Threat from new virus-infected emails which take over your PC even if you DON'T open their attachments

A new class of cyber attack is threatening PCs - emails which infect PCs without the user having to open an attachment.

The user will not even be warned this is happening - the only message that appears is 'loading'.

The email automatically downloads malicious software into your computer from elsewhere the moment a user clicks to open it.

The mails themselves are not infected - and thus will not 'set off' many web-security defence packages.

Security experts say that the development is 'particularly dangerous'.

'This sort of spam also affects cautious users which would never open an unknown attachment or link,' say security experts Eleven Research Team.

Previous generations of email-borne viruses and trojans required users to click on an attachment - often an office document such as a PDF.

The new emails - dubbed 'drive-by emails' - have been detected 'in the wild' by computer researchers Eleven Research Team.

'This driveby spam automatically downloads malware when the e-mail is opened in the e-mail client,' says Eleven Research Team.

'Previous malware e-mails required the user to click on a link or open an attachment for the PC to be infected.'

The new generation of e-mail-borne malware consists of HTML e-mails which automatically downloads malware when the e-mail is opened.'

'This is similar to so-called driveby downloads which infect a PC by opening an infected website in the browser.'

The current wave of emails arrive with the title 'Banking Security Update.'

To stay safe, the security company advises switching all security settings in email software to maximum, and updating your browser to the latest version so it's protected against malicious software.

Virus writers target children with cartoon gaming websites that secretly infect their parents' PCs. Sites offering cute games secretly infect PCs. Sites with 'game' or 'arcade' in title pose danger. Infections remain until when parents log in. One site infected 12,600 users last month

Children are the latest target for writers of computer viruses - seen as an easy 'way in' to their parents PCs.

Hackers are targeting children with sites that install malicious software on PCs, disguised as innocent-looking cartoon gaming websites.

But the sites quietly load programs onto the PCs which lurk in the background, which can steal information from adults, long after the children have logged off.

Youngsters are seen as easy targets, because they will not stop and think before clicking on a link, whereas adults tend to be slightly more cautious.

Children are targeted using sites that offer free games - with one, CuteArcade.com reportedly infecting 12,600 computers, according to Czech security firm Avast virus lab.

Others such as HiddenNinjaGames.com also pose a risk, says the security firm.

'Games like these require clicking and children don’t think much about what they are clicking on,' said Ondrej Vlcek, CTO of AVAST Software. 'This makes them – or their parents’ computer – quite susceptible to malicous software.'

Within the last month, the security firm identified 60 sites with the word 'Game' or 'Arcade' in the title which were infected with malicious software - either through the sites themselves, or infected adverts.

The 'driveby downloads' infect the computer with trojan software that direct the PC towards sites which infect it with further malicious software.

The way children browse the web - impulsively hopping between different sites - makes them easy targets, says Avast.

'If there is something dangerous, a child will find it,' said Mr. Vlcek.

Most of the infected sites seem legitimate, although some may have been created specifically to distribute malware.

There is no way to visually spot the danger.

As ever, the solution is to ensure you are using an up-to-date browser and have security features such as warnings activated.

Antivirus programs such as Norton can be set up to give warnings that a site may be infected, or even that individual adverts may pose a risk.

'At a minimum, people need an antivirus program that looks for various kinds of malware and scans websites for infections,' stated Mr. Vlcek.

New virus raids your bank account - but you won't notice

The best way to protect yourself from an online financial scam is to diligently check your bank accounts. At least, until now.

Israeli-based Security firm Trusteer has found an elaborate new computer virus that not only helps fraudsters steal money from bank accounts -- it also covers its tracks.

Think of a crime plot involving a spy who plans to break into a high-security building and begins by swapping out security camera video so guards don't notice anything is amiss. Known as a surveillance camera hack, the technique has been used in dozens of movies.

A new version of the widely prevalent SpyEye Trojan horse works much the same way, only it swaps out banking Web pages rather than video, preventing account holders from noticing that their money is gone.

The Trojan horse employs a powerful two-step process to commit the electronic crime. First, the virus lies in wait until a customer with an infected computer visits an online banking site, steals their login credentials and tricks the victim into divulging additional personal information such as debit card information. Then, after the stolen card number is used for a fraudulent purchase, the virus intercepts any further visits to the victim's banking site and scrubs transaction records clean of any fraud. That prevents -- or at least delays -- consumers from discovering fraud and reporting it to the bank, buying the fraudster critical extra time to complete the crime.

Trusteer calls it a "post transaction" attack, because much of the virus' effectiveness is attributable to its ability to control what victims see after fraudulent transactions occur. Amit Klein, chief technology officer for Trusteer, said he believes criminals have used the technique for a few months, and it has infected real consumers.

"I predict that the use of post transaction attack technology will significantly increase as it enables criminals to maximize the amount of fraud they can commit using their initial investment in malware toolkits and infection mechanisms," Klein said.

The new SpyEye came to Trusteer's attention when a large retail bank in the United States spotted it and shared with the firm, he said.

'A very scary tactic'

The virus' evidence-covering techniques are elaborate. First, it keeps track of all fraud committed by the criminal, and makes sure to remove those line items from online transaction lists. It also edits balance amounts to prevent consumers from getting suspicious.

"This is a very scary tactic," said Avivah Litan, a financial fraud analyst at consulting firm Gartner. "Everybody thinks all they have to do is check their transactions and their balances. That's not true anymore."

The new virus technique ups the ante in the cat-and-mouse game between security companies and the computer criminals who try to steal consumers' money. Consumer reports of fraud are still a very important part of fraud-fighting techniques, Litan said.

"Most banks 'let the first transaction through,' because if they stopped everything that was potentially fraud, consumers would get annoyed," she said. In some cases, fraud-checking tools kick in only after initial reports, so this version of SpyEye could buy criminals important time as they try to turn stolen data into cash.

"Usually they only need one day more to get the money, to push the fraud through," she said. "They always want to keep the security guys running after them."

Such cover-your-tracks techniques have been used before by virus writers, Klein said. In a simpler version, criminals who raided online bank accounts and wired money out of them would try to hide the transaction from victims using the same Web page interception trick. But this new flavor has more potential for success, because it involves stolen debit card numbers used at third-party merchants, creating complex transactions involving multiple banks and multiple security systems.

Victim account holders who check their balance at an ATM -- or even at a second uninfected computer -- would be able to spot the fraudulent transactions. The virus doesn’t impact bank systems, merely the characters that are displayed within the infected system's Web browser. That means paper statements would reveal the fraud, too.

Of course, consumers who rely on paper statements could be a full 30 days behind when it comes to spotting fraudulent transactions.

While Klein is worried about the "post transaction" attack, he said consumers who have vulnerable Web browsers are bound to be victims of one fraudster or another.

"My take is that if your computer is infected with financial malware, it's game over anyway," he said. "My takeaway is you need to prevent getting infected with financial malware in the first place."

New Scams use fake Amazon gift cards, Adobe updates to lure victims. Clicking redeeming links will lead to malware, harvesting of banking credentials.

If you received an email that appeared to be from Amazon and contained a holiday gift card someone had sent you, what would you do? There's a very real possibility you'd take the bait and open the "gift," which is the driving force behind a phishing campaign spotted by researchers at the security firm AppRiver.

In an email titled, "Your gift card order," the message, full of spotty grammar, reads, "You have received a gift card in the amount of $250. An offer of the gift card is valid until December 7. Take a chance and use our gift card, and as a bonus we will deliver your order free of charge." The reward is attached as a file labeled, simply enough, "Gift‑Card.zip."

"Of course with all the online shopping, gift giving/receiving this time of year, there is an added aura of authenticity to these messages," AppRiver's Troy Gill wrote. "In fact, I ordered an Amazon gift card just yesterday."

Don’t Buy It! Amazon Phishing Scam Threatens 'Account Expiration'

The gift card, which most likely comes as a total surprise, is of course the lure, and clicking the link to redeem it actually infects computers with a Trojan downloader capable of silently installing malware.

Another email scam, spotted by researchers at the security company Sophos, isn't as enticing as a free gift card, but could have similarly devastating effects on an unsuspecting victim' computer.

The malware campaign attempts to trick people into downloading what they think is an upgrade for Adobe Acrobat and Adobe X. The email subject is "Adobe Software Upgrade Notification," and comes from the email address no-reply@adobe.com.

The attached .zip file hides a version of the Zeus Trojan, built to harvest a victim's banking credentials.

"Computer users need to learn that Adobe never sends up software updates as an email attachment, and any legitimate upgrades should always be downloaded from Adobe's own website," Sophos' Graham Cluley wrote.

This security lesson applies to any unsolicited messages you may receive, especially in the run-up to the holidays, when online crooks are pushing out batches of phishing emails in the hopes of snaring a fraction of the millions of people doing their shopping online. If you get an email offering something that sounds too good to be true, don't open it. The same advice goes for any "critical" security update you didn't ask for.

'Cleverest Facebook scam yet' accuses users of violating site policy and threatens to delete their account

Account holders asked for passwords and financial information
Scam mirrors 'real' warnings sent to internet trolls
Comes in form of email from site
Latest in string of high-profile attacks on Facebook

'Phishing' scams range from the hilariously inept up to sophisticated attacks that can fool even computer experts.

But a new email Facebook scam is among the cleverer attacks directed at users of the social network - now a commercial hub used to trade music, video and films.

A recent assault designed to steal users' Facebook details is among the most sophisticated yet, say experts - because it mimics the security procedures that sites such as Facebook or Google use to defend against 'internet trolls' and other 'bad behaviour' online.

The scam comes in the form of an email accusing the user of a violation for insulting or annoying another Facebook users - and saying that their account will be deleted in 24 hours.

Naturally, at this point, the email requires Facebook login details and - for 'authentication' purposes - parts of a person's credit card details.

The email links to a fake Account Disabled page, which asks for a large number of personal details, including credit card details.

As site Hoax-Slayer, which found the email, points out, the access to login details enasbles the scam to travel further and faster, by sending it to new users from trusted friends.

'The emails are entirely bogus,' says internet security experts Sophos. 'They are not coming from Facebook. Social media venues would not request financial information, nor would they request login details.

'Once a criminal has gained access to a victim’s account, they will likely lock out the original account holder by changing account passwords and email addresses. With the credit card information, fraudsters can conduct identity theft and other malicious financial activity.'

Hoax-slayer warned against emails that contain phrases 'LAST WARNING: Your acccount is considered to violated the policies that are considered annoying or insulting to Facebook users.'

The fishy smell becomes even stronger at this point - users are asked to 'confirm to their webmail' about the security breach.

A THIRD page, with a fake 'Terms and Conditions' harvests yet more data, along with a series of stern warnings.

By this time, expereienced internet users would probably realise that the email was not legitimate - but Facebook's wide user base among the young, the old and people in developing countries mean that not everybody might be familiar with such internet scams.

A similar recent Facebook scam purporting to be from Facebook Security claimed to be watching out for users' accounts being accessed from elsewhere - using almost exactly the same vocabulary Gooogle and Facebook use when you DO log in from an unfamiliar location.

Hoax-Slayer reported the email as saying, 'Your Facebook account was recently logged into from a computer, mobile device or other location you've never used before.

We have reviewed your account activity, and we get information about possible unauthorized access to your Facebook. We have provided a warning to you via email'

Sites such as Facebook and Google DO issue warnings about rule violations and unaauthorised access, of course, but usually only when people are attempting to log in to the sites.

Any warning of this sort received by email should be treated with extreme caution.

Sophos says, 'These phishing scams boil down to a naked grab for your account details. Remember, neither Facebook nor other reputable social media sites.

Sophos says, 'These phishing scams boil down to a naked grab for your account details. Remember, neither Facebook nor other reputable social media sites would ask for this information. The mere request is a surefire way to suss out bogosity.

Another bogosity beacon: note the grammatical and spelling errors.'

'Tsunami' trojan hijacks Macs Mac users are becoming more attractive targets for cyber criminals

A new Trojan horse has been found targeting Mac users with the possible intention of hijacking systems and recruiting them to launch mass denial-of-service (DDoS) attacks.

The Trojan, identified by the Internet security firm Sophos as OSX/Tsunami-A, works by latching onto a host system and then receiving attack instructions from a remote Internet Relay Chat (IRC) channel. Sophos says the Tsunami Trojan is so named for its likely goal, to force infected computers into becoming part of a compromised network which then launches DDoS attacks, flooding websites with so much traffic they're unable to function properly.

In analyzing Tsunami's source code, Sophos found that the Trojan is capable of doing more than recruiting systems for DDoS attacks; it can also give hackers remote access to infected computers. Sophos said Tsunami appears to be derived from an old backdoor Trojan called Kaiten, which was built to infect computers running the Linux operating system. That an old Linux Trojan has been updated is a sign that Mac users are becoming increasingly attractive targets for computer criminals.

"Mac users are reminded that even though there is far less malware in existence for Mac OS X than for Windows, that doesn't mean the problem is nonexistent," Sophos' Graham Cluley wrote.

In fact, a host of Mac-specific pieces of malware has emerged in the past year, embedding themselves in everything from corrupt videos and legitimate-looking Google images to rigged Adobe Flash installers, and harvesting victims' personal information.

"We fully expect to see cybercriminals continuing to target poorly protected Mac computers in the future," Cluley wrote. "If the bad guys think they can make money out of infecting and compromising Macs, they will keep trying."

Whether you use a Mac or a PC, you can increase your defenses against dangerous malware and other threats by running up-to-date anti-virus software.

Apple issues huge software security patches. 175 vulnerabilities addressed in OS X Lion and iOS operating systems

Apple has pushed out new versions of its OS X Lion and iOS operating systems, and in the process fixed nearly 175 vulnerabilities that could potentially allow an attacker to seriously compromise users' computers and mobile devices.

In updating its mobile operating system to iOS 5, Apple most importantly removed the DigiNotar root certificate from the operating system's list of trusted certificates.

The compromised authentication certificates, which were stolen in early September from the Dutch company DigiNotar, sent a ripple through the security world, as an attacker with access to the stolen certificates could easily evade detection, effectively presenting himself as a trustworthy website.

The new operating system for iPhones, iPods and iPads also takes on BEAST, a hack that could allow an attacker to exploit the system's Transport Layer Security (TLS), common protocol used to keep data secure as it moves between the user and the server.

Apple's updated iOS 5 includes support for the new version of the protocol, TLS 1.2. (Apple has not specified which version of TLS the Mac and PC versions of Safari support.)

Along with tackling the DigiNotar and BEAST problems, Apple's update mobile operating system addressed several other important vulnerabilities that left features such as Safari, Wi-Fi, Calendar, Numbers, Pages, CoreFoundation, CoreGraphics and ImageIO open to exploitation.

Apple updated its desktop and laptop operating system as well, moving to OS X Lion 10.7.2. The Lion update to the OS "weighs in at a whopping 880 MB," Chester Wisniewski from the security firm Sophos wrote, and addresses flaws in the operating system's application firewall and the way it stores and handles Web cookies.

The updated Lion OS X includes several updates to QuickTime, Safari and other programs that could be rigged by an attacker to remotely execute code or gain elevated privileges on an infected system. The updated software is available at Apple's website; iPad, iPhone and iPod Touch owners need to plug their device into a Mac or PC to initiate their own upgrades.

The installation file size for iOS 5 is no lightweight either — depending on the devices and configurations, it's between 700 and 770 MB.

Apple's update servers were overloaded for a period of time Wednesday, October 12 due to the overwhelming demand from millions of Macs and iDevices.

Microsoft to fix 23 security flaws on 'Patch Tuesday' October 11, 2011. Included is critical bug that could let attackers spread a virus through IE, Windows

Microsoft will fix 23 security vulnerabilities on Tuesday, including a critical flaw that could give attackers the ability to remotely spread a virus through compromised Internet Explorer and Windows users.

The software giant's monthly " Patch Tuesday " will contain eight security bulletins for the 23 total bugs. The other critical vulnerability Microsoft will fix exists in the company's .NET and Silverlight frameworks. The remaining six bulletins address flaws in Windows, Forefront Unified Access Gateway and Host Integration Server, and are all listed as "important," meaning their exploitation could result in the compromise of user data.

Software affected by these vulnerabilities includes Internet Explorer versions 6 through 8, Windows 7, Windows XP, Windows Server 2003 and 2008 and Windows Vista.

Microsoft will also release an updated version of its Windows Malicious Software Removal Tool. This comes after a security slipup last week, in which two similar programs, Microsoft Security Essentials (MSE) and Forefront, were responsible for accidentally flagging Google Chrome as malware and erasing it from about 3,000 Windows systems. That flaw in MSE was quickly fixed.

Microsoft is scheduled to release the security patches at about 10 a.m. PDT on Oct. 11. To download the bulletins, visit Microsoft's website if you don't have Windows Update set to install updates automatically.

Double Trojan infects IE, Firefox in one swoop. It touts itself as an important computer plug-in, but it's a dangerous virus

Firefox and Internet Explorer are equally susceptible to a new piece of malicious software making its evil way around the Web.

