RKPC Service: Important News Regarding Computer Protection

Understanding Viruses

There's viruses that replicate themselves and spread to other computers, sometimes just for its own sake.

They're called worms if they do it through e-mail or instant messaging.

Trojans follow the metaphor of Homer's Trojan Horse, whose occupants emerged in the night to open the Troy's gates to a devastating attack.

Spyware watches your actions for marketing purposes.

Adware produces annoying popup ads.

Malware, incidentally, is any software you didn't ask for, especially software that has malicious intent.

A bug, meanwhile, is any software that doesn't work right--and may be preferable to malware.

Malware
You can get an infection by visiting a malicious Web site, or by clicking a file attached to spam e-mail, through a p2p file-sharing network, by downloading what you thought was free software, or by using an infected removable device like a USB memory stick. Intrusion attacks can come in over the Internet.

Trojans
Many trojans will download other malware that take root in our computer and start doing nasty things. These include password stealers and keyloggers that will try to swipe your account information so that someone else can swipe your money. Or they may turn your computer in to botnet node, under the remote control of a bot herder, who will typically use it to spew spam.

Phishing
The rise in phishing - e-mail that tries to trick you into revealing information that could be used for ID theft or other fraud. The phishers have been going after denizens of social networking sites and even large corporations.
Software can't protect you against the phishing plague, only common sense can do that. If some random e-mail asks for your personal information because somehow otherwise your bank account, or our game subscription, or your corporate computer privileges will be suspended, delete it.

Card thieves steal $10 million, $10 at a time

There's a new reason to check your credit card bills carefully every month. The Federal Trade Commission this week asked a U.S. court to stop an elaborate credit and debit card scam that has already hit more than 1 million victims with tiny charges -- some as small as 20 cents each. The identity theft scam lasted nearly four years, according to the FTC's complaint. In the end, more than $10 million was moved out of the country and into bank accounts in Lithuania, Estonia, Latvia, Bulgaria, Cyprus and Kyrgyzstan, it said. In many cases, the charges were so small that consumers didn't notice them, and paid their bills.

"The vast majority of consumers ... either do not notice these charges, misunderstand them, or do not file formal complaints with their credit or debit card issuer to challenge the charges," the complaint reads.

The FTC said it doesn't know where the stolen credit card numbers came from, but the lawsuit filed on Monday offes a rare glimpse of the efforts by overseas criminals to turn stolen cards into cash.

According to the complaint, criminals managed to set up nearly 100 fake U.S. corporations, and use the firms to set up fake credit card merchant accounts. Then, they were able to charge and collect credit card payments.

The firms were located all over the U.S. -- New World Enterprises in New Jersey, SMI Imports in Florida, Parts Imports in Louisiana, Bend Transfer Services in Bend, Ore., for example. Consumers would see names like Alpha Cell, Image Company, or United Services on their credit card bills next to the charges, along with an 800-number. Consumers who called to complain usually found the number was disconnected.

In order to create the appearances that the phony firms were based in the U.S., the criminals hired 14 "money mules," unwitting accomplices who helped move cash in and out of the country.

The mules were recruited through job postings delivered as spam messages. The e-mails said an "international financial services company is seeking a U.S. finance manager," according to the complaint. The mules were then directed to open limited liability corporations, and to open bank accounts. After money arrived from the credit- and debit-card charges, the mules transferred the money from their bank accounts to accounts in the Baltic States.

A key element of the scam, however, was the indifference shown by consumers whose credit cards were charged.

"In many households, one person handles paying the bills for the family, while two or more people may be using the same credit or debit card account. It’s easy for a small charge to fall through the cracks," said Karen Barney, a spokeswoman for the Identity Theft Resource Center. "These criminals depended upon consumers failing to verify each charge. They purposely kept the charges small, so as to not bring attention to their crime."

While the businesses and accounts associated with the civil complaint have been shut down by a U.S. District judge in the Northeast District of Illinois, the Federal Trade Commission does not know who was behind those companies -- they are named as John Does in the complaint. So it's likely the crime is ongoing, using other fake firms and money mules.

TIPS
The Identity Theft Resource Center offered several tips for consumers to keep from being a victim of a small-time credit card scam:
•When reviewing monthly statements check off each item as you confirm and verify each transaction. If there is a discrepancy, immediately report it to your credit card company or financial institution.
•Check your accounts frequently and question any purchase you do not recognize.
•Implement a system of tracking purchases that works for your family. For instance, everyone might put the receipts in one basket or drawer to facilitate tracking purchases.

Smartphone games hit by virus

Hackers have planted viruses in video games for smartphones running on Microsoft Corp's Windows operating system, according to a firm that specializes in securing mobile devices.

The games - 3D Anti-Terrorist and PDA Poker Art - are available on Websites that provide legitimate software for mobile devices, according to John Hering, CEO of San Francisco-based security firm Lookout.

Those games are bundled with malicious software that automatically dials premium-rate telephone services in Somalia, Italy and other countries, sometimes ringing up hundreds of dollars in charges in a single month.

Those services are run by the programers who built the tainted software, Hering said on Friday.

Victims generally do not realize they have been infected until they get their phone bill and see hundreds of dollars of unexpected charges for those premium-rate services, he said.

Hackers are increasingly targeting smartphone users as sales of the sophisticated mobile devices have soared with the success of Apple Inc's iPhone and Google Inc's Android operating system.

Officials with Microsoft could not immediately be reached for comment.

Thousands of Facebook users hit by 'clickjacking' attack

Facebook users are being clickjacked by an internet worm

Hundreds of thousands of Facebook users are falling victim to so-called 'clickjacking' attacks.

