Macs hit with BitTorrent-embedded malware attack

 

 

 

For years, Mac users have long been rightfully smug about their platform's relative immunity to virus and malware attacks, but it's inevitable that those days will eventually come to an end. (As the Mac gains in popularity, it also earns more attention from malware developers, and it's this lack of malware being actively developed, not some special, inherent security, that have really kept the Mac a "safe" platform for the time being.)

Now we're seeing one of the first moderately-sized exploits to take advantage of Mac users. The iServices.A Trojan horse is an attack being distributed via BitTorrent, where it's disguised as a bootleg copy of the new iWork 09. Once installed, the malware takes administrator access and connects to remote servers over the Internet, where it can be given additional instructions as the author commands, from installing additional malware to stealing information off the Mac in question. The malware creator can also take complete remote control of any compromised machine.

Security firm Intego said that just 20,000 machines had been infected as of January 21 but that the risk of ongoing infection was "serious, and users may face extremely serious consequences" if they are stricken with the malware.

Mac users are suggested to use common sense -- that is, don't try to download and installed pirated software -- and to update any antivirus definitions immediately. If you're a Mac user and aren't using security software, well, this might be a good time to start.

As well, if you've been hit by this piece of malware, a removal tool is available here. (Please note: I have not tested it.)

from yahoo news …

Njoy …

$ 236 million fine for spamming !!!

 

First of all , before digging much deep we need to understand what is spamming …. well standard definition of Spam is the abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages , in terms of computer terminology of course … Spam is the same thing many times. It originally appeared as a term to describe EMP (Excessive Multi Posting) and ECP (Excessive Cross Posting) on USENET. It is also used to describe UBE (Unsolicited Bulk E-mail) and UCE (Unsolicited Commercial E-mail)…

The term spam is said to come from a Monty Python skit from the second series of Monty Python's Flying Circus. In this skit, Vikings sing a chorus about spam while a woman tries to get something to eat that doesn't contain spam. Much like our attempts to limit the amount of UBE that comes into our mailboxes, she was unsuccessful in getting a meal that doesn't contain spam…

then you will ask , What is wrong with mass mailing ? right ?? well simple explanation to this question is … the Internet was set up so people could exchange information. Commercial use of the 'net' was frowned upon. In the last few years, the use was expanded by the World Wide Web to include commercial uses. The Web does not force you to receive Web advertisements; you choose what Web sites you care to visit. Spammers feel it is their right to send advertisements you don't want. They impose upon your rights to receive what you want. The constant barrage of unwanted, and sometimes offensive, advertisements is objectionable to many families that use the net. On the practical side, spam, a form of net abuse, costs you, the user. The problem with spam is that you pay for it. Whenever a spammer sends his e-mail to you, your ISP has to store the junk on the server until you download it. Also,the Internet is International. All countries of the world do not have unlimited access to the Internet either with their phone systems, or their service provider. Many countries' phone systems charge by the minute. In the US, there are some areas that charge this way also. When a spammer sends his message to those without unmetered service they pay to download it.

So , by all manner , SPAMMING is bad thing and illegal by law too …

Recently , a US couple who sent vast quantities of spam via a small ISP for around four months in 2003 have been fined a whacking $236 million.

According to the IDG newswire, Perez and Suzanne Bartok used a bulk emailing package to send millions of spammed messages to CIS Internet Services in Iowa.
The small ISP said it had to dedicate three servers to blocking the couple's spam, which amounted to an astonishing 500 million emails every day for around four months in 2003.

"There were millions of e-mails being delivered to us for each spam campaign to users that didn't exist on our servers," said the ISP's big cheese in an interview.
Interestingly, CIS is reported to have won judgments against 10 spammers to date, and other ISPs are watching with interest.
The bad news is that the Bartok's assets probably don't come anywhere near $236 million, so the lawsuit seems to have been academic...

news from , ITProportal.com

Internet Web has been finally connected !!!

It sounds a bit weird right ?? … but if you are into heavy internet use then you must have always felt that there is something missing in internet … still internet is not convenient … still doesn’t have all-in-one web service … right ??