The computer virus touts itself as an important plug-in aimed at increasing the Web browsing experience of Internet Explorer (IE) users. But instead of helping its customers, the fake plugin is actually a Trojan that spies on and records the browsing habits of the IE users who mistakenly download it.

The security firm Bitdefender has identified the rogue IE plug-in as Trojan.Tracur.C, and says it is spreading by masking itself as an Adobe Flash Player upgrade.

This, unfortunately, is only half the problem — this malware is a package deal.

Trojan.Tracur doesn't only affect IE users; it also automatically drops a corrupt Firefox add-on, called Trojan.JS.Redirector.KY, that performs similarly suspicious and harmful functions on those browsing the Web with Mozilla Firefox.

The fake Firefox add-on is particularly dangerous because it records the information the victim types into any search engine, and then inserts malicious code into the top results. This cyber criminal tactic, called poisoned SEO, allows the malware authors to effectively hijack a user's Web browser and redirect it toward corrupt Web pages.

"By now, it should be a golden rule to stay away from software offered by non-official sites," Bitdefender wrote. "Double-check, or triple-check, the location's credibility before downloading a program, application or add-on."

Increase your safety by also running up-to-date anti-virus and anti-malware software on your system that can detect and eliminate these types of nasty threats.

Nasty new virus infects your PC motherboard. Tough to detect and get rid of, Trojan executes when computer is booted up

Security researchers have found a nasty new virus that borrows in to a computer's motherboard, infects PCs as soon as they boot up, and is particularly difficult to detect and dispose of.

The security firm Symantec identified the threat as Trojan.Mebromi, a piece of rootkit malware — malicious software that hides its presence on infected systems — that worms its way onto the basic input-output system (BIOS) built into a computer's motherboard.

Once it's gotten into the BIOS via an attached corrupt file, Mebromi then loads itself onto the PC's master boot record (MBR), another component that gets executed prior to the loading of a computer's operating system.

Think of it in terms of the human body: Mebromi doesn't infect the bloodstream on the way to the heart; it gets into the heart first and then takes control from there.

And as a doctor might toil to treat such a case, anti-virus companies could face a similar struggle.

Because Mebromi stores itself inside the BIOS, anti-virus software would need to effectively remove the Trojan without damaging the motherboard it's hiding under.

Added to that problem is Mebromi's persistence: it could potentially keep executing itself every time a user turns on his computer.

"Even if an anti-virus detects and cleans the MBR infection, it will be restored at the next system startup when the malicious BIOS payload would overwrite the MBR code again," Marco Giuliani from the security company Webroot wrote.

Adobe issues critical fixes for Flash, Photoshop flaws. Users of almost all operating systems affected, as are Android phone users

Adobe has rolled out patches to fix a number of critical security flaws in several of its popular software products, including Flash, Shockwave and Photoshop.

In total, Adobe updated 23 flaws; 13 for Flash Player version 10.3.181.36, seven for Shockwave and one each for Photoshop CS5, Flash Media Server and RoboHelp. With the exception of the RoboHelp update, Adobe classified each of the vulnerabilities as "Critical."

Earning a critical label means an outside attacker could exploit the bug to take control of an infected system.

The Adobe updates affect users of Mac, Windows, Solaris and Linux operating systems, as well as Android smartphone owners.

Although Adobe said none of the bugs are currently being exploited "in the wild," the company urged its customers to update their software to the most updated versions, which can be downloaded from Adobe's website.

Microsoft fixes 22 security bugs Two of the fixes are considered 'critical' for users to have

Microsoft released 13 patches Tuesday, August 9, 2011 to fix 22 security flaws affecting several of its programs, including Internet Explorer and Windows.

Of the 13 separate security bulletins, two of them, for Windows and Internet Explorer, are classified as "critical," meaning an online attacker could exploit these bugs to execute malicious code on a target's computer.

The remaining 11 bulletins are labeled "important" or "moderate," and could allow for an outside party to gain privileged access to a victim's computer if left unpatched, Microsoft wrote on its TechNet blog.

The software updates, part of Microsoft's monthly "Patch Tuesday," covered flaws in Office, .NET and Visual Studio as well. Along with the patches, the software giant also rolled out an updated version of its Microsoft Windows Malicious Software Removal Tool.

Malware tricks victims into 'refunding' money to crooks. Customers erroneously told accounts are frozen as part of ruse

If you log in to your online banking page and receive a notice telling you that you need to return money you were mistakenly credited, keep your wallet closed.

A new strain of dangerous malware is worming its way into online bank accounts on Windows systems and informing customers that their accounts have been frozen, then instructing them to refund the money, Brian Krebs reported on his Krebs on Security blog.

Malware scams that target people's bank accounts are nothing new — the infamous Zeus Trojan has been at the game for years. But this particular scam incorporates some scary tactics that could fleece victims with a single click of the mouse.

The malware lies dormant on a victim's computers until he logs in to his bank account. Once he receives the message that his account has been credited in error, the malware then "modifies the amounts displayed in his browser; it appears that he has recently received a large transfer into his account."

Say you have only $200 in your bank account, but receive a message — one that appears to be from your actual bank — that says you were mistakenly credited $1,000 and your account will be locked until you return it. The malware will actually change your account balance to read $1,200.

And here's the unfortunate payoff: if you do fill out the attached transfer form, that $1,000 will go straight into a bank account controlled by the cybercriminal.

It's likely that people would more easily fall for a scam that targets their finances than one that promises Justin Bieber will follow them on Twitter, and with that in mind, several similar cybercrime ploys have popped up recently that try to lure people into returning money they never had.

If you come across a message about an accidental financial transfer, do not fill out any forms online, and instead contact your bank directly to resolve the matter. And be sure you have your bank's correct phone number; Krebs said the criminals behind the Zeus Trojan have gone as far as to create phony customer support numbers to make sure their scams stick.

Possible New Threat which exists only in a LAB, for NOW! - Stegobot

Take a look at your Facebook photo. Seems innocent enough, right? Well, what if behind the photo, hidden in kilobytes of data and totally invisible, was a list of all your passwords and even your credit card number?

It's terrifying — and as with most advanced computer hacking techniques, it's entirely possible.

Researchers from the University of Illinois at Urbana-Champaign and the Indraprastha Institute of Information Technology in New Delhi, India designed Stegobot, a proof-of-concept botnet that attaches to Facebook profiles, and more specifically, and dangerously, steals victims' confidential information, such as online banking and email passwords, through their Facebook pictures.

The researchers developed Stegobot to show how easy it would be for a hacker to use Facebook photos to sneakily spread large-scale online attacks.

After gaining access to computers though the usual channels — infected attachments or redirects to malware-laden websites — Stegobot employs the technique of steganography to hide data in picture files without altering the picture's appearance, NewScientist explained.

That means the photo of you and your friends on the beach might be more revealing than you'd hoped.

It's possible, if Stegobot got its hands on it, that the traditional 720 by 720 pixel image could be harboring 50 kilobytes of data — plenty of space to hide and "transmit any passwords or credit cad numbers that Stegobot might find on your hard drive," NewScientist wrote.

As if the prospect of a computer harvesting your private financial data through your Facebook pictures wasn't scary enough, Stegobot can lurk in the shadows of your pictures and covertly infect all your Facebook friends.

After the botnet hides your personal information in a photo and a friend views your Facebook page, their computer becomes infected. They don’t even have to click on the corrupted photo for Stegobot to go to work.

From there, the masses of stolen data makes their way back to the botnet operator, who can extract the payload from each picture and can use it in whatever devious manner he wishes.

Thankfully, Stegobot only exists in a lab. For now!

Google warns 2 MILLION users their computers have been infected with a virus

Google has started warning more than two million internet users that their PC has been infected with a virus.

The malicious software hijacks Google browser searches and redirects people to websites containing fake security programs that pay the scammers for traffic.

Those affected by the virus will be greeted with a yellow warning at the top of their search results, Google said today.

According to the company, the malware found its way onto computers via fake anti-virus software.

Then, when a Google search is entered it is sent to servers, controlled by the cyber criminals, which modify and redirect the traffic.

Writing on Google's blog, security engineer Damian Menscher said: 'The malware appears to have gotten onto users' computers from one of roughly a hundred variants of fake anti-virus, or 'fake AV' software that has been in circulation for a while.'

Google uncovered the mass scam while carrying out routine maintenance at a data centre.

Google's swift response is further evidence that large internet firms are vulnerable to cyber crime.

Apple has long boasted of the Mac's immunity to viruses and malware - but online security experts recently warned that the computers are facing an increased threat from criminals because of their popularity.

They said that Macs are now a more attractive target for hackers due to the rising number of people who choose them over a PC.

Microsoft 'Patch Tuesday' to fix 9 critical flaws. Adobe also set to release fixes for Windows, Mac versions of Reader

Microsoft's monthly batch of security updates is set to fix 16 separate vulnerabilities, nine of which are labeled "critical" by the software giant.

Microsoft's Patch Tuesday addresses security flaws in Microsoft Windows, Excel, Office and Internet Explorer, Microsoft wrote in a blog posting.

All of the critical bugs allow an attacker to exploit the programs by remotely executing code on machines running the flawed software.

Coinciding with Patch Tuesday, Adobe is also releasing security updates tomorrow for critical bugs lurking in Adobe Reader X (10.0.1) for Windows, Adobe Reader X (10.0.3) for Mac, and Adobe Acrobat X (10.0.3) for Windows and Mac.

Gmail, Hotmail & Yahoo Emails under Attack

Gmail hasn't been the only Web-based email program under attack; some users of Hotmail and Yahoo Mail are also having the same problem. While Google said it believes its attacks emanated from China, that's not necessarily the case with Hotmail and Yahoo Mail; still, there are "significant similarities" in the attacks themselves, says Trend Micro.

"The objective of the attackers appears to be to gain access to the target’s Webmail accounts in order to monitor his/her communications and, possibly, to stage future attacks," says Nart Villeneuve, senior threat researcher for the software security firm, in a blog posting. "In the recent case revealed by Google, the attackers used a phishing attack to gain access to the target’s Gmail account then proceeded to add their own email addresses to the "forwarding and delegation settings," allowing them to send and receive email messages via the compromised accounts."

Problems with Microsoft's Hotmail security were noted by Trend Micro a few weeks ago in this report. But Trend Micro spokesman Michael Sweeny said in an email to msnbc.com that Microsoft "already patched last week the vulnerability that we identified." (Msnbc.com is a joint venture of Microsoft and NBC Universal.)

Villeneuve says that the new phishing effort is particularly pernicious. "Rather than clicking a malicious link, even the simple act of previewing the malicious email message can compromise a user’s account," he wrote, citing an example of a phishing email that "pretended to be from the Facebook security team."

And, in addition to Gmail and Hotmail users, Yahoo Mail users "have also been targeted," he said:

We recently alerted Yahoo of an attempt to exploit Yahoo Mail by stealing users’ cookies in order to gain access to their email accounts. While this attempt appeared to fail, it does signify that attackers are attempting to attack Yahoo Mail users as well."

The same email address that attempted to exploit Yahoo! Mail was used in targeted attacks featuring malicious Mirosoft Excel spreadsheets in March. This demonstrates the diversity of exploits that are available to attackers.

These events demonstrate that in addition to targeted attacks that encourage users to open malicious attachments, usually .PDF and .DOC files, attackers are also attempting to exploit vulnerabilities in popular Webmail services in order to compromise Webmail accounts, to monitor communications, and to gain information in order to stage future attacks.

Once the attackers know what software are installed on a target’s computer, including antivirus products, they can craft a precise attack targeting any vulnerable software. Such an attack will then have a high probability of success.

There are some signposts to help you identify phishing emails, including spelling and grammar errors "that help indicate that it did not originate from the expected source," Villeneuve writes. To learn more about targeted attacks, he points to a Trend Micro article, "How Sophisticated Are Targeted Malware Attacks?" McAfee also has more information on phishing here. Yahoo has information here, as well as at its Security Center.

It's not clear how much of an issue the problem is for Yahoo or Hotmail customers.

Microsoft, via a spokesperson, said it is "not aware of any broad phishing attacks targeting our Hotmail customers. We take the security and privacy of our customers very seriously; phishing attacks are a persistent industry challenge."

The company recommends users check its online privacy and safety site, as well as this Windows Live page, but also offers this advice to those who think they have been the victim of a phishing scheme:

People who think that they have responded to a phishing scam with personal or financial information or entered this information into a fake website should take four key steps: (1) report the incident to the proper authorities, (2) change the passwords on all your online accounts, (3) review your credit reports and your bank and credit card statements, and (4) make sure you are using the latest technologies to help protect yourself from future scams.

If you have given out your credit card information, contact your credit company right away. The sooner a company knows your account may have been compromised, the easier it will be for them to help protect you.

Next, contact the company that you believe was forged. Remember to contact the organization directly, not through the e-mail message you received. Or call the organization's toll-free number and speak to a customer service representative. For Microsoft, call the PC Safety hotline at 1-866-PCSAFETY.

Then, report the incident to the proper authorities. Send an e-mail to spam@uce.gov to report it to the Federal Trade Commission and to reportphishing@antiphishing.org to report it to the Anti-Phishing Working Group.

The second step is to change the passwords on all your online accounts. The reason for this is that a lot of people use the same password for multiple accounts. Start with passwords that are related to financial institutions or personal information. If you think someone has accessed your e-mail account, change your password immediately.

The third step is to review your bank and credit card statements and your credit report monthly for unexplained charges, inquiries or activity that you didn’t initiate.

Finally, make sure you use the latest products, such as anti-spam and anti-phishing capabilities in e-mail services, phishing filters in Web browsers and other services to help warn and protect you from online scams.

One Hotmail user, Christopher Polasek, said he found out about the malware attempt on Monday afternoon when he got a call from his grandmother "asking if I emailed her. I had not and she advised she got an email from me with just a link."

She thought the link was photos of her great-grandchildren, and clicked on what turned out to be "not an appropriate" site, Polasek said. And he quickly learned that "somehow everyone on my contact list had been sent this same information via my contact list."

He followed up with an email to his contacts letting them know "my account had been hijacked and not to trust links sent by my email account." And he said he also deleted his contact list and changed his password. It was all a lot of work and aggravation — but it's now a reality in our Web-based world.

MacDefender Virus morphs into a new virus MacShield

With a fake version of "MacDefender" anti-virus software pitches hitting some Mac users in recent weeks, and Apple's delayed but helpful instructions on how to deal with it, some of us hoped calm had returned to what has been a largely malware-free existence with Macs. But no.

Security software firm ESET reports that its research team has detected a new fake MacDefender variant, "MacShield." Dan Clark, an ESET vice-president, writes Friday on the company's blog that "As in the case of its oldest sibling MacDefender, the MacShield variant has taken the name of a legitimate Mac OS X software product with small distribution, doubtless causing the real developer significant heartache."

The user interface for this malware is "essentially unchanged, but as usual all of the dialogs and alerts have been updated with the new naming," he says, adding:

The UI contains the typical reassuring gibberish bragging about 250 "specialists" working in "more than 10 countries," and a database that includes "almost all known dangerous software." With all that expertise on-hand, it's rather surprising that doesn't detect itself as malware.

To lure MacShield follows the same scareware tactics as the MacDefender malware. The risk of infection can be reduced per the comments in my earlier blog, and removal of the malware follows the exisitng guidelines published by Apple or in our KB (Knowledge Base) article here.

How would you get this malware? Clark said in a previous posting that "the infection is spread via poisoned search engine results on image searches. When a bad link is followed in a search, the user is presented with an alert that Trojans or other threats have been detected on the system. At the start of the attack, either a simple dialog box over your browser window, or a fake Finder window with a warning" about "Apple Web Security" detecting Trojans, being ready to remove them and just waiting for you to click on the "remove" button.

What do you do? For starters, DO NOT click on that remove button. Check out Apple's support site. And do be careful of what links you click on when you are surfing the Web.

Apple seems to be on top of it. Sophos noted Thursday on its blog, under the headline: "Apple to malware authors: Tag you're It!":

Last night the malware authors behind the Mac Guard fake anti-virus changed their methods again to bypass the updates Apple released yesterday afternoon to protect OS X Snow Leopard users.

Apple fired back shortly after 2 p.m. Pacific Daylight Time today with a new update to XProtect. Computers that have Apple update 2011-003 for Snow Leopard now check for updates every 24 hours.

Verizon Wireless customers targeted in nearly invisible Trojan horse scam

Verizon Wireless customers who tried to pay their bills online last week may have been hit by an ingenious, almost undetectable hacker attack aimed at stealing their identities.

Consumers whose computers were infected with the SpyEye Trojan horse program would have been redirected to a Web site controlled by criminals after they logged into Verizon Wireless' website, according to Israel-based security firm Trusteer. Then they were presented with a form that appeared to be from Verizon, but tricked users into entering a detailed series of personal information, including their Social Security number and credit card information.

"The attack is transparent to Verizon customers since the malware waits for the user to log on and access their billing page, and only then injects an authentic-looking replica Web page that requests this information," said Amit Klein, Trusteer's CEO. "Since the user has logged on and has navigated to the familiar billing page they have no reason to suspect this request for payment information is fraudulent."

