Blocking the most common type of spam

To Beat Spam, Turn Its Own Weapons Against It

Researchers from the International Computer Science Institute and the University of California, San Diego have developed a method for blocking the most common type of spam. The researchers employed a trick that spammers use to defeat email filters. Each spam message is generated from a template that specifies the message content and a slight variation used to bypass the filter.

The researchers analyzed the messages to reveal the template that created them, and since the template describes all the emails a bot will send, possessing it might provide a method of blocking all spam from that bot. After testing, the team was able to block spam from a specific bot with 100 percent accuracy.

In addition, the new system did not produce a single false positive in more than a million messages, says team member Andreas Pitsillidis. This is an interesting approach which really differs by using the bots themselves as the oracles for producing the filters.

Refer here to read more details.

Computer Network Terrorism - Biggest Challenge

Today's Threat: Computer Network Terrorism

The University of Haifa's Yaniv Levyatan says that cyberterrorism is just as much of a threat to today's governments as more conventional forms of terrorism.

"A fleet of fighter planes is not necessary to attack a power station; a keyboard is sufficient," Levyatan says. "And if you don’t have the skills, there are enough mercenary hackers who can do it for you." Among international hackers, there is a growing trend to threaten national infrastructures for ransom, he says.

Recently, most online fighting has focused on attempts to immobilize leading Web sites, but the next step is to target systems controlled by computer networks such as financial systems, power stations, hospitals, television broadcasts, and satellites, Levyatan says.

If someone still thinks that this is science fiction, Dr. Levyatan notes how just recently, in November 2009, Brazil’s electricity was blacked out for more than an hour. “It is still not clear what happened, but one assumption is that it was a cyber -terror attack,” he suggests, adding that in 2007 Estonia’s computer infrastructures were attacked, most likely by Russian hackers, bringing the country to a near standstill for about 48 hours.

The next stage is the attempt to cause damage to systems that are operated by computer networks, such as financial systems, power stations, hospitals, television broadcasts, and satellites. “A fleet of fighter planes is not necessary to attack a power station; a keyboard is sufficient. And if you don’t have the skills, there are enough mercenary hackers who can do it for you,” says Dr. Yaniv Levyatan.

Refer here to read more details.

498 incidents in the 2009 Data Breach Report

Year of the Hack: Review of 2009 Data Breaches

There were 62 data breaches involving financial institutions in 2009 - three of them occurring in the last month of the year.

These breaches represent only a portion of the total of 498 incidents compiled in the 2009 Data Breach Report compiled by the Identity Theft Resource Center (ITRC), based in San Diego, CA. But the largest of them, the Heartland Payment Systems breach, involved an estimated 130 million credit and debit card numbers taken, accounting for more than half of the 222 million records potentially taken in 2009.

The breakdown of the types of the breaches shows these numbers:

Insider Threat - 16;
Missing Paper Documents -15;
Skimming - 8;
Stolen or Missing Hardware - 8;
Outside Network Intrusions - 5;
Unknown Cause - 4;
Exposure of Data on Web - 4;
Accidental breach - 2.

For details on each of the 2009 data breaches, please refer here.

New York Bank Suffers Online Breach

8300+ Customers Compromised by Hack

New York bank announced this week that more than 8,300 of its online banking customers had their log-in credentials stolen in a data breach that occurred last November.

The bank says it has notified the consumer reporting agencies (Experian, Trans Union and Equifax) of the incident, along with the Office of the Comptroller of the Currency, its primary regulator; the New York State Consumer Protection Board; the New York State Office of Cyber Security & Critical Infrastructure Coordination; and law enforcement agencies. It also sent letters to all affected customers on Monday.

The bank has also arranged for credit monitoring services for two years for impacted consumers. The business customers that were affected will receive Positive Pay service from the bank, or Deluxe Security Checks, with the bank paying for those services.

Additionally, the bank says it has taken a number of additional steps to minimize any possible effect of this incident on its customers. It says it immediately launched an aggressive investigation of the incident with assistance from outside experts in forensics.

Download the full press release from here.

