SAN FRANCISCO — Microsoft, Google and PayPal, a unit of eBay, are among the founders of an industry organization that hopes to solve the problem of password overload among computer users.

The Information Card Foundation is an effort to create a single industrywide approach to managing identity online that promises to reduce drastically the use of passwords and create a system that is less vulnerable to fraud.

“There is such a market requirement to solve this problem,” said Paul Trevithick, chairman of the new group and chief executive of Parity, an identity-protection technology company in Needham, Mass., that is developing what it calls an i-card. The foundation, which also includes Equifax, Novell, Oracle and nine industry analysts and technology leaders, will try to set open standards for the technology industry.

Posted by Annette King at 22:15

Thousands of websites in China have been booby trapped with code written to download Trojan software onto visitors who run vulnerable Windows PCs.

Unlike earlier rounds of SQL injection attacks the latest assaults mostly target English language sites (predominantly sites hosted in China but with a .com suffix) and purposefully avoid Chinese government sites, according to net security firm ScanSafe. The latest attacks inject an iFrame onto compromised sites that loads malicious scripts from qiqigm.com, a domain registered on 16 May. These scripts includes the text "silent love china" in an apparently greeting to other Chinese hackers

The malicious code exploit well-known RealPlayer and Internet Explorer vulnerabilities to install a password-stealing Trojan that hides its presence on Windows PCs. More than 7,000 sites have been compromised in this way, reports Mary Landesman, ScanSafe's senior security researcher.

Posted by Sean Cannon in Virus & AntiVirus News at 14:21

A major antispam organization is pushing a set of new best practices for ISPs (Internet service providers) to stop increasing volumes of spam from botnets.

The guidelines, from the Messaging Anti-Abuse Working Group (MAAWG), were drawn up at a meeting in Germany last week and deal with forwarded e-mail and e-mail that is sent from dynamic IP (Internet Protocol) addresses.

Many people forward their e-mail from one address to another, a relay that goes through their ISPs mail server. But many ISPs use automated tools that could begin blocking further e-mail to an address if a large volume of e-mail has come through. Legitimate messages would be blocked, too.

"If a spammer targets AOL, a lot of people have AOL addresses redirected somewhere else," said Richard D.G. Cox, CIO for Spamhaus, an antispam organization that's a member of MAAWG. "So if a whole lot of spam is coming out of AOL, people will block it on automated basis."

ISPs can fix this by separating the servers that receive e-mail and ones that then forward e-mail. That way, ISPs can filter out spam coming into the accounts before forwarding, taking a look at the messages and spotting which ones came from dodgy domains, Cox said.

Posted by Annette King in Adware, Spyware and Trojans at 13:31