Security Bill Takes on Botnet Battle
A new bill introduced in the United States Congress, the Cyber Security Enhancement Act, is aiming to widen penalties for cyber crime, including creating criminal penalties for botnet attacks used to aid in identity theft, denial-of-service attacks, and the spread of spam and spyware. The legislation would also allow prosecutors to pursue racketeering charges against cyber criminal groups, expand sentencing guidelines for cyber crime, and add $30 million U.S. a year to the budgets of federal agencies combating cyber crime.
Google Warns of Web Malware
The sheer volume of malware being hosted on websites was revealed through a Google study based on a year-long scan of over 4.5 million sites. “The Ghost in the Browser” study reports that one in 10 web pages are laced with malicious code. Of the sites the Google research team analyzed, 450,000 were capable of launching drive-by-downloads to install malicious code, like spyware and Trojans, onto users’ computers. Another 700,000 web pages were found to contain code that could compromise PCs.
Mobile Phone Threats Continue to Climb
By the end of 2007, the number of mobile phone viruses is expected to double, a McAfee official recently told Reuters. Spyware and virus threats on phones have risen as mobile malware writers find new ways to break into the cell phone software market. Security firm F-Secure reported that two new spying tools are now facing mobile devices running Windows Mobile and Symbian S60 3 rd edition operating systems.
Hacking Through Windows Update
A component of Windows Update is being used to stealthily get malicious code downloads past firewalls, researchers at Symantec have reported. Hackers are taking advantage of the Background Intelligent Transfer Service (BITS), a Windows component that allows files to be transferred between machines, to bypass local firewalls in order to sneak in malicious downloads.
Top Threat: Memory Stick Security
Removable media devices are viewed as the top security concern for corporations, according to a new study from Centennial Software. Nearly 40 percent of IT managers surveyed responded that removable media devices like USB memory sticks and MP3 players are the biggest security threat for their companies. While recognizing the risk, according to the report, 80 percent of firms do not have protection measures in place.
Computer users are safety savvy when it comes to understanding potential threats coming in through their e-mail inboxes, like phishing, viruses, and malware. Results from an E-mail Sender and Provider Coalition survey show that over 80 percent of users recognize and report spam through functions in their e-mail service. Yet, it only takes one e-mail user in 10,000 to buy something from a spammer to keep them in business.
Source: Network World
Term of the Month
is a type of web feed format used to publish constantly updated web-based content like blogs and news feeds. RSS stands for Really Simple Syndication, and can also refer to Rich Site Summary or RDF Site Summary. RSS delivers information as an XML file called an RSS feed or webfeed. By subscribing to a website's RSS feed, new content from that site is retrieved and presented to the computer user through their feed reader or feed aggregator program.
It can be difficult and time consuming to keep track of all the news available on the web. Sign up for RSS feeds to stay up-to-date with news from your favorite websites. RSS is a convenient way to distribute news, plus it allows you to control the amount of data you receive online and decrease your online traffic, saving you time by not having to visit individual sites. To use RSS feeds, simply choose an RSS reader tool and then load RSS feeds into your reader from the sites you are interested in.
Lavasoft's Company Blog and the News from Research
blog have RSS feeds up and running. By subscribing to the News from Research blog, you will be notified whenever a new Definitions File is released.
is a "neighborhood watch" group dedicated to fighting badware - spyware, malware and deceptive adware. Educate yourself by reading their in-depth reports on applications and websites, or fight back by submitting your badware story to aid their clearinghouse effort.