For example , You’re writing an email to invite a friend to meet at a local San Francisco restaurant that neither of you has been to. You’d like to include a map. Today, this involves the disjointed tasks of message composition on a web-mail service, mapping the address on a map site, searching for reviews on the restaurant on a search engine, and finally copying all links into the message being composed. This familiar sequence is an awful lot of clicking, typing, searching, copying, and pasting in order to do a very simple task. And you haven’t even really sent a map or useful reviews—only links to them. This kind of clunky, time-consuming interaction is common on the Web, because there’s no easy way other than copy-and-paste to get your data between one web-application and another. Its kind of advanced Mashup , a web 2 replacement of Portal .. right ???

Ubiquity for Firefox from Aza Raskin on Vimeo.

I found something amazing research is going on at Mozilla Labs , they call it , Ubiquity … an application / add-on to firefox that will connect and allow users to use many different web services and combine them together !!! its still in beta phase , but it really looks promising to me … ( i am not critic , so please don’t consider my words seriously ) … Mozilla Labs define ubiquity as ,

• Make it extremely easy to Extend browser functionality, and share new functionality with other users.
• Enable on-demand, user-generated mashups with existing open Web APIs. (In other words, allowing everyone–not just Web developers–to remix the Web so it fits their needs, no matter what page they are on, or what they are doing.)
• Empower users to control the web browser using a natural-language-like command interface. (With search, users type what they want to find. With Ubiquity, they type what they want to do.)
• Use Trust networks and social constructs to balance security with ease of extensibility.

but i should say , it requires a bit of advance computer knowledge , because to perform any task you are required to write down certain commands which you have to remember …

Njoy …

New generation of “smart” malwares !!!

 

Malware authors are adopting a new technique to avoid getting caught.

Recently, two malware families -- Swizzor and Conficker -- stopped infecting machines in countries out of which the authors were operating, so not to attract law enforcement, Pierre-Marc Bureau, senior researcher at ESET, told SCMagazineUS.com on Friday. If a cybercriminals targets users outside of their country, it's harder for authorities to respond, he said.
The Swizzor malware has been around for about two years but only recently stopped infecting Russian machines by identifying the language of a user's operating system, Bureau said. Users running a Russian version of Windows will not be infected.
The fact that the trojan is now avoiding Russian targets reveals some clues about the cybercriminals behind the Swizzor malware, Bureau said. The individuals likely have servers located there and perhaps are conducting other operations, such as money laundering.

Meanwhile, the earliest variants of the rapidly spreading Conficker virus, which exploits a patched Windows Server Service vulnerability, was avoiding Ukraine targets. The malware was able to detect the keyboard layout.
However, the latest variant of Conficker -- responsible for infecting millions of machines this week, according to F-Secure -- is not choosing which victims to infect.
Still, big malware families are adopting this technique to avoid bringing attention on themselves, Bureau said.

“We have not seen this before a couple of months ago,” he said.

 

from SC Magazine ..

Njoy !!!

Yet another attempt to tap the internet !!!

its been ages since china is monitoring and filtering its internet with the setup of network filters and firewalls .. known as Golden Shield Project … which prevents users within china to access sites or even use or create or communicate or anything that is related to flow of information which is “inappropriate” according to government of china !!!

But recently , a group of Canadian human-rights activists and computer security researchers has discovered a huge surveillance system in China that monitors and archives certain Internet text conversations that include politically charged words.

The system tracks text messages sent by customers of Tom-Skype, a joint venture between a Chinese wireless operator and eBay, the Web auctioneer that owns Skype, an online phone and text messaging service.

The discovery draws more attention to the Chinese government's Internet monitoring and filtering efforts, which created controversy this summer during the Beijing Olympics. Researchers in China have estimated that 30,000 or more "Internet police" monitor online traffic, Web sites and blogs for political and other offending content in what is called the Golden Shield Project or the Great Firewall of China.

The activists, who are based at Citizen Lab, a research group that focuses on politics and the Internet at the University of Toronto, discovered the surveillance operation last month. They said a cluster of eight message-logging computers in China contained more than a million censored messages. They examined the text messages and reconstructed a list of restricted words.

