News Briefs

By on
News Briefs

Sony-BMG Entertainment has been under fire from a blogger-fueled media storm after the discovery of spyware-like technology in its CDs. Windows security expert Mark Russinovich first revealed the existence of a rootkit device on 20 of Sony’s musical selections in late October, and within days trojan writers were taking advantage of the cloaking technology to gain access to PCs. A handful of internet weblogs called for boycotts of Sony products less than a month before the holiday shopping season was about to begin, and on Nov. 13 Sony released a statement saying it would withdraw the application from its CD-Roms. Business PC users were concerned the cloaking technology could lead to the compromise of sensitive corporate information, voicing their concerns in a November Sophos poll that showed 98 percent of enterprise users felt the digital rights management technology was a threat.

The federal government shut down three California-based spyware companies, called some of the "nastiest" of their kind by IT experts. Enternet Media, Conspy & Co. and Networld One had all allegedly used the promise of song lyrics, browser upgrades and ringtones to lure users into downloading spyware onto their PCs.

Eric L. Howes, an anti-spyware researcher who assists the FTC with investigations, said at the time that the shutdown was "a big win for consumers and web surfers."

"The FTC should persecute similar adware operations vigorously, shut them down, force the parties responsible to disgorge all ill-gotten revenues and prohibit them from working the online advertising and adware installation/distribution space ever again."

After a breach of a TransUnion PC occurred in October, internet security experts urged the federal government to move along one of more than a dozen bills in Congress set to strengthen online security standards.

Officials from TransUnion, one of three companies in the U.S. that monitor consumer credit histories, said in early November that a PC was stolen after a break-in at a California sales office. The unit contained the personal credit information of about 3,600 clients. TransUnion said after the incident that it did not believe any fraudulent activity had took place since the break-in, but the company had notified local authorities and its own anti-fraud units.

The FBI arrested a Downey, Cal., man now known as "Botmaster" after he allegedly created a botnet of about more than 400,000 infected machines.

Jeanson James Ancheta allegedly installed adware on hundreds of thousands of PCs and made about $60,000, according to U.S. Attorney spokesman Thom Mrozek.

According to the prosecutors, some of the computers Ancheta attacked were at the Weapons Division of the U.S. Naval Warfare Center in China Lake, Cal., and at the Department of Defense.

He was arrested after federal officials lured him to FBI offices in Los Angeles to pick up computer equipment seized in an earlier raid. Charged with conspiracy, attempted transmission of code to a government computer, accessing a protected computer to commit fraud and money laundering, Ancheta could face a maximum term of 50 years in prison if convicted on all counts.

October obtained a dubious security distinction: It had the greatest month-to-month increase in the number of new viruses since Sophos first began monitoring malware in the 1980s.

Nearly 1,700 viruses were discovered that month alone. Leading the way was the Netsky-P worm, which accounted for 17.2 percent of all infections. The Mytob-GH worm, which appeared two weeks into the month, reached second place, accounting for 8.1 percent of all infections.

More than 1.6 percent, or one in 60 emails, circulating in October were viral, according to Sophos.

"Spear phishing" reached epidemic proportions in October, according to a study conducted by IT security firm Greenview Data.

Spear fishing is a spam technique used to gain access to secure corporate networks and steal sensitive data that focus on the end user and are not sent indiscriminately. The emails are designed to appear as if they were sent from a trusted individual or corporate department.

The technique, however, is much more time intensive for cyber-criminals, requiring that the target be studied before an email is sent.

Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?