McAfee: Mobile threats on the rise

Mobile threats are spreading and spam continues to be a thorn in the average person's side, according to a new McAfee report about the fourth quarter.

Mobile malware threats increased by 46 percent last year as criminals continued to embrace new opportunities on smartphones and tablets, the security firm said today. 

"One of the most important threats of the quarter" among mobile devices was the Android-based Geinimi Trojan that Zeus botnet creators unleashed. It was flanked by several other malware threats, like the Symbian OS-focused Zitmo.A, McAfee said.

"Cybercriminals are keeping tabs on what's popular, and what will have the biggest impact from the smallest effort," Vincent Weafer, senior vice president of McAfee Labs, said in a statement. "McAfee Labs also sees the direct correlation between device popularity and cybercriminal activity, a trend we expect to surge in 2011."

McAfee's latest report could help bolster support for the company's plans in 2011 to become increasingly invested in mobile security, thanks to Intel, which announced plans to acquire the security firm last year in a deal valued at $7.68 billion. Intel said at the time that it plans to use McAfee's core security products to improve protection for mobile devices, TVs, and other products that the chipmaker believes don't have enough protection.

McAfee found in its report that the "lack of security awareness and mobile safeguards" will lead smartphone owners to face an increasing number of botnet attacks this year.

In addition, the growth of mobile devices and Web-connected products like Internet TVs contributed to more Web-based threats in 2010, McAfee said. The company found that phishing scams asking people to provide information to the Internal Revenue Service, offering gift cards, and stealing social-networking account information were quite "popular" in the fourth quarter. Worst of all, McAfee said that 51 percent of the top 100 search results for the top daily search terms directed people to malicious sites.

Adobe Systems also took a beating in McAfee's quarterly report. The security firm found that all last year, malware creators were "heavily" targeting Flash and PDF and that Adobe Acrobat was the most popular place for malicious users to take aim at unsuspecting victims. Worst of all, the security firm said it's "certain" that Adobe will continue to be hit hard by malware in 2011.

Spam continues to be a major issue for people, accounting for 80 percent of all e-mail traffic in the fourth quarter, McAfee reported. At that level, however, spam actually hit a low it hasn't touched since the first quarter of 2007. 

When it came to malware, consumers weren't so lucky. Twenty million "new pieces of malware" were developed in 2010, McAfee said.

Read more »

Microsoft patches Windows, IE

Microsoft today issued three "critical" security bulletins as part of its monthly Patch Tuesday program. Together with nine other alerts, which the company rated as "important," the bulletins address 22 vulnerabilities spanning Microsoft products from Windows and Internet Explorer to Office and Internet Information Services. 

On the top of the list is MS11-003, which is a cumulative update for Internet Explorer that resolves four vulnerabilities. Included is a fix for the nasty CSS bug outlined in Security Advisory 2488013, a bug that could give attackers control of people's computers. 

In a podcast about the patches, Jerry Bryant, the group manager of response communications for Microsoft's Trustworthy Computing Group, downplayed the scope of the CSS issue, saying that the company had seen only limited, targeted attacks focused on this vulnerability. To drive that point home, the company has released telemetry of how that vulnerability stacks up against an already-patched vulnerability in the Windows Shell, to explain why a fix was not made available outside the company's normal release cycle. 

"While our first priority is to protect customers from issues like these, we also look to minimize disruption that issues like out-of-band releases can bring," Bryant said. 

The second critical item included in the list of patches is the thumbnail image attack vulnerability, which is being addressed in MS11-006. This fixes the security hole in Microsoft's Windows Graphics Rendering Engine that could let attackers gain control of users' computers by having them load a specially formatted image. The problem affects Windows XP, Server 2003, Windows Vista, and Windows Server 2008, but not Windows 7 or Windows Server 2008 R2, the company said. 

"We have not seen any attacks against this vulnerability, but proof of concept code is available to attackers, so we recommend customers put this at the top of their priority list," Bryant said. 