Risk of IE 0-day vulnerability - Don't Panic

IE Vulnerability: Going Out of Band

Roger Halbheer and Microsoft would like to ensure if everybody have notice that Microsoft have just released a Security Advisory 979352 – Going out of Band. Extract from his post:

Quoting the blog:

Based on our comprehensive monitoring of the threat landscape we continue to see very limited, and in some cases, targeted attacks. To date, the only successful attacks that we are aware of have been against Internet Explorer 6.

[…]

Given the significant level of attention this issue has generated, confusion about what customers can do to protect themselves and the escalating threat environment Microsoft will release a security update out-of-band for this vulnerability.

Symantec explains, "there's a hole in Internet Explorer which a cybercriminal can take advantage of by creating a malicious threat that targets anyone who is using the vulnerable browser and is not protected".

Linked to the attacks on Google, although those were of a more targeted nature than consumers will ever experience, the cyber crims have created a new Trojan that exploits the vulnerability, something that has led to the French and German governments and specially Australian Government advising not to use Internet Explorer.

Please follow the following recommendations:

1) Deploy the Security Update as soon as it is out
2) Upgrade to Internet Explorer 8 asap

Top-Five Facebook Scams

You Should Protect Yourself From hackers and spammers

As Facebook has grown in popularity, it has also become a primary target for hackers and spammers. An increasing number of Facebook users are having their accounts compromised. Each newly compromised account is then used by the hackers and scammers to propagate their scam further. You don’t need to be an idiot to have your account compromised. If you are caught off guard for a second, you may accidentally fall for one of these scams.

1. IQ Quiz Adds
   
   While Facebook has spent the past year trying to cut down on the number of misleading advertisements on the site, the fact remains that a small percentage of users still get duped into purchasing services they don’t really want. The IQ Quiz Scam has become ubiquitous on the Facebook Platform, and those users who install applications can expect to see an advertisement for an IQ Quiz Scam at some point. In December one application was discovered in which developer was using spammy techniques to get new users to install their application and ultimately click on the IQ Quiz advertisements.
   
   As soon as you click on one of the ads, you’ll be brought to a site where you’re asked up to 10 questions which are relatively easy to answer. You will then be prompted to enter your phone number to view the results. Don’t enter your phone number! If you do, you will be charged upwards of $10 a week directly to your phone bill. While most phone companies are willing to refund you for your first purchase, they won’t do it after the first occurrence. That’s because the phone companies generate billions of dollars each year off of these types of transactions.
   
   If you want to protect yourself from IQ quiz scams, do not enter your phone number into any sites outside of Facebook.
   
   
2. I’ve Been Robbed! Western Union Me Money!
   
   You’re browsing around Facebook and suddenly one of your friends IMs you to tell you that they’re stuck in another country; they’ve been robbed, don’t have a wallet, and need money to get out of the country. It’s a horrible situation but what are the odds that they found a computer to log on to in order to instant message you? Even worse, what are the odds that one of your friends who was travelling abroad got robbed and wasn’t able to find anybody to help them out?
   
   I’ve been with people who’ve lost their wallet abroad and needed to get money sent via Western Union, however if the person can get access to Facebook, they probably can access a phone. While you should always help out your friends, you can avoid being duped by international fraudsters by asking your friend to call you in order to wire the money. Unless your friend is in the middle of a jungle in the Congo, they should be able to call you.
   
   Most of the times in such incidents, it is a scammer who has stolen your friend’s account and is systematically going through and IMing each of their friends to try and get money wired to them. Don’t fall for it, try to talk to them on the phone before offering any help.
   
   
3. Facebook Phishing Landing Pages
   
   One of the most common ways Facebook accounts get compromised is through simple phishing scams. The way it works is that a user’s account is compromised by a hacker and the hacker then uses that account to automatically post links on each of that user’s friends’ walls. Sometimes the system will send messages to the friends such as “Check out this funny video of you!” with a link that redirects to a page with a fake Facebook login page.
   
   It’s pretty straight forward, and it’s easy to avoid, however countless people have fallen for this scam. The easiest way to tell if it’s a scam is by looking at the URL of the page you land on. The best way to protect yourself is, anytime you see a Facebook login page, leave it and go to http://www.facebook.com in your browser. This way you can ensure you are logging in to the correct site.
   