Facebook members see links to amusing-sounding subjects such as 'This man takes a picture of himself EVERYDAY for 8 YEARS!!,' that their friends appear to have 'liked'.

Clicking the link tricks users into recommending the site on Facebook too by posting it as something you 'liked' on your own page.

When a user clicks on the text that appears to be 'liked' he is taken to a blank page that just has the text, 'Click here to continue.'

Clicking anywhere on that page publishes the same message to that user's Facebook page.

The Facebook attack uses places an invisible button over an entire web page, so that wherever the user clicks, they end up hitting the button - in this case a hidden Facebook 'like' button.

Security experts say the scam currently has no malicious intent but easily could be adapted to deliver malware - which can infect your computer and cause damage to systems.

Graham Cluley, senior technology consultant at web security firm Sophos, said: 'If you believe you may have been hit by this attack, view the recent activity on your news feed and delete entries related to the above links.

'Furthermore, you should view your profile, click on your Info tab and remove any of the 'pages from your "Likes and interests" section.'

The bug brings up a blank screen with the words Click here to continue on it. If the user clicks the screen the 'like' tag is displayed on their screen

At the moment the clickjacking attack is not being used to deliver malware or phishing attacks, where users' personal details are swiped by internet fraudsters using computer viruses.

'At the moment the attacks which we've seen are more like old-school viruses - written for the heck of it to see how many fans they can get.

Tomorrow, May 27, 2010 Facebook privacy will be ‘simplified’. Some users cringe at the idea of yet another change to the social network

Following founder and CEO Mark Zuckerberg’s semi-mea culpa in the Washington Post’s opinion page, Facebook is set to roll out new “drastically simplified” privacy controls.

“Many of you thought our controls were too complex,” Zuckerberg wrote in Monday’s Washington Post column that several tech blogs interpreted as stopping short of an actual apology. “Our intention was to give you lots of granular controls; but that may not have been what many of you wanted. We just missed the mark.”

Starting Wednesday, the simplified privacy settings Zuckerberg referenced will start rolling out. The specifics of those simplifications haven’t yet been revealed. Ideally, the changes will address the 50 settings (with more than 170 options) users must navigate when setting up profile privacy, as shown in a recent New York Times infographic.

Understandably, users are wary of yet another change to the social network. “This means they’re going to change everything around AGAIN and I'll have to go through all my settings AGAIN to ensure I'm as locked down as I want to be. AGAIN,” one Facebook user wrote after learning of the newest privacy update.

“Every time Facebook makes changes, things seem to get worse, so call me hopeful ... but skeptical,” wrote another.

Indeed, the changes may not be so much of an effort to appease Facebook’s 400 million-plus users, who complain yet show no signs of leaving en masse, but rather those who advocate on behalf of the users.

Beyond the usual consumer groups that have always been fairly vocal regarding Internet privacy, four U.S. senators recently demanded the Federal Trade Commission do something about the social network's increasingly confusing privacy policy.

The 3 Most Common Types of PC Virus Infections
Web security and the vexing problem of malicious software made headlines again last week when computer antivirus software maker McAfee sent out a botched update that crashed thousands of computers around the world.
Such hiccups in computer security software are rare. What isn't rare is the damage caused by the malicious software known as malware that antivirus software is designed to thwart. Last year hackers stole approximately 130 million credit card numbers, according to an Internet Security Threat Report released this month by security software maker Symantec. And in the third quarter of 2009 alone, there was over $120 million in reported losses due to online banking fraud.
David Perry, global director of education for security software maker Trend Micro, is a 22-year veteran of fighting malware. He gave TechNewsDaily a guided tour of malware's trinity, the three most likely sources of malware infection.
Trojans
Ground Zero for malware is the Internet itself. The Web is by far the most common vector for malware infection, Perry said. "The most universal thing of all that's involved in cyber bad guy activity is the Web."
Users don't even have to click anything on websites to infect their computers. Just looking is enough. "Look at the web page and Bang!, you're infected without so much as a how-do-you-do," he said.
Forsaking Internet Explorer and replacing it with another browser such as Firefox won't give you much protection either, Perry said. Malware is basically equal opportunity when it comes to browsers and browser plug-ins.
A Trojan downloader is the most common malicious software to get hit with, he said. A Trojan is any program that pretends to be something other than what it really is — a downloader is a program that downloads another program. "It's like Robin Hood," Perry said. "He shot an arrow with a string over a tree branch. He used the string to drag up a rope and the rope to drag up a basket of stuff."
In the past, sites devoted to porn and file sharing were the usual suspects for being sources of infection. "It used to be true," but no longer, Perry said. “We’ve seen government agencies and the Roman Catholic Church get infected; we’ve seen railroads and airlines and the British Museum get infected. There is no safe web page.”
To make matters worse, infected computers are often asymptomatic and appear to be functioning normally. Many Trojan viruses don't slow your computer down or make your cursor go crazy. Like high blood pressure, malware is a silent killer.
"Unfortunately, there's a big cognitive disconnect on the part of users who have seen movies where the virus comes on the screen and announces that it is infecting you," Perry said. "Any malware you see today will be by design as symptom free as they can possibly make it."
Botnets
The web is also where you risk contracting a drive-by bot infection that will enlist your computer as an agent in a fraudster's arsenal.
"A botnet is a collection of infected PCs that the bad guys now own," Perry said. "Botnets are the source of all spam – they're used for ID theft, extortion, industrial espionage and finding other web pages to infect. I would call it the Swiss Army Knife of the malware world. It does a lot of things for a lot of people."
Like the majority of malware software, botnets are asymptomatic. Until you wake up and find your bank account has been drained, that is, or discover that your ID has been appropriated for use by someone else.
Scareware
Fake antivirus programs, which are often referred to as "scareware," is the third and arguably most irritating leg of the malware stool.
With scareware, a warning pops up on your computer screen telling you that your computer is infected and attempts to sell you a program to disinfect the program. This is the ultimate no-win situation.
If you click anywhere on the warning, you get infected. If you ignore the warning, it will never go away. And if you fall for the ruse and buy the fake antivirus program, your computer will then become another warrior in the scammer's botnet army.
"This is the one thing in the world of malware that is visible," Perry said. "If you're infected, you'll know it because it's visible and bugs you all the time."
If you think you can simply hit Alt-Control-Delete — the keyboard combination that brings up the Task Manager in Windows — to rid shut down the offending program, think again. Many malware programmers expect panicked users to do this, and create fake Task Manager windows that trigger the infection.
So how big is the problem? Over 100,000 new Trojan downloaders are created every day, Perry said. Most computer users aren't knowledgeable enough to deal with the problems themselves without help, he added. "It's too vast and too pervasive."
The best defense, he said, is to install a suite of Internet security software and religiously update it.
"For right now, count your change and watch your Ps and Qs," he said. "There's no way to easily tell that something wrong is going on on the Internet."