SpyEye is a copycat of the powerful Zeus Trojan horse that has been successfully used in massive electronic banking heists, including a series of thefts the FBI warned about recently that hit U.S. companies and sent millions of dollars to six Chinese cities.

The attacks occurred between May 7 and May 13, Trusteer said.

Verizon confirmed the attack late Wednesday night, but said it didn't impact its systems — only consumers who failed to secure their own computers were hit.

"No Verizon systems or networks were breached," said Verizon spokesman Bill Kula in an email to msnbc.com. "Customer data was protected unless their PC was not protected by anti-virus software with current definitions. We encourage all customers to use anti-virus software and keep their ant-virus definitions current."

Verizon said at least one other "major communications company" was targeted by the SpyEye attack, but declined to identify the firm.

It also noted that consumers who were infected with the Trojan horse, but didn't log in to Verizon or that other firm, were not impacted.

"(Computer criminals) typically just go after anyone they can infect," Kula said. "We have no indication it is more than this. The bogus page will only launch when they try to go to our billing site. There could be many other people infected who are not our customers, and thus will not see the bogus page launch."

Trusteer said it had reason to believe at least some consumers had fallen for the scam, but couldn't say how many.

Hackers have taken to increasingly sophisticated malicious software that lies in wait until consumers — or businesses — are particularly vulnerable, such as immediately after logging on to a financial website. It's a troubling trend, Klein said.

"While this attack is not technically new, it continues a financial malware trend we have been tracking in recent weeks: a shift away from stealing usernames and passwords to stealing payment and credit card data," he wrote in a blog post. "There's no easy answer, since most endpoints used to enter payment and credit card data are outside the control of the merchants who process the transactions."

Say Goodbye to Era of Mac Malware Immunity

You know you've finally arrived as a software platform when hackers start gunning for you.
Such is the predicament that Apple's success has brought: Sophisticated malware has started to appear that's directed specifically at Apple machines. For years, security experts predicted that as Apple gained market share, cybercriminals would turn their attention from Windows machines toward Mac attacks. Now it appears to really be happening.

Apple's Mac OS X operating system now enjoys a market share of more than 15 percent in the U.S., according to Swedish Web-monitoring service Pingdom. Coincidentally, in a 2008 paper written for the IEEE Computer Society, Cloudmark researcher Adam O'Donnell predicted that when Apple's market share reached a "tipping point" of roughly 16 percent, then hackers would begin targeting those systems.
According to other experts, that prediction now appears to be coming true.

New phase

"We are now seeing Mac-specific malware that we hadn't seen before," said Michael Sutton, vice president of security research at Sunnyvale, Calif.-based security company Zscaler.

In the past few weeks there have been examples such as MacDefender, a fake antivirus program that hijacked the name of a legitimate security program in an attempt to trick Mac users into divulging credit card numbers.

Such "fake AV" malware for Macs has arisen in the past, but much more troubling was the nearly simultaneous appearance of the first available do-it-yourself crimeware kit aimed specifically at Macs. Dubbed the Weyland-Yutani botkit (and named after the fictional corporation from the "Alien" movies), it is being sold on underground forums, with the promise of an iPad version to come. Such crimeware kits have been commonly sold in the black market for Windows machines. They are generally used to create Trojans or find access to infected systems for later exploitation. Once the hacker gains control of enough machines — usually numbering in the thousands — he can create a botnet army of "zombie" machines, which can then be used to attack specific sites.

Some of the malware that claims to provide antivirus software runs like a modern-day con game, complete with telephone support with real people answering customers' questions for the bogus software.

It's a lucrative business, Sutton said, because the virus and malware writers can sell access to thousands of infected machines on the open market. Renting out such hacked networks can make the "owners" millions of dollars. It's today's version of a digital hired gun.

Supply and demand

While Apple advocates have argued for years that Macs were inherently more secure, most experts say that the hackers simply follow the market. So now there are viruses aimed at smartphones, for example, because tens of millions of them — tiny, powerful computers — are in use around the world. Smartphones are also more attractive because they are constantly connected to the Internet. By the time an infection is discovered, the attackers have made their money with fraudulent charges and moved on.

Furthermore, because the computing world is no longer singularly dominated by Microsoft Windows, "we're seeing more Web-based attacks that are platform agnostic," said Zscaler's Sutton.

That means fraudulent websites are designed to infect any computer that inadvertently visits the site, whether it be a Windows or Mac OS X computer running any of a half-dozen Web browsers.

The popularity of Apple's iPhone and iPad has had a "halo effect" that attracts both consumers and criminals to the platform, so Mac owners should keep their browsers up to date and be more cautious.

Still, much of the computing world, and especially the corporate enterprise side, relies on Microsoft Windows. "So the Apple malware is still small compared to what we see on the PC side," noted Sutton.

But it may be not for long

500million Facebook users 'may have had information leaked to advertisers'

Millions of Facebook users' personal information has been leaked to third-party companies, it has been claimed.

The apparent data breach includes profile information, photographs and chat logs from the more than 500million people who use the social networking website.

Third parties, such as advertisers, would even have had the ability to post messages, computer security company Symantec said in its official blog. Breached: Millions of Facebook users have had their personal details shared with third-party companies without their knowledge, according to internet security company Symantec

The leak, Symantec said, comes from the many Facebook applications published by third-party developers.

The blog post said: 'We estimate that as of April 2011, close to 100,000 applications were enabling this leakage.'

It continued: 'Over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties like advertisers or analytic platforms.'

'Access tokens' allow Facebook applications to access and change personal profile information.

Users' typically grant applications this type of access to allow them to post notifications on their profile, and on their friends' profiles, and to access data.

But by handing over these tokens to others, application developers were giving advertisers or online analytics companies a way to get at this information too.

According to Facebook, as many as 20million applications are installed on to users' profiles every day.

The warning comes just two weeks after Sony admitted that 100million users of its PlayStation Network and Sony Online Entertainment services had their security details stolen by hackers.

Two cyber attacks, which the tech company blamed on hacker activists Anonymous, left the company's online gaming network out of action as security engineers battled to stem the flow of users' private information, including emails, birth dates, phone numbers and addresses.

Symantec said they had notified Facebook, the world's largest social networking website, of the breach in security.

Symantec is one of the world's biggest internet security companies. Millions of computer owners use the company's flagship Norton Antivirus and Norton Internet Security products to protect their personal data while using the internet.

Facebook's security spokesman, Malorie Lucich, played down the warning. 'Unfortunately, their (Symantec's) resulting report has a few inaccuracies,' she said.

'Specifically, we have conducted a thorough investigation which revealed no evidence of this issue resulting in a user's private information being shared with unauthorized third parties.'

Ms Lucich said the report also ignores the contractual obligations of advertisers and developers which prohibit them from taking or sharing user information in a way that 'violates our policies.' She also confirmed that the company has updated the API (Application Programming Interface) referred to by Symantec.

Microsoft readies 17 software patches for 64 holes. Nine of the 17 patches being released by Microsoft are deemed "critical."

Get ready for Patch Tuesday, April 12: Microsoft is issuing 17 software fixes, nine of them considered "critical" to its Windows operating system, as well as to Internet Explorer and Microsoft Office.

Altogether, the patches will fix 64 security holes, or vulnerabilities, in a wide range of Microsoft's software, including Visual Studio, and .NET Framework.

The 17 patches are the same number of fixes Microsoft released in December to address 40 different problems. The newest round ties with December's fixes for the most patches in a single bulletin, and as Ars Technica noted, "takes the clear lead for number of flaws fixed."

While Microsoft's Security Bulletin doesn't have "any specific details" about the patches, the company "said some of the fixes will address the Windows MHTML vulnerability and the Server Message Block Browser bug in Windows XP," according to Fahmida Y. Rashid of eWeek.com:

First reported last January (Security Advisory 2501696), the MHTML flaw allows attackers to run scripts in the wrong security context on Windows XP, Vista, Windows 7 and all supported Windows Server releases. An attacker could exploit the vulnerability to inject a client-side script in a Website the user is viewing in Internet Explorer. Once executed, the script could collect user information and spoof content. Attackers have exploited the vulnerability in "limited, targeted attacks" using the public proof-of-concept code, according to Microsoft.

The Server Message Block Browser bug in Windows XP, which could trigger a blue screen in kernel mode, was publicly disclosed on Feb. 15. French security firm Vupen rated the flaw as "Critical" and warned that the exploit could cause a denial-of-service attack or completely take over the compromised system.

Just about every Windows user needs to pay attention to this patch. Notes Rashid:Affected operating systems include Windows XP, Windows XP Professional x64 Edition, Windows Server 2003, Windows Server 2003 x64 Edition, Windows Vista (32-bit and 64-bit), Windows Server 2008 and Windows 7.

There are updates for Internet Explorer 6 through 8. Despite Microsoft's attempts to sunset IE6, it appears IE6 bugs in Windows XP and Windows Server 2003 have been addressed.

'Invite' scams target millions of Facebook users. Just say "No!"

Have you recently received an invite on Facebook to a public event titled "Who blocked you from his friend list?" Maybe you got one for an online shindig called "You will NEVER send a TEXT after seeing this VIDEO!"

Scammers are playing on your need to feel included (or perhaps your fear of texting-related death) and a host of other OMG CAPLOCKED!!!! emotional triggers in their latest attempt to generate income from online survey scams, reports Sophos.

Sophos researchers have discovered bogus events promoting revenue-generating scams that put cash into the pockets of the spammers that have targeted — in some cases — over 10 million Facebook users.

The event page for "Who blocked you from his friend list?" reveals that more than 165,000 Facebook users plan to "attend," the event (which means they clicked), and 10.3 million users under the "Awaiting Reply" section. (Here's hoping they don't reply!)

Invitation bait is a newish twist on a not-so-newish "take this survey" grift — scammers earn commission on every sucker tricked into responding to an invite. Facebook users eager to learn more about the invite click the "More info" link in the event's summary.

If you click away, you may quickly find yourself on a Web page outside of Facebook, inadvertently earning money for the scammers. Provide your cellphone number when prompted, and you could find yourself signed up for an expensive mobile service as well. What's more, once you're hooked, the invite can spread to all your Facebook friends, keeping the scam alive.

Remember, the rules that keep you safe in real life apply to Facebook as well. Don't accept rides from strangers, and never accept Facebook invites to outlandish "events," especially if the invites abuse the caps lock.

Millions of emails exposed in major security breach

A major security breach exposed countless customer emails for a growing list of companies, including TiVo, JPMorgan Chase, Citi, Capital One, Marriott Rewards, Walgreens and more.

Epsilon, the world's largest permission-based email marketing services company, released a statement reporting an unauthorized entry in its clients' customer database on Friday. Email addresses and customer names were obtained. The list of client databases began with the grocery chain Krogers, but as the investigation continues, more companies are added.

Epsilon sends over 40 billion emails annually and counts over 2,500 clients, including 7 of the Fortune 10 to build and host their customer databases, reports Security Week:

Some may dismiss the type of data harvested as a minor threat, but having access to customer lists opens the opportunity for targeted phishing attacks to customers who expect communications from these brands. Being able to send a targeted phishing message to a bank customer and personally address them by name will certainly result in a much higher “hit rate” than a typical “blind” spamming campaign would yield. So having access to this information will just help phishing attacks achieve a higher success rate.

Several companies, including TiVo, Kroger and Citi, notified customers that their emails and names may have been exposed. In an email response to SecurityWeek, a Marriott Rewards spokesperson stated, "The unauthorized person(s) had access to email addresses and member point balances. They did not have access to member addresses, account logins and passwords, credit card information or other personal data."

Citi tweeted a link to the following statement:
"Because e-mail addresses can be used for "phishing" attacks, we want to remind our customers that Citi uses an Email Security Zone in all our email to help them recognize that the email was sent by us. Customers should check the Email Security Zone to verify that email they have received is from Citi and reduce the risk of personal information being 'phished.'"

The current list of companies affected include: TiVo, US Bank, JPMorgan Chase Capital One, Barclays Bank of Delaware McKinsey & Company, Marriott Rewards, Ritz-Carlton Rewards, New York & Company Walgreens, Brookstone, LL Bean, The College Board, Home Shopping Network (HSN), Disney Destinations

Malicious Web attack hits 1 million site addresses.'Mass-injection' attack is the largest of its kind ever seen, experts say

More than 1 million website pages have been hit by a sophisticated hacking attack that injects code into sites that redirect users to a fraudulent software sales operation.

The so-called "mass-injection" attack, which experts say is the largest of its kind ever seen, has managed to insert malicious code into websites by gaining access to the servers running the databases behind the Internet, according to the technology security company that discovered it.

Websense, which first found evidence of the attack earlier this week, has called it 'LizaMoon,' after the site to which the malicious code first directed its researchers.

Users can see that they are being redirected when they attempt to visit an infected address, and can close the window with no ill effects, said Patrik Runald, a senior manager of security research at Websense.

The attack has largely affected small websites so far, he said, with no evidence that popular corporate or government websites have been compromised.

If users do not close the window after typing an infected address, or clicking an infected link, they are redirected to a page showing a warning from 'Windows Stability Center' — posing as a Microsoft Corp security product — that there are problems with their computer and they are urged to pay for software to fix it.

Websense said the site appeared to be set up by sophisticated fraudsters out to make money, but it was not clear whether the site also planted malicious software on users' computers if they made a purchase on the site, or if the operation was linked to an identity theft scam.

The presentation of the bogus website, as shown by Websense, is high quality but clearly fraudulent. Microsoft has no product called 'Windows Stability Center". The company did not immediately have a comment on the attack.

Websense said some third-party Web addresses containing information about podcasts available on Apple's iTunes service had been compromised, but said Apple appeared to have prevented the malicious links from working. Apple did not respond to a request for comment.

The attack may take some time to be tamed, warned Runald, as researchers first have to identify the software being compromised, and then website operators have to install updated software.

"Attacks like this tend to stay for a very long time," he said. "Once they are onto something, it tends to stay with us. This LizaMoon event won't disappear over a day."

Internet Explorer Browser flaw could mean access to passwords

A recently discovered flaw in Internet Explorer could allow criminals to collect passwords and banking information. Microsoft is warning Windows users to be aware of the problem, with a manual work-around available, but there is no downloadable software fix available yet. (Msnbc.com is a joint venture of Microsoft and NBC Universal.)

So far, Microsoft says it "has not seen any indications of active exploitation of the vulnerability." More details are available here, along with a suggested workaround (check under the FAQ section), as part of the security advisory. Users of Windows versions from XP to Windows 7 are at risk, Microsoft says.

The software giant is continuing to investigate the Web browser flaw, which it says could allow an attacker to create script that could "spoof content, disclose information, or take any action ... on the affected Web site on behalf of the targeted user."

In its frequently asked questions area of the site, Microsoft notes that in a "Web-based attack scenario, an attacker could convince a user to click a specially crafted link that would inject a malicious script in the response of the Web request."

Chester Wisniewski, of Sophos security software, noted on the company's blog that there is "proof of concept code in the wild and it seems to be only a matter of time before we see criminals trying to exploit this flaw. For individuals, or people who only manage a small number of computers, Microsoft has provided a Fix it tool that allows (users) to apply their recommended settings without having to use GPOs or having to manually edit registry keys."

If you're unsure of what to do and don't want to fool with the Fix it tool, the best thing may be to switch to another Web browser for now, such as Firefox or Chrome.

Microsoft warns of security flaw that 'affects 900 MILLION people using Internet Explorer'

Users urged to download patch to block any attempts to use it

Microsoft has issued a 'critical' security alert that affects 900million people using its Internet Explorer web browser.

The computer giant warned of a newly-discovered flaw in Windows that could be exploited by hackers to steal personal details or take over computers.

The glitch is so severe it potentially affects every user of Internet Explorer.

Firefox, Google Chrome and Safari browsers are all unaffected by the threat because, unlike Internet Explorer, they don't support MHTML files, where the problem lies.

The loophole only seems to affect the way Internet Explorer handles some web pages.

Microsoft just said that the bug is inside Windows, presumably because they don't want users to migrate to other browsers.

This means it affects all versions of the operating system currently supported including Windows XP (SP3), Windows Vista, Windows 7, Windows Server 2003 and Windows Server 2008 (R2). Internet Explorer users are being urged to download a patch to stop any potential attack on their computer ahead of a permanent fix

The company has so far been unable to remove the bug itself and has issued a 'fix it' security patch to block any attempts to use it.

All Windows users, particularly those who use Internet Explorer, are being urged to download the patch as the company's security team work on a way to permanently fix the problem.

The company has described the flaw as a serious threat, although no hackers are thought to have yet exploited the vulnerability.

Microsoft spokeswoman Angela Gunn announced the flaw in a security advisory published online on Friday.

She said: 'An attacker could construct an HTML link designed to trigger a malicious script and somehow convince the targeted user to click it.

'When the user clicked that link, the malicious script would run on the user's computer for the rest of the current Internet Explorer session.

'Such a script might collect user information (e.g. email), spoof content displayed in the browser, or otherwise interfere with the user's experience.'