   
4. Koobface Worm That Automatically Hijacks Your Account
   
   Facebook has worked aggressively to prevent this worm, it still continues to spread rapidly. The scam is pretty straight forward. In this attack, a user will receive a message from what appears to be one of their friends. The message will say things like “Paris Hilton Tosses Dwarf On The Street; Examiners Caught Downloading Grades From The Internet; Hello; You must see it!!! LOL. My friend catched you on hidden cam; Is it really celebrity? Funny Moments” and many others.
   
   Included in the message will be a link to a page which appears to be a YouTube video. If you click on the video, you will be prompted to “upgrade your Flash player now” and will ask to download a file which contains the Koobface worm. If you download and install the file, your computer will automatically log in to Facebook and send similar messages to your friends.
   
   The best way to avoid this scam is to avoid all links that are posted on your wall or in your inbox that are out of the ordinary. Also, never download a file / codecs after clicking on a link.
   
   To learn more about the Koobface worm, check out the information at the Kapersky Lab.
   
   
5. Other Malware Applications And Links
   
   While we’ve attempted to highlight the primary scams, hackers and scammers are constantly evolving their strategies to steal passwords, and take over computers. The best thing to do is always be careful of strange links posted to your profile or messages sent to your inbox. While many of the scams on Facebook are harmless to your computer, it's still important to protect yourself against any viruses and worms.
   
   Some Facebook applications have used toolbars among other things to make money from their application. Some of these toolbars will significantly damage your computer.

The bottom line is: be on guard any time you see anything suspicious. If you do notice anything suspecious or happen to fall for a scam, make sure to immediately change your password. If you aren’t able to access your account because you were phished and your password was changed, fill out this form, which might help you get your account back.

Smartphones will be the next prime target for the bad guys

BlackBerry Messenger Hoax is a sign of more to come for smartphones

Security software vendor McAfee is warning social networking fans -- particularly those who like to access their accounts and instant messaging applications through their smartphones -- that hackers will increasingly target them for a variety of scams and hoaxes as the popularity of these mobile devices continues to explode.

This week, McAfee Labs researchers debunk a new BlackBerry-borne hoax in a blog posting by security researcher Oliver Devane.

The unsolicited message sent via BlackBerry Messenger (BBM), warns the user that his or her account will be hacked if the user accepts a new contact. Worse, it claims that if one of the user's existing contacts accepts this new contact, the user's account information will be hacked.

Top 10 Facebook and Twitter security stories of 2009

Social Networking Hacks

Facebook and Twitter was highly in news throughout 2009, and naturally the social networking sites became magnets for hacker attacks and sparked other types of privacy concerns. CIOs have expressed doubts about the social networking sites, and these stories show there is good reason to be worried. Here, in chronological order, are the top 10 security and privacy stories concerning Facebook and Twitter from the past year.

Jan. 6: Hackers hijack Obama's, Britney's Twitter accounts

Hackers gained control of more than 30 famous Twitter accounts, including those of Barack Obama, Britney Spears and Fox News. Twitter locked the accounts down quickly and restored control to their rightful owners, but not before the hacked accounts were used to send out nasty messages.

Twitter said the accounts were hacked into using the company's own internal support tools. The breach was considered serious enough that Twitter took the support tools offline until they were secured.

April 11: Twitter wrestles with multiple worm attacks

Worm attacks kept Twitter's security team busy for several days, as the site scrambled to identify infected accounts and delete rogue tweets. "Early on Saturday, April 11, the Mikeyy worm started to spread via Twitter posts by encouraging you to click on a link to a rival micro-blogging service StalkDaily.com," PC World reported. "As soon as you clicked on the link your account would be infected and begin to send out similar messages encouraging your followers to visit StalkDaily. Then your followers would become infected and the worm's infection rate would grow. You could also catch the worm by viewing infected profiles on Twitter.com."

Four attacks were launched between April 11 and 13, but no user account information was stolen.