Fake antivirus software a 'growing threat', warns Google

Internet search giant Google has warned of the growing risk of fake anti-virus software being downloaded by unsuspecting computer users.

Millions of computer users are being duped into installing the software which they think will protect them online but which actually leaves their computers more vulnerable to hackers.

Over the last 13 months Google analysed more than 240 million web pages and found that fake antivirus programs accounted for 15 percent of all the malicious software it detected online.

Cyber criminals are using increasingly sophisticated tactics to trick unsuspecting computer users into downloading and installing software laced with malicious code. When activated, the software allows hackers to obtain "back door" access to a computer. This in turn could allow criminals to use the machine to send spam emails, or to try and capture personal information and login details for online banking and email accounts.

A well-known scam is to deliver a pop-up messages on to a users screen warning them that a virus has been detected on their machine. The message advises the computer user to download the advertised antivirus software. However instead of removing the virus, which in all likelyhood does not exist, many will find themselves handing over their credit card details to cyber criminals in exchange for software laced with malicious code.

"The fake antivirus threat is rising in prevalence, both absolutely and relative to other forms of web-based malware," said Google in its findings. "Clearly, there is a definitive upward trend in the number of new fake antivirus domains that we encounter each week. "Surprisingly, many users fall victim to these attacks and pay to register the fake antivirus software. To add insult to injury, fake antivirus programs are often bundled with other malware, which remains on a victim's computer, regardless of whether a payment is made."

Google said that although it uses special tools to filter out websites containing malicious code from its search results, cyber criminals often moved their sites from one location to another in order to thwart efforts to stop their activity. Security experts have advised computer users to ensure they only install legitimate antivirus programs from reputable companies, such as Norton and McAfee, and not to click on any unsolicited pop-ups that claim to have detected a virus, and offer tools to remove it.

Millions of computers shut down as faulty anti-virus program causes havoc around the globe. McAfee program goes berserk, reboots PCs. Hospitals, schools, company computers around the world affected by error

Computers in companies, hospitals and schools around the world got stuck repeatedly rebooting themselves Wednesday after an antivirus program identified a normal Windows file as a virus.

McAfee confirmed that a software update it posted at 9 a.m. Eastern time caused its antivirus program for corporate customers to misidentify a harmless file. It has posted a replacement update for download.

McAfee could not say how many computers were affected, but judging by online postings, the number was at least in the thousands and possibly in the hundreds of thousands.

McAfee said it did not appear that consumer versions of its software caused similar problems. It is investigating how the error happened "and will take measures" to prevent it from recurring, the company said in a statement.

The computer problem forced about a third of the hospitals in Rhode Island to postpone elective surgeries and stop treating patients without traumas in emergency rooms, said Nancy Jean, a spokeswoman for the Lifespan system of hospitals. The system includes Rhode Island Hospital, the state's largest, and Newport Hospital. Jean said patients who required treatment for gunshot wounds, car accidents, blunt trauma and other potentially fatal injuries were still being admitted to the emergency rooms.

Deborah Montanaro of North Kingstown, R.I., told The Providence Journal her son was turned away by the hospital and not given the spinal radiation therapy he needed to treat his leukemia.

"It is impacting patient care," she told the newspaper. "They have no Plan B. I am very upset."

The hospital's computers came back online around 4:30 ET, Jean told the newspaper.

In Kentucky, state police were told to shut down the computers in their patrol cars as technicians tried to fix the problem. The National Science Foundation headquarters in Virginia also lost computer access.

Intel appeared to be among the victims, according to employee posts on Twitter.

"For PCs that have been affected and are in a state of reboot, Intel IT is still working on how to get the deleted files back on the operating system, which will allow PCs to boot normally again," spokesman Bill MacKenzie told The Oregonian.

"We do have instructions out that are working for some people and not for others. We are continuing to work the issue."

Peter Juvinall, systems administrator at Illinois State University, said that when the first computer started rebooting it quickly became evident that it was a major problem, affecting dozens of computers at the College of Business alone.

"I originally thought it was a virus," he said. When the tech support people concluded McAfee's update was to blame, they stopped further downloads of the faulty software update and started shuttling from computer to computer to get the machines working again.

In many offices, personal attention to each PC from a technician appeared to be the only way to fix the problem because the computers weren't receptive to remote software updates when stuck in the reboot cycle. That slowed the recovery.

It's not uncommon for antivirus programs to misidentify legitimate files as viruses. Last month, antivirus software from Bitdefender locked up PCs running several different versions of Windows.

