We are all aware of the constant malware dangers preying on the Internet, but with the very best intentions we still get caught in malicious traps that cause our computers, at the very least, to malfunction. Cynics argue that this is because cyber-crooks are more intelligent and can outwit us, but could it actually be down to a simple human psychological flaw?

Researchers at Panda Security have been looking into the inability of humans to change in certain situations, despite knowing the risks. In the same way that computers are programmed to behave in a specific way, people also have a set of instructions indelibly inscribed in the brain, making it very difficult to behave differently.

Logic suggests that if we received a suspicious attachment in an email, we would delete or ignore it, particularly if we had experienced a computer virus, a phishing attack or online fraud in the past. But a surprising number of people open attachments of this kind. Why?

Posted by Annette King in Adware, Spyware and Trojans at 22:46

A 19-year-old hacker is agreeing to plead guilty to masterminding a botnet to obtain thousands of victims' personal data in an anonymous scheme a federal cybercrime official described Friday as the nation's first such attack in which peer-to-peer software was the "infection point."

The defendant, Jason Michael Milmont, launched the assault last year from his Cheyenne, Wyoming residence, and anonymously controlled as many as 15,000 computers at a time, said Wesley L. Hsu, chief of the Cyber and Intellectual Property Crimes Section for federal prosecutors in  Los Angeles. As part of the deal, in which a judge could hand him up to five years imprisonment, Milmont has agreed to pay $73,000 in restitution, the government said.

"It's the first time that we know of that peer-to-peer software was used as the infection point," Hsu said in an interview with THREAT LEVEL.

The malware infection became commonly known as the Nugache Worm, which imbedded itself in the Windows OS.

Posted by Annette King in Virus & AntiVirus News at 15:47

SAN FRANCISCO — Microsoft, Google and PayPal, a unit of eBay, are among the founders of an industry organization that hopes to solve the problem of password overload among computer users.

The Information Card Foundation is an effort to create a single industrywide approach to managing identity online that promises to reduce drastically the use of passwords and create a system that is less vulnerable to fraud.

“There is such a market requirement to solve this problem,” said Paul Trevithick, chairman of the new group and chief executive of Parity, an identity-protection technology company in Needham, Mass., that is developing what it calls an i-card. The foundation, which also includes Equifax, Novell, Oracle and nine industry analysts and technology leaders, will try to set open standards for the technology industry.

Posted by Annette King at 22:15

Thousands of websites in China have been booby trapped with code written to download Trojan software onto visitors who run vulnerable Windows PCs.

Unlike earlier rounds of SQL injection attacks the latest assaults mostly target English language sites (predominantly sites hosted in China but with a .com suffix) and purposefully avoid Chinese government sites, according to net security firm ScanSafe. The latest attacks inject an iFrame onto compromised sites that loads malicious scripts from qiqigm.com, a domain registered on 16 May. These scripts includes the text "silent love china" in an apparently greeting to other Chinese hackers

The malicious code exploit well-known RealPlayer and Internet Explorer vulnerabilities to install a password-stealing Trojan that hides its presence on Windows PCs. More than 7,000 sites have been compromised in this way, reports Mary Landesman, ScanSafe's senior security researcher.

Posted by Sean Cannon in Virus & AntiVirus News at 14:21