May 18: Phishers, viruses target Facebook users

This headline could probably be written any day of any year, but we'll just pick a story from May, when identity thieves hit Facebook with phishing attacks designed to gain passwords for profit. Other examples from 2009: A password reset e-mail reported in October turns out to be a virus; again in October some hacked Facebook applications were leading users to fake antivirus programs; and in November hackers used a sexy photo of a woman to lure people to an attack Web site.

July 15: Twitter/Google Apps hack raises questions about cloud security

Twitter executives were victimized when a hacker obtained and distributed more than 300 confidential documents that concerned Twitter's business affairs and were stored on the hosted Google Apps service. Insufficient password strength seemed to be the root cause, and Twitter co-founder Biz Stone said Google was not to blame. The hacker reportedly also claimed to have compromised the Twitter accounts of co-founder Evan Williams, his wife and several employees. Williams denied this, but said his wife's e-mail account was compromised.

Aug. 4: High-profile organizations ban Facebook, Twitter

The U.S. Marine Corps formalized a ban on social networking sites such as Facebook and Twitter, saying "these Internet sites in general are a proven haven for malicious actors and content and are particularly high risk due to information exposure, user generated content and targeting by adversaries." The ban applies to Marine Corps networks, but does not prevent Marines from posting to social networks on their own time.

The Marines were not alone in taking such action. More than half of CIOs have completely prohibited use of social networks during company time, according to a Robert Half Technology survey of more than 1,400 CIOs from U.S. companies with at least 100 employees.

Aug. 6: Twitter victimized by distributed denial-of-service attack

Twitter was taken offline for two hours by a distributed denial-of-service attack, the first Twitter outage lasting longer than five minutes since June 16. Twitter continued to battle the distributed DoS attacks for several days, experiencing several more short outages. The same attack also targeted Facebook, but merely slowed the site down rather than taking it offline. The attack was reportedly politically motivated, and may have been related to the Russia-Georgia conflict. Politics may also have contributed to another Twitter outage on Dec. 18, in which a group called the "Iranian Cyber Army" claimed to take Twitter offline.

Aug. 14: Twitter used to manage botnet

A security researcher at Arbor Networks found that hackers were using Twitter to organize a botnet, the name given to a network of infected computers that does the bidding of bad guys who manage it.

"Botnet owners are continuously working on finding new ways of keeping their networks up and running, and Twitter seems to be the latest trick," the IDG News Service reported. "A now-suspended Twitter account was being used to post tweets that had links [to] new commands or executables to download and run, which would then be used by the botnet code on infected machines."

The account was suspended and investigated by Twitter's security team, but appeared to be one of a handful of similar malicious Twitter accounts.

Oct. 30: Facebook awarded $711 million in spammer case

Facebook used the legal system to fight back against a spammer who had gained access to user accounts, winning a judgment of $711 million against one Sanford Wallace. Wallace allegedly obtained login credentials for user accounts, and used those hijacked accounts to send spam that linked to phishing sites, sought to collect more Facebook account credentials, or linked to commercial Web sites that paid spammers for referrals.

"While we don't expect to receive the vast majority of the award, we hope that this will act as a continued deterrent against these criminals," Facebook said. Wallace may also face jail time.

Dec. 8: Facebook shuts down Beacon program, donates $9.5 million to settle lawsuit

Facebook found itself on the other side of the courtroom when plaintiffs filed a class action lawsuit alleging privacy violations in Facebook's Beacon program, which let third-party Web sites -- such as Blockbuster, Fandango and Overstock.com -- distribute "stories" about users to Facebook. Facebook did not admit to any wrongdoing, but ultimately agreed to shut the Beacon program down and donate $9.5 million to create a nonprofit foundation to promote online privacy, safety and security. The same week, Facebook also set up a new advisory board designed to improve user safety.

Dec. 9: Facebook unveils controversial new privacy settings

Facebook unveiled new privacy settings that it said were designed to give users more control over what information they share, but users reacted in anger after the overhaul led many to inadvertently expose content that was previously set to private.

"Great ? job. Now everyone who isn't even my friend can see my profile," one user complained.
Some of the problem came down to confusion over how to apply the new settings.