Microsoft, Adobe to release important security patches

Microsoft is to issue 11 security bulletins on Tuesday to fix 25 vulnerabilities in Windows, Microsoft Office, and Exchange. The patches also coincide with a major release of security updates from Adobe Systems.

According to an advanced notification released by Microsoft, the double-digit security bulletin, which will be released by the company on April 13th, 5 out of 11 security updates have been labeled as 'Critical' and are related to remote code execution affecting Microsoft Windows. Five other vulnerabilities have been categorized as 'Important' and affect Windows, Office and Exchange, whereas one update is 'moderate' and relates to spoofing in the Windows OS.

Microsoft's flagship operating system, Windows 7, will also be served with four of the 11 security updates, including a patch for the recently discovered VB script F1 vulnerability in which users who pressed F1 after being prompted by a website, received malicious content which was injected into their PCs.

Disclosed on March 1, it affects older versions of Windows running Internet Explorer. The patch is being release despite the fact the vulnerability does not affect Windows 7 PCs. Commenting on the unnecessary Windows 7 patch, Microsoft said in a security bulletin that it “recommends that customers of this software apply this security update as a defense-in-depth measure.”

The other advisory to be closed is 977544, which involves a hole in Server Message Block (SMB) protocol that could allow a denial-of-service attack and that dates back to November. Software affected by the updates includes Windows 2000, XP, Vista, Windows 7, Server 2003, Server 2008, Office XP, Office 2003, 2007 Microsoft Office System and Exchange Server 2000, 2003, 2007, and 2010.

Also on Tuesday, Adobe Systems will release security updates for Reader and Acrobat via a new update system. Adobe has quarterly security update releases that coincide with Microsoft's Patch Tuesdays. The updates affect Adobe Reader 9.3.1 for Windows, Mac, and Unix, Acrobat 9.3.1 for Windows and Mac, and Reader 8.2.1 and Acrobat 8.2.1 for Windows and Mac.

The company has been testing the updater technology with a sample of customers since Oct. 13. Users can set the system to automatically update, meaning the software will be downloaded and installed after it is available from Adobe, or semi-automatically so that the update is downloaded automatically but the user chooses when to install it.

Virus targets Facebook stealing Password
McAfee Inc. warned Facebook Inc.'s 400 million users Wednesday that a new type of virus is trying to steal their bank passwords and other secret information about them.
Facebook also issued a status update Wednesday warning about bogus e-mail containing viruses and advised its users of its social networks to delete the e-mail and warn their friends.
The e-mail's recipients that the passwords on their Facebook accounts have been reset and asks them to click on an attachment to get new login credentials. If they do this, McAfee warns that triggers the download of several types of malicious software, including a program that steals passwords.
Tens of millions of the spam were sent across Europe, the United States and Asia since the campaign began on Tuesday, McAfee said. Dave Marcus, McAfee's director of malware research and communications, told Reuters that he expects the hackers will succeed in infecting millions of computers.
"With Facebook as your lure, you potentially have 400 million people that can click on the attachment. If you get 10 percent success, that's 40 million," the news service quoted him as saying.
The bogus email is titled "Facebook Password Reset Confirmation! Customer Support."

Warning! File-sharing software reveals user's private info. Some P2P programs automatically share everything on your computer By Ned Smith updated 12:10 p.m. ET, Tues., March. 16, 2010

Limewire is also a file sharing program!
Thousands of Americans may unwittingly be sharing personal medical and financial information stored on their home computers when they use file-sharing software, according to a new study.

"The issue has been bubbling for a couple of years," said lead author Khaled El Eman, a senior scientist at the University of Ottawa's Electronic Health Information Laboratory.

"In the past we knew there was a problem. We just didn't know how big it was. We also wanted to see if anyone was actively searching for this information."

El Eman and his colleagues found evidence of outsiders actively searching for files containing private health and financial information on peer-to-peer (P2P) file-sharing networks such as Gnutella, eDonkey and BitTorrent. P2P networks let users connect with the computers of other users on the network and search for and download files.

"Very simple search terms such as 'medical records' or 'credit card' were quite effective in returning sensitive documents," El Eman told TechNewsDaily. Retrieving this information, he added, does not require world-class computer hacking skills.

"It's a total no-brainer," he said.

Thousands at risk
The study, published in a recent issue of the Journal of the American Medical Informatics Association, found that the absolute number of files returned containing sensitive health and financial information was relatively low — less than 1 percent of U.S. files contained personal health information and slightly less than 5 percent contained financial data.

Given the popularity of P2P file sharing, though, this translates into tens of thousands of computers at risk, El Eman said.

"There are around 250 known P2P file-sharing programs," he said. "And they vary in their badness. Some of them are known to automatically share everything on your machine without informing you what it's sharing. Some of them are better behaved."

P2P probing to discover personal information is a relatively recent wrinkle in file-sharing activity, El Eman said. In the past users primarily accessed and shared music, videos and pornography.

Whether you are a private individual or a healthcare worker taking patient records home, the only guaranteed way to keep your data safe is to avoid keeping it on a computer that does not have a file-sharing program installed.

For home users, that's not always easy. Teenagers are particularly fond of file sharing, El Eman said, and will frequently install programs without telling anyone.

If you're using a shared computer, he recommends, create different accounts for different users. That way, only one user's data will be at risk at any one time.

Microsoft has warned of a new security hole that could be exploited by attackers to take control of older Windows systems running Internet Explorer and for which proof-of-concept exploit code has been released publicly.

The vulnerability affects Windows 2000, XP and Server 2003-based systems, Microsoft said in a security advisory dated March 1.

Microsoft said that the vulnerability in VBScript could allow remote code execution of computers. "If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user," Microsoft said on its Web site, "On systems running Windows Server 2003, Internet Explorer Enhanced Security.

