Cell phone users, beware. The FBI can listen to everything you say, even when the cell phone is turned off.

A recent court ruling in a case against the Genovese crime family revealed that the FBI has the ability from a remote location to activate a cell phone and turn its microphone into a listening device that transmits to an FBI listening post, a method known as a “roving bug.” Experts say the only way to defeat it is to remove the cell phone battery.

“The FBI can access cell phones and modify them remotely without ever having to physically handle them,” James Atkinson, a counterintelligence security consultant, told ABC News. “Any recently manufactured cell phone has a built-in tracking device, which can allow eavesdroppers to pinpoint someone’s location to within just a few feet,” he added.

View: Full Story Via: ABC News Blogs

Computer security experts say 2006 saw an unprecedented spike in junk e-mail and sophisticated online attacks from increasingly organized cyber crooks. These attacks were made possible, in part, by a huge increase in the number of security holes identified in widely used software products.

“The bulk of the fraud attacks we’re seeing now are coming in Monday through Friday, in the 9-5 U.S.-workday timeframe,” said Vincent Weafer, director of security response at Symantec. “We now have groups of attackers who are motivated by profit and willing to spend the time and effort to learn how to conduct these attacks on a regular basis. For a great many online criminals these days, this is their day job: They’re working full time now.”

Criminals are also getting more sophisticated in evading anti-fraud efforts. This year saw the advent and wide deployment of Web-browser based “toolbars” and other technologies designed to detect when users have visited a known or suspected phishing Web site. In response, many online scam artists place phishing Web sites targeting multiple banks and e-commerce companies on the same Web servers, then route traffic to those servers through home computers that they have commandeered with bot programs.

View: Full Story Via: The Washinton Post

As it does every year, Panda Software is publishing its annual list of those malicious codes which, although they may not have caused serious epidemics, have stood out in one way or another:

– The most moralistic. This award goes to the spyware Zcodec which, among other actions, monitors whether users access certain web pages with pornographic content. This may simply be a way of determining whether the user is a frequent visitor to these types of pages in order to send personalized advertising. On the other hand, perhaps the author of the spyware just has voyeuristic tendencies.

– The worst job applicant. The Eliles.A worm sends out CVs all over the place. It even sends them out to users’ cell phones. It would seem that it has little confidence in its own job prospects.

View: Full Story Via: Panda Software

Even Santa isn’t safe from spyware and viruses.

With Christmas fast approaching, Santa Claus reached out for a little help from Stopbadware.org this week.

The consumer advocacy group said it was approached by an Incline Village, Nevada, man who has legally changed his name to Santa Claus, who asked them to help figure out why his Web site was being flagged by Google’s Web site filters.

It turned out that Santa’s Web site, Santaslink.net had been hacked.

View: Full Story Via: PCWorld

On November 30, Sophos issued its monthly report on the top ten threats reported to them in November of 2006. As a part of this, Sophos also studied Windows Vista’s vulnerability to these malware threats. I found the information and press discussion confusing, so I thought I would clarify what this really means for customers.

In order to understand what was really going on here, I asked the team to go look at the technical facts behind the story, and that started in the lab. We began by observing first-hand how these various forms of malware affect a Windows Vista system using a machine that was configured with the default settings and without any additional security software. What we found was that if you are using only the software in Windows Vista (e.g., Windows Mail and no add-on security software), then you are immune to all ten of the malware threats that Sophos cited.

If you are using Microsoft Outlook or a third-party email client that blocks execution of known executable formats, then a user running Windows Vista is not vulnerable to eight of the ten malware threats. In the case of the ninth piece of malware, Bagle-Zip, the malware is able to run because it uses the .ZIP file format which some mail programs do not block. In the case of the tenth piece of malware, Mydoom-O, the malware is sometimes able to run because it randomly chooses the file type to which to distribute its payload and sometimes that file type is an executable inside a .ZIP file, which some mail programs do not block. In both cases, this is a function of the e-mail software, not Windows Vista. That said, even when a user receives a mail infected with Bagle-Zip or Mydoom-O in the .ZIP file format, in order for the malware to affect the system, the user must first explicitly open the .ZIP file and then explicitly run the executable file that’s contained inside the .ZIP file — there is no way for this to happen without two steps of user action. If you happen run a third-party email client that does not block known executable formats, then you may also be vulnerable to Netsky-D.