If used correctly, the settings do allow users to hide most of the content on their profiles. Still, the incident led to some negative attention for Facebook, and the site backtracked somewhat, making it easier for people to prevent others from seeing their friend lists. The story isn't over, as the Electronic Privacy Information Center has asked the Federal Trade Commission to investigate the changes in Facebook's privacy options.

These stories was originally published at NetworkWorld.com. Follow the latest developments in security at Network World.

Sophisticated Banking Trojans

SQL injection attacks are increasing dramatically

A trojan is traditionally a piece of software that the user has been tricked into installing. Once on the PC, it becomes a back door, letting the criminals steal information like passwords. But through, SQL injection, the latest Trojans can be delivered to a PC from a legitimate website, without any action by the user. How?

Criminals usually inject a Java script redirector into a legitimate website. When a user visits that website, he is unknowingly redirected to the criminal's website, which locates a vulnerability in his browser that allows the download of the Trojan onto his PC.

SQL injection attacks have increased dramatically. According to IBM X-Force Trend and Risk Report, they were seeing a few thousand SQL injection attacks a day last year, whereas now they see hundreds of thousands of these attacks each day.

These Trojan attacks are a threat to more than just banks and their customers. That's because any corporate website vulnerable to SQL injection can become a carrier of Trojans than then infect everyone who visits it. If your website is compromised by an SQL injection attack, then you end up putting your customers at risk.

10 Fool-proof Predictions for the Internet in 2020

Researchers expect more users, sensors. But will the `net be more secure?

Network World offers 10 “surefire bets” about what the Internet will look like in 10 years.

They include:

1. As computer scientists work to improve the Internet's design, the global network is expected to change dramatically over the next 10 years. The Internet currently has about 1.7 billion users, but the U.S. National Science Foundation (NSF) expects the Internet will have nearly 5 billion users by 2020
   
   
2. The Internet also will be more geographically dispersed in 10 years, spreading to more developing regions.
   
   
3. Ten years from now, the Internet will be a network of things, not computers. Today, the Internet has approximately 575 million host computers, but the NSF expects infrastructure sensors alone to surpass the number of host computers by several orders of magnitude
   
   
4. The Internet also will carry more content. Cisco estimates that global Internet traffic will increase to about 44 exabytes per month by 2012.
   
   
5. In 2020, the Internet will be wireless. In the second quarter of 2009, the number of mobile subscribers hit 257 million, representing an 85 percent increase year-over year for high-speed data networking technologies. By 2014, approximately 2.5 billion people will subscribe to some form of mobile broadband, according to Informa.
   
   
6. More services will use cloud computing. The NSF is encouraging researchers to develop better ways to map users and information in a cloud-computing infrastructure.
   
   
7. Ten years from now, the Internet also will be greener. Future Internet architecture needs to be more energy efficient, as the amount of energy used by the Internet doubled between 2000 and 2006, according to the Lawrence Berkeley National Laboratory.
   
   
8. Network management will be more automated in 2020. The NSF is researching new network management tools for the future Internet, including automated reboot systems, self-diagnosis protocols, finer-grained data collection, and better event tracking.
   
   
9. The Internet will not rely on constant connectivity. Researchers are studying communication techniques that can handle delays or easily forward information to different users.
   
   
10. The Internet will attract more hackers, and computer scientists will work to make it more secure.

Refer here to read more on this research.

Almost 16 million use same password for every website

It can be very difficult remembering so many passwords these days but it is vital

The research found 46 per cent of British internet users, 15.6 million, have the same password for most web-based accounts and five per cent, or 1.7 million, use the same password for every single website.

Some 29 per cent use variations of the same password, for example using days of the week or adding numbers to the end of a word. Memorable dates, children's names and mother's maiden names are each used by one in 10. One in five users sign in with their pet's name.

Users are advised to keep passwords secret but 40 per cent admit disclosing them to friends or family while two per cent say their former partner still has access to their accounts.

One in ten users have had an account hacked. Of these, 18 per cent had goods bought in their name, 12 per cent had money taken and five per cent had their identity stolen.

No sensible person would use the same key for their house, car and garage. In the same way, we shouldn't use the one password for everything. If possible people should use multiple passwords with a combination of letters and numbers, which should be difficult to crack.

