Thursday, 15 October 2009

HTTP://IREMOVE.NL  COMING SOON
WERE GONNA BE READY ARE YOU?

Google shares malware samples with hacked site admins

Google has rolled out a feature that provides webmasters of compromised sites with samples of malicious code and other detailed information to help them clean up.
The search giant has long scanned websites for malware while indexing the world wide web. When it detects outbreaks, it includes language in search results that warns the site may be harmful and passes that information along so the Google Chrome, Mozilla Firefox, and Apple Safari browsers can more prominently warn users. Google also provides administrators a private list of infected pages so they can be cleaned up.
Now, Google will give additional detail by offering samples of malicious code that criminal hackers may have injected into a website. In some cases, the service will also identify the underlying cause of the malicious code. Admins of compromised websites will get the information automatically when logging in to Google's Webmaster Tools.
"While it is important to protect users, we also know that most of these sites are not intentionally distributing malware," Google's Lucas Ballard wrote here in announcing the new feature. "We understand the frustration of webmasters whose sites have been compromised without their knowledge and who discover that their site has been flagged."
Over the past few years, a variety of studies have concluded that the majority of malware being foisted on web surfers comes from legitimate sites that have been compromised. Web applications that don't properly vet text entered into search boxes and other website fields is one of the chief causes. Sloppy password hygiene by webmasters and compromises of website administration tools are two others.
The new feature will allow webmasters to view the the malicious javascript, HTML, or Adobe Flash that has been injected in to a site and provide the exact URL where it's found. Ballard cautioned the information should be considered a starting point in the process of cleaning the sullied site.
"If the underlying vulnerability is not identified and patched, it is likely that the site will be compromised again," he said. ®

Mozilla service detects insecure Firefox plugins

Slated for browser embedding
Mozilla has introduced a service that checks Firefox browser plugins to make sure they don't have known security vulnerabilities or incompatibilities.
The service debuted on Tuesday with this page, which checks 15 plugins to make sure they're the most recent versions. Over time, Mozilla developers plan to scan additional addons, and they also plan to embed a feature into version 3.6 of the open-source browser that will automatically indicate which plugins used on a current page are out of date.
The offering builds on a feature Mozilla rolled out last month that warned Firefox users when they had an out-of-date version of Adobe's Flash media player installed. In its first week, Mozilla statistics showed more than half of those who installed the latest Firefox release were running an insecure version of the frequently attacked plugin.
Not that the service has necessarily gotten off to as good a start as one might hope. Our tests failed to detect the use of Adobe Reader, another application widely abused by criminals. And other plugins, such as Google Picasa and the iTunes Application Detector were also left out in the cold.
But as Mozilla makes clear here, the page is only the beginning. Eventually, the organization plans to "create a self-service panel for vendors to update their plugin info as new releases come out."
It's initiatives such as these that demonstrate Mozilla's dedication to the security of its users, and for that it deserves props. When legions of end users keep internet-facing software updated, we all win. ®

Trojan plunders $480k from online bank account

Windows and online banking - Just say no
A Pennsylvania organization that helps develop affordable housing learned a painful lesson about the hazards of online banking using the Windows operating system when a notorious trojan siphoned almost $480,000 from its account.
News reports here and here say $479,247 vanished from a bank account belonging to the Cumberland County Redevelopment Authority after it was hit by Clampi. The trojan gets installed by tricking users into clicking on a file attached to email and then lies in wait for the victim to log in to online financial websites. The authority has so far been able to recover $109,467 of the stolen loot.
The theft is part of a rash of online heists that have stolen millions of dollars from businesses and non-profit organizations. While circumstances are different in each case, they all point to a single point of failure: Each theft relied on the successful compromise of a Windows-based system.
It was this undeniable fact that led Brian Krebs - author of the Security Fix blog which over the past month has published a series of articles detailing high-stakes bank thefts - to recommend Windows machines no longer be used by those who choose to do their banking online.
"I do not offer this recommendation lightly," he wrote. "But I have interviewed dozens of victim companies that lost anywhere from $10,000 to $500,000 dollars because of a single malware infection."
To be clear, that's malware that ran only on Windows.
Indeed, the Clampi variant that hit the Cumberland redevelopment authority reportedly was able to succeed even though employees used an automated clearing house token that generated a different eight-digit access code every minute or so. Redevelopment authority officials didn't return calls seeking comment for this article.
The obvious solution for many is to simply close all online banking accounts. Contrary to what banks say, writing checks really isn't that much of a hassle, at least if you don't write that many of them.
But if you insist on making online payments and transfers, the best decision you can make is to stop using Windows to make those transactions. Even if you're careful, software vulnerabilities these days are simply too numerous and the malware too sophisticated for anyone to know with a reasonable amount of certainty that their machines aren't compromised.
True, there's no way to know your Mac or Linux machine isn't compromised, either. But so far, there are few if any reports of banking trojans that attack those systems. (And yes, as Apple's market share continues to rise, it's likely OS X will be targeted. We can cross that bridge when we get to it.)
But in this age of free Live CD boot disks, there's no good reason for anyone to continue using Windows-based machines to access sensitive financial sites. Just ask the folks at Cumberland's redevelopment authority. ®

emails

a

The Register - Security

IQ test

The Register - Security: Anti-Virus

HackWire - Hacker News