email: chalkov@co5.ru
tubanerdavjaf .com - Email: halkov@co5.ru
uhajokalesko .com - Email: flop@infotorrent.ru
uhajokvfalesko .com - Email: flop@infotorrent.ru
ulioperdanogad .com - Email: vale@e2mail.ru
uliopewrdanogad .com - Email: kerry@freemailbox.ru
uplaserdunavats .com - Email: dealt@8081.ru
utka3merdosubor .com - Email: drawn@ml3.ru
utkamerdosubor .com - Email: kw@co5.ru
utorganedoskaw .com - Email: kerry@freemailbox.ru
utorgtanedoskaw .com - Email: xmas@co5.ru
uvgaderbotario .com - Email: def@co5.ru
vudermaguliermot .com - Email: leaf@corporatemail.ru
vuilerdomegase .com - Email: leaf@corporatemail.ru
vuilleskomandar .com - Email: seize@e2mail.ru
vulertagulermos .com - Email: dealt@8081.ru
vuretronulevka .com - Email: dealt@8081.ru
weragumasekasuke .com - Email: kazoo@isprovider.ru
werynaherdobas .com - Email: dealt@8081.ru

Despite the comprehensive portfolio of domains used, relying on spam to increase revenue from scareware sales is prone to fail, in this specific case due to the lack of event-based social engineering theme, something that was present in the first campaign.

ChoicePoint to pay $275,000 in latest data breach

By Elinor Mills
InSecurity Complex
CNet News
October 20, 2009

ChoicePoint, one of the nation's largest data brokers, has been fined $275,000 by the U.S. Federal Trade Commission for a data breach that exposed personal information of 13,750 people last year.

In April 2008, ChoicePoint turned off a key electronic security tool that it used to monitor access to one of its databases and failed to notice the problem for four months, according to an FTC statement.

During that period, unauthorized searches were conducted for 30 days on a ChoicePoint database that contained Social Security numbers and other sensitive information, the FTC said.

The FTC alleged that ChoicePoint's conduct violated a 2006 court order requiring the company to institute a comprehensive information security program following a 2005 breach that compromised the personal information of more than 163,000 people and resulted in at least 800 cases of identity fraud. The company was ordered to pay $10 million in civil penalties and $5 million to consumers in that case.

Classified Info on Dangerous Chemicals Hacked

The Korea Times
10-17-2009

Hackers stole classified information on dangerous chemicals in their raid on the South Korean army computer network in what was believed to be an attack by North Korea, Yonhap News Agency reported Saturday, quoting government officials.

The Chemicals Accident Response Information System, used by 589 South Korean government agencies including fire and police stations, was accessed by hackers on March 5. Hackers appear to have broken into the system using the ID of a South Korean army officer whose personal computer was infected by a virus, according to officials.

"We believe the hacker tapped into the system using the ID, withdrawing classified information of 1,350 dangerous chemicals," an army official was quoted as saying by Yonhap. "The government believes North Korea could be behind the hacking. We are continuing our investigation."

The revelation comes less than three months after cyber attacks severely slowed or disrupted dozens of South Korean government and business Web sites, including those of the presidential office and ministries of defense and foreign affairs. Rumors were rampant then that North Korean hackers orchestrated the attacks, although they have yet to be substantiated.

"We are trying to find out exactly how much information has been withdrawn," another unnamed official at Seoul's Environment Ministry was quoted as saying, adding the government has asked organizations dealing with the chemicals to tighten security.

Unnamed intelligence sources in Seoul said in May that North Korea operates a cyber warfare unit that seeks to disrupt South Korean and U.S. military networks and visits U.S. military sites more frequently than any other country.

South Korea and the U.S. signed a memorandum of understanding on April 30 to bolster cooperation in fighting cyber terrorism against their defense networks.

VoIP hack suspect fugitive extradited back to US

By John Leyden
The Register
19th October 2009

A Venezuelan hacking suspect arrested in Mexico last February on computer hacking and fraud charges faces a court appearance in New Jersey on Tuesday, following his extradition to the US last week.

Edwin Pena, 26, a former Miami resident, fled from US justice in August
2006 two months after he was bailed on charges of hacking into phone systems and stealing VoIP call credits. Pena allegedly resold these services in collusion with an accomplice, Robert Moore of Washington.
Pena and Moore raked in an estimated $1.4m through the alleged sale of 10 million voice call minutes stolen from telecoms suppliers.

Moore pleaded guilty multiple computer hacking and fraud offences in late 2007, resulting in a two year jail sentence. His admitted involvement in the scam involved scanning telecom supplier networks for vulnerabilities between June 2005 and October 2005. Pena, the alleged brains of the operation and major beneficiary, use Moore's reconnaissance to draw up a list of targets for attack.