From Security News Daily: Network printers now targets of hackers Once cyberattackers break in, the rest of the system is at risk, too

Paper jams used to the biggest problem with printers. But now, high-tech home and office printers have become alluring targets for cybercriminals.

Researchers at this weekend’s ShmooCon 2011 convention in Washington, D.C., will demonstrate how Internet-connected printers that aren’t properly secured can be hijacked and used to gain unauthorized access to corporate networks they’re running on, according to an article in MIT’s Technology Review.

The hacking program is called “Praeda” (Latin for “plunder”) and works by exploiting common security flaws, such as default passwords left unchanged. Once inside the network, Praeda can be deployed to steal passwords and files, or take control of other devices connected to the same network.

Praeda was developed by Deral Heiland, an independent researcher who attempts to hack into computer networks to determine their weaknesses.

Heiland said that printers are ideal targets for cyberattacks because they are not typically secured as stringently as computers. Often, manufacturers don’t require owners to set a new password for their printers.

Once a printer is compromised, the rest of the network that feeds into it is on thin ice.

“These devices have gone from being standard, simple printers that got on the network to the point where they are totally integrated in the business environment. And that heavy integration is what makes them a premium target,” Heiland said.

In another demonstration of printer vulnerability, independent researcher Ben Smith will demonstrate Print File System — dubbed PrintFS — that uses the Internet to find vulnerable printers, and then coordinates them into one storage network, which can be used by hackers to store malware.

Security experts advise owners of Web-connected printers and any other devices containing Internet Protocol addresses to realize they are as vulnerable as computers, and to take action to secure them, including downloading security updates.

Twitter worm leads users to fake and malicious site

A nasty worm on Twitter preys on users who click on a shortened link that takes them to a fake anti-virus site for "Security Shield" software. Once there, the aim is to get users to download what is billed as anti-virus protection, but is really malicious code.

If this seems like deja vu, it is: the same worm appeared early last month on Twitter, the short-messaging blog where posts are limited to 140 characters, and website URLs are often shortened to help reduce character count. The worm is using Google's URL shortener, "goo.gl" to entrap users.

"If you make the mistake of clicking on one of the malicious goo.gl links you are ultimately taken to a website which attempts to scare you into believing that you have a virus problem on your computer," writes Sophos' Graham Clueley on the security software company's blog. "You are then frightened into installing malicious code on your PC, and asked to pay money to disinfect your systems."

Clueley wrote that it "isn't yet clear is how the Twitter users found their accounts compromised in this way. The natural suspicion would be that their usernames and passwords have been stolen.

"It certainly would be a sensible precaution for users who have found their Twitter accounts unexpectedly posting goo.gl links to change their passwords immediately," the same advice Twitter itself is offering.

"We're working to remove the malware links and reset passwords on compromised accounts," tweeted Del Harvey, of Twitter's Trust & Safety team.

Adam Wosotowsky, principal researcher at McAfee Labs, said in an e-mail statement, "The Goo.gl fake antivirus attack is not new, and is fairly simple to execute. The attack is most likely a Trojan that began by phishing."

Shortened URL sites, he said, "are not 100 percent malicious, so blocking the domain completely can cause false positives, which is something researchers try and avoid. Goo.gl is an example of a site associated with Google, so blocking the domain may be frowned upon by Google, allowing the spammer to continually abuse the site."

In short: For now, avoid clicking on that shortened link if it shows up in your Twitter feed.

"In general, please use caution when clicking on links," Twitter advises on its Help Center page. "If you click on a link and find yourself unexpectedly on a page that resembles the Twitter login page, don't give up your username and password! Just type in Twitter.com into your browser bar and log in directly from the Twitter homepage."

Current viruses for Apple Desktop & Laptop. Here is a brief history of MAC Viruses

1982: 15-yr old Rich Skrenta creates the first known Macintosh viruses to go wild, Elk Cloner. The boot sector virus spreads itself on Apple II computers via infected floppy disk, and results in a short poem showing up every 50th boot.

1994: The short-lived INIT-29-B virus modifies system files and other applications, sometimes crashing the system.

1995: The HyperCard HC-9507 virus puts Mac users in a “pickle” by spreading to other HyperCard stacks.

1998: The “Hong Kong virus” (actually a worm called AutoStart 9805) uses the AutoPlay feature of QuickTime to infect PowerPCs by copying itself across disk partitions.

2006: The OSX/Leap-A (aka OSX.Oomp) worm spreads through the iChat buddy lists by sharing the file latestpics.tgz file (falsely advertised as leaked screenshots of the new OS 10.5 Leopard).

2006: The proof of concept virus OSX.Macarena poses no threat, but can infect files in the current folder of Intel-based Macs.

2008: The Trojan horse AppleScript.THT takes advantage of vulnerability in the Remote Desktop Agent feature, hides itself from the firewall and allows hackers to take control of the infected computer.

2008: The OSX.Lamzev.A and OSX.TrojanKit.Malez Trojan horses are created to open a back door. Fortunately, a hacker would pretty much have to have control of your Mac already to use it.

2008: Masquerading as a video codec on adult websites (always a tip-off), the OSX.RSPlug.D Trojan allows a remote server to download files.

2009: Illegally downloaded copies of the popular software iWork ’09 and Adobe Photoshop CS4 come with the malicious OSX.Iservice and OSX.Iservice.B Trojans used to steal users passwords in attempts to create iBotNet.

2010: A new iteration of the Trojan horse OSX/HellRTS threatens to duplicate itself and open a backdoor for hackers.

Hackers use fake Obama e-mail to steal data. Was top secret information compromised in attack traced to server in Belarus?

A malware-infected e-card purporting to be from the White House stole sensitive information this holiday season from dozens of people, including several government employees and cybersecurity professionals.

The corrupted e-card bearing the title “Merry Christmas from the White House" was sent on Dec. 23, reported Brian Krebs of the blog Krebs on Security, and contained this message: “As you and your families gather to celebrate the holidays, we wanted to take a moment to send you our greetings. Be sure that we’re profoundly grateful for your dedication to duty and wish you inspiration and success in fulfillment of our core mission.”

Below the message were two links, followed by the address for the White House, giving the scam a supposed seal of approval.

The scam, Krebs said, appears to be the latest strike from the ZeuS malware gang, an international cybercriminal network that in the past year used the ZeuS Trojan – designed to siphon bank account numbers from PCs -- to steal nearly $9.5 million.

Recipients of the fake e-card who downloaded the links were “infected with a ZeuS Trojan variant that steals passwords and documents and uploads them to a server in Belarus,” Krebs said.

Krebs identified several victims of scam, including an employee at the National Science Foundation’s Office of Cyber Infrastructure, an intelligence analyst with the Massachusetts State Police, a Financial Action Task Force employee, an official with the Moroccan government’s Ministry of Industry, Commerce and New Technologies, and a Millennium Challenge Corporation employee.

The scam was also analyzed by Alex Cox, principal research analyst with the security firm NetWitness. Cox said that the corrupt White House e-cards are similar to another ZeuS botnet scam, named the “Hilary Kneber” scam for the e-mail address of its sender.

Cox believes the criminals behind this malware campaign are after sensitive U.S. government documents.

“This evidence shows the continuing convergence of cybercrime and cyberespionage activities, and how they occasionally mirror or play off one another,” Cox wrote. “The question again, which we posed in our initial Kneber document, is: “Who is the end consumer of this information?”

BOSTON (Reuters) - Microsoft Windows vulnerable to new type of attack

Some versions of Microsoft Corp's Windows operating system are vulnerable to attack from hackers exploiting a flaw in the software that could allow them to remotely take control of a personal computer.

The software giant warned of the problem on Tuesday in a special alert. It said it has yet to develop software to plug the hole in Windows or to figure out a workaround to the problem.

Microsoft said it is not aware of any attacks that tried to use the vulnerability, which involves the way Windows renders graphics on versions of Windows XP, Windows Vista, Windows Server 2003 and Windows Server 2008.

The problem does not affect Microsoft's most-recent PC operating system, Windows 7, and its newest operating system for servers, Windows Server 2008 R2

Microsoft released a very important security updates, December 15, 2010

Microsoft released a very important security updates for its Windows Operating System and its Internet Explorer Browser for flaws that could let hackers take control of your computer. It should be updated immediately to prevent criminals attack against Windows and Internet Explorer!

Microsoft released 17 security patches to address 40 problems in its products.

Hacker jailed after spying on computer users using their own cameras

A hacker spied on countless computer users by manipulating their home webcams.

Matthew Anderson, 33, is understood to have sent out 50million ‘spam’ emails containing an attachment for recipients to click on.

All of those who did so – believed to be 200,000 – had their computer infected with a virus that left it effectively ‘enslaved’.

Anderson was then able to rifle through private files and saved photographs – and even switch on web cameras attached to the computers.

At his leisure he then sat spying into the living rooms or bedrooms of strangers. The victims will have been completely unaware of his watching eyes.

When he was caught in a four-year police operation, officers found he had stored pictures and film of dozens of people in their own homes.

Among clips was that of a 16-year-old girl bursting into tears when Anderson began changing words on her computer screen.

He then gloated to a fellow hacker about tormenting her, revealing he had been using her webcam for hours, viewing her sisters, and lamenting the fact they were not naked.

Anderson was working in an international hacking gang called ‘m00p’ with at least three others. Only one other, from Finland, has been caught.

He was jailed for 18 months today after pleading guilty to ‘unauthorised modification of computer systems’ at Southwark Crown Court in London.

However, he is likely to serve just nine months. The court heard the father-of-five, who was born in Rochdale, carried out his crimes in the home of his mother Ruth, 54, in Banffshire, Scotland.

He claimed through his barrister that he joined online chatrooms after being left house-bound by panic attacks in his early 20s.

Publicly he ran a computer security firm – offering to protect clients, ironically, from people like himself.

Simon Ward, defending, said Anderson was motivated by ‘the feeling of power that comes from the knowledge that you have control over something that others don’t know you have the control of’.

As well as private home computers, Anderson targeted the John Radcliffe Hospital in Oxford, Oxford University and government computers. But he avoided military sources for fear of detection.

The ‘cutting edge’ software behind his virus has been ranked as among the best in the world.

Anderson was caught after the m00p gang was investigated jointly by Scotland Yard and Finnish authorities when a computer expert at John Radcliffe hospital raised concerns.

Anderson was found to have profited by £12,000 by selling on to legitimate marketing firms email addresses harvested from computer address books.

But it was the webcams he used and the personal data, including nude photos and bank account details, which he had access to and copied that is particularly chilling.

Investigating officer Detective Constable Bob Burls said Anderson’s initial spam emails typically told recipients they had a computer problem, and offered to fix it.

When they clicked on the file, the hacker’s virus was let loose to hijack the computer, although it seemed to continue working normally. From his remote location he could record every word typed, or copy the computer screen at any time.

Anderson and his fellow gang members operated unhindered for years – with around one in 250 spam recipients being taken in.

During police monitoring, Anderson – who used online nicknames including warpig and, warpiglet – successfully enslaved 1,743 computers in just 90 minutes.

His fellow gang members were known online as Kdoe, CraDle and Okasvi - with the last, real name Artturi Alm, being the only other hacker brought to justice when jailed in his native Finland two years ago.

Mr Burls said the hacker copied one victim’s will, website passwords, banking passwords, and CVs, as well as confidential medical reports on children, and intimate photographs, all carefully catalogued. He also saved film and stills taken at his command from victims’ webcams. They may have been unaware the webcams even worked.

Computer Virus Set To Destroy United States Computer Data

A computer virus known as Blackmal, or Blackmal E, has been spreading rapidly across the country. The destructive new virus spreads easily from computer to computer and immediately begins to delete or corrupt all of the files on the infected computer.

The virus is known to delete irreplaceable files including business documents, contacts, financials, photos, music, emails, and more. Once these files are deleted by the Blackmal virus, it is impossible to recover the lost data.

Because of the ease in which the Blackmal virus can spread, experts estimate that this will be one of the worst virus outbreaks in recent history. Unlike many viruses which are transmitted via email attachments or file downloads, the Blackmal virus can quietly infect your computer while you simply browse the Internet as you normally do - even if you stick to browsing only reputable or "safe" websites.

With more than 100,000 known computer viruses in existence today, the rate of infection among PCs has risen to more than 10% per month. And with anti-virus software barely able to keep up with the growing number of different viruses, chances are high that you or someone you know will suffer from a crippling virus attack.

In fact, research indicates that about 43% of all computers will suffer a data loss episode during any given year - that's close to 47 million episodes of data loss per year.

With data loss due to viruses becoming more and more common, millions of people are turning to online computer backup to protect their important computer files. Backing up your files online ensures that they will remain safe and secure should anything happen to your computer. If a virus wipes out your files, you can simply recover and restore them online.

Because of their growing popularity, online computer backup options are popping up all over the Internet, which can make it difficult for consumers to determine which option is best for them.

United Kingdon: Warning over internet hacking gangs that steal your details by selling bogus virus protection.
This could be happening in the United States as well. Be careful!

Beware: Hackers are creating malicious software disguised as anti-virus protection.

Gangsters are tricking worried internet users into buying anti-virus protection that is actually malicious software in disguise, security experts warned today.

Investigators fear hacking gangs are pocketing millions of pounds by infiltrating customers' computers and stealing sensitive banking details.

They said criminals pose as legitimate IT companies who cold call victims offering fake security software that can be downloaded for around £30.

The crooks then combine credit card information from the sale with stolen personal information to defraud the customer or commit further crimes.

Sharon Lemon, who is responsible for fighting cyber crime at the Serious and Organised Crime Agency (Soca), said it is ‘big business’.

She said: ‘In recent cases, we have seen gangs employing 300 to 400 people to run their operations and using call centre-scale set ups to target victims en masse.

‘They can also be paying out as much as 150,000 US dollars a month (on a pay per download basis) to individual webmasters who are unwittingly advertising their fake software - this level of investment from criminals indicates that the returns are much heftier than this.’

The warning came at the start of an internet security awareness week organised by GetSafeOnline.org, which is supported by Government bodies, police and private companies.

Research conducted on behalf of the campaign group found one in four adult web users in Britain have been approached by someone offering to check their computer for viruses.

Thousands of spam emails offering virus check services have also been sent out while almost half (48%) of all web users have seen a pop-up window claiming their computer is infected.

Last month, a computer security expert Matthew Anderson, 33, of Drummuir, Aberdeenshire, admitted being a key member of an international hacking group engaged in a similar scam.

He was caught after an investigation by Scotland Yard and authorities in Finland into a gang, known online as the m00p group, who wrote computer viruses to order that were then attached to spam e-mails.

Government minister Baroness Neville-Jones said: ‘While it's encouraging to see that UK web users are today more security-aware, criminals will always try to be ahead of the game and will use increasingly sophisticated methods to take advantage where they can.

‘However, equipped with the right information, there's no need for anyone to be deterred from going online or from protecting their computers with the right security software.’

Tony Neate, of getsafeonline.org, said: ‘Web users should ignore cold calls from companies offering free virus checks, and be very cautious of any on-screen pop ups.

‘Most reputable IT providers do not approach customers in this way without prior notice or a direct request.’

More information can be found on www.getsafeonline.org.

Malicious software distribution network taken down in Netherlands

THE HAGUE, Oct. 26 -- Dutch police have taken down a malware (short for malicious software) distribution network operating in the Netherlands, local media reported on Tuesday.

The Dutch National Crime Squad said in a statement that the dismantled malware distribution network Bredolab is a botnet that has infected at least 30 million computers worldwide.

However, it said, the cybercriminals, who are probably based in the eastern part of Europe, haven't been caught yet.

The Bredolab network was used to distribute malware through social network sites and email attachments. Once the virus is installed on the computer, the so called Trojan horse can allow the download of additional malicious software.

The purpose of the virus is to obtain information about the user such as passwords and financial data by recording the keystrokes of the users. The Dutch High Tech Crime Team have estimated that at least 3.6 billion emails with the Bredolab virus were sent on a daily basis to unaware computer users.

The cybercriminals used the servers of LeaseWeb, which is the largest hosting provider in the Netherlands. This provider is now fully cooperating in the investigation that is led by the Dutch National Criminal Investigation.

They will warn the users of computers with viruses by sending out a notice with information on the status of the infection on their computer. Users will also receive an helpful advice on how to remove the viruses.

FaceTime for Mac may have security hole

Fans of Apple's FaceTime video calling program had cause to celebrate Wednesday when Steve Jobs said FaceTime can now be enjoyed by Mac computer users to talk with those who have other Macs, iPhone 4s or the latest iPod Touch. But less than 24 hours after that announcement, the security hounds barked some concerns.

"While many users are happy about having FaceTime on their Mac, we are a little anxious about some security glitches present in the current beta of the software. With a few clicks others can make use of the user's Apple ID and reset the password with ease," said MacNotes, a German website and magazine.

Mac software developer Gernot Poetsch shared the apparent flaw in the program, reported by MacNotes.