An online fraudster who manages to find your single password will have the keys to your entire online life. They can then do everything to your accounts that you can. This could lead to money being stolen from bank accounts, fraudulent purchases via online shops or identity theft.

How your corporate domain name is managed?

Domain Names Security and Vulnerability Assessment - Answer the following questions...

• Where are your domain names registered?
  
• How much are you paying for it? (Is your brand really worth just $9.95 a year?)
  
• Who has access to change your DNS registration?
  
• Are those people trusted?
  
• How do you authenticate to make changes to your DNS registration?
  
• Is that authentication system adequate? (Are you using passwords or certificates?)
  
• What is the access recovery process for your DNS registration in the event that you loose your access credential? Is that recovery process secure?
  
• Have you locked out registrar transfers for your domain?
  
• Is your DNS Whois contact information up to date?
  
• Are you carefully monitoring the email addresses associated with the Whois contact information for your domain? (If not, you might loose your domain if someone complains about the accuracy of your Whois contact information or claims (even fraudulently) that you are infringing upon their trademarks.)
  
• How are you hosting your DNS records?
  
• If you are hosting your DNS with a third party, you need to ask all the access control questions that you asked about your DNS registrar - Who has access, how do they have access, and what is the recovery process...
  
• If you are hosting your own DNS, how are you managing the security of your DNS servers?
  
• What DNS records are you publishing? What process exists within your organization to create a new DNS record within your domain and how do old DNS records get expired?
  
• Are those processes connected with other business controls that need to be invoked whenever your organization publishes information on the Internet?

Hopefully, your organization has looked at these questions carefully and has mature processes, but the fact is that these issues are frequently overlooked, and represent a significant and widespread vulnerability on the Internet today.

Launch of First Operating System for Smart Grid Home Automation

Open software platform for energy management


The Fraunhofer Institute for Wind Energy and Energy System Technology (IWES) has founded the Open Gateway Energy Management Alliance (OGEMA) to promote an open energy management software platform that connects a customer's loads and generators to the control stations of the power supply system while also featuring a customer display for user interaction.


The software platform will enable end customers to automatically see the future variable price of electricity and shift energy consumption according to supply. Already today electricity is for free on the German Energy Exchange at times when large power plants have to be derated due to high feed-in from wind power. Using automated load-shifting, private households and small business should also benefit from such favorable electricity prices. Through the gateway platform's open nature, anyone will be able to convert concepts into software, even if they are not OGEMA participants.


The initiative involves the rapid development of numerous applications that will encompass the unique needs of private households, supermarkets, small businesses, and public institutions and help to harness the potential for energy efficiency which is not currently available. The OGEMA-provided interfaces also can be used by the developers of driver software for linking the gateway to devices and energy systems within the building as well as to the control stations of the energy suppliers.


Refer here for further details.

Six predictions for next year's greatest threats

2010 Cyberthreat Forecast From Kaspersky Lab

When asked about what will happen in 2009, a rise in global epidemics was at the top of Kaspersky Lab's prediction list. With the year not quite having closed out, Kaspersky Lab, a leading developer of Internet threat management solutions that protect against all forms of malicious software, has already seen that prediction to be true. 2009 was dominated by sophisticated malicious programs with rootkit functionality, Conficker, web attacks and botnets, SMS fraud and attacks on social networks.

With the start of 2010 quickly approaching, researchers and analysts from Kaspersky Lab have come up with a list of six predictions for what will be the New Year's greatest threats and newest attack vectors.

1. A rise in attacks originating from file sharing networks. In the coming year we will see a shift in the types of attacks on users, from attacks via websites and applications toward attacks originating from file sharing networks.
   
   
2. An increase in mass malware epidemics via P2P networks. In 2009 a series of mass malware epidemics has been "supported" by malicious files that are spread via file sharing networks. This method has been used to spread notorious threats such as TDSS and Virut as well as the first backdoor for Mac OS X. In 2010, we expect to see a significant increase in these types of incidents on P2P networks.
   
