Microsoft Releases Free Antivirus In 4 Countries

Microsoft Security Essentials beta, a free antivirus software, was available for download on Tuesday to those running Windows XP, Windows Vista or Windows 7 but only if you reside in the U.S., Israel, China and Brazil.

According to the CBC "Microsoft bills the software as providing "high-quality protection" against both viruses, Trojans, worms, spyware and other malicious software. It updates and upgrades automatically."

The software will apparently be made available to Canadians when the final version of the software is released to 19 countries during the second half of this year.

Swine Flu Spam Carries Malicious Payload

Symantec Security Response is reporting of a document entitled "Swine influenza frequently asked questions.pdf" which is showing up in e-mail in-boxes and being used to drop malware on computers when opened. The file, known now as Bloodhound.Exploit.6, utilizes an old Adobe vulnerability to drop a malicious "infostealer" file on the user's computer. "We see so many of those and all they're doing is they're trying to steal your personal information, like you're credit card number, your online bank credentials," Marc Fossi, manager of security response at Symantec, said Wednesday. The best defense of course is to avoid opening e-mail attachments and to keep your software patch levels up.

Source: CBC

Cache Of Stolen Financial Data Found By Security Lab

RSA FraudAction Research Lab reported on Friday that it had uncovered a large cache of credit card numbers and online bank account logins and passwords that have been accumulated over the past two-and-a-half years. The researchers say that a technically sophisticated trojan horse program, the Sinowal Trojan, likely originating in Russia is responsible. “Only rarely do we come across crimeware that has been continually stealing and collecting personal information and payment card data, and compromising bank accounts as far back as 2006. And in addition to its longevity, Sinowal has also been evolving at a dramatic pace – its rate of attacks spiked upwards from March through September of this year.” according to the researchers.

New York Times article.
BBC News article.

Space Station Laptop Hit By Virus

Nasa has confirmed that laptops carried to the ISS in July were infected with the Gammima.AG trojan designed to steal login names and passwords for a number of popular online games. No critical command or control systems are said to be at risk as the infected laptops are used to run nutritional programs and provide the astronauts with e-mail access. According to the BBC "The ISS has no direct net connection and all data traffic travelling from the ground to the spacecraft is scanned before being transmitted." and the infection is suspected to have gotten on board via a flash or USB drive owned by an astronaut and carried into space. Perhaps its time to review the IT security policy?

Firefox Plugin Infects Vietnamese Users Machines

Mozilla is increasing it's efforts to scrutinize user submitted plugins after it had discovered that a Vietnamese language pack on its official add-on page had been infected for months with rogue code. In mid-February the user submitted add-on passed Mozilla's scrutiny because the virus's signature was unknown at the time of testing. According to Wired's Threat Level blog "On Tuesday, a user named Hai-Nam Nguyen reported that anti-virus programs detected the Xorer Trojan inside the add-on. Firefox admins quickly confirmed the presence of the Trojan's code and removed the file the same day." It is unknown how many users actually installed the plugin but Mozilla says 16,667 people had downloaded the add-on since November 2007. The organization now intends to scan all of the user submitted add-ons each time virus definitions are updated, that seems a bit more proactive...

Factory Installed Viruses - Getting More Than We Paid For?

The CBC has a story of new devices hitting store shelves with factory installed viruses and trojans. "Recent cases reviewed by the Associated Press include some of the most widely used tech devices: Apple iPods, digital picture frames sold by Target and Best Buy stores and TomTom navigation gear." The experts believe the threats are the result of lax quality control measures in the manufacturing process, the result of cost cutting measures in foreign manufacturing facilities. Ultimately, does not the responsibility lay with the company who commissions the work? I mean, if you are outsourcing work shouldn't you do your due diligence and have your own quality control checks in place?

Danger Will Robinson!

Hopefully you all know not to trust e-mails asking you to download something, or for that matter not to open e-mails from anyone you don't know, or attachments to e-mails even if they come from someone you do know (unless you are expecting it, and then only after it's been scanned),... The Register has this warning that you should take heed of anyway.