Lavasoft News - December 2007

Security Shorts

Russian Malware Network Vanishes
The Russian Business Network (RBN), an Internet business based in St. Petersburg said to be responsible for hosting websites that carry out a major part of the world’s cyber-crime, has gone offline. Industry experts, however, contend that this is not the end of RBN. It is believed that the organization, which is reported to sell website hosting to groups propagating child pornography, piracy, spamming and other scams, is shifting locations.

Malware Hits ‘Times of India’ Website
The website of a globally-reaching Indian newspaper has been cleaned of malware, following a cross-scripting attack that was designed to stealthily infect users’ machines. The incident on the Times of India’s website was the second major website compromise in the country in the past months. In September, the Bank of India’s website was hacked into and distributed malicious code.

Swedish Feds Question ‘Hacker of the Year’
A Swedish security researcher, said to be responsible for the so-called “hack of the year”, has been taken in for questioning by authorities. According to reports, Dan Egerstad intercepted data carried over a global communications network, obtaining log-in credentials of 1,000 sensitive e-mail accounts; at least 100 of these accounts belonged to foreign embassies, large corporations, and human rights organizations. Egerstad subsequently informed the involved parties of the security breach, and published many of the log-in credentials online.

Multiplying Mac Trojan Makes the Rounds
Apple’s Macintosh operating system was hit with its first Trojan attack in November, with new research showing that this was not an isolated incident. Analysts at F-Secure have discovered 32 variants of the Mac Trojan, according to reports. Security experts have differing opinions as to what this means for the future of Mac security.

Malware Spread Through DoubleClick
DoubleClick, one of the Internet’s largest online advertising services, now has a security monitoring system in place to catch malware; the measure came after rogue anti-spyware software made its way onto DoubleClick and legitimate websites, including CNN and The Economist. According to reports, the malicious ads were bought and paid for by bogus anti-virus software sellers posing as genuine online advertisers.

Security Pro Turned Botmaster
A California, U.S. man has admitted to infecting a quarter of a million computers with malware and spyware, allowing attackers to control the machines remotely in order to steal the personal details of thousands of people. John Schiefer, a security professional who worked by day as an information security consultant, has agreed to plead guilty to four counts of fraud and wiretap charges. He could face up to 60 years in prison, as well as a $1.75 million U.S. fine.

Percentage of Lavasoft website visitors who are very worried about online threats and scams during the holiday shopping season, according to a Lavasoft Ballot Box Poll.

Personally identifiable information (PII) is any personal data concerning an individual that is capable of uniquely identifying a particular person. The collection, use or disclosure of PII is something the individual typically wants to control; this private data can potentially be exploited by criminals for identity theft.
Source: Anti-Spyware Coalition and Wikipedi.org

Online security does not always involve complicated solutions. Find out a simple way to make sure that the websites you visit requiring a log-in, like online banking sites, are authentic. Read More.

“It’s been a little while since my first virus, but I was lucky to stumble upon the Ad-Aware software and the helpful people at the Lavasoft support forum…They gave me a simple method of removal and guide you through each step carefully…I would recommend the free Ad-Aware software to anyone, in fact I already have. Thanks again.”
Darren (Glasgow, Scotland)

Lavasoft AB Lilla Bommen 1, 411 04 Gothenburg, Sweden | www.lavasoft.com | editor@lavasoft.com