SECURITY WARNINGS & Notices - Please post them here

[DavidR]

How many viruses are made by anti-virus companies?
http://www.emsisoft.com/en/kb/articles/tec110601/?utm_source=newsletter&utm_medium=newsletter&utm_content=tec110601&utm_campaign=news110525

I think that the article is nothing more than marketing hype, otherwise why is there the dirty big advert showing emsisoft getting 100% in an old MRG test from q3-q4 2010

[Dch48]

How many viruses are made by anti-virus companies?
http://www.emsisoft.com/en/kb/articles/tec110601/?utm_source=newsletter&utm_medium=newsletter&utm_content=tec110601&utm_campaign=news110525

I would have to say----- none, zip, zero, nada

[Lisandro]

I think that the article is nothing more than marketing hype, otherwise why is there the dirty big advert showing emsisoft getting 100% in an old MRG test from q3-q4 2010

What would you expect they ad in their site? A third party product?
The article is just as informative as any other on avast blog for instance imho

[AdrianH]

All Internet Explorer browser versions allow cookiejacking

>>> http://www.ecommerce-journal.com/news/48203_all-internet-explorer-browser-versions-allow-cookiejacking <<<

[Asyn]

Mac scareware becomes more visible
http://www.h-online.com/security/news/item/Mac-scareware-becomes-more-visible-1246693.html
http://www.bleepingcomputer.com/virus-removal/remove-mac-protector
http://www.bleepingcomputer.com/virus-removal/remove-mac-defender

Winwebsec gang responsible for FakeMacdef?
http://blogs.technet.com/b/mmpc/archive/2011/05/17/winwebsec-gang-responsible-for-fakemacdef.aspx

Apple publishes Mac Defender removal details, promises fix
http://www.h-online.com/security/news/item/Apple-publishes-Mac-Defender-removal-details-promises-fix-1250118.html

Mac Defender variant doesn't require admin password
http://blog.intego.com/2011/05/25/intego-security-memo-new-mac-defender-variant-macguard-doesnt-require-password-for-installation/

Apple addresses Mac Defender in Snow Leopard security update
http://www.h-online.com/security/news/item/Apple-addresses-Mac-Defender-in-Snow-Leopard-security-update-1253399.html

[DavidR]

I think that the article is nothing more than marketing hype, otherwise why is there the dirty big advert showing emsisoft getting 100% in an old MRG test from q3-q4 2010

What would you expect they ad in their site? A third party product?
The article is just as informative as any other on avast blog for instance imho

What I would expect is the article without the attempt at the soft sell by including the old test results. Which given the title of the blog, the marketing advert has nothing to do with the actual article.

So it is superfluous to the article, it didn't need the blatant marketing advert to make its point.

I have no problem with blog articles which are informative, just that this one when allied to a totally unconnected set of test results to me just makes it look like that was the whole purpose of the blog.

[Gargamel360]

Apple addresses Mac Defender in Snow Leopard security update
http://www.h-online.com/security/news/item/Apple-addresses-Mac-Defender-in-Snow-Leopard-security-update-1253399.html

http://www.zdnet.com/blog/bott/new-apple-antivirus-signatures-bypassed-within-hours-by-malware-authors-update/3396

[iRonzel]

Apple addresses Mac Defender in Snow Leopard security update
http://www.h-online.com/security/news/item/Apple-addresses-Mac-Defender-in-Snow-Leopard-security-update-1253399.html

http://www.zdnet.com/blog/bott/new-apple-antivirus-signatures-bypassed-within-hours-by-malware-authors-update/3396

Apple's Mac Defender patch is already worthless

[malcontent]

Facebook Attack Spreading both Windows AND Mac malware

http://www.f-secure.com/weblog/archives/00002172.html

There's a significant Facebook malware attack occurring at the moment.

The malware is using the Facebook "Likes" thumbs-up icon, but appears to be spreading via another method. Additional analysis suggests that the malware itself may be injecting a post into the victim's Facebook session.

Try as we might, our test account was not compromised by the attack server's webpage. We are now speculating that the Windows malware is a Koobface like worm with ZeuS like webinject capabilities. Our analysis continues.

[iRonzel]

Sony Pictures Falls Victim to Major Data Breach

[Asyn]

Attacks target high-profile Gmail accounts
http://www.h-online.com/security/news/item/Attacks-target-high-profile-Gmail-accounts-1254369.html
http://googleblog.blogspot.com/2011/06/ensuring-your-information-is-safe.html
http://contagiodump.blogspot.com/2011/02/targeted-attacks-against-personal.html

[iRonzel]

Sony Attacked Again, Passwords and Other Data Stolen

[yongsua]

Sony Attacked Again, Passwords and Other Data Stolen

Ouch!

[FreewheelinFrank]

How many viruses are made by anti-virus companies?
http://www.emsisoft.com/en/kb/articles/tec110601/?utm_source=newsletter&utm_medium=newsletter&utm_content=tec110601&utm_campaign=news110525

The blog fails to point out that a large number of new "viruses" are simply the same piece of malware rendered undetectable by being packaged or encrypted in some way.

There was a fuss a few years ago when an anti-virus company started creating new variants in this way and testing its own product against them.

Other AV companies complained that these fake viruses could find their way into AV testing virus collections and thus show them in a poor light for not detecting unreal viruses.

Possibly this story fed the urban myth somehow.

Somebody with a better memory might even remember which company it was...

(It wasn't avast!)

[malcontent]

TDSS Rootkit boasts new DHCP server

http://www.theregister.co.uk/2011/06/03/tdss_self_propagation_powers/

A new version of the TDSS rootkit, which also goes by the names Alureon and TDL4, is able to infect new machines using two separate methods,

The second method is to spread over local area networks by creating a rogue DHCP server and waiting for attached machines to request an IP address. When the malware finds a request, it responds with a valid address on the LAN and an address to a malicious DNS server under the control of the rootkit authors. The DNS server then redirects the targeted machine to malicious webpages.

“After these manipulations, whenever the user tries to visit any web page, s/he will be redirected to the malicious server and prompted to update his/her web browser,” Golovanov wrote. “The user will not be able to visit websites until sh/he agrees to install an 'update.'”

Late last year, TDSS acquired the ability to infect 64-bit versions of Microsoft Windows by bypassing the OS's kernel mode code signing policy. Researchers at security firm Prevx have said it's the most advanced rootkit ever seen in the wild. It is used as a backdoor to install and update keyloggers and other types of malware on infected machines, and once installed it's undetectable by most antimalware programs.