A group of researches on Tuesday said 637 million Web users are surfing with outdated Internet browsers and therefore at greater risk of Web-based attacks.

Using data collected from Google Web searches and security firm Secunia, the researchers, Stefan Frei (of ETH, Zurich), Thomas Dübendorfer (Google), Gunter Ollmann (IBM ISS), and Martin May (ETH, Zurich), analyzed the browsers used in a new report (PDF). They did so in an effort to understand why so many recent attacks by criminal hackers have been aimed at the browser, and why those attacks have been so successful.

Overall the authors found that roughly 40 percent of users were using insecure versions of Web browsers. Among the least compliant were users of Internet Explorer, which currently dominates the Internet browser market.

The data was collected in mid-June 2008. The users were scattered among 78 percent Internet Explorer users, 16 percent Firefox, 3 percent Safari, and 0.8 percent for Opera. Of these, 52 percent were running the latest version of Internet Explorer, 92 percent for Firefox, 70 percent for Apple, and 90 percent for Opera.

Posted by Annette King in Virus & AntiVirus News at 16:56

Austin, TX (AHN) - A lawsuit is being filed to protect computer technicians, parents and anyone who searches for a computer virus from a new state law that could require them to obtain a private detective's license.

According to high-tech sleuths the new state law requires them to secure a private detective's license to retrieve data from a computer, analyze it and prepare a report for a client.

The Institute for Justice filed the lawsuit on behalf of techies who feared the state law could drive small computer repair shops out of business. Lawyer Matt Miller said he filed the lawsuit because it was so vaguely worded that the Private Security Board could broadly interpret it.

Rep. Joe Driver, the law's author, said computer technicians have misinterpreted the legislation and called the case a publicity gimmick by a new legal advocacy group. Driver said the law does not cover computer hardware repair service.

According to Driver, only those who make reports to be used in a criminal or civil case, which involves going deep into people's personal lives, would be required to secure the private eye license.

Miller believes the law could apply to anyone who searches for a computer virus, parents who want to watch who their children are emailing or employers tracking the online habits of their staff.

A private investigator's license requires a criminal justice degree or a three-year apprenticeship supervised by a licensed detective. Violators of the new law face up to a year jail term and a $4,000 fine, plus $10,000 in civil penalties.

Vittorio Hernandez - AHN News Writer

Original Story

Posted by Annette King in Virus & AntiVirus News at 13:41

A Worm That Does Nothing

This weeks e-threats activity was pretty odd. We have proxy servers, trojans, patchers and the one that beats them all, a worm that does nothing but spread.

Trojan.Asprox.F
Upon execution this trojan installs itself in the Windows directory and executes at startup as a system process. It's function is that of a proxy server. It listens for connections on TCP ports 80 and 82. It is spreading through compromised websites which make use of the ADODB Javascript exploit that downloads the Trojan on your computer without any interaction. The websites themselves are cracked using SQL Injection exploits. The ugly thing about this is that whenever you visit a website like this you get infected simply by browsing it, if you are using Internet Explorer that is. The Javascript exploit is harmless on other browsers, it will just increase the loading time of the page.

It seems that a lot of effort is being put into spreading this proxy, so the intentions behind it are probably serious cracking and spamming attempts.

VBS.Worm.Runauto.A
It's the strangest thing nowadays. This worm seems not to have any destructive intention. It is only spreading. We say it's strange because usually no more malware is out there without having a negative effect on the victims PC, be it downloading other applications, infecting or deleting files, running backdoors and rootkits, you name it. It uses the most basic hiding methods, merely setting hidden and read only attributes on its own file(s). It also copies itself into your windows and windowssystem32 directories and adds some registry entries to run on system startup. It is spreading through removable drives and uses autorun.inf files to execute itself.

NOTE: We at Computer Security Solutions are leary of this worm. If your NOD32 detectes it, click to remove, report or repair. If NOD32 is unable to do so, boot into safe mode and run a full scan. We suspect the author of this worm may be setting the groundwork for a future attack or to plant infections on your computer.

Trojan.Qhost.AKR
This threat patches the BitDefender products (Internet Security 2008, Total Security 2008 and Antivirus Plus 2008). It has a nicely built user interface and detailed instructions on how to use it. At some point you are requested to push a button that will add an entry to your system32driversetchosts file. It will set the BitDefender update server (update.bitdefender.com) to localhost (127.0.01). It seems this Trojans purpose is to render the BitDefender products update service unusable so it will not detect new threats anymore.

Original Story

Posted by Annette King in Adware, Spyware and Trojans at 13:27