"Once you've logged into FaceTime you can have a look at all the account settings of the used Apple ID," MacNotes said. "Username, ID, place and birth date are shown as well as the security question and the answer to it — in plain text, without another password request. To reset the password to an Apple ID, all you need (is) the exact birth date and the answer to the security question — we tried that out for you, and it worked fine."

Even without the plain text answer, MacNotes said, "the password reset itself is a little awkward — closer friends and families usually know answers to the standard questions, such as favourite number or certain names. Unfortunately there's no way to deactivate the security question password reset."

Another issue, the magazine noted, occurs when a user logs out of the computer: "When you choose 'Log Out' from the top menu, the password remains in the password field, even when restarting the application. That shouldn't be the case ... Applications should remove passwords from the password field as soon as the application is closed."

For now, MacNotes' advice is to not use FaceTime, or to "make sure your computer is safe — set a master password and never leave your machine open and running in a public place. Otherwise you might get an unusual surprise at some point."

On its site, Apple notes that "FaceTime is easy to set up on your Mac,. All you need is an Apple ID and an e-mail address and you're ready to roll."

The program is in beta, or test, mode for now. That means the company will be tweaking it many times over to improve it.

U.S. leads in bot-infected PCs, but other countries have worse infection rates

Microsoft's Security Intelligence Report, a study of bot infections, reveals that the United States has, by far, the most PCs running naughty malware. However, as you probably guessed, the number is high in part because we have so many more PCs than anyone else. In more absolute terms, Turkey was the big champ, with 36.6 computers infected per 1,000, followed closely by Spain, Korea and Taiwan. America wasn't even in the top five, but Microsoft still labels it bright red, as in "you probably should take some precautions."

The way Microsoft tracks this is by counting how many times its Malicious Software Removal Tool actually cleans malware out of a system. Using that metric, perhaps it's good news that in the first quarter of 2010, the software cleaned 11 million PCs in the U.S., while in the second quarter, it only cleaned 9.6 million, a nearly 13% decline. Which is nice.

Malware attacks becoming more stealth to be noticed

The people and groups behind modern malware are taking new and more stealth approaches to attack computers without being noticed, a cyber security firm said on Tuesday.

These cutting-edge cyber attacks come in the form of drive-by downloads, in which a website can silently attack a computer by exploiting vulnerable software or Plug-ins - Adobe Reader, for instance - on the user's system, according to Symantec.

"You used to have to go to bad places to get infected, whether that was pornographic or gambling or software pirating sites," said John Harrison, Manger of Symantec Security Response, the threat research division of security software company Symantec. "Today, it 's mainstream websites, travel and shopping sites, the gaming site you're on during your lunch break."

Up until about three years ago, the perpetrators of computer viruses "used to be a couple teenagers in a basement," said Harrison. In the past few years, however, the threat landscape has morphed into something significantly more serious.

"Today it's very well organized individuals with software developing teams," he told TechNewsDaily.

Where a suspicious seeming inbox message, often written with poor grammar, may have tipped off users in the past, the people and groups behind modern malware are taking new, more stealth approaches to getting into your system, said Harrison.

"You don't even have to click on anything," said Harrison. "That 's one of the scariest things."

Attackers are also using third party advertisements - or " Malvertisements" - to insert Malware onto a system. In this instance, an advertisement will attempt to convince you that your system is infected. The link, which the reader thinks will solve the problem, actually contains the malware, according to Harrison.

Malware makers are also able to design programs that use the real logo from a trusted site - a bank, for instance - to lure users into a sense of security, which they then exploit.

As malware attacks are becoming more difficult to avoid, the security community is struggling to keep pace.

"In the old days, when there was one piece of malware on 100,000 or a million computers, it was easy for a security company to find, " Harrison explained. "Now, every time you visit a site and it infects you, the software fingerprint is totally new. They're polymorphic and dynamically generated. If you're writing antivirus, you write looking for a specific pattern. Now we need a totally new approach."

In 2000, Harrison said Symantec wrote five antivirus signatures a day to target malware. The number grew to 1,400 a day in 2007 and 15,000 a day in 2009. Today, Symantec writes 20,000 to 25,000 antivirus signatures every day.

Moving forward, Harrison believes social networking will play a bigger role in how cyber criminals target users to attack, with corrupted messages made to look like emails from friends or relatives.

'Here you have...' virus hits ABC/Disney, Comcast, Google

A global virus email with the subject line "here you have" spammed inboxes Thursday afternoon. Many employees around the world witnessed their inboxes fill with these spam emails.

In some cases, the flood of spam forced offices to forgo email altogether. A few organizations affected by the worm are NASA, Comcast, AIG, Disney, Proctor & Gamble, Florida Department of Transportation and Wells Fargo.

McAfee has not revealed exactly how widespread the spam attack was, only that it was a Trojan worm and that they are investigating its origin.

Each email came with a message like "Hello: This is The Document I told you about, you can find it here" and includes a link which looks like a PDF document.

If a person clicks the link and downloads the virus onto their computer, it spreads to contacts in that person's email.

Facebook users warned over rogue 'dislike' scam which gives away personal information

Facebook members have been warned of a rogue 'dislike' feature luring users into giving away personal information to scammers.

The social networking website said it was investigating examples of the scam which tricks members into giving away permission to access their profile pages.

The scam was launched amid calls for the introduction of an official dislike feature to accompany the 'like' button already in place, according to IT security firm Sophos.

Spokesman Graham Cluley said: 'Facebook users should think carefully before they click on an unknown link in a friend's status update as these scams are becoming increasingly common.

'Giving away personal information in a survey and allowing an application access to your profile is extremely risky and Facebook users need to wise up to this rather than just clicking on links that they see, just because they appear to be from a trusted source.'

Two versions of the scam were reported to Facebook by Sophos.

A spokesman for Facebook said the website disables malicious applications as soon as they are reported.

'We're always working to improve our systems and are building additional protections against this type of content,' she said.

'As always, we encourage people not to click on suspicious links anywhere on the web, even if they've been sent or posted by friends.

'We also have a robust reporting system in place and encourage our users to report any content they suspect to be spam or have the potential to compromise a user's account through the 'flag' button underneath each post.'

Cyber thieves steal $1m from 3,000 bank customers. Trojan horse started running in July and continues now, security firm says

A Trojan horse planted by criminals was used to steal more than $1 million from the accounts of British customers of the same online bank since last month, according to an international digital security company, and the cyber attack is still underway.

Security firm M86 declined to name the bank, but said in a statement that about 3,000 customers of "one of the biggest financial institutions have fallen victim to a sophisticated attack by cybercriminals using Web-based malware to rob money via the bank's online banking system."

Since July 5, 675,000 pounds, or a little more than $1 million, has been taken by the criminals, whose "command and control center" is believed to be in Eastern Europe, M86 said.

The Trojan horse, called Zeus v3, "steals the customer's online banking ID and hijacks their online banking sessions," the firm said. "It then checks the account balance and, if the account balance is bigger than GBP 800 value (about $1,200), it issues a money transfer transaction."

The Trojan horse is being placed in website advertisements and users who click on those ads may unwittingly be downloading the poisonous payload to their computers. Users who do not have their Web browsers updated to the most recent versions may be the most vulnerable.

Web browsers such as Internet Explorer, Firefox and Safari continue to get stronger in terms of providing much better protection against malware, or malicious software, like the protection, but it is up to users to make sure they have the most recent versions installed.

The Trojan horse itself kicks in when the user connects to the bank's website; the software then starts recording account details, such as passwords, as a user enters them.

Zeus v3 "managed to avoid detection by traditional anti-virus software," M86 said.

The scheme, the firm said in a white paper, "indicates a new level of technical sophistication and signals the continuation of a cybercrime trend that has evolved" in the past few years.

The company's findings jibe with those of McAfee Security, which said this week that the production of malicious software code worldwide reached a new high in the first six months of 2010.

A spokeswoman for Financial Fraud Action UK, which coordinates the British banking industry's efforts against fraud, told the Daily Mail that "The idea that criminals are targeting people by using malicious software or Trojans is nothing new. Bank systems are hard to attack so they’re having to go through the easier link in the chain, which is the customers.

"They’re hoping customers aren’t taking security precautions," she said. "We’ve been seeing this for the last few years and we’re constantly urging people to protect their computers to try to mitigate the risk of becoming a victim."

Great Britain: Thousands of online banking customers have accounts emptied after attack by 'most dangerous trojan virus ever created'

Thousands of British online banking customers have fallen victim to a sophisticated attack by cyber criminals who have stolen thousands of pounds from their accounts.

About 3,000 online banking customers have been victims of a computer virus attack that empties their accounts while showing them fake statements so the scam goes undetected.

Experts have described the attack using a 'trojan' virus as the most sophisticated and dangerous malware program ever created.

The cyber criminals stole an estimated £675,000 between July 5 and August 4 and the attack is still progressing, experts warn.

The latest virus is a variant of the Zeus trojan banking virus which first emerged three years ago and is called Zeus v3.

M86 Security said: ‘We’ve never seen such a sophisticated and dangerous threat. Always check your balance and have a good idea of what it is.’

The scam was discovered after M86 gained access to the command-and-control server in Eastern Europe running the thefts.

It collects data such as passwords and even transfers money out of accounts automatically, but only after checking if there is at least £800 available.

Bradley Anstis, M86 vice-president of technology strategy, said: 'This is an extremely sophisticated version of the virus and it cannot be detected by traditional security software.'

The company said it was the most-sophisticated and dangerous virus yet seen and advised online banking users to check their balances regularly and have a good idea of what it should be.

British high street banks do not believe they have become victims of the cyber criminals.

A spokesman for HSBC said: 'There are millions of viruses and other malicious software.

'We urge people to take basic measure to protect themselves from virus attacks.

'Any customer who is a victim of fraud will be reimbursed by HSBC.'

However, M86 said it believed one high street bank was breached and failed to act quickly after warnings last month.

More than 100,000 PCs in Britain have been infected with other forms of the trojan virus.

McAfee Inc, the security software maker, said production of software code known as malware, which can harm computers and steal user passwords, reached a new high in the first six months of 2010.

McAfee said total malware production continued to soar and 10 million new pieces of malicious code were catalogued.

It also warned users of Apple's Mac computers, considered relatively safe from virus attacks, that they may also be subjected to malware attacks in the future.

'For a variety of reasons, malware has rarely been a problem for Mac users. But those days might end soon,' a spokesman said.

'Our latest threat report depicts that malware has been on a steady incline in the first half of 2010,' Mike Gallagher, chief technology officer of Global Threat Intelligence for McAfee, said in the report that was obtained by Reuters.

Last year £59.7million was lost to online banking fraud, according to Financial Fraud Action UK.

Another £440million was lost to credit card fraud.

And the problem is said to be on the rise, with criminals attacking banks' customers rather than the banks themselves as they are seen as softer targets.

A Financial Fraud Action UK spokeswoman said: 'The idea that criminals are targeting people by using malicious software or Trojans is nothing new.

'Bank systems are hard to attack so they're having to go through the easier link in the chain, which is the customers.

'They're hoping customers aren't taking security precautions. We've been seeing this for the last few years and we're constantly urging people to protect their computers to try to mitigate the risk of becoming a victim.'

Victims of online banking fraud are generally refunded the money.

How to protect yourself from trojans when banking online

* Make sure your anti-virus software is up to date.

* Keep firewalls set to the highest level.

* Never open an e-mail attachment from someone you don't know.

* Never double-click on an e-mail attachment that ends in .exe. It is an 'executable' file and can do what it likes in your system.

* If you think your machine has already been infected, contact your bank immediately. If the bank thinks you are a genuine victim of fraud it will reimburse you.

Understanding Viruses

There's viruses that replicate themselves and spread to other computers, sometimes just for its own sake.

They're called worms if they do it through e-mail or instant messaging.

Trojans follow the metaphor of Homer's Trojan Horse, whose occupants emerged in the night to open the Troy's gates to a devastating attack.

Spyware watches your actions for marketing purposes.

Adware produces annoying popup ads.

Malware, incidentally, is any software you didn't ask for, especially software that has malicious intent.

A bug, meanwhile, is any software that doesn't work right--and may be preferable to malware.

Malware
You can get an infection by visiting a malicious Web site, or by clicking a file attached to spam e-mail, through a p2p file-sharing network, by downloading what you thought was free software, or by using an infected removable device like a USB memory stick. Intrusion attacks can come in over the Internet.

Trojans
Many trojans will download other malware that take root in our computer and start doing nasty things. These include password stealers and keyloggers that will try to swipe your account information so that someone else can swipe your money. Or they may turn your computer in to botnet node, under the remote control of a bot herder, who will typically use it to spew spam.

Phishing
The rise in phishing - e-mail that tries to trick you into revealing information that could be used for ID theft or other fraud. The phishers have been going after denizens of social networking sites and even large corporations.
Software can't protect you against the phishing plague, only common sense can do that. If some random e-mail asks for your personal information because somehow otherwise your bank account, or our game subscription, or your corporate computer privileges will be suspended, delete it.

Card thieves steal $10 million, $10 at a time

There's a new reason to check your credit card bills carefully every month. The Federal Trade Commission this week asked a U.S. court to stop an elaborate credit and debit card scam that has already hit more than 1 million victims with tiny charges -- some as small as 20 cents each. The identity theft scam lasted nearly four years, according to the FTC's complaint. In the end, more than $10 million was moved out of the country and into bank accounts in Lithuania, Estonia, Latvia, Bulgaria, Cyprus and Kyrgyzstan, it said. In many cases, the charges were so small that consumers didn't notice them, and paid their bills.

"The vast majority of consumers ... either do not notice these charges, misunderstand them, or do not file formal complaints with their credit or debit card issuer to challenge the charges," the complaint reads.

The FTC said it doesn't know where the stolen credit card numbers came from, but the lawsuit filed on Monday offes a rare glimpse of the efforts by overseas criminals to turn stolen cards into cash.

According to the complaint, criminals managed to set up nearly 100 fake U.S. corporations, and use the firms to set up fake credit card merchant accounts. Then, they were able to charge and collect credit card payments.

The firms were located all over the U.S. -- New World Enterprises in New Jersey, SMI Imports in Florida, Parts Imports in Louisiana, Bend Transfer Services in Bend, Ore., for example. Consumers would see names like Alpha Cell, Image Company, or United Services on their credit card bills next to the charges, along with an 800-number. Consumers who called to complain usually found the number was disconnected.

In order to create the appearances that the phony firms were based in the U.S., the criminals hired 14 "money mules," unwitting accomplices who helped move cash in and out of the country.

The mules were recruited through job postings delivered as spam messages. The e-mails said an "international financial services company is seeking a U.S. finance manager," according to the complaint. The mules were then directed to open limited liability corporations, and to open bank accounts. After money arrived from the credit- and debit-card charges, the mules transferred the money from their bank accounts to accounts in the Baltic States.

A key element of the scam, however, was the indifference shown by consumers whose credit cards were charged.

"In many households, one person handles paying the bills for the family, while two or more people may be using the same credit or debit card account. It’s easy for a small charge to fall through the cracks," said Karen Barney, a spokeswoman for the Identity Theft Resource Center. "These criminals depended upon consumers failing to verify each charge. They purposely kept the charges small, so as to not bring attention to their crime."

While the businesses and accounts associated with the civil complaint have been shut down by a U.S. District judge in the Northeast District of Illinois, the Federal Trade Commission does not know who was behind those companies -- they are named as John Does in the complaint. So it's likely the crime is ongoing, using other fake firms and money mules.

TIPS
The Identity Theft Resource Center offered several tips for consumers to keep from being a victim of a small-time credit card scam:
•When reviewing monthly statements check off each item as you confirm and verify each transaction. If there is a discrepancy, immediately report it to your credit card company or financial institution.
•Check your accounts frequently and question any purchase you do not recognize.
•Implement a system of tracking purchases that works for your family. For instance, everyone might put the receipts in one basket or drawer to facilitate tracking purchases.

Smartphone games hit by virus

Hackers have planted viruses in video games for smartphones running on Microsoft Corp's Windows operating system, according to a firm that specializes in securing mobile devices.

The games - 3D Anti-Terrorist and PDA Poker Art - are available on Websites that provide legitimate software for mobile devices, according to John Hering, CEO of San Francisco-based security firm Lookout.

Those games are bundled with malicious software that automatically dials premium-rate telephone services in Somalia, Italy and other countries, sometimes ringing up hundreds of dollars in charges in a single month.

Those services are run by the programers who built the tainted software, Hering said on Friday.

Victims generally do not realize they have been infected until they get their phone bill and see hundreds of dollars of unexpected charges for those premium-rate services, he said.

Hackers are increasingly targeting smartphone users as sales of the sophisticated mobile devices have soared with the success of Apple Inc's iPhone and Google Inc's Android operating system.

Officials with Microsoft could not immediately be reached for comment.

Thousands of Facebook users hit by 'clickjacking' attack

Facebook users are being clickjacked by an internet worm

Hundreds of thousands of Facebook users are falling victim to so-called 'clickjacking' attacks.

Facebook members see links to amusing-sounding subjects such as 'This man takes a picture of himself EVERYDAY for 8 YEARS!!,' that their friends appear to have 'liked'.