More about it .. here on Newyork Times …

Njoy !!!

History of Internet !!!

Take a look at animation which describes history of internet ...




History of the Internet from PICOL on Vimeo.

nice work ...

Njoy ...

Windows Essentials …. Essential tools for free

 

 

 

If you are an internet savvy … then these tools are perhaps the most required items in your arsenal of internet essentials … just one download and you will get messenger , mail client , offline blog-writer together ….

Microsoft just released newer version of essential series which makes its performance far more batter then its pervious versions … it contains tools that we need very frequently … such as …

Photo Gallery …  to edit  photos and even share them instantly …

Movie Maker …  the same old movie maker and editor but very new look and easy to follow online sharing …

Family Safety … a safety program , which helps user to prevent his/her family from harm of internet … and its highly customizable yet very simple to use …

Writer … all in one required blog writer … if you are into blogging then this is the best of the best tool for offline writing and then publishing them later on … it has all tools that are required for average blog writer like me … ( for example , can you believe that i’m using live writer right now to write this blog ?? ) … the great thing is , it downloads your blog theme too so you can have “feel” of your blog in real time !!! … more over it supports almost all blogging sites such as live or blogger or wordpress or livejournal … and many more …

Mail … its that again old offline mail client that we used to use … outlook express in older windows and windows mail in vista … its Live Mail … same like them , but with more sexy look and better performance … i don’t even need to setup my google account manually for this software … just put you email address and it will be configured automatically !!!

Messenger … its that live messenger that we use … i’m not much into chatting so …………. really can’t write much about its features … :D …

Toolbar … well its also one of the required essential for internet … its all in one toolbar has everything that we need while we surf …

 

Most good thing is … this all is just free to download and use …

i hope you will like it …

Njoy …

WINDOWS 7 for DOWNLOAD

Microsoft’s well praised baby …… Windows 7 will be available for download publically by today on 9th of January … obviously it’s a BETA edition … but according to reviews this new OS will be Rocking …

From Official Windows 7 Blog …

On January 9th, the Windows 7 Beta will be available for Windows enthusiasts to download via the Windows 7 page on Windows.com. The Windows 7 Beta is going to be available download-only (we’re not sending out physical media) and available for a limited time to the first 2.5 million people who download the beta.

The Windows 7 Beta will be available in English, German, Japanese, Arabic, and Hindi, and each language will be available in 32-bit and 64-bit versions (except Hindi which will only be available in 32-bit). Because the Windows 7 Beta will be offered download-only, it will be provided to you as an ISO image (an .iso file) that you download. After downloading either the 32-bit or 64-bit ISO image of the Windows 7 Beta, you will be required to burn the ISO image to a DVD to install Windows 7. So you want to be sure you have a DVD burner before spending the time downloading the ISO image.

To burn the ISO image of the Windows 7 Beta to DVD, if your PC comes with Nero or Roxio products – you should be able to burn the ISO image to DVD. If you don’t already have DVD burning software on your PC, you can also check out ImgBurn which is free and can be downloaded here.

The Windows 7 Beta only supports Windows Vista SP1 to Windows 7 upgrades. So if you intend to do an upgrade – be sure it is on a PC running Windows Vista with Service Pack 1. We are not yet announcing anything regarding finalized upgrade paths for Windows 7.

The Windows 7 Beta will be only available in one edition, which is roughly equivalent the Ultimate edition of Windows Vista.

Also, another important thing to keep in mind is that the Windows 7 Beta will expire on August 1st, 2009.

I also need to emphasize that this is a beta of an unreleased operating system. Be sure to backup all your important data. As much as the Windows 7 Beta completely rocks, part of the beta process is discovering bugs and reporting those bugs. Some of those bugs could possibly lead to data loss. I tend to be a risk-taker myself and have gone all-out with the Windows 7 Beta by putting it on almost all my PCs both at work and at home, but not everyone should do this. I recommend using Windows Vista’s Backup and Restore features to ensure your information is backed up before trying out the Windows 7 Beta. Click here for several methods of backing up your data in Windows Vista.