The Venezuelan used brute force techniques to extract activation codes from vulnerable telecom supplier systems. Among those victimised was a Newark, New Jersey supplier of telecoms services.

Medical Records: Stored in the Cloud, Sold on the Open Market

By Kim Zetter

Threat Level

Wired.com

October 19, 2009

When patients visit a physician or hospital, they know that anyone involved in providing their health care can lawfully see their medical records.

But unknown to patients, an increasing number of outside vendors that manage electronic health records also have access to that data, and are reselling the information as a commodity.

The revelation comes in a recent New York Times article about how so-called "scrubbed" patient data isn't as anonymous as people think.

The piece focuses primarily on how anonymized data can be cross-bred with other publicly available databases, such as voting records, which subverts the anonymity. Buried near the end of the article is the news that medical data is collected, anonymized and sold, not by insurance agencies and health care providers, but by third-party vendors who provide medical-record storage in the cloud.

Electronic health record (EHR) services have been a growing industry in the last few years, according to Sue Reber, marketing director of the Certification Commission for Health Information Technology. Reber says most vendors used to simply sell software packages; once the product was sold, the vendor had no connection to the data stored in it. But an increasing number of companies have begun to offer web-based software-management applications that include database storage controlled and managed by the vendor.

Botnet Unleashes Variety Of New Phishing Attacks

By Kelly Jackson Higgins

DarkReading

Oct 19, 2009

The massive Zbot botnet that spreads the treacherous Zeus banking Trojan has been launching a wave of relatively convincing phishing attacks during the past few days -- the most recent of which is a phony warning of a mass Conficker infection from Microsoft that comes with a free "cleanup tool."

The wave of attacks began early last week targeting corporations in the form of email messages that alerted victims of a "system upgrade." Email is accompanied by poisoned attachments and links; in some cases it poses as a message from victims' IT departments, including their actual email domains, and alerts them about a "security upgrade" to their email accounts. The message then refers victims to a link to reset their mailbox accounts, and the link takes them to a site that looks a lot like an Outlook Web Access (OWA) page (PDF), but instead infects them with the Zeus Trojan.

Today, researchers at F-Secure spotted the botnet spamming out malware-laden email that tries to trick recipients with a convincing lure messages that says, "On October 22, 2009 server upgrade will take place."

"What we're seeing is an evolving campaign of different lures to see which one works," says Richard Wang, manager of Sophos Labs in the U.S.

The Zbot botnet, which is made up of 3.6 million PCs in the U.S., or 1 percent of all PCs in the country, according to data from Damballa, spreads the deadly Zeus Trojan. Zeus, which steals users' online financial credentials, represents 44 percent of all financial malware infections today, according to Trusteer.

Terrible DailyMail journalist, linking artice. Jan Moir What Have u Written

Artice ltake from Dailymail. Not sure how long Mrs Moir is going to have ajob for..

A strange, lonely and troubling death . . .



Stephen Gately

Dead at 33: Stephen Gately

The news of Stephen Gately's death was deeply shocking. It was not just that another young star had died pointlessly.

Through the recent travails and sad ends of Michael Jackson, Heath Ledger and many others, fans know to expect the unexpected of their heroes - particularly if those idols live a life that is shadowed by dark appetites or fractured by private vice.

There are dozens of household names out there with secret and not-so-secret troubles, or damaging habits both past and present.

Robbie, Amy, Kate, Whitney, Britney; we all know who they are. And we are not being ghoulish to anticipate, or to be mentally braced for, their bad end: a long night, a mysterious stranger, an odd set of circumstances that herald a sudden death.

In the morning, a body has already turned cold before the first concerned hand reaches out to touch an icy celebrity shoulder. It is not exactly a new storyline, is it?

In fact, it is rather depressingly familiar. But somehow we never expected it of him. Never him. Not Stephen Gately.

In the cheerful environs of Boyzone, Gately was always charming, cute, polite and funny.

A founder member of Ireland's first boy band, he was the group's co-lead singer, even though he could barely carry a tune in a Louis Vuitton trunk.

He was the Posh Spice of Boyzone, a popular but largely decorous addition.

Gately came out as gay in 1999 after discovering that someone was planning to sell a story revealing his sexuality to a newspaper.

Although he was effectively smoked out of the closet, he has been hailed as a champion of gay rights, albeit a reluctant one.

At the time, Gately worried that the revelations might end his ultra-mainstream career as a pin-up, but he received an overwhelmingly positive response from fans. In fact, it only made them love him more.