Configuration is enabled by default, which helps to mitigate against this issue." Windows Vista, Windows 7, and Windows Server 2008 are not affected.

The advisory includes several workarounds, including advice to avoid pressing the F1 key when prompted by a Web site.

It also suggests restricting access to the Windows Help System, setting Internet and Local intranet security zone settings to "high" to block ActiveX Controls and Active Scripting, and configuring Internet Explorer to prompt before running Active Scripting or disable Active Scripting in the Internet and Local intranet security zone.

Microsoft complained in its advisory and a statement that the vulnerability was not responsibly disclosed.

Microsoft’s ‘spy guide’ — what you should know. Handbook for law officials details data the company keeps on users
By Brennon Slattery
updated 3:55 p.m. ET, Fri., Feb. 26, 2010

Since 1996, the whistleblower site Cryptome has been posting sensitive government and corporate documents. Now Cryptome has been stricken from the Web after releasing the "Microsoft Online Services Global Criminal Compliance Handbook", a "spy guide" for law enforcement detailing what data Microsoft has, keeps, and can relinquish.

Since most of you are Microsoft users, there are a few tidbits of information you'll need to know before purchasing Xbox Live points, logging onto Office Live, or sending an e-mail through Hotmail.

"The Global Criminal Compliance Handbook" is a quasi-comprehensive explanatory document meant for law enforcement officials seeking access to Microsoft's stored user information. It also provides sample language for subpoenas and diagrams on how to understand server logs.

I call it "quasi-comprehensive" because, at a mere 22 pages, it doesn't explore the nitty-gritty of Microsoft's systems; it's more like a data-hunting guide for dummies.

Which Microsoft services are affected?
All sorts. Microsoft keeps user information related to its online services. The data ranges from past e-mails to credit card numbers. The information is kept for a designated period of time, sometimes forever.

The sites referenced are:
* Windows Live
* Windows Live ID
* Microsoft Office Live
* Xbox Live
* MSN
* Windows Live Spaces
* Windows Live Messenger
* Hotmail
* MSN Groups

Some of these Microsoft services may not apply to a whole lot of people. Who uses MSN Groups, for instance? But accessing personal information from Xbox Live accounts, for example, could be a big problem for 23 million subscribers; especially since Xbox Live keeps more data than many of Microsoft's other services.

What information does Microsoft have?
It depends on the service. We'll deal with the big dogs here:

Windows Live ID: Windows Live ID is a one-stop shop for user info retention and is used on a multitude of sites to limit scattered user names and passwords. Due to its wide reach, Windows Live ID could allow law enforcement agencies to access tons your personal Web surfing information. Microsoft keeps "the last 10 Microsoft site and IP connection record combinations (not the last 10, consecutive IP connection records)."

All things considered, that's not bad. It gets worse.

Hotmail: "E-mail account registration records are retained for the life of the account. Internet Protocol connection history records are retained for 60 days," according to the document. But if you, like many, switched over to Gmail and let your Hotmail account lapse, all e-mail content is "typically deleted after 60 days of inactivity. Then if the user does not reactivate their account, the free MSN Hotmail and free Windows Live Hotmail account will become inactive after a period of time."

E-mail content that is older than 180 days can be disbursed "as long as the governmental entity follows the customer notification provisions in ECPA (see 18 U.S.C. §§ 2703(b), 2705)." If the content is less than 181 days, you need a search warrant.

Xbox Live: Xbox Live stores a lot of information:

* Gamertag
* Credit card number
* Phone number
* First/last name with zip code Serial number but only if box has been registered online
* Service request number from Xbox Hotline (e.g. SR 103xx-xx-xx)
* E-mail account (e.g. @msn.com, @hotmail.com or any other Windows Live ID account name)
* IP history for the lifetime of the gamertag (only one gamertag at a time)

This information comes in handy for non-nefarious purposes, just so you don't get completely paranoid. For instance, if your Xbox 360 console is stolen, Microsoft can hunt it down lickety-split using its vast tracking records of you and your machine.

Office Online and Windows Live SkyDrive
The scariest part of the handbook comes here. Office Online and Windows Live SkyDrive are both services that store documents and files in the cloud. The two pages devoted to these services describe only what the products are and not the access Microsoft has to pertinent information. What can Microsoft get at? How long is everything stored? What are the legal parameters? All of this is uncertain and worthy of a little spine-shake.

Cloud computing is the next big thing in technology. Companies are apt to store sensitive financial and human relations documents in one of Microsoft's clouds. If prompted by the government, Microsoft could (or couldn't?) dip its fingers into your spreadsheets and extract all it wants.

The last page of the document details the legal procedures required to obtain Microsoft's information, but with warrantless wiretapping being such a big fad lately — as evidenced lately by Google's shady dealings with the NSA — one never knows how many reams of red tape the government can snip through to get what it wants.

A brief case history
It's uncertain as to how John Young, Cryptome's proprietor, obtained "The Global Criminal Compliance Handbook"; what's assured is that it caught Microsoft's attention. The corporation quickly filed a Digital Millennium Copyright Act (DMCA) notice alleging copyright infringement.

In 1998, the DMCA criminalized production and dissemination of tech methods intended to skirt protections such as DRM that control access to copyrighted works. It also criminalizes the act of circumventing an access control, whether or not there is actual infringement of copyright itself.

Some organizations have a problem with Microsoft's use of the DMCA in this case. "[The Electronic Frontier Foundation" find[s] it troubling that copyright law is being invoked here. Microsoft doesn't sell this manual. There's no market for this work. It's not a copyright issue. John [Young's] copying of it is fair use. We don't do this anywhere else in speech law," Cindy Cohn of the Electronic Frontier Foundation told ReadWriteWeb.