Just can’t wait to have my own copy …

Njoy …

So Safe Linux ... is not much safe now ???

There seems to be a false sense of security among some Linux users. The number of malicious programs specifically written for GNU/Linux has been on the increase in recent years and in the year of 2005 alone has more than doubled: from 422 to 863. Some security consultants will argue that Linux has fewer viruses/malwares because it is less attractive as a target for having a smaller user base (compare ~90.66% Windows vs ~0.93% Linux). You may call me a traitor but I agree with that assessment. There is no reason why we will not see a rise of malware designed for Linux as it becomes more mainstream among ordinary users.

I’ve heard so many times from beginners “do I need an anti-virus?”, “Linux has no viruses”, “There’s no way a virus could infect a Linux box”. This is the false sense of security that many new Linux users are dealing with today. Most are just starting out as Linux users and have no idea about the risks and safe actions to take. Newbie Linux users tends to feel safe with statements they read about how the Linux OS could never be infected and if so could never be executed because of the way files works under Linux.


Linux does have its share of viruses, trojans and worms but would the Linux infected binaries really need to be exclusively executed by root for a major system apocalypse? Although in most cases the system programs are owned by root and the user is just running the program from a non-privileged account. Some people will argue that for a system wide infection, the infected binary would have to be derived exclusively from root and as a non-privileged user, by running an infected program would only effect the users /home directory and not a system wide infection.

There is a method to infect a system wide Linux OS without the need to become root, this procedure is a commonly known as “Privilege escalation” –

“Privilege escalation is the act of exploiting a bug or design fault in a software application to gain access to resources which normally would have been protected from an application or user. The result is that the application performs actions with more privileges than intended by the application developer or system administrator” (Privilege escalation).

Its not very likely that Linux malwares will ever compare to that of the Windows viruses and even more unlikely that Linux will ever see its share of the same issues with malware as the Windows operating system. If you take into consideration the email-borne viruses that Microsoft has, they are all executable and are in most cases executed by the user, whereas with Linux you would have to save the file make the file executable and manually run the file. Windows XP automatically makes the first named user an administrator, with the power to do anything to the system. Linux on the other hand uses the first named user as the root administrator but does not allow root login on boot-up.

As a Linux user, using the repositories, md5 checksums and using root privileges only when necessary are just a few ways to to guard against an intrusion. SSH is often the first point of entry to a Linux system but it’s not the last line of defense. Using a strong password and anti-virus software should always be common practice for any OS and could potentially limit the risk of a system catastrophe.

Njoy ...

Malicious Tune ???

We already know that malwares can be spread via , PDF files or by rouge flash player .. right ?? .. but the new most recent way to infect computer is using WMA ... windows media audio format music file ?? ... its hard to imagine right ?? , but if you have ever noticed ... sometimes media player asks user to download codecs or to agree some sort of licences ... and its quite common ....

But in October this year, for example, the biggest threat found by Kaspersky Lab was a Trojan Downloader named WMA Wimad.n - a Trojan masquerading as a WMA file. The Kaspersky advice is if you open a music file and your media player asks you to download a codec or read a licence agreement, don't.

So if in future you get any music file ... better make sure that its playing correct tune ...

Njoy ...

Secure Sites may be not that "Secure" ....

~ Science fiction does not remain fiction for long. And certainly not on the Internet. ~

If you have ever noticed small pad-lock icon at corner of browser , ensures that connection is safe ... and its more important when we are dealing with financial transactions ... right ?? ... till present time we used to think that this secure certification method , that is generated with help of MD5 are secure enough that it can't be faked ... in other words ... if we are visiting citi bank's website then we are sure that its legitimate site ... but now , some people have proved that its quite possible to fake that CA certificate and hence secure sites may not be that secure in future ...

A team of U.S. and European researchers used a computing grid of more than 200 Sony PlayStation 3 video-game machines to create fake certificates and fool a browser into thinking it had a secure connection with a trusted site.