The third critical item that's being patched is the OpenType Compact Font exploit as part of MS11-007. That particular vulnerability requires end users to load what Microsoft classifies as a "maliciously crafted" font. Bryant explained that the issue had privately been disclosed to the company, and that it was rated a 2 in the Exploitability Index, since Microsoft does not believe a reliable exploit code will show up within the next 30 days. 

One tier Lower on the company's deployment priority index (which is how Microsoft dictates to customers the order in which to deploy patches to machines) is the fix to the zero-day vulnerability with the FTP services in IIS 7.0 and 7.5. It too has a rating of 2 in the Exploitability Index, and it makes up part of MS11-004. 

Along with those critical and important updates, Microsoft is changing its Autorun functionality when users plug in USB thumb drives. The company is disabling Autorun from USB thumb drives in versions of Windows that are older than Windows 7, which already has such a security feature. That's going out to users as an AutoUpdate in Windows Update. 

As mentioned in previous coverage about this month's batch of updates, Microsoft has not offered up more details on long-term fixes for the MHTML vulnerability that cropped up last month and affects Internet Explorer. But according to Jim Walter, the manager of McAfee Threat Intelligence Service, the MHTML problem is smaller than most.

"The scope and impact of the MHTML vulnerability is relatively limited compared to other recent zero-day code execution vulnerabilities," Walter said in a statement. "Based on the information that is currently available, we are aware that successful exploitation could lead to the running of arbitrary scripts, as well as the disclosure of sensitive information."
More details about the list of fixes, and ways to deploy them, can be found in Microsoft's Security Response Center blog.

Read more »

Microsoft to seal 22 security holes this month

Microsoft today said it will address 22 vulnerabilities as part of next week's Patch Tuesday, three of which are critical.

Three of the 12 bulletin items released by Microsoft earlier today are classified as critical, and affect Microsoft's Windows operating system, with one affecting Microsoft's Internet Explorer browser as well. The rest are classified as "important."

In a post on Microsoft's Security Response Center blog, the company said it will be making fixes for vulnerabilities in the Windows Graphics Rendering Engine, as well as CSS exploit in Internet Explorer that could allow an attacker to gain remote code execution.

Along with the fixes for the rendering engine and the CSS exploit, Microsoft says it will be addressing zero-day flaws that created vulnerabilities in the FTP service found inside of Internet Information Services (IIS) 7.0 and 7.5.

Not included in this month's batch of announced patches is a fix for the recently-discovered script injection attacks that affect Internet Explorer. Acknowledged by the company last week in Security Advisory 2501696, the exploit targeted the way IE handled MHTML on certain types of Web pages and document objects, and could provide hackers with access to user information. According to Wolfgang Kandek, chief technology officer at Qualys, the best route to prevent those attacks 

continues to be the workaround Microsoft outlined in its initial security advisory about the problem.

Microsoft has a full list of the pending issues here

Read more »

Report: Hackers penetrated Nasdaq computers

Federal authorities are investigating repeated intrusions into the computer network that runs the Nasdaq stock exchange, according to a Wall Street Journal report that cited people familiar with the matter.

The intrusions did not compromise the tech-heavy exchange's trading platform, which executes investors' trades, but it was unknown which other sections of the network were accessed, according to the report.

"So far, [the perpetrators] appear to have just been looking around," one person involved in the Nasdaq matter told the Journal.

The Secret Service reportedly initiated an investigation involving New York-based Nasdaq OMX Group last year, and the Federal Bureau of Investigation has launched a probe as well. Investigators are considering a range of motives for the breach, including national security threat, personal financial gain, and theft of trade secrets, the newspaper reported.

Nasdaq representatives could not be reached for comment.

Investigators have not been able to follow the intruders' path to any specific individual or country, but people familiar with the matter say some evidence points to Russia, according to the report. However, they caution that hackers may just be using Russia as a conduit for their activities.

The Nasdaq, which is thought to be as critical from a security standpoint as the national power grid or air traffic control operations, has been targeted by hackers before. In 1999, a group called "United Loan Gunmen" defaced Nasdaq's public Web site with a story headlined "United Loan Gunmen take control of Nasdaq stock market." The vandalism was quickly erased, and Nasdaq officials said at the time that the exchange's internal network was unaffected.

Read more »