Author Topic: SECURITY WARNINGS & Notices - Please post them here  (Read 1830888 times)

0 Members and 1 Guest are viewing this topic.

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9443
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #30 on: December 22, 2009, 03:52:54 PM »
definitely staying away from Facebook, I hate it anyway  ;D thanks for the heads up  ;)...I'll let my friends using it regularly know about the risks, again.
w7 - ais7

Offline Omega40

  • Full Member
  • ***
  • Posts: 137
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #31 on: December 22, 2009, 06:57:52 PM »
I dropped Facebook as soon as they messed with my privacy settings.  >:(

Offline nmb

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3061
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #32 on: December 22, 2009, 07:00:38 PM »
Facebook user with no problems what so ever.

I have changed all the settings to best suit me and will not accept any application requests. nor do I upload any pictures in any social networking sites.

I don't have any problems using fb.

nmb

Offline YoKenny

  • Serious Graphoman
  • **
  • Posts: 8788
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #33 on: December 23, 2009, 12:18:54 AM »
Facebook user with no problems what so ever.

I have changed all the settings to best suit me and will not accept any application requests. nor do I upload any pictures in any social networking sites.

I don't have any problems using fb.

nmb

+1

Become a Fan on Facebook:
http://www.malwarebytes.org/forums/index.php?showtopic=16409

E5200 2.5GHZ, 4GB RAM, 320GB HD, Windows 7 Home Premium 64bit, avast! V9.0 Free, IE10
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3 32bit, avast! V9.0 Free, Google Chrome
with hpHosts, MVPS HOSTS files, SpeedFan, WinPatrol PLUS

Offline nmb

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3061

Offline Omega40

  • Full Member
  • ***
  • Posts: 137
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #35 on: December 23, 2009, 07:12:52 AM »

Offline YoKenny

  • Serious Graphoman
  • **
  • Posts: 8788
E5200 2.5GHZ, 4GB RAM, 320GB HD, Windows 7 Home Premium 64bit, avast! V9.0 Free, IE10
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3 32bit, avast! V9.0 Free, Google Chrome
with hpHosts, MVPS HOSTS files, SpeedFan, WinPatrol PLUS

Offline Omega40

  • Full Member
  • ***
  • Posts: 137
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #37 on: December 23, 2009, 07:53:57 AM »
Thank you, YK.  ;)

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9443
Live.com Exploited as Pharma-Fraud Cover
« Reply #38 on: December 24, 2009, 10:45:38 AM »
w7 - ais7

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 36302
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #39 on: December 24, 2009, 02:41:01 PM »
From Norman Security

Summing up 2009 - predictions for the year to come
http://www.norman.com/security_center/security_center_archive/2009/74565/en
“Ah beer. The cause of and the solution to all of life’s problems.”

"Operator! Give me the number for 911!"

Offline CharleyO

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7087
  • Be alert for error code - ID 10T
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #40 on: December 24, 2009, 07:20:06 PM »
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31948
  • malware fighter
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #41 on: December 27, 2009, 01:39:14 AM »
Hi malware fighters,

Latest software of adservers vulnerable: http://forum.openx.org/index.php?showtopic=503454011
8 million vunerable Flash-ads can be googled up: http://www.google.com/search?hl=en&num=100&q=filetype:swf+inurl:clickTAG&aq=f&oq=&aqi=
Cross site scripting attacks are actually being performed: http://kingfeatures.com/pressrm/PR316.htm
and this was done in the past as well: http://www.thetechherald.com/article.php/200952/4979/Funny-pages-used-to-launch-PDF-attack-on-latest-vulnerability

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31948
  • malware fighter
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #42 on: December 28, 2009, 01:12:12 AM »
Hi malware fighters,

This year also saw an explosive increase of the number of malware-kits, making  everyone to construct his own malware within a few mouse-clicks, Especially for Xmas-time the malcreants launched "Chrismas Stealer" to steal log-in data from Firefox and MSN. Re: http://blog.damballa.com/?p=462

The user just has to fill out his own mail-address and that of the victim. Then the victim will get an e-mail with an attachment.  When this gets opened the Firefox log-in data and MSN log-in data will be sent to the sender. On the other side these kits could also dupe the user to loose his log-in data,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31948
  • malware fighter
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #43 on: December 29, 2009, 09:22:05 PM »
Hi malware fighters,

Malware "horror"scope for 2010 -

All security and av-vendors have made predictions for the coming security year 2010. Panda Security - Kaspersky Lab - F-Secure - AVG - RSA - Verizon - Anton Chuvakin - McAfee - Symantec - ESET looked into their crystal balls and came up with the following predictions for 2010
The summon it up neatly more of the same but in larger quantities. But the insights differ.

W 7 and Mac OS X
The introduction of W7 this year is a positive influence according to Finnish F-secure researchers, XP SP3 will become a malware-haven or malware getto in regions where W7 is less prevalent. Most av-vendors think that when the participation of W7 is large enough also this new OS will be attacked. They foresee this coming within the next two years, according to Panda Security. Malcreants are migrating their malware for the new MS platform and especially migrating to the 64-bit version. Kaspersky means that the security holes inside the new Windows7 will result in many drive-by download attacks, and also because of holes in products like Adobe's and Apple's are being found. Security vendor Verizon has another vision. Windows 7 will be more robust as expected and withstand attacks so attackers will go for the application software.

Also the Mac OS X will have full attention of malcreants. As the market share increases, the larger the number of attacks will become. “2010 will prove once and for all that Macs aren't immune to exploits”, according to Websense.