Researchers from California, teams from the Centrum Wiskunde & Informatica (CWI) and Eindhoven University of Technology in the Netherlands, and teams from the Ecole Polytechnique Federal de Lausanne (EPFL) in Switzerland presented a paper Tuesday at the 25C3 security congress in Berlin. They showed that they were able to generate two messages with one digital signature, similar to the process of an older digital-certificate system, using an algorithm called MD5.

A user who visits a Web site whose URL begins with https usually sees a locked padlock in a browser corner, indicating that the site employs a digital certificate issued by one of several trusted certificate authorities. The browser verifies the certificate, using one of several algorithms, including, for some sites, MD5.

The MD5 digital-certificate system is still in use by many sites, and could enable third parties to create fake certificates and fool a browser into thinking it was visiting a secure site. A more modern and secure digital-certificate system is used by many sites.

The vulnerability was first identified four years ago by Chinese researchers, who had created a collision attack by generating two different messages with the same digital signature. But the amount of computing power needed to generate a fake certificate was considered a huge obstacle to anyone attempting to take advantage.

if you like to read more about this .. then have a look here ...

Njoy !!!

XP Vs Vista Vs Vienna... Ultimate Windows Comparison

If you have seen snapshots of all new windows 7 .. a.k.a. windows Vienna ... you will see that , still its in pre-beta phase , but looks sexy ;) .... but like any average windows user , i was just curious to see if there is any sort of comparison is available to check with other operating systems like windows XP and Vista ... because , my WOW experience was pretty bad ... its extremely resource hungry OS , by all means ... either by use of RAM or by use of Processor or by use of HDD installation space ... so on this blog i found very brief comparison of all three OSes ... XP , Vista and Windows 7 (Vienna) ...

There are 23 tests in all, most of which are self explanatory:

1. Install OS - Time it takes to install the OS
2. Boot up - Average boot time to usable desktop
3. Shut down - Average shut down time
4. Move 100MB files - Move 100MB of JPEG files from one hard drive to another
5. Move 2.5GB files - Move 2.5GB of mixed size files (ranging from 1MB to 100MB) from one hard drive to another
6. Network transfer 100MB files - Move 100MB of JPEG files from test machine to NAS device
7. Network transfer 2.5GB files - Move 2.5GB of mixed size files (ranging from 1MB to 100MB) from test machine to NAS device
8. Move 100MB files under load - Move 100MB of JPEG files from one hard drive to another while ripping DVD to .ISO file
9. Move 2.5GB files under load - Move 2.5GB of mixed size files (ranging from 1MB to 100MB) from one hard drive to another while ripping DVD to .ISO file
10. Network transfer 100MB files under load - Move 100MB of JPEG files from test machine to NAS device while ripping DVD to .ISO file
11. Network transfer 2.5GB files under load - Move 2.5GB of mixed size files (ranging from 1MB to 100MB) from test machine to NAS device while ripping DVD to .ISO file
12. Compress 100MB files - Using built-in ZIP compression
13. Compress 1GB files - Using built-in ZIP compression
14. Extract 100MB files - Using built-in ZIP compression
15. Extract 1GB files - Using built-in ZIP compression
16. Install Office 2007 - Ultimate version, from DVD
17. Open 10 page Word doc - Text only
18. Open 100 page Word doc - Text and images only
19. Open simple Excel doc - Basic formatting
20. Open complex Excel doc - Including formula and charts
21. Burn DVD - Win 7 beta 1 .ISO to disc using CDBurnerXP
22. Open 10 page PDF - Text only, using latest Adobe Reader 8
23. Open 100 page PDF - Text and images, using latest Adobe Reader 8

for these tests they have used two different PC configurations ...

• An AMD Phenom 9700 2.4GHz system fitted with an ATI Radeon 3850 and 4GB of RAM
• An Intel Pentium Dual Core E2200 2.2GHz fitted with an NVIDIA GeForce 8400 GS and 1GB of RAM

and the results were much similar that Microsoft had promised when they announced their new OS project ...





I would surely try to get "hands on" experience with Windows 7 by myself .... lets see ....

Njoy ....