Malware

This was originally posted at ZDNet's Between the Lines.

A former Fannie Mae IT contractor has been indicted on charges of planting a virus that would have nuked the mortgage agency's computers, caused millions of dollars in damages, and even shut down operations. How might this have occurred? The contractor was terminated, but his server privileges were not.

Rajendrasinh Makwana was indicted on Tuesday in the U.S. District Court for Maryland (press report, complaint PDF, and indictment PDF). From early 2006 to Oct. 24, Makwana was a contractor for Fannie Mae. According to the indictment, Makwana allegedly … Read more

One of the first applications built to find and remove adware and spyware, Ad-Aware's excellent reputation is well-justified. The Anniversary Edition continues the publisher's tradition of adroitly addressing user concerns, but is still not quite perfect.

Without a doubt, though, this version of Ad-Aware improves greatly on what has come before. It loads faster during your boot cycle. Scans take less time than before, too--the Quick Scan completed in less than 10 minutes. Although we did notice a major false positive crop up for another program's uninstaller, there were no other flaws in the scan. New users … Read more

MOUNTAIN VIEW, California -- Symantec is turning to virtualization and cloud computing to protect Web surfers and let them access Web-based applications from one site.

The company demonstrated the technologies, along with another one designed to block malware from getting into corporate networks, to reporters and briefed them on its research and development strategy at an event it dubbed "Innovation Showcase" on Wednesday.

Virtualization technology that essentially creates different machines on the same computer offers a good platform for securing PCs by providing different protected environments, said Joe Pasqua, vice president of research at Symantec Research Labs.

Taking advantage of this trend, … Read more

Security experts from U.S. government agencies, multinational companies, and academia have released a list of what they consider to be the 25 most critical errors made while coding software.

Participants from more than 30 organizations worked together to agree on the 25 "most dangerous" errors, the SANS Institute said in a statement on Monday. They included experts from the U.S. National Security Agency, the U.S. Computer Emergency Response Team (US-Cert), Mitre, and the Sans Institute, as well as from Microsoft, Apple, and Oracle.

The list was released so programmers can check their code for the … Read more

Google's free code-hosting Web site for developers is being used to distribute malware, a security researcher said on Friday.

Google Code is a place where programmers can host projects and code. Along with the legitimate code are links to fake videos that direct users to download a missing codec, said Dave Marcus, director of security research for McAfee Avert Labs. The codecs turn out instead to be password-stealing Trojan horses and programs geared toward stealing financial information for identity fraud, he said.

"They're using it as a way to send out links or as a place to … Read more

A security researcher has discovered fake profiles for celebrities on LinkedIn that have links to malicious code, according to a blog posting on Trend Micro's site.

The celebrity profiles that are not to be trusted include ones created using the names: Beyonce Knowles, Victoria Beckham, Christina Ricci, Kirsten Dunst, Salma Hayek, and Kate Hudson. They were uncovered by Trend Micro Advanced Threats Researcher Ivan Macalintal.

In its blog posting late on Monday, Trend Micro said it was continuing its investigation. The links on the professional networking site attempt to lure viewers by purporting to be nude shots of the … Read more

Microsoft released a critical security patch on Wednesday to plug vulnerabilities in Internet Explorer, a move that comes amid malicious attackers taking advantage of the security flaws.

The patch is designed to prevent attackers from downloading malware onto users' computers if they visit a malicious Web site, or a legitimate Web site that has been infected.

This zero-day exploit has been in circulation since the first week of December and potentially could have infected a wide swath of users.

The vulnerabilities are found in not only IE 7, Microsoft's latest browser, but also Internet Explorer 5.01, Internet Explorer … Read more

Microsoft issued a critical security warning Tuesday that a malicious exploit is making the rounds and attacking vulnerabilities in Internet Explorer 7.

The risk is believed to be widespread, given that IE 7 is the latest version of Microsoft's browser and is bundled with XP service pack 3 and also Vista, said Dave Marcus, director of security research and communications for McAfee's Avert Labs.

The AZN Trojan, which has been making the rounds since the first week of December, has the potential of infecting users' system with a Trojan horse, or "downloaders" that can download other … Read more

On paper, Lavasoft Anti-Virus Helix contains the most sought-after components of antivirus applications: malicious software blockers, on-the-fly detection, a scanner, malicious software removal, and protection from e-mail viruses and Web threats. It offers full system scanning and lets you pick from preset scans or create a profile to scan a smaller portion of your PC, for instance, just your 'C' drive. But that shouldn't be a surprise once you realize that the product is virtually identical to Avira AntiVir. If you already use an Avira product, there's no reason to switch to Anti-Virus Helix.

Nevertheless, Lavasoft's Anti-Virus … Read more