You Did Not Find This
A handful of security companies have recently turned their focus to the hidden menace behind the anti-spyware companies that advertise through deceptive website banners or popups, largely affecting Microsoft Windows-based systems. The general trend found is that these software tools tend to be extremely ineffective at identifying spyware, preferring to overhype non-threats, and forcing users to pay for a licenced copy before being able to remove any of the infections. Unfortunately, in most cases, the tools are not capable of removing any actual spyware, and tend to install more malware than they ever remove.
Removing the tools themselves is not as easy as deleting them, with hidden files, unmodifiable registry entries and other nasty components. What might help users once they end up with more legitimate spyware removal software, is that there only appears to be a handful of base applications being used to generate the multitude of fake antispyware software, which will make it easier to detect and eventually remove with a proper tool.
Following Microsoft's WMF patch release for their Vista Beta users, it seemed that more than the usual number of complaints were being put forward by users and observers. An expected percentage were criticizing Microsoft as they do normally, patch or not, but a not insignificant percentage seemed to be from dedicated Microsoft software users, especially the Vista Beta users.
A lot of the complaints were based around the perceived inability for Microsoft to develop a secure Operating System despite claiming for several years that Security is the biggest focus from Microsoft. This includes the code for their next generation Operating System (and also patches to their existing systems). Concern was raised about the actual level of improvement that Vista will bring to the market when it is released later in 2006, and just how much other legacy software was hidden within the system - leaving it vulnerable. Others postulated that if this incident was to be considered on a par with how it affected other Windows versions, then there are likely to be a number of very dangerous vulnerabilities within Vista which will be discovered and exploited by hackers.
Microsoft have also published the expected release date for the next major service pack to Windows XP (SP3), which will be in the last half of 2007. Interestingly, this is after the expected release date for Windows Vista, which is scheduled for the second half of 2006. Quite a number of Microsoft observers believed that SP3 for Windows XP would have arrived this year, or have even been released by now, and there are some murmurs from disaffected users who are feeling slighted that their security is being sidelined for the purpose of a new product arriving on the market.
Unlike SP2, SP3 is not expected to include any new functionality, but instead represent an amalgamation of the intervening security patches and minor updates, providing users with a suitable baseline for maintaining their systems. Historically, Microsoft's Service Packs for their next-to-last Operating System tend to dry up after the release of the next generation system, which means that the imminent arrival of Vista is likely to reduce the focus on Windows XP. When compared against the earlier reported data which indicates the extended support for Windows XP, it is possible that this will be one of the last, if not the last, Service Packs for Windows XP.
This reduction in the number of Service Packs is not as much of an issue as it once might have been, as the monthly 'Black Tuesday' security patch release has provided a means for Microsoft to provide essential updates which otherwise would have had to wait to be released in a Service Pack.
Enterprise Database vendor Oracle has faced more public humiliation when a handful of security researchers publicly released information about the vulnerabilities which were fixed with the latest patch release from Oracle. It was claimed that the vulnerabilities patched were discovered and alerted to Oracle hundreds of days prior to their eventual patching. The most recently discovered vulnerability was only 190 days old, while the oldest was almost 900 days old, with most of the identified vulnerabilities around 900 days post-discovery.
The value of data held in Enterprise class databases became a huge issue towards the end of the week, when it was revealed that a number of the major US-based search engines were subpoenaed to provide search records for arbitrary periods of time. Yahoo!, MSN and AOL were reported to have complied with the subpoena and provided the requested records, while Google initially refused to comply. Google has since been sued by the US Attorney General, through the courts, to supply the records initially requested.
Numerous sources cite the subpoena as requesting search records for certain periods of time (a million random addresses over a week in Google's case) in order to help test the scope and validity of the US Child Online Protection Act (COPA). While privacy and online rights advocates were cheering Google's refusal to hand over records, it is considered more likely that the decision was made for business reasons rather than concern for privacy or online rights.
Based on the available information regarding the subpoenas, many observers are having difficulty working out exactly how anonymous search engine records can identify the age of the user submitting the request, and whether the results returned are part of a set that the user was expecting. At the least, it would require manual confirmation whether the end address visited was providing pornographic content to minors.
The move by the US Government is being widely regarded as nothing more than a 'fishing expedition', where they are trying to establish stricter control over online pornographic content, through the auspices of the COPA.
Many of the observers are concerned about the attempts to secure records, and about the other providers that have provided details, as many have experienced first hand how sometimes the results being returned are not the sort of results they are really after, or should be looking at. They are especially concerned about how such a search result can be misconstrued, especially over a medium which does not indicate intent.
Google has also made the news with its refusal to comply with US ISP, Bell South's, demands that content providers are to pay for the entry of their data to the ISP's network. The refusal is based on the position that end users should already be supporting the cost of the networks, and it is not up to the content providers to further subsidise them. When the issue was first raised, that Bell South was proposing to charge content providers, the common perception was that it was a move to restrict the proliferation of VoIP service usage, which was suspected to be impacting on Bell South's other service offerings.
While Google may have acted to maintain the status quo in the above two cases, they have quickly found themselves in the position that they wield an immense power in the online world. While there are other search engines and service providers, none carry the kind of mindshare that Google does, and none are watched closely as a barometer for future trends as Google is.
It has been suggested that if Google's decisions on the above two cases were reversed, then it would provide a much greater backing than that which a comparably valued company would provide. It would also have had the effect of establishing artificial barriers to entry for companies that are seeking to establish themselves in dependent niches. If Google and other high powered tech stocks decided to form political lobby groups, it is considered that any effort they backed would almost certainly be well received.
Botnets generated from systems compromised through the recent WMF Windows flaw (patched with MS06-001) are believed to be coming under active control, at least according to one security researcher. This news is not surprising given that the WMF flaw was being compromised with active malware from the earliest days of discovery.
Normally controlled through IRC commands, systems infected from the same site, or by the same variant of attack via different sites, will form part of a loose network which can be managed by a hacker (or group of hackers) for their own ends. It is expected that these new botnets will soon be spewing spam and being used as the launcing pad for phishing attacks or new email worms. For users whose systems are already compromised or part of other botnets (via other infection mechanisms) they might find their systems becoming unresponsive as the various malware infections fight it out for control of the system.
While it is not related to the WMF flaw, Anti-Virus software maker, F-Secure, has released a set of patches for almost their complete range of products due to a flaw identified with the handling of ZIP and RAR archive scanning. The flaw could lead to a hacker being able to execute code of their choice on a vulnerable system. In addition to the arbitrary code execution issue, it is possible to provide archives which can not be scanned properly, potentially allowing malware that otherwise would have been stopped to pass through the software defences. Users of F-Secure software are advised to apply the appropriate patches as soon as possible.
After a number of months of waiting, Australian iTunes Music Store (iTMS) visitors now have the opportunity to purchase music from Sony/BMG. Sony/BMG was the primary major music licenser that was missing from the original Australian and Japanese iTMSs. It is not believed that any artists broke their contract to sign independently with the iTMS in Australia, unlike a number of Sony artists in Japan. The addition of the last major licenser means that the obvious holes in the iTMS music offerings have largely been filled.
23 January 2006
Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis
Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.
Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.
Comments will soon be available for registered users.
Subscribe to our feed.