Clicking the link tricks users into recommending the site on Facebook too by posting it as something you 'liked' on your own page.

When a user clicks on the text that appears to be 'liked' he is taken to a blank page that just has the text, 'Click here to continue.'

Clicking anywhere on that page publishes the same message to that user's Facebook page.

The Facebook attack uses places an invisible button over an entire web page, so that wherever the user clicks, they end up hitting the button - in this case a hidden Facebook 'like' button.

Security experts say the scam currently has no malicious intent but easily could be adapted to deliver malware - which can infect your computer and cause damage to systems.

Graham Cluley, senior technology consultant at web security firm Sophos, said: 'If you believe you may have been hit by this attack, view the recent activity on your news feed and delete entries related to the above links.

'Furthermore, you should view your profile, click on your Info tab and remove any of the 'pages from your "Likes and interests" section.'

The bug brings up a blank screen with the words Click here to continue on it. If the user clicks the screen the 'like' tag is displayed on their screen

At the moment the clickjacking attack is not being used to deliver malware or phishing attacks, where users' personal details are swiped by internet fraudsters using computer viruses.

'At the moment the attacks which we've seen are more like old-school viruses - written for the heck of it to see how many fans they can get.

Tomorrow, May 27, 2010 Facebook privacy will be ‘simplified’. Some users cringe at the idea of yet another change to the social network

Following founder and CEO Mark Zuckerberg’s semi-mea culpa in the Washington Post’s opinion page, Facebook is set to roll out new “drastically simplified” privacy controls.

“Many of you thought our controls were too complex,” Zuckerberg wrote in Monday’s Washington Post column that several tech blogs interpreted as stopping short of an actual apology. “Our intention was to give you lots of granular controls; but that may not have been what many of you wanted. We just missed the mark.”

Starting Wednesday, the simplified privacy settings Zuckerberg referenced will start rolling out. The specifics of those simplifications haven’t yet been revealed. Ideally, the changes will address the 50 settings (with more than 170 options) users must navigate when setting up profile privacy, as shown in a recent New York Times infographic.

Understandably, users are wary of yet another change to the social network. “This means they’re going to change everything around AGAIN and I'll have to go through all my settings AGAIN to ensure I'm as locked down as I want to be. AGAIN,” one Facebook user wrote after learning of the newest privacy update.

“Every time Facebook makes changes, things seem to get worse, so call me hopeful ... but skeptical,” wrote another.

Indeed, the changes may not be so much of an effort to appease Facebook’s 400 million-plus users, who complain yet show no signs of leaving en masse, but rather those who advocate on behalf of the users.

Beyond the usual consumer groups that have always been fairly vocal regarding Internet privacy, four U.S. senators recently demanded the Federal Trade Commission do something about the social network's increasingly confusing privacy policy.

The 3 Most Common Types of PC Virus Infections
Web security and the vexing problem of malicious software made headlines again last week when computer antivirus software maker McAfee sent out a botched update that crashed thousands of computers around the world.
Such hiccups in computer security software are rare. What isn't rare is the damage caused by the malicious software known as malware that antivirus software is designed to thwart. Last year hackers stole approximately 130 million credit card numbers, according to an Internet Security Threat Report released this month by security software maker Symantec. And in the third quarter of 2009 alone, there was over $120 million in reported losses due to online banking fraud.
David Perry, global director of education for security software maker Trend Micro, is a 22-year veteran of fighting malware. He gave TechNewsDaily a guided tour of malware's trinity, the three most likely sources of malware infection.
Trojans
Ground Zero for malware is the Internet itself. The Web is by far the most common vector for malware infection, Perry said. "The most universal thing of all that's involved in cyber bad guy activity is the Web."
Users don't even have to click anything on websites to infect their computers. Just looking is enough. "Look at the web page and Bang!, you're infected without so much as a how-do-you-do," he said.
Forsaking Internet Explorer and replacing it with another browser such as Firefox won't give you much protection either, Perry said. Malware is basically equal opportunity when it comes to browsers and browser plug-ins.
A Trojan downloader is the most common malicious software to get hit with, he said. A Trojan is any program that pretends to be something other than what it really is — a downloader is a program that downloads another program. "It's like Robin Hood," Perry said. "He shot an arrow with a string over a tree branch. He used the string to drag up a rope and the rope to drag up a basket of stuff."
In the past, sites devoted to porn and file sharing were the usual suspects for being sources of infection. "It used to be true," but no longer, Perry said. “We’ve seen government agencies and the Roman Catholic Church get infected; we’ve seen railroads and airlines and the British Museum get infected. There is no safe web page.”
To make matters worse, infected computers are often asymptomatic and appear to be functioning normally. Many Trojan viruses don't slow your computer down or make your cursor go crazy. Like high blood pressure, malware is a silent killer.
"Unfortunately, there's a big cognitive disconnect on the part of users who have seen movies where the virus comes on the screen and announces that it is infecting you," Perry said. "Any malware you see today will be by design as symptom free as they can possibly make it."
Botnets
The web is also where you risk contracting a drive-by bot infection that will enlist your computer as an agent in a fraudster's arsenal.
"A botnet is a collection of infected PCs that the bad guys now own," Perry said. "Botnets are the source of all spam – they're used for ID theft, extortion, industrial espionage and finding other web pages to infect. I would call it the Swiss Army Knife of the malware world. It does a lot of things for a lot of people."
Like the majority of malware software, botnets are asymptomatic. Until you wake up and find your bank account has been drained, that is, or discover that your ID has been appropriated for use by someone else.
Scareware
Fake antivirus programs, which are often referred to as "scareware," is the third and arguably most irritating leg of the malware stool.
With scareware, a warning pops up on your computer screen telling you that your computer is infected and attempts to sell you a program to disinfect the program. This is the ultimate no-win situation.
If you click anywhere on the warning, you get infected. If you ignore the warning, it will never go away. And if you fall for the ruse and buy the fake antivirus program, your computer will then become another warrior in the scammer's botnet army.
"This is the one thing in the world of malware that is visible," Perry said. "If you're infected, you'll know it because it's visible and bugs you all the time."
If you think you can simply hit Alt-Control-Delete — the keyboard combination that brings up the Task Manager in Windows — to rid shut down the offending program, think again. Many malware programmers expect panicked users to do this, and create fake Task Manager windows that trigger the infection.
So how big is the problem? Over 100,000 new Trojan downloaders are created every day, Perry said. Most computer users aren't knowledgeable enough to deal with the problems themselves without help, he added. "It's too vast and too pervasive."
The best defense, he said, is to install a suite of Internet security software and religiously update it.
"For right now, count your change and watch your Ps and Qs," he said. "There's no way to easily tell that something wrong is going on on the Internet."

Fake antivirus software a 'growing threat', warns Google

Internet search giant Google has warned of the growing risk of fake anti-virus software being downloaded by unsuspecting computer users.

Millions of computer users are being duped into installing the software which they think will protect them online but which actually leaves their computers more vulnerable to hackers.

Over the last 13 months Google analysed more than 240 million web pages and found that fake antivirus programs accounted for 15 percent of all the malicious software it detected online.

Cyber criminals are using increasingly sophisticated tactics to trick unsuspecting computer users into downloading and installing software laced with malicious code. When activated, the software allows hackers to obtain "back door" access to a computer. This in turn could allow criminals to use the machine to send spam emails, or to try and capture personal information and login details for online banking and email accounts.

A well-known scam is to deliver a pop-up messages on to a users screen warning them that a virus has been detected on their machine. The message advises the computer user to download the advertised antivirus software. However instead of removing the virus, which in all likelyhood does not exist, many will find themselves handing over their credit card details to cyber criminals in exchange for software laced with malicious code.

"The fake antivirus threat is rising in prevalence, both absolutely and relative to other forms of web-based malware," said Google in its findings. "Clearly, there is a definitive upward trend in the number of new fake antivirus domains that we encounter each week. "Surprisingly, many users fall victim to these attacks and pay to register the fake antivirus software. To add insult to injury, fake antivirus programs are often bundled with other malware, which remains on a victim's computer, regardless of whether a payment is made."

Google said that although it uses special tools to filter out websites containing malicious code from its search results, cyber criminals often moved their sites from one location to another in order to thwart efforts to stop their activity. Security experts have advised computer users to ensure they only install legitimate antivirus programs from reputable companies, such as Norton and McAfee, and not to click on any unsolicited pop-ups that claim to have detected a virus, and offer tools to remove it.

Millions of computers shut down as faulty anti-virus program causes havoc around the globe. McAfee program goes berserk, reboots PCs. Hospitals, schools, company computers around the world affected by error

Computers in companies, hospitals and schools around the world got stuck repeatedly rebooting themselves Wednesday after an antivirus program identified a normal Windows file as a virus.

McAfee confirmed that a software update it posted at 9 a.m. Eastern time caused its antivirus program for corporate customers to misidentify a harmless file. It has posted a replacement update for download.

McAfee could not say how many computers were affected, but judging by online postings, the number was at least in the thousands and possibly in the hundreds of thousands.

McAfee said it did not appear that consumer versions of its software caused similar problems. It is investigating how the error happened "and will take measures" to prevent it from recurring, the company said in a statement.

The computer problem forced about a third of the hospitals in Rhode Island to postpone elective surgeries and stop treating patients without traumas in emergency rooms, said Nancy Jean, a spokeswoman for the Lifespan system of hospitals. The system includes Rhode Island Hospital, the state's largest, and Newport Hospital. Jean said patients who required treatment for gunshot wounds, car accidents, blunt trauma and other potentially fatal injuries were still being admitted to the emergency rooms.

Deborah Montanaro of North Kingstown, R.I., told The Providence Journal her son was turned away by the hospital and not given the spinal radiation therapy he needed to treat his leukemia.

"It is impacting patient care," she told the newspaper. "They have no Plan B. I am very upset."

The hospital's computers came back online around 4:30 ET, Jean told the newspaper.

In Kentucky, state police were told to shut down the computers in their patrol cars as technicians tried to fix the problem. The National Science Foundation headquarters in Virginia also lost computer access.

Intel appeared to be among the victims, according to employee posts on Twitter.

"For PCs that have been affected and are in a state of reboot, Intel IT is still working on how to get the deleted files back on the operating system, which will allow PCs to boot normally again," spokesman Bill MacKenzie told The Oregonian.

"We do have instructions out that are working for some people and not for others. We are continuing to work the issue."

Peter Juvinall, systems administrator at Illinois State University, said that when the first computer started rebooting it quickly became evident that it was a major problem, affecting dozens of computers at the College of Business alone.

"I originally thought it was a virus," he said. When the tech support people concluded McAfee's update was to blame, they stopped further downloads of the faulty software update and started shuttling from computer to computer to get the machines working again.

In many offices, personal attention to each PC from a technician appeared to be the only way to fix the problem because the computers weren't receptive to remote software updates when stuck in the reboot cycle. That slowed the recovery.

It's not uncommon for antivirus programs to misidentify legitimate files as viruses. Last month, antivirus software from Bitdefender locked up PCs running several different versions of Windows.

Microsoft, Adobe to release important security patches

Microsoft is to issue 11 security bulletins on Tuesday to fix 25 vulnerabilities in Windows, Microsoft Office, and Exchange. The patches also coincide with a major release of security updates from Adobe Systems.

According to an advanced notification released by Microsoft, the double-digit security bulletin, which will be released by the company on April 13th, 5 out of 11 security updates have been labeled as 'Critical' and are related to remote code execution affecting Microsoft Windows. Five other vulnerabilities have been categorized as 'Important' and affect Windows, Office and Exchange, whereas one update is 'moderate' and relates to spoofing in the Windows OS.

Microsoft's flagship operating system, Windows 7, will also be served with four of the 11 security updates, including a patch for the recently discovered VB script F1 vulnerability in which users who pressed F1 after being prompted by a website, received malicious content which was injected into their PCs.

Disclosed on March 1, it affects older versions of Windows running Internet Explorer. The patch is being release despite the fact the vulnerability does not affect Windows 7 PCs. Commenting on the unnecessary Windows 7 patch, Microsoft said in a security bulletin that it “recommends that customers of this software apply this security update as a defense-in-depth measure.”

The other advisory to be closed is 977544, which involves a hole in Server Message Block (SMB) protocol that could allow a denial-of-service attack and that dates back to November. Software affected by the updates includes Windows 2000, XP, Vista, Windows 7, Server 2003, Server 2008, Office XP, Office 2003, 2007 Microsoft Office System and Exchange Server 2000, 2003, 2007, and 2010.

Also on Tuesday, Adobe Systems will release security updates for Reader and Acrobat via a new update system. Adobe has quarterly security update releases that coincide with Microsoft's Patch Tuesdays. The updates affect Adobe Reader 9.3.1 for Windows, Mac, and Unix, Acrobat 9.3.1 for Windows and Mac, and Reader 8.2.1 and Acrobat 8.2.1 for Windows and Mac.

The company has been testing the updater technology with a sample of customers since Oct. 13. Users can set the system to automatically update, meaning the software will be downloaded and installed after it is available from Adobe, or semi-automatically so that the update is downloaded automatically but the user chooses when to install it.

Virus targets Facebook stealing Password
McAfee Inc. warned Facebook Inc.'s 400 million users Wednesday that a new type of virus is trying to steal their bank passwords and other secret information about them.
Facebook also issued a status update Wednesday warning about bogus e-mail containing viruses and advised its users of its social networks to delete the e-mail and warn their friends.
The e-mail's recipients that the passwords on their Facebook accounts have been reset and asks them to click on an attachment to get new login credentials. If they do this, McAfee warns that triggers the download of several types of malicious software, including a program that steals passwords.
Tens of millions of the spam were sent across Europe, the United States and Asia since the campaign began on Tuesday, McAfee said. Dave Marcus, McAfee's director of malware research and communications, told Reuters that he expects the hackers will succeed in infecting millions of computers.
"With Facebook as your lure, you potentially have 400 million people that can click on the attachment. If you get 10 percent success, that's 40 million," the news service quoted him as saying.
The bogus email is titled "Facebook Password Reset Confirmation! Customer Support."

Warning! File-sharing software reveals user's private info. Some P2P programs automatically share everything on your computer By Ned Smith updated 12:10 p.m. ET, Tues., March. 16, 2010

Limewire is also a file sharing program!
Thousands of Americans may unwittingly be sharing personal medical and financial information stored on their home computers when they use file-sharing software, according to a new study.

"The issue has been bubbling for a couple of years," said lead author Khaled El Eman, a senior scientist at the University of Ottawa's Electronic Health Information Laboratory.

"In the past we knew there was a problem. We just didn't know how big it was. We also wanted to see if anyone was actively searching for this information."

El Eman and his colleagues found evidence of outsiders actively searching for files containing private health and financial information on peer-to-peer (P2P) file-sharing networks such as Gnutella, eDonkey and BitTorrent. P2P networks let users connect with the computers of other users on the network and search for and download files.

"Very simple search terms such as 'medical records' or 'credit card' were quite effective in returning sensitive documents," El Eman told TechNewsDaily. Retrieving this information, he added, does not require world-class computer hacking skills.

"It's a total no-brainer," he said.

Thousands at risk
The study, published in a recent issue of the Journal of the American Medical Informatics Association, found that the absolute number of files returned containing sensitive health and financial information was relatively low — less than 1 percent of U.S. files contained personal health information and slightly less than 5 percent contained financial data.

Given the popularity of P2P file sharing, though, this translates into tens of thousands of computers at risk, El Eman said.

"There are around 250 known P2P file-sharing programs," he said. "And they vary in their badness. Some of them are known to automatically share everything on your machine without informing you what it's sharing. Some of them are better behaved."

P2P probing to discover personal information is a relatively recent wrinkle in file-sharing activity, El Eman said. In the past users primarily accessed and shared music, videos and pornography.

Whether you are a private individual or a healthcare worker taking patient records home, the only guaranteed way to keep your data safe is to avoid keeping it on a computer that does not have a file-sharing program installed.

For home users, that's not always easy. Teenagers are particularly fond of file sharing, El Eman said, and will frequently install programs without telling anyone.

If you're using a shared computer, he recommends, create different accounts for different users. That way, only one user's data will be at risk at any one time.

Microsoft has warned of a new security hole that could be exploited by attackers to take control of older Windows systems running Internet Explorer and for which proof-of-concept exploit code has been released publicly.

The vulnerability affects Windows 2000, XP and Server 2003-based systems, Microsoft said in a security advisory dated March 1.

Microsoft said that the vulnerability in VBScript could allow remote code execution of computers. "If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user," Microsoft said on its Web site, "On systems running Windows Server 2003, Internet Explorer Enhanced Security.

Configuration is enabled by default, which helps to mitigate against this issue." Windows Vista, Windows 7, and Windows Server 2008 are not affected.

The advisory includes several workarounds, including advice to avoid pressing the F1 key when prompted by a Web site.

It also suggests restricting access to the Windows Help System, setting Internet and Local intranet security zone settings to "high" to block ActiveX Controls and Active Scripting, and configuring Internet Explorer to prompt before running Active Scripting or disable Active Scripting in the Internet and Local intranet security zone.