Cohn stated that in cases involving libel or trade secrets there is a procedure of going to court, making a case and getting an injunction — filing a DMCA complaint "makes censorship easy."

Either way, Microsoft prevailed. Cryptome's host, Network Solutions, tore the site down. Young filed a counterclaim Wednesday.

Personally, I feel "The Global Criminal Compliance Handbook" isn't as nightmarish as some may paint it (save for the cloud computing part). Microsoft needs to have measures to work with the government in cases of danger, plain and simple. But with so much data out there, so much of it "owned" by Microsoft, I cannot help but feel exposed and vulnerable.

And for the sake of Internet freedom, it's crucial that Cryptome is released back into the wild. The site serves a clear and important purpose; its latest — and perhaps last — release proves that point.

Your Facebook profile: An open invite to crime? If you don't care about your online privacy, why should Facebook or Google?

Honestly, the way some of you people behave online, it’s like you’ve never had a stalker.

How is it you never received two dozen roses anonymously while working Christmas Eve at your mall job? Felt that thrill devolve into ick when the 3 a.m. hang-up calls began? Contacted the cops for the first time when the plastic nativity Jesus showed up in a plastic diaper bag on your doorstep on New Year’s Day?

Maybe if you had, you’d be a little less “shocked” by the plethora of personal information available to anyone with Internet access. Alas, those among you who have never converted old shoe boxes into “evidence files” dated by month and/or year, treat vigilance as a fad — an occasion to sign an “Official Facebook Petition” to “stop invading my privacy!” whenever a news story warrants, only to forget about it days later.

But before you send your next angry tweet about the evils of Google Buzz or whatever, consider how you, yourself may be actively violating not only our personal privacy, but your physical existence with the stuff you post on social networks every single day.

If that’s too much work, here’s a new Web site does it for you: Please Rob Me, the newly launched social media aggregator dedicated to “listing all those empty homes out there.” The site’s stated purpose isn’t to provide better living through technology for thieves and other ne'er-do-wells; Rather, the opposite.

“So here we are; on one end we're leaving lights on when we're going on a holiday, and on the other we're telling everybody on the Internet we're not home,” reads the “Why” section. “The goal of this Web site is to raise some awareness on this issue and have people think about how they use services like Foursquare, Brightkite, Google Buzz etc. Because all this site is, is a dressed up Twitter search page. Everybody can get this information.”

PC Magazine reported Thursday (Feb. 18) that Please Rob Me's associated Twitter account had been shut down for “suspicious activity,” but a feed was still available on the site. And even if this turns out to be a gimmicky spambot, it does at least make a valid plot point for a future “Law & Order” episode.

A few examples from the constantly updated feed, which mostly includes Foursquare entries, illustrates the point (user names removed):

* left home and checked in less than a minute ago: Don't judge! I haven't had fast food in ages!! (@ McDonald's) http://4sq.com/bVVjJM * left home and checked in less than a minute ago I'm at The Pearl Cup (1900 Henderson Ave, McMilian Ave, Dallas). http://4sq.com/1wr9bz * left home and checked in less than a minute ago: I'm at New York Penn Station (7th Ave & W 32nd St, New York) w/ 10 others. http://4sq.com/1GoinW

Again, these are Foursquare entries, artifacts from the hipster-habituated, location-based social networking Web site in which you earn virtual merit badges by punching in your coordinates into your iPhone (or whatever) whenever you hit a bar, brunchery, hook up with other Foursquare participants, what have you. And as an added bonus, anyone who accesses your account not only gets your status, but a map revealing your real-time coordinates!

Consider yourself too savvy to engage in a location-based social networking Web site, just so you can earn imaginary kudos for “Superstar” (You've checked into 50 different venues!) or “Warhol” (10 different galleries!)? Well, get off your high horse, honey, because the finger wagging goes to you chronic Googlers and Facebook users who only heard about Foursquare just now.

“Internet shopping for burglars” is what reformed thief Michael Fraser calls it. Fraser, a member of BBC's "Beat The Burglar" series, helped a British-based insurance company with a social network survey last year to find how just how easily people will reveal information to just about anyone.

Thirty-eight percent of the Facebook and Twitter users surveyed posted their holiday plans online, and 33 percent shared information about weekends away. "Coupled with the finding that an alarmingly high proportion of users are prepared to be 'friends' online with people they don't really know, this presents a serious risk to the security of people's home and contents," the insurance company said in a statement.

Please note, those are British people, who certainly sound smarter than Americans anyway. In both countries however we’ve been enjoying a growing number of criminals who incriminate themselves via social media. For example, this dude charged with assault, drunk driving, drug possession and using a BB gun to kill birds, posted his address on both his Facebook and MySpace accounts.

(Following his arrest, the Lockport, NY police posted this note on his Facebook "Wall": "It was due to your diligence in keeping us informed that now you are under arrest.")

Meanwhile, the FBI has yet to announce a connection between crime and your Facebook status. But we can freak ourselves out over anecdotal incidents, such as the case of the Seattle video podcaster who tweeted his family vacation to the Midwest, only to return home to a jimmied back door and thousands of dollars of video equipment taken.

Now, there’s no way to know if the thieves were tipped by Twitter, “but we live pretty public lives,” Hyman said of he and his wife in an Associated Press interview.“I think probably in the future though I’m not going to be announcing when I’m heading out of town.”

Me, I wouldn't tweet a trip to Starbucks. But bad memories of that plastic nativity Jesus aside, personal privacy is probably at bigger risk than your high-end electronics. Or so I'm told.

“Posting ‘My big-screen TV is awesome, wish someone was gonna be home enjoying it, but everyone's gone for three days’ isn't the brightest move in the world,” says this one police officer I know from Facebook. “But it's not as high on the list as say, leaving your front door unlocked or your garage door wide open.”