Fake-virusscanners
The most remarkable prediction has PC Tools. The vendor predicts a trend to combine all existing malware trends with new, inventive techniques. This malware will be more socially interactive and look more reliable and trustworthy to users, like some fake-av programs already do. The next step will be that cyber criminals are going to use budgets to start their own call centers, helplines, and virtual offices and service providers and even start ad campaigns for their rogue fake av scanners. Furthermore fake av scanners will become more and more aggressive and will even hijack operational systems.

Kaspersky on the contrary predicts less fake av-scanners, because the market is flooded by them already, so less income for the crooks. Also raised attention from intelligence and security services alike make it harder to spread and create fake av.

Fortinet thinks that the general users now is aware of scare ware, cyber criminals will switch to ransom ware during 2919, where the ask money for digital properties they encrypted.

Ads
This year the New York Times was being hit by attackers posing as legit advertisers and then placed malicious ads. A succesful attack well worth investing in it. Legit bought ads or hacked ad space users will be attacked in this way during the coming year.

Social engineering
Now the Operational System and applications are becoming more solid and secure, the easiest way to get to people's money or install malicious software is to socially engineer or mislead them, according to ESET's Randy Abrams. He too thinks the coming of W7 makes malcreants can't easily infect systems. Symantec says social engineering became so popular because it does not matter what OS or what browser is being used, the user themselves are being attacked. “Weak parts on a computer are less important. Social engineering has become one of the prevailing attack methods and this will be the growing trend for 2010.”

Shortened URL-services
Services to shorten URLs have become a trend with Twitter. A big problem there is that the user does not know where they re-direct to after clicking the link. The popular URL-shortener Bit.ly let us know they will scan better for spam and malcode, nut an increase in abusing the services is expected for the coming new year. Also spammers will use shortened URLs to circumvent spam filters. But parties involved will protect better, because their business model will be under attack.

Human CAPTCHA-crackers
As spammers find it more and more difficult to break the CAPTCHA-codes automatically, they will use human forces in developing economies to define new spam accounts manually to try and circumvent new detection technologies. Symantec assumes individuals that manually make the accounts get paid 10% of the overall costs, while account hunters will get 30 to 40 dollar per 1.000 accounts.

DDoS-attack
At least one big distributed denial-of-service (DDoS) against some nation. according to F-Secure.

Everyone into the Cloud
The cloud will be the av technology of the days to come, while others now report they have been doing this "for years and years". In 2010 all av vendors will go into the cloud if they aren't already doing so, well this means Spanish Panda Security. On the other side cloud services are an interesting target platform for attackers.

A specific service that can await new attacks is Google Wave. Initially cybercrime will use the service for spreading spam, then it will be abused in phishing attacks, abusing security holes and spreading malware will follow. Chrome OS will be left alone, while MacAfee thinks this will be a hacker's paradise.

Last but not least cyber criminals will hide inside the cloud, like we have seen this recent year.

Cyberwar
For quite some time we hear about cyberwar and cyber terror, where China and North-Korea are mentioned. We saw large scale Ddos-attacks against Estonia and Georgia last year. Govt sites can also come under attack of politically motivated hackers to deface an official website with political slogans. We will see both kind of attacks during the coming year.

Increase of malware
All av vendors agree that we will encounter more and more vicious malcode during 2010. A lot of av scanners will have a hard time to detect them, predicts Kaspersky Lab. Some vendors will develop complex security software as an answer to this kind of advanced malware, but some malware will be able to circumvent detection, go under the radar and stay immune for quite some time.

Users that do their Internet banking have to watch out for state of the art banking Trojans. Then the malcreants will develop geo-located attack-versions that are varied according to language and content, so the user will run a higher risk to open the wrong link. Symantec also expects an increase of English language spam.

The World Soccer Chamiponships will play an important role for Trojans, fake-ticket business, spam, attacks on legit ticket shops and DDoS-attacks.

AVG sees the coming automatic malware generation as one of the biggest problems for 2010,
making end-users will choose compete security suites over a stand-alone av solution. Then it warns against upcoming economies. The number of users in Brazil, China and India will increase tremendously, but using illegal software and the absence of av or fw will create lots of problems Users will be sitting ducks for attack in mentioned countries.

Verizon thinks the development of malware will come to a standstill. “Malware won't evolve further.”

Full-disk encryption and NAC
This will not come to fruition and there won't be a break-through, says Anton Chuvakin, who is predicting that Network Access Controls (NAC) will be almost gone near the end of 2010.

Data leaks
In 2009 the biggest leakage of data took place in human history, the theft of over 130 million creditcard data at Heartland Payment Systems. The coming year will see more data leakage, but smaller. McAfee focuses on social networking. Fake applications will be a problem for the hundreds of millions that use it, turning their data into the hands of cyber crooks.

China
Will stay at the wrong end of the stick (and stays an interesting role model for others  Grin )

Community
De internet community will slowly get educated, according to Verizon.The number of senior users that deal with cybercrime will go down considerably, while young ones learn their generation how to protect, so they will be better informed and able to secure themselves by identifying, finding and defy cyber criminals. After a ten year period of study, research, coordination and training cyberpolice will now finally come "harvest" on this, according to McAfee.

RSA closed on a positive note, that there will be more cooperation between the members of the security community, both researchers and vendors alike will cooperate to launch new initiatives.

Well anyway Polonus wishes you all a malware free and solidly secure avast-year 2010!

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 36302
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #44 on: December 29, 2009, 10:37:23 PM »
Good Guys Bring Down the Mega-D Botnet

Quote
Chalk up one for the defenders. Here’s how a trio of security researchers used a three-step attack to defeat a 250,000-pronged botnet.

http://www.pcworld.com/article/185122/good_guys_bring_down_the_megad_botnet.html
“Ah beer. The cause of and the solution to all of life’s problems.”

"Operator! Give me the number for 911!"