It wouldn't be the Christmas season without the tinsel, the holly, and the zero-days. Since early this month, an exploitable buffer overflow has been known to exist in SQL Server, and today Microsoft is acknowledging its existence.

In a security bulletin released yesterday, Microsoft is saying a somewhat simply exploitable vulnerability exists in all presently used versions of SQL Server dating back to SS 2000 Service Pack 4. It has to do with a Transactional-SQL (T-SQL) statement which apparently uses a parameter that isn't checked for type.

BetaNews has seen the code for a publicly available exploit based on information uncovered by security engineer Bernhard Mueller, who contributed information to two of the incidents covered by Microsoft's last Patch Tuesday round. Mueller is the good guy in this story; unfortunately, malicious users with no ingenuity of their own rely on news from Mueller and others for their inspiration.

Posted by Justin Payton in Adware, Spyware and Trojans at 11:38

The cybercriminals who breached the CheckFree bill paying service used a combination attack that may be almost impossible to stop.

Visitors to the CheckFree site were redirected without their knowledge to a server in the Ukraine, where malware was automatically downloaded into their PCs, Amit Klein, chief technology officer at Trusteer, which protects desktops from malware and fraudulent Web sites, told InternetNews.com.

"The fact that it's so easy to get hold of critical or enterprise assets such as credentials for a corporation's DNS domain, Web servers, or firewall, is troubling," Klein said. "Each credential lets you manage critical assets and makes it possible for attackers to control enough parts of your infrastructure to cause a mass infection of your own customers."

The worst part is that so far, no one seems to know just what the malware does once it is installed on the victim's computer. Stephan Chenette, manager, security research at Web filtering solution provider Websense, thinks it might be a password stealing Trojan.

Eventually enterprises may end up becoming the means for infecting a large portion of Internet users, Klein said. A similar attack compromised two Business Week sites earlier this year.

The CheckFree breach is especially troubling because its domain name host, Network Solutions, hosts the majority of financial institutions' Web sites, Klein said.

Fiserv, the parent company of CheckFree, one of the largest online bill processors in the U.S., and Network Solutions, CheckFree's domain name registrar, had not responded to requests for comment by press time.

Trusteer's Klein said the attackers used a combination of phishing to get system administrator information to hijack the CheckFree site, pharming to remap the CheckFree site to the server in the Ukraine, and a drive-by malware injection into the PCs of all visitors to the site.

Posted by Justin Payton in Adware, Spyware and Trojans at 14:47

SAN FRANCISCO — Yes, guys, those spam e-mails for Viagra or baldness cream just might be directed to you personally.

So, too, are many of the other crafty come-ons clogging inboxes, trying to lure us to fake Web sites so criminals can steal our personal information.

A new study by Cisco Systems Inc. found an alarming increase in the amount of personalized spam, which online identity thieves create using stolen lists of e-mail addresses or other poached data about their victims, such as where they went to school or which bank they use.

Unlike traditional spam, most of which is blocked by e-mail filters, personalized spam, known as "spear phishing" messages, often sail through unmolested.

They're sent in smaller chunks, and often come from accounts the criminals have set up at reputable Web-based e-mail services.

Some of the messages are expertly crafted, linking to beautifully designed Web sites that are bogus or immediately install malicious programs.

Cisco's annual security study found that spam is growing quickly — nearly 200 billion spam messages are now sent each day, double the volume in 2007 — and that targeted attacks are also rising sharply.

Posted by Justin Payton in Adware, Spyware and Trojans at 08:28

Which program can clean up your PC? The answer is getting complicated.

When it comes to online threats, freshness counts. In mid-December, for example, Microsoft revealed that cybercriminals had found a never-before-detected, unpatched vulnerability in its Internet Explorer browser, allowing tens of thousands of Web sites to install password-stealing software on users' PCs.

That kind of new attack--what cybersecurity researchers call a "zero-day" exploit--tests the limits of antivirus-scanning software's ability to not only filter previously detected infections but also compete with the cutting edge of cyber-fraudster innovation. And for consumers, it makes choosing the right PC protection software harder than ever.

Luckily, someone is scanning the scanners. On Thursday, the Austrian nonprofit firm AV-Comparatives released its annual report based on a year of testing the cybersecurity industry's antivirus offerings, systematically pitting each one against more than 3 million samples of malware pulled from computers around the world.

The best performers in the firm's tests? Two names most Americans have never heard of: the German company Avira and the Slovakian firm ESET. And those rankings, cybersecurity analysts say, may reflect just as much on the industry's growing pains as they do on the two firms' ability to clean up your hard drive.

In the latest AV-Comparatives tests performed last month, for instance, Avira found about two-thirds of the previously undetected malware--collected over a four-week period--installed on the machines it scanned. ESET's NOD32 program found 51%. Symantec and Microsoft, by comparison, found only 44% of those samples, while McAfee's detection rate was below 30%.

Posted by Justin Payton in Adware, Spyware and Trojans at 14:23