   
3. Continuous competition for traffic from cybercriminals. The modern cybercriminal world is making more and more of an effort to legalize itself and there are lots of ways to earn money online using the huge amount of traffic that can be generated by botnets. In the future, we foresee the emergence of more "grey" schemes in the botnet services market. These so-called "partner programs" enable botnet owners to make a profit from activities such as sending spam, performing denial of service (DoS) attacks or distributing malware without committing an explicit crime.
   
   
4. A decline in fake anti-virus programs. The decline in gaming Trojans witnessed in 2009 is likely to be repeated for fake anti-virus programs in 2010. Conficker installed a rogue anti-virus program on infected computers. The fake anti-virus market has now been saturated and the profits for cybercriminals have fallen. Additionally, this kind of activity is now being closely monitored by both IT security companies and law enforcement agencies, making it increasingly difficult to distribute fake anti-virus programs.
   
   
5. An interest in attacking Google Wave. When it comes to attacks on web services, Google Wave looks like it will be making all the headlines in 2010. Attacks on this new Google service will no doubt follow the usual pattern: first, the sending of spam, followed by phishing attacks, then the exploiting of vulnerabilities and the spreading of malware.
   
   
6. An increase in attacks on iPhone and Android mobile platforms. 2010 promises to be a difficult time for iPhone and Android users. The first malicious programs for these mobile platforms appeared in 2009, a sure sign that they have aroused the interest of cybercriminals. The only iPhone users currently at risk are those with compromised devices; however the same is not true for Android users who are all vulnerable to attack. The increasing popularity of mobile phones running the Android OS combined with a lack of effective checks to ensure third-party software applications are secure, will lead to a number of high-profile malware outbreaks.

Quote: Roel Schouwenberg, Senior Malware Researcher

Kaspersky Lab Americas

"Malware will continue to further its sophistication in 2010 with specific malware families requiring significant resources from anti-malware companies to adequately fight them. Third party program vulnerabilities will continue to be the target of choice by cybercriminals with Adobe continuing to be the main target. And finally I believe that with the introduction of real-time search, black hat SEO and social networks will become an even bigger focus of cybercriminals."

Press Release Dictionary:

1. File sharing network: A network where distributing or providing access to digitally stored information takes place.
   
   
2. P2P networks: A network where the architecture is composed of participants that make a portion of their resources directly available to other network participants, without the need for central coordination or hosts.
   
   
3. Denial of Service (DoS) attacks: An attack that attempts to make a computer resource unavailable to its intended users.
   
   
4. Fake anti-virus program: A malicious program disguised to look like a real anti-virus program. The fake program will usually trick users into paying money to 'clean' their machines from fake infections, thus causing the malicious program to gain control of the machine
   
   

Hackers puts the shine on Chrome OS

Free OS that don’t need a license or an antivirus

Less than two weeks ago, the source code for Google’s Chrome OS was released on November 19, 2009 under open source licensing as Chromium OS.

It took less than a day, for the first hacked Chrome OS developer build to go live on the Internet. Very soon it got torrented and hosted, courtesy of a geek celeb who goes why the name of Hexxeh.

The first build required 4GB, but a new and vastly improved ‘diet build’ is now available as a 300MB direct download, it extracts to a 950MB image that can run off a USB stick.

The OS is also available as a torrent on PirateBay, and lots of other trackers. What’s more, support is vastly improved in the newer builds. The minimalist OS can do nothing other than browse the Internet, eliciting snide remarks from a Linux fanbase. “Basically you get a Linux OS that can do nothing but look at Web pages.” But that misses the point.

This OS should work out exceedingly well on an aging PC or an underpowered netbook. It’s also great for your grandma or technically challenged siblings, as there will be little scope of it being infected with viruses or spyware. It cuts all the flab, and offers blindingly fast browsing speeds on underpowered PCs.

Hexxeh, who is also available on Twitter says that “In theory, we have even better compatibility that that chart suggests, that chart refers to compatibility on a fresh unaltered build. I’ve added the WiFi drivers from Ubuntu to this to try and fix the WiFi for people having issues.”

I haven't tested the Chromium OS myself and I personally think it is too early to comment or test. I'll keep you guys posted.