View: Full Story Via: Windows Vista Blog

Computer security analysts are studying reports of a worm that may be circulating via a feature in Skype’s popular Voice over IP service.

Security vendor Websense said the worm spreads through Skype’s chat feature. Users receive a message asking them to download a file called “sp.exe.” The executable is a Trojan horse that can steal passwords. If a user runs the Trojan it triggers another set of code to spread itself.

The first infected PCs appeared in the Asia-Pacific region, particularly in Korea, Websense reported on its blog today. It said it was still investigating the issue.

View: Full Story Via: PC World

Underground hackers are hawking zero-day exploits for Microsoft’s new Windows Vista operating system at $50,000 a pop, according to computer security researchers at Trend Micro.

The Windows Vista exploit—which has not been independently verified—was just one of many zero-days available for sale at an auction-style marketplace infiltrated by the Tokyo-based anti-virus vendor.

In an interview with eWEEK, Trend Micro’s chief technology officer, Raimund Genes, said prices for exploits for unpatched code execution flaws are in the $20,000 to $30,000 range, depending on the popularity of the software and the reliability of the attack code.

Bots and Trojan downloaders that typically hijack Windows machines for use in spam-spewing botnets were being sold for about $5,000, Genes said.

View: Full Story Via: eweek

35 days before Windows XP was officially released, a pirated key, called the “devils0wn”, began circulating around the web which allowed users to run a pirated copy of the operating system. Since then, the key has been used thousands of times and is now a part of Windows XP history. Trying to follow in devils0wn’s footsteps, a new crack for Windows Vista is rumored to have become available. Called “Windows Vista All Versions Activation 21.11.06”, the key reportedly unlocks any version of Vista. Sounds great for pirates, right? Maybe it is, depending where you stand on software piracy.

Those who download “Windows Vista All Versions Activation 21.11.06” will end up with anything but a cracked version of Vista. The file is neither a crack nor key generator, but it is a trojan installer that installs the malware known as “Trojan-PSW.Win32.LdPinch.aze.” According to APC Magazine, most antivirus scanners will recognize the trojan, but NOD32 and Norton’s latest signatures do not.

While most of us dread the thought of a new piece of malware in the wild, it’s hard not to like the motive behind this trojan. Nevertheless, any propagation of malware is a bad thing so I’m happy to hear that most scanners can stop this one.

View: Full Story
News source: Ars Technia

F-Secure has spotted an outbreak of a Javascript exploit that uses flaws in Apple’s Quicktime to grab MySpace profile data.

It’s not easy to explain, but it’s a form of phishing: you visit what looks like a normal MySpace page, but the links have been altered to take you off-site (though that still looks like MySpace). There, a Quicktime .mov is downloaded to your system and runs a Javascript file that changes your MySpace profile.

The aim: to steal lots, and lots of MySpace login details.

View: Full Story
News source: Guardian Unlimited

Security vendor McAfee has predicted that the increasing popularity of video on the web will make it a future target for hackers.

The use of video formats on social-networking sites — such as YouTube — will attract malware writers, the company claims. As people become more reluctant to open email attachments from anonymous sources, hackers will target users who open media files instead.

The functionality of online video, which includes pop-up ads and URL redirects, will become “ideal tools of destruction for malware writers,” claimed McAfee in a statement. “As video-sharing networks on the web proliferate, the potential capture of a large audience will incite malware writers to exploit these channels for monetary gain.”

View: Full Story
News source: ZDNet