Virus breaches 75,000 computers, study says 'Kneber botnet’ infecting online financial systems, social networking sites

A new type of computer virus is known to have breached almost 75,000 computers in 2,500 organizations around the world, including user accounts of popular social network websites, according Internet security firm NetWitness.

The latest virus -- known as "Kneber botnet" -- gathers login credentials to online financial systems, social networking sites and email systems from infested computers and reports the information back to hackers, NetWitness said in a statement.

A botnet is an army of infected computers that hackers can control from a central machine.

The company said the attack was first discovered in January during a routine deployment of NetWitness software.

Further investigation by the Herndon, Virginia-based software security firm revealed that many commercial and government systems were compromised, including 68,000 corporate login credentials and access to email systems, online banking sites, Yahoo, Hotmail and social networks such as Facebook.

Companies that were infiltrated included pharmaceutical giant Merck & Co., Cardinal Health Inc., software firm Juniper Networks and Paramount Pictures, the Wall Street Journal reported Thursday.

The newspaper said that the hackers, believed to be an East European criminal group, also broke into computers at 10 U.S. government agencies and that in one case they obtained the user name and password for a soldier's military e-mail account.

"Conventional malware protection and signature-based intrusion detection systems are, by definition, inadequate for addressing Kneber or most other advanced threats," Yoran said in a statement.

Facebook hoax may be clever marketing ploy. Chain message warns users that they are being spied upon
By Leslie Meredith, updated 3:56 p.m. ET, Thurs., Feb. 4, 2010

Facebook officials say a chain message that is making the rounds on the site and warning users they are being spied upon is harmless and should be ignored.

"This is a chain message that claims certain users have special access to profile information. It’s not true, and we don’t know where it originated," Facebook spokesperson Simon Axten told TechNewsDaily. "We’re asking people to disregard the message and tell their friends."

Because the message is designed to be spread quickly and yet is not malicious, some Facebook developers have speculated it is a clever marketing ploy by the company mentioned in the message.

The chain message reads: "All FB friends. This is important. Do this asap! Go to settings. Click on privacy settings. Click on block users. in [sic] the name box enter 'automation labs'. A list of approx 20 people you dont even know will come up. Block each one individually. These people have access to your facebook account/profile and spy on what you do … "

More than a million Facebook users may have received this message, according to Nick O'Neill of AllFacebook.com, a popular blog that focuses on the social media site. When the AllFacebook team got wind of the circulating message, it issued a statement that the privacy threat contained in the message was completely false.

The message exploits a standard Facebook search feature within the settings on a user's Facebook page, O'Neil explained. Facebook's privacy settings include a feature to block certain people from a user's profile. Once a user types the name of the person he wishes to block, Facebook generates a list of all Facebook users with either that name, a similar name or people associated with the name.

When panicked users typed in Automation Labs as directed, a window popped up listing people associated with Automation Labs. Typing in any name will produce a similar list of associated users or those with similar names.

Thus, all the chain mail really does is instruct Facebook users to block people they probably don't know, which is harmless.

O'Neil suspects the message may be a marketing campaign. "If it is, it's genius," he said in a telephone interivew. "Millions of Facebook users are now searching for Automation Labs."

Automated Labs did not immediately respond to a request for comment.

Automation Labs sells an add-on for Facebook's most popular game, Zynga's Farmville. Farming Extreme Manager is priced at $6.99.

Millions of Explorer users must update browser. Even Feds encourage PC users to update from IE6 to mitigate risk

If you are one of the estimated 45 million Americans still using version 6 of Microsoft's Internet Explorer Web browser, it may finally be time to update to Internet Explorer 8, thanks to a shove from Google.

Last week, Google announced that its applications such as Google Docs would no longer support IE6 beginning March 1. Google's move may have been prompted by the recent news that a vulnerability in IE6 was exploited by Chinese cyber-terrorists to attack U.S. companies, including Google, late last year.

Google's announcement came just one week after Germany, Australia and France issued warnings to the public against using IE6.

Stopping just short of a similar warning, the United States Computer Emergency Readiness Team (US-CERT), a part of the U.S. Department of Homeland Security, recently encouraged PC users to review Microsoft's Security Bulletin for Internet Explorer and make any necessary updates to mitigate risk.

In a statement to TechNewsDaily, the Department of Homeland Security said: “As US-CERT becomes aware of attempts to compromise government and private sector systems, we disclose this information to federal and industry partners and the general public in order to prevent or minimize disruptions to critical information infrastructure and protect the economy, government services, and the national security of the United States.

Microsoft Security Bulletin MS10-002 was made available to all Windows users through the Windows Update feature.

But patching the 8 1/2 year old program will not solve all user problems because many Web sites have phased out support for IE6. Facebook and YouTube phased out support prior to Google's announcement, and Microsoft itself will drop its support by 2014. Rather than waiting for a prompt to upgrade, computer users can easily do it before they run into delays.

An easy upgrade
The first step is to determine the browser and its version running on your computer. An easy way is to open your browser and type in http://www.WhatBrowser.org, a site created by Google for just this purpose. The Web site will display the name of your browser and its current version number.

If it's Internet Explorer 6, it's time to update.

Microsoft has made it easy for PC users to keep their systems up to date. By enabling Microsoft's Auto Update feature available in XP, Vista and Windows 7, users will never miss an important update. Here's how to update to IE8 and set your computer for automatic updates in the future:

Click on the Windows start button in the lower left hand corner of the computer screen and then click on the Control Panel to open that window.Look for Windows Update and double click to open it.