Microsoft complained in its advisory and a statement that the vulnerability was not responsibly disclosed.

Microsoft’s ‘spy guide’ — what you should know. Handbook for law officials details data the company keeps on users
By Brennon Slattery
updated 3:55 p.m. ET, Fri., Feb. 26, 2010

Since 1996, the whistleblower site Cryptome has been posting sensitive government and corporate documents. Now Cryptome has been stricken from the Web after releasing the "Microsoft Online Services Global Criminal Compliance Handbook", a "spy guide" for law enforcement detailing what data Microsoft has, keeps, and can relinquish.

Since most of you are Microsoft users, there are a few tidbits of information you'll need to know before purchasing Xbox Live points, logging onto Office Live, or sending an e-mail through Hotmail.

"The Global Criminal Compliance Handbook" is a quasi-comprehensive explanatory document meant for law enforcement officials seeking access to Microsoft's stored user information. It also provides sample language for subpoenas and diagrams on how to understand server logs.

I call it "quasi-comprehensive" because, at a mere 22 pages, it doesn't explore the nitty-gritty of Microsoft's systems; it's more like a data-hunting guide for dummies.

Which Microsoft services are affected?
All sorts. Microsoft keeps user information related to its online services. The data ranges from past e-mails to credit card numbers. The information is kept for a designated period of time, sometimes forever.

The sites referenced are:
* Windows Live
* Windows Live ID
* Microsoft Office Live
* Xbox Live
* MSN
* Windows Live Spaces
* Windows Live Messenger
* Hotmail
* MSN Groups

Some of these Microsoft services may not apply to a whole lot of people. Who uses MSN Groups, for instance? But accessing personal information from Xbox Live accounts, for example, could be a big problem for 23 million subscribers; especially since Xbox Live keeps more data than many of Microsoft's other services.

What information does Microsoft have?
It depends on the service. We'll deal with the big dogs here:

Windows Live ID: Windows Live ID is a one-stop shop for user info retention and is used on a multitude of sites to limit scattered user names and passwords. Due to its wide reach, Windows Live ID could allow law enforcement agencies to access tons your personal Web surfing information. Microsoft keeps "the last 10 Microsoft site and IP connection record combinations (not the last 10, consecutive IP connection records)."

All things considered, that's not bad. It gets worse.

Hotmail: "E-mail account registration records are retained for the life of the account. Internet Protocol connection history records are retained for 60 days," according to the document. But if you, like many, switched over to Gmail and let your Hotmail account lapse, all e-mail content is "typically deleted after 60 days of inactivity. Then if the user does not reactivate their account, the free MSN Hotmail and free Windows Live Hotmail account will become inactive after a period of time."

E-mail content that is older than 180 days can be disbursed "as long as the governmental entity follows the customer notification provisions in ECPA (see 18 U.S.C. §§ 2703(b), 2705)." If the content is less than 181 days, you need a search warrant.

Xbox Live: Xbox Live stores a lot of information:

* Gamertag
* Credit card number
* Phone number
* First/last name with zip code Serial number but only if box has been registered online
* Service request number from Xbox Hotline (e.g. SR 103xx-xx-xx)
* E-mail account (e.g. @msn.com, @hotmail.com or any other Windows Live ID account name)
* IP history for the lifetime of the gamertag (only one gamertag at a time)

This information comes in handy for non-nefarious purposes, just so you don't get completely paranoid. For instance, if your Xbox 360 console is stolen, Microsoft can hunt it down lickety-split using its vast tracking records of you and your machine.

Office Online and Windows Live SkyDrive
The scariest part of the handbook comes here. Office Online and Windows Live SkyDrive are both services that store documents and files in the cloud. The two pages devoted to these services describe only what the products are and not the access Microsoft has to pertinent information. What can Microsoft get at? How long is everything stored? What are the legal parameters? All of this is uncertain and worthy of a little spine-shake.

Cloud computing is the next big thing in technology. Companies are apt to store sensitive financial and human relations documents in one of Microsoft's clouds. If prompted by the government, Microsoft could (or couldn't?) dip its fingers into your spreadsheets and extract all it wants.

The last page of the document details the legal procedures required to obtain Microsoft's information, but with warrantless wiretapping being such a big fad lately — as evidenced lately by Google's shady dealings with the NSA — one never knows how many reams of red tape the government can snip through to get what it wants.

A brief case history
It's uncertain as to how John Young, Cryptome's proprietor, obtained "The Global Criminal Compliance Handbook"; what's assured is that it caught Microsoft's attention. The corporation quickly filed a Digital Millennium Copyright Act (DMCA) notice alleging copyright infringement.

In 1998, the DMCA criminalized production and dissemination of tech methods intended to skirt protections such as DRM that control access to copyrighted works. It also criminalizes the act of circumventing an access control, whether or not there is actual infringement of copyright itself.

Some organizations have a problem with Microsoft's use of the DMCA in this case. "[The Electronic Frontier Foundation" find[s] it troubling that copyright law is being invoked here. Microsoft doesn't sell this manual. There's no market for this work. It's not a copyright issue. John [Young's] copying of it is fair use. We don't do this anywhere else in speech law," Cindy Cohn of the Electronic Frontier Foundation told ReadWriteWeb.

Cohn stated that in cases involving libel or trade secrets there is a procedure of going to court, making a case and getting an injunction — filing a DMCA complaint "makes censorship easy."

Either way, Microsoft prevailed. Cryptome's host, Network Solutions, tore the site down. Young filed a counterclaim Wednesday.

Personally, I feel "The Global Criminal Compliance Handbook" isn't as nightmarish as some may paint it (save for the cloud computing part). Microsoft needs to have measures to work with the government in cases of danger, plain and simple. But with so much data out there, so much of it "owned" by Microsoft, I cannot help but feel exposed and vulnerable.

And for the sake of Internet freedom, it's crucial that Cryptome is released back into the wild. The site serves a clear and important purpose; its latest — and perhaps last — release proves that point.

Your Facebook profile: An open invite to crime? If you don't care about your online privacy, why should Facebook or Google?

Honestly, the way some of you people behave online, it’s like you’ve never had a stalker.

How is it you never received two dozen roses anonymously while working Christmas Eve at your mall job? Felt that thrill devolve into ick when the 3 a.m. hang-up calls began? Contacted the cops for the first time when the plastic nativity Jesus showed up in a plastic diaper bag on your doorstep on New Year’s Day?

Maybe if you had, you’d be a little less “shocked” by the plethora of personal information available to anyone with Internet access. Alas, those among you who have never converted old shoe boxes into “evidence files” dated by month and/or year, treat vigilance as a fad — an occasion to sign an “Official Facebook Petition” to “stop invading my privacy!” whenever a news story warrants, only to forget about it days later.

But before you send your next angry tweet about the evils of Google Buzz or whatever, consider how you, yourself may be actively violating not only our personal privacy, but your physical existence with the stuff you post on social networks every single day.

If that’s too much work, here’s a new Web site does it for you: Please Rob Me, the newly launched social media aggregator dedicated to “listing all those empty homes out there.” The site’s stated purpose isn’t to provide better living through technology for thieves and other ne'er-do-wells; Rather, the opposite.

“So here we are; on one end we're leaving lights on when we're going on a holiday, and on the other we're telling everybody on the Internet we're not home,” reads the “Why” section. “The goal of this Web site is to raise some awareness on this issue and have people think about how they use services like Foursquare, Brightkite, Google Buzz etc. Because all this site is, is a dressed up Twitter search page. Everybody can get this information.”

PC Magazine reported Thursday (Feb. 18) that Please Rob Me's associated Twitter account had been shut down for “suspicious activity,” but a feed was still available on the site. And even if this turns out to be a gimmicky spambot, it does at least make a valid plot point for a future “Law & Order” episode.

A few examples from the constantly updated feed, which mostly includes Foursquare entries, illustrates the point (user names removed):

* left home and checked in less than a minute ago: Don't judge! I haven't had fast food in ages!! (@ McDonald's) http://4sq.com/bVVjJM * left home and checked in less than a minute ago I'm at The Pearl Cup (1900 Henderson Ave, McMilian Ave, Dallas). http://4sq.com/1wr9bz * left home and checked in less than a minute ago: I'm at New York Penn Station (7th Ave & W 32nd St, New York) w/ 10 others. http://4sq.com/1GoinW

Again, these are Foursquare entries, artifacts from the hipster-habituated, location-based social networking Web site in which you earn virtual merit badges by punching in your coordinates into your iPhone (or whatever) whenever you hit a bar, brunchery, hook up with other Foursquare participants, what have you. And as an added bonus, anyone who accesses your account not only gets your status, but a map revealing your real-time coordinates!

Consider yourself too savvy to engage in a location-based social networking Web site, just so you can earn imaginary kudos for “Superstar” (You've checked into 50 different venues!) or “Warhol” (10 different galleries!)? Well, get off your high horse, honey, because the finger wagging goes to you chronic Googlers and Facebook users who only heard about Foursquare just now.

“Internet shopping for burglars” is what reformed thief Michael Fraser calls it. Fraser, a member of BBC's "Beat The Burglar" series, helped a British-based insurance company with a social network survey last year to find how just how easily people will reveal information to just about anyone.

Thirty-eight percent of the Facebook and Twitter users surveyed posted their holiday plans online, and 33 percent shared information about weekends away. "Coupled with the finding that an alarmingly high proportion of users are prepared to be 'friends' online with people they don't really know, this presents a serious risk to the security of people's home and contents," the insurance company said in a statement.

Please note, those are British people, who certainly sound smarter than Americans anyway. In both countries however we’ve been enjoying a growing number of criminals who incriminate themselves via social media. For example, this dude charged with assault, drunk driving, drug possession and using a BB gun to kill birds, posted his address on both his Facebook and MySpace accounts.

(Following his arrest, the Lockport, NY police posted this note on his Facebook "Wall": "It was due to your diligence in keeping us informed that now you are under arrest.")

Meanwhile, the FBI has yet to announce a connection between crime and your Facebook status. But we can freak ourselves out over anecdotal incidents, such as the case of the Seattle video podcaster who tweeted his family vacation to the Midwest, only to return home to a jimmied back door and thousands of dollars of video equipment taken.

Now, there’s no way to know if the thieves were tipped by Twitter, “but we live pretty public lives,” Hyman said of he and his wife in an Associated Press interview.“I think probably in the future though I’m not going to be announcing when I’m heading out of town.”

Me, I wouldn't tweet a trip to Starbucks. But bad memories of that plastic nativity Jesus aside, personal privacy is probably at bigger risk than your high-end electronics. Or so I'm told.

“Posting ‘My big-screen TV is awesome, wish someone was gonna be home enjoying it, but everyone's gone for three days’ isn't the brightest move in the world,” says this one police officer I know from Facebook. “But it's not as high on the list as say, leaving your front door unlocked or your garage door wide open.”

Virus breaches 75,000 computers, study says 'Kneber botnet’ infecting online financial systems, social networking sites

A new type of computer virus is known to have breached almost 75,000 computers in 2,500 organizations around the world, including user accounts of popular social network websites, according Internet security firm NetWitness.

The latest virus -- known as "Kneber botnet" -- gathers login credentials to online financial systems, social networking sites and email systems from infested computers and reports the information back to hackers, NetWitness said in a statement.

A botnet is an army of infected computers that hackers can control from a central machine.

The company said the attack was first discovered in January during a routine deployment of NetWitness software.

Further investigation by the Herndon, Virginia-based software security firm revealed that many commercial and government systems were compromised, including 68,000 corporate login credentials and access to email systems, online banking sites, Yahoo, Hotmail and social networks such as Facebook.

Companies that were infiltrated included pharmaceutical giant Merck & Co., Cardinal Health Inc., software firm Juniper Networks and Paramount Pictures, the Wall Street Journal reported Thursday.

The newspaper said that the hackers, believed to be an East European criminal group, also broke into computers at 10 U.S. government agencies and that in one case they obtained the user name and password for a soldier's military e-mail account.

"Conventional malware protection and signature-based intrusion detection systems are, by definition, inadequate for addressing Kneber or most other advanced threats," Yoran said in a statement.

Facebook hoax may be clever marketing ploy. Chain message warns users that they are being spied upon
By Leslie Meredith, updated 3:56 p.m. ET, Thurs., Feb. 4, 2010

Facebook officials say a chain message that is making the rounds on the site and warning users they are being spied upon is harmless and should be ignored.

"This is a chain message that claims certain users have special access to profile information. It’s not true, and we don’t know where it originated," Facebook spokesperson Simon Axten told TechNewsDaily. "We’re asking people to disregard the message and tell their friends."

Because the message is designed to be spread quickly and yet is not malicious, some Facebook developers have speculated it is a clever marketing ploy by the company mentioned in the message.

The chain message reads: "All FB friends. This is important. Do this asap! Go to settings. Click on privacy settings. Click on block users. in [sic] the name box enter 'automation labs'. A list of approx 20 people you dont even know will come up. Block each one individually. These people have access to your facebook account/profile and spy on what you do … "

More than a million Facebook users may have received this message, according to Nick O'Neill of AllFacebook.com, a popular blog that focuses on the social media site. When the AllFacebook team got wind of the circulating message, it issued a statement that the privacy threat contained in the message was completely false.

The message exploits a standard Facebook search feature within the settings on a user's Facebook page, O'Neil explained. Facebook's privacy settings include a feature to block certain people from a user's profile. Once a user types the name of the person he wishes to block, Facebook generates a list of all Facebook users with either that name, a similar name or people associated with the name.

When panicked users typed in Automation Labs as directed, a window popped up listing people associated with Automation Labs. Typing in any name will produce a similar list of associated users or those with similar names.

Thus, all the chain mail really does is instruct Facebook users to block people they probably don't know, which is harmless.

O'Neil suspects the message may be a marketing campaign. "If it is, it's genius," he said in a telephone interivew. "Millions of Facebook users are now searching for Automation Labs."

Automated Labs did not immediately respond to a request for comment.

Automation Labs sells an add-on for Facebook's most popular game, Zynga's Farmville. Farming Extreme Manager is priced at $6.99.

Millions of Explorer users must update browser. Even Feds encourage PC users to update from IE6 to mitigate risk

If you are one of the estimated 45 million Americans still using version 6 of Microsoft's Internet Explorer Web browser, it may finally be time to update to Internet Explorer 8, thanks to a shove from Google.

Last week, Google announced that its applications such as Google Docs would no longer support IE6 beginning March 1. Google's move may have been prompted by the recent news that a vulnerability in IE6 was exploited by Chinese cyber-terrorists to attack U.S. companies, including Google, late last year.

Google's announcement came just one week after Germany, Australia and France issued warnings to the public against using IE6.

Stopping just short of a similar warning, the United States Computer Emergency Readiness Team (US-CERT), a part of the U.S. Department of Homeland Security, recently encouraged PC users to review Microsoft's Security Bulletin for Internet Explorer and make any necessary updates to mitigate risk.

In a statement to TechNewsDaily, the Department of Homeland Security said: “As US-CERT becomes aware of attempts to compromise government and private sector systems, we disclose this information to federal and industry partners and the general public in order to prevent or minimize disruptions to critical information infrastructure and protect the economy, government services, and the national security of the United States.

Microsoft Security Bulletin MS10-002 was made available to all Windows users through the Windows Update feature.

But patching the 8 1/2 year old program will not solve all user problems because many Web sites have phased out support for IE6. Facebook and YouTube phased out support prior to Google's announcement, and Microsoft itself will drop its support by 2014. Rather than waiting for a prompt to upgrade, computer users can easily do it before they run into delays.

An easy upgrade
The first step is to determine the browser and its version running on your computer. An easy way is to open your browser and type in http://www.WhatBrowser.org, a site created by Google for just this purpose. The Web site will display the name of your browser and its current version number.

If it's Internet Explorer 6, it's time to update.

Microsoft has made it easy for PC users to keep their systems up to date. By enabling Microsoft's Auto Update feature available in XP, Vista and Windows 7, users will never miss an important update. Here's how to update to IE8 and set your computer for automatic updates in the future:

Click on the Windows start button in the lower left hand corner of the computer screen and then click on the Control Panel to open that window.Look for Windows Update and double click to open it.

Before proceeding with any updates, select 'change settings' from the menu to the left of the box showing updates. Be sure 'Install updates automatically' is selected. You may set the frequency of installation to every day (recommended) or a specific day of the week and you may select a specific time of day.

This feature allows installations to be made when they are less likely to interrupt your workflow.Click okay and return to the Windows Update information box. Click on 'Install Updates.'

If you were not previously using this automated feature, it is likely Microsoft Windows has a backlog of updates before it can proceed with the IE8 update.

That's okay: Authorize the updates and keep an eye on the screen for additional permissions needed. Vista users will need to authorize each installation, while others may proceed without any intervention.

At the end of the process, you will be asked to restart the computer. From that point on, updates should be automatic.

No matter what browser is running on your machine, it is important to keep it up to date. The good news is that updating any browser is a simple process that only requires a few minutes.