In 2006, Gately entered into a civil union with internet businessman Andrew Cowles, who had been introduced to him by mutual friends Elton John and David Furnish.

Last week, the couple were enjoying a holiday together in their apartment in Mallorca before their world was capsized.
Boyzone

Boyzone: Gately and his bandmates had a hugely successful career and had recently reformed

All the official reports point to a natural death, with no suspicious circumstances. The Gately family are - perhaps understandably - keen to register their boy's demise on the national consciousness as nothing more than a tragic accident.

Even before the post-mortem and toxicology reports were released by the Spanish authorities, the Gatelys' lawyer reiterated that they believed his sudden death was due to natural causes.

But, hang on a minute. Something is terribly wrong with the way this incident has been shaped and spun into nothing more than an unfortunate mishap on a holiday weekend, like a broken teacup in the rented cottage.

Consider the way it has been largely reported, as if Gately had gently keeled over at the age of 90 in the grounds of the Bide-a-Wee rest home while hoeing the sweet pea patch.

The sugar coating on this fatality is so saccharine-thick that it obscures whatever bitter truth lies beneath. Healthy and fit 33-year-old men do not just climb into their pyjamas and go to sleep on the sofa, never to wake up again.


More...

* Boyzone to play gig of their lives at Stephen Gately's funeral as police reveal his final few hours
* Stephen Gately smoked cannabis on night he died, civil partner tells Spanish police
* Louis Walsh pulls out of X Factor show to attend 'best friend' Stephen Gately's funeral

Whatever the cause of death is, it is not, by any yardstick, a natural one. Let us be absolutely clear about this. All that has been established so far is that Stephen Gately was not murdered.

And I think if we are going to be honest, we would have to admit that the circumstances surrounding his death are more than a little sleazy.

After a night of clubbing, Cowles and Gately took a young Bulgarian man back to their apartment. It is not disrespectful to assume that a game of canasta with 25-year-old Georgi Dochev was not what was on the cards.

Cowles and Dochev went to the bedroom together while Stephen remained alone in the living room.
Andy Cowles
Georgi Dochev

Gately's civil partner, Andrew Cowles, left, and Bulgarian student Georgi Dochev, right, were at the apartment on the night of the singer's death

What happened before they parted is known only to the two men still alive. What happened afterwards is anyone's guess.

A post-mortem revealed Stephen died from acute pulmonary oedema, a build-up of fluid on his lungs.

Gately's family have always maintained that drugs were not involved in the singer's death, but it has just been revealed that he at least smoked cannabis on the night he died.

Nevertheless, his mother is still insisting that her son died from a previously undetected heart condition that has plagued the family.

Another real sadness about Gately's death is that it strikes another blow to the happy-ever-after myth of civil partnerships.

Gay activists are always calling for tolerance and understanding about same-sex relationships, arguing that they are just the same as heterosexual marriages. Not everyone, they say, is like George Michael.

Of course, in many cases this may be true. Yet the recent death of Kevin McGee, the former husband of Little Britain star Matt Lucas, and now the dubious events of Gately's last night raise troubling questions about what happened.

It is important that the truth comes out about the exact circumstances of his strange and lonely death.

As a gay rights champion, I am sure he would want to set an example to any impressionable young men who may want to emulate what they might see as his glamorous routine.

For once again, under the carapace of glittering, hedonistic celebrity, the ooze of a very different and more dangerous lifestyle has seeped out for all to see.
Tara Palmer-Tomkinson: Too old for this look




Read more: http://www.dailymail.co.uk/femail/article-1220756/A-strange-lonely-troubling-death--.html#ixzz0UOGo8pwf

Microsoft Security Essentials anti-malware

Microsoft has released data from one week of people using Microsoft Security Essentials anti-malware, and the results are clear: XP machines are far more vulnerable than Vista PCs, and Vista PCs are more vulnerable than those with Windows 7. And Brazil, for unknown reasons, is a hotbed for worms.

In the first week after the release of Microsoft Security Essentials, Microsoft says, the software was downloaded 1.5 million times. The software detected nearly four million security problems on 535,752 different PCs.

According to the company, there were far more problems detected on Windows XP machines than on Vista or Windows 7. You can see the results below.

Microsoft said this is in keeping with the general trend that less malware is found on newer operating systems and service packs.

Some of the more interesting findings come from an analysis of threats by country. In the U.S. Trojans are the most-common malware, while in Brazil it's worms, notably Conficker and Taterf.

For more information, check out the findings from the Microsoft Malware Protection Center.