Keeping your browser up to date means having the latest in browser improvements including reliability, speed and most important, security.

Give me your money, or your computer gets it Posted: Friday, January 29 2010 at 06:00 am CT by Bob Sullivan

Turning hijacked computers into cash is still hard work for most computer criminals. They've got to trick the infected PC into sending spam, then trick a recipient into buying a useless product -- or they have to steal online banking passwords, log onto a victim’s account, bypass the bank’s money transfer fraud controls, and so on.

It's much easier to just demand cash directly from infected users -- a crime that's the Internet's equivalent of kidnapping.

"Give me all your money or your computer gets it-" is the basic proposition.

The technique was dubbed "ransomware" many years ago by computer virus researchers, and is not new. What is new is the explosion of ransomware, thanks to the evolution of ever-more-believable tactics during recent months.

In December, the FBI issued a warning about a broader category of malicious programs called "rogueware.” These programs appear on users' machines and claim to find viruses, then offer to clean them for $50. Rogueware looks so realistic -- complete with Windows-like dialog boxes and scary warnings -- that Web users were tricked into sending $150 million to criminals last year, the FBI says.

The new ransomware is similar, but far more aggressive. Once a computer is infected with it, the program does more than recommend a software purchase –it simply won't let users continue to use their PC until they pay up.

Luis Corrons Granel, a researcher at Panda Security, said use of ransomware by criminals is exploding -- 25 percent of all rogueware in the past quarter involved a family of intimidating products named "TotalAntivirus.” It demands that users pay $50 for two years, $79 for a lifetime license.

“The increase (in ransomware) has been really significant,” Granel said. A single family of ransomware programs called “Total Security” made up one-quarter of all rogueware programs detected during the past three months, he said.

To an average user, most rogueware would be indistinguishable from other standard antivirus products. They look like fully functional software, showing Windows-like screens for firewall settings, file scanning, and every other tab you'd expect from standard antivirus products. “Total Security” even lets users choose their language -- English, Spanish, and German are offered.

The switch to ransomware by the bad guys makes sense, says Peter Cassidy, spokesman for the Anti-Phishing Working Group -- because computer criminals are refining their programming methods, and getting more aggressive about taking people's money.

"Instead of trying to fool people and getting one out of 1,000 to pay, what they're doing now is just locking up the PC and telling them they have to pay," he said. "It's a really violent approach, really nasty."

There might be one silver lining to the rise of ransomware, Cassidy said.

"It's not in that gray area of selling people useless crap," he said. “It’s clearly criminal, and extortion does get the attention of law enforcement officials.”

As is customary, computer criminals are fusing this new attack with successful, older methods, said John Harrison, a security researcher at Symantec Corp. In one recent example, criminals first engaged in search engine "poisoning," so their booby-trapped Web sites would rate high in Google searches about Haiti’s earthquake. Visitors who clicked were tricked into downloading the ransomware software; and then were confronted with extortion demands.

"That's their distribution model," Harrison said -. "They used to do it subtly, but now they are doing it much more brazenly."

In some versions, users will see a message that says, "Google recommends you install this," or "Microsoft recommends you turn this feature on- … then, they take over your computer and all of a sudden it looks like you have 900 viruses," he said.

The latest flavor of ransomware, described on Jan. 8 by security firm F-Secure, doesn't disable all software, but it does something just as debilitating -- it encrypts all the files on a victim's computer, and forces them to pay for decryption. The program, which calls itself Data Doctor 2010, costs $89.

RED TAPE WRESTLING TIPS
In some cases, researchers say, paying the ransom does work, at least initially. Still, it's a terrible idea to pay. On a grand scale, you've just subsidized a criminal. But there are far more practical concerns -- why would you trust the author of ransomware with your credit card number? Perhaps you think you'd never do this, but remember, the FBI says rogueware writers have made $150 million, so someone is paying up.

If an unexpected antivirus dialog box lands on your computer screen, close the window immediately by clicking on the 'x' in the upper-right hand corner. Don't use the "OK/Cancel" buttons in the window -- criminals often reprogram these.

You may or may not be infected anyway -- it's possible you are already the victim of a "drive-by download" that doesn't require user interaction. So run an antivirus scan, if you can.

If the rogue software has actually taken over your computer, physically disconnect it from the Internet to avoid having your personal information sent back to the criminal. Then go to a different computer to search for solutions. Type in the name of the rogue software and search for information on well-known antivirus Web sites. Many antivirus firms offer free cleaners you can download or place onto a USB memory stick, and run on your infected computer.

But maintain healthy suspicion at all times. Ransomware authors have gone so far as to create fake software reviews about their products and place them around the Internet, even stealing logos from reputable technology publications, says Harrison.

"The idea is you search for information about the program and this turns up, and you figure it's ok so you install it," he said. "Some of this is soft sell, some is very hard sell." As always, it’s never a good idea to follow links in e-mails when heading to Web sites – it takes an extra moment, but always click into your browser’s address bar and manually type the address.

Facebook: The end of secrets? Posted: Wednesday, January 20 2010 at 05:00 am CT by Bob Sullivan

What would a world without secrets look like? Thanks to Facebook, we may find out.

Privacy experts continue to watch in wonder as hundreds of millions of adults around the globe do things online that they would never do in person. Facebook CEO Mark Zuckerberg created a stir recently when he offered a simple explanation: He suggested Web users now see privacy as quaint, and = Facebook is creating a new social norm.

If you look at the data, he's right. According to researcher Larry Ponemon of The Ponemon Institute, Facebook has hypnotized even the most private people , an elite group he calls "privacy-centric." They make up only 8 percent of the population. These folks won't even sign up for supermarket loyalty cards, but they will post pictures and tell stories on Facebook. In fact, they are so mesmerized that, untrue to their nature, they don't even spend more time tweaking their Facebook privacy settings than regular users.

"People want to believe they are safe," Ponemon said. There’s really no way to participate in Facebook without self-revelation – it’s baked right into the product, he points out. Without stepping forward, posting pictures, making your identity searchable, and so on, there is no payoff on Facebook. Because of that, Facebook even trumps personal Web pages – people put pictures and stories on Facebook that they’d never post on their own blogs, he said. "(People) like the tool, so they convince themselves there really isn't much risk.”

Privacy and behavioral economics expert Alessandro Acquisti, a professor at Carnegie Mellon University, agrees that Facebook seems to be eroding even skeptics’ concerns about being overly exposed. But he disagrees with Zuckerberg. There's no new social norm, Acquisti said. There's just a grand illusion.

Facebook has managed to convince users of something economists call an "illusion of control," Acquisti claims. Consumers who think they have power over the outcome of a transaction will naturally be overly self-confident. The effect is most obvious in gambling, where a craps player might believe he or she can roll snake eyes just by tossing the dice a little softer, and thus bet a little more. Human beings are easy to sucker into an "illusion of control."

The illusion at work
Here's how it works in the privacy realm: When consumers believe they can control what happens to their personal information, they don't fret about divulging it. Facebook and other so-called Web 2.0 sites, Acquisti says, has given people a false sense of security about the availability of their personal information to others.

How? By standing by while consumers confuse two different privacy issues – divulging information, and controlling the information after it’s divulged. Facebook users indeed have great control over what information they submit to the service - they have complete controls over what they post in their profile, for example (ignoring, for now, the imposter threat). But they have little control over how the data will be used after it's posted to the site. In a recent yet-to-be published paper on the subject, the distinction is described as control over publication vs. control over access.

"People seem to conflate he two issues, so on a psychological level they feel better because they feel they are in control," Acquisti said. "They underestimate the risks of how the data will actually be used." In an experiment, students who had few qualms offering up very personal information -- such as how many sexual partners they had -- for a Facebook-like service showed far more reticence when told random researchers would be creating a profile for them. While the end result would be the same, the idea of a human handling the information - gave the students pause. Acquisti and fellow researchers Laura Brandimarte and George Loewenstein attribute the cause to losing control over the actual act of sharing the information.

One other possible explanation, however, would be second thoughts because of human involvement. One college technology professor I know asks students on the first day of class to stand in front and show their Facebook page on a large screen to the rest of the class. No one ever does. Students share things online >hey don’t want to share in person.

Don't mean what they say?
Acquisti’s “illusion of control” theory is one reason for Facebook users’ seemingly incongruous behavior – so many say they are concerned with privacy, but fail to act as if they are concerned. This privacy paradox, however, is best understood through the simplest explanation. Privacy transactions are notoriously difficult to judge. The payoff from sharing a little information today is obvious; the punishment that may happen in the future is not. Giving a supermarket your phone number today might net you a 50-cent coupon on a gallon of ice cream; that’s an obvious benefit. But what is the cost? Reams of junk mail in the future? A health insurance premium surcharge because your grocery store reveals your bad eating habits? It’s nearly impossible to say. And so it is with Facebook – a picture that looks like fun at 22 could be a career-killer at 32. But people rarely make good choices about vague possibilities 10 years away. If we did, there would be no French fry industry.

Sure, Facebook site settings offer some ways to manage who can see the information. But the settings are easy to evade or hack, and Facebook's terms of service can be changed at any time. Not long ago, Facebook friend pictures ended up in personal ads without the users' permission. The ads were pulled, but they represent a small window into big possibilities.

But even if Facebook privacy settings were completely trustworthy, Acquisti argues that a fundamental usability problem skews the service – and all social networking tools - toward privacy-risky behavior. Two years ago, he did research which showed that only 1 percent of Facebook users had even touched their privacy settings. Facebook says that number has now grown to 20 percent, but still, there is an obvious flaw. It’s far easier to share than conceal. It is an order of magnitude easier to upload photos, for example, than it is to hide them from sets of potential viewers using privacy settings. As a result, site users will always overshare.

"Technology has vastly enhanced our ability to disseminate information, but we still lack controls on how that information will be used," Acquisti said. "It’s like we have made faster cars but have been much slower to develop new brakes."

Nothing to hide? Really? How about... So what? So what if an ex-girlfriend will occasionally bump into a picture of you bumping and grinding your new beau? What, really, is the harm?

Acquisti, like many psychologists, is convinced of the power of secrets – and he’s not anxious to live in a world without them.

"I do believe that inside each of us is an innate need for privacy, and there is a need to share. Right now, technology is much better at making us reveal than helping us maintain privacy," he said.

The human need for privacy is real. While some elements of privacy are relatively recent human developments, fundamental privacy needs have always existed. Nowhere on the planet do humans regularly make love in public, notes anthropologist Helen Fisher in a recent Psychology Today article.

No normal adult shares the same level of intimacy with their spouse, their friends, their colleagues, and strangers on the bus. It’s unhealthy – or just plain strange – to act otherwise, as anyone who’s ever uttered the words “too much information” can attest.

Meanwhile, the ability to keep secrets is a natural part of maturation. Children tell each other secrets to establish friendships. Adults keep secrets to gain advantage in business dealings. Journalists only gain the trust of sources by proving they can be trusted with secrets. Corporations often count secrets – intellectual property – as their most valuable asset.

And yet, the message implicit in avid use of Facebook is the credo of the 30 percent of adults who are privacy complacent by Ponemon’s scale – “I’ve got nothing to hide, so who cares?”

Privacy researchers spare no time in conjuring up doomsday plots in an attempt to make people care.

It’s easy to imagine an Internet predator using details left by kids to attack them (“Hey, I went to Riverdale Middle School, too! I’m sorry you are having a fight with your best friend…”)

Even sharing seemingly harmless details could have some future consequence.

Telling the world that your favorite rock band is the Beatles or Coldplay might seem innocuous enough, but what happens when an employment background firm shows that Coldplay fans who also like 60s music tend to come late to work? No law prevents that.

A slightly less ominous effect of lost privacy, something called “price discrimination,” is already a reality. Retailers have run numerous tests to hone the fine art of overcharging people who say they like something. For example: die-hard Coldplay fans are almost certainly likely to pay more for a new album than casual fans. Most won’t notice when their music retailer of choice slips in a $1 or $2 fan premium.

Data mining for everyone Until now, practicality has limited these kinds of scary possibilities, says Hugh Thompson, chief security strategist at People Security. Pulling together that much disparate information left all around the Web was a chore only government agencies would attempt. But that’s not true anymore. A host of new software programs aimed at small-time data mining are slowly becoming available. They scour the Web and create dossiers on target subjects in seconds. One, named Maltego, even provides visualizations of data points that connect people and things online.

“The critical barrier is it hasn’t been easy. It is now,” he said. “What was a ‘data wasteland’ is now the richest environment in human history for backgrounding people.“

It’s easy to see risks here. Few would argue with the need to keep medical conditions private, for example. Even exposed salary information, which sometimes is shared widely, can cause serious problems for the victim. Those with high incomes become an easy target for criminals.

But Acquisti conjures up even more fundamental concerns about lazy attitudes towards privacy. Information, he notes, is power.

“The minute someone knows something about you, they gain a measure of control over you,” he says. This is obvious in the case of an affair: If someone learns about your secret lover, they can hold a wide measure of control over your future. In a less obvious way, a future employer who knows that embarrassing Facebook photos from the past are hurting your job prospects can easily gain an upper hand in salary negotiations.

Worse still, the agency which might exercise that power someday might be a government, Acquisti notes. It would not be hard to use Facebook to determine who voted for McCain or Obama in 2008, even who is Republican and who is a Democrat. Maybe that’s okay; but if databases begin to erode the notion of secrets in politics, the election system could erode with it. Secret ballots are essential to a functioning democracy.

And perhaps the political threat won’t come in the United States. Perhaps, someday soon, foreign governments will screen travelers based on political positions mined from social networks.

“I’m worried about control in the future,” Acquisti said. “I feel that we are more and more getting adjusted to the idea that so much of what was done in private in the past is now done in public. I won't be surprised when corporations or governments make more and more claims on data. We are doing things today that 40 years ago we would have reacted by rioting, but now it is business as usual. By accepting these deals now we are paving the way for even more in the future. That’s why people who say they have nothing to hide…that argument is completely wrong.”

France joins Germany warning against Internet Explorer. By Jonathan Fildes Technology reporter, BBC News

Cliff Evans of Microsoft says IE8 is more secure than other browsers

France has echoed calls by the German government for web users to find an alternative to Microsoft's Internet Explorer (IE) to protect security.

Certa, a government agency that oversees cyber threats, warned against using all versions of the web browser.

Germany warned users on Friday after malicious code - implicated in attacks on Google - was published online.

But Microsoft told BBC News that IE8 was the "most secure browser on the market" and people should upgrade.

Cliff Evans, head of security and privacy, said that so far the firm had only seen malicious code that targeted the older version of its browser, IE6.

"The risk is minimal," he said.

For a web user to be affected, he said, they would have to be using IE6 and visit a compromised website.

"There are very few of them out there," he told BBC News.

However, if this did occur, a PC could become infected with a "trojan horse", allowing a hacker to take control of the computer and potentially steal sensitive information.

'Sophisticated attack'

Although the vulnerability has so far been exploited only in IE6, security researchers warned that could soon change.

"Microsoft themselves admit there is a vulnerability, even in IE8," said Graham Cluley of security firm Sophos.

This terrible piece of PR for Microsoft comes just as the IE browser which had almost total control of the market starts to come under pressure... Rory Cellan-Jones, BBC technology correspondent

Has China helped Google in the browser wars?

Mr Cluley said that because details of the exploit were now available online, hackers could soon change the code to target other versions of the browser.

He warned web users to be careful about clicking on links in unsolicited e-mails and advised all web users to upgrade their browser to the latest version, no matter which software they used.

The advice follows revelations that a "targeted and sophisticated" attack on Google exploited the vulnerability.

Google said last week that an attack on its corporate network had targeted the e-mail accounts of human rights activists.

The attack led Google to announce that it might withdraw from China, after it revealed that the attacks had probably originated in the country.

Following the news, Germany's Federal Office for Information Security issued a warning against all versions of Internet Explorer and recommended that users switch to an alternative such as Firefox or Google's Chrome.

The French agency Certa issued a similar warning.

"Pending a patch from the publisher, Certa recommends using an alternative browser," it said.

The UK government had said that it would not issue a similar warning. However, it said the Centre for the Protection of National Infrastructure (CPNI)was "monitoring the situation" and would "publish further advice if the risks change".

Patch path

But Mr Evans said that calls to change browsers were "not very helpful".

"If you look at other browsers, it's likely they will have other vulnerabilities," he said. Chinese computer user The vulnerability was found to be used in an attack on Google

He pointed to a report by security firm NSS Labs reportedly showing that IE8 provided better security against phishing and malware than other browsers.

"We feel strongly that IE8 is most secure browser on the market," Mr Evans said.

His advice was echoed by Mr Cluley.

"Switching away will get away from this particular problem," he told BBC News. "But all browsers have security flaws."

Mr Cluley said that switching away from IE could create other problems, particularly for companies.

"Some web-based applications may not work at all if you're not using Internet Explorer."

Microsoft is currently working on a patch for the problem, but a spokesperson said it could not commit to a timeframe.

The firm traditionally releases a security update once a month - the next scheduled patch will be ready on 9 February.