Before proceeding with any updates, select 'change settings' from the menu to the left of the box showing updates. Be sure 'Install updates automatically' is selected. You may set the frequency of installation to every day (recommended) or a specific day of the week and you may select a specific time of day.

This feature allows installations to be made when they are less likely to interrupt your workflow.Click okay and return to the Windows Update information box. Click on 'Install Updates.'

If you were not previously using this automated feature, it is likely Microsoft Windows has a backlog of updates before it can proceed with the IE8 update.

That's okay: Authorize the updates and keep an eye on the screen for additional permissions needed. Vista users will need to authorize each installation, while others may proceed without any intervention.

At the end of the process, you will be asked to restart the computer. From that point on, updates should be automatic.

No matter what browser is running on your machine, it is important to keep it up to date. The good news is that updating any browser is a simple process that only requires a few minutes.

Keeping your browser up to date means having the latest in browser improvements including reliability, speed and most important, security.

Give me your money, or your computer gets it Posted: Friday, January 29 2010 at 06:00 am CT by Bob Sullivan

Turning hijacked computers into cash is still hard work for most computer criminals. They've got to trick the infected PC into sending spam, then trick a recipient into buying a useless product -- or they have to steal online banking passwords, log onto a victim’s account, bypass the bank’s money transfer fraud controls, and so on.

It's much easier to just demand cash directly from infected users -- a crime that's the Internet's equivalent of kidnapping.

"Give me all your money or your computer gets it-" is the basic proposition.

The technique was dubbed "ransomware" many years ago by computer virus researchers, and is not new. What is new is the explosion of ransomware, thanks to the evolution of ever-more-believable tactics during recent months.

In December, the FBI issued a warning about a broader category of malicious programs called "rogueware.” These programs appear on users' machines and claim to find viruses, then offer to clean them for $50. Rogueware looks so realistic -- complete with Windows-like dialog boxes and scary warnings -- that Web users were tricked into sending $150 million to criminals last year, the FBI says.

The new ransomware is similar, but far more aggressive. Once a computer is infected with it, the program does more than recommend a software purchase –it simply won't let users continue to use their PC until they pay up.

Luis Corrons Granel, a researcher at Panda Security, said use of ransomware by criminals is exploding -- 25 percent of all rogueware in the past quarter involved a family of intimidating products named "TotalAntivirus.” It demands that users pay $50 for two years, $79 for a lifetime license.

“The increase (in ransomware) has been really significant,” Granel said. A single family of ransomware programs called “Total Security” made up one-quarter of all rogueware programs detected during the past three months, he said.

To an average user, most rogueware would be indistinguishable from other standard antivirus products. They look like fully functional software, showing Windows-like screens for firewall settings, file scanning, and every other tab you'd expect from standard antivirus products. “Total Security” even lets users choose their language -- English, Spanish, and German are offered.

The switch to ransomware by the bad guys makes sense, says Peter Cassidy, spokesman for the Anti-Phishing Working Group -- because computer criminals are refining their programming methods, and getting more aggressive about taking people's money.

"Instead of trying to fool people and getting one out of 1,000 to pay, what they're doing now is just locking up the PC and telling them they have to pay," he said. "It's a really violent approach, really nasty."

There might be one silver lining to the rise of ransomware, Cassidy said.

"It's not in that gray area of selling people useless crap," he said. “It’s clearly criminal, and extortion does get the attention of law enforcement officials.”

As is customary, computer criminals are fusing this new attack with successful, older methods, said John Harrison, a security researcher at Symantec Corp. In one recent example, criminals first engaged in search engine "poisoning," so their booby-trapped Web sites would rate high in Google searches about Haiti’s earthquake. Visitors who clicked were tricked into downloading the ransomware software; and then were confronted with extortion demands.

"That's their distribution model," Harrison said -. "They used to do it subtly, but now they are doing it much more brazenly."

In some versions, users will see a message that says, "Google recommends you install this," or "Microsoft recommends you turn this feature on- … then, they take over your computer and all of a sudden it looks like you have 900 viruses," he said.

The latest flavor of ransomware, described on Jan. 8 by security firm F-Secure, doesn't disable all software, but it does something just as debilitating -- it encrypts all the files on a victim's computer, and forces them to pay for decryption. The program, which calls itself Data Doctor 2010, costs $89.

RED TAPE WRESTLING TIPS
In some cases, researchers say, paying the ransom does work, at least initially. Still, it's a terrible idea to pay. On a grand scale, you've just subsidized a criminal. But there are far more practical concerns -- why would you trust the author of ransomware with your credit card number? Perhaps you think you'd never do this, but remember, the FBI says rogueware writers have made $150 million, so someone is paying up.

If an unexpected antivirus dialog box lands on your computer screen, close the window immediately by clicking on the 'x' in the upper-right hand corner. Don't use the "OK/Cancel" buttons in the window -- criminals often reprogram these.

You may or may not be infected anyway -- it's possible you are already the victim of a "drive-by download" that doesn't require user interaction. So run an antivirus scan, if you can.

If the rogue software has actually taken over your computer, physically disconnect it from the Internet to avoid having your personal information sent back to the criminal. Then go to a different computer to search for solutions. Type in the name of the rogue software and search for information on well-known antivirus Web sites. Many antivirus firms offer free cleaners you can download or place onto a USB memory stick, and run on your infected computer.

But maintain healthy suspicion at all times. Ransomware authors have gone so far as to create fake software reviews about their products and place them around the Internet, even stealing logos from reputable technology publications, says Harrison.

"The idea is you search for information about the program and this turns up, and you figure it's ok so you install it," he said. "Some of this is soft sell, some is very hard sell." As always, it’s never a good idea to follow links in e-mails when heading to Web sites – it takes an extra moment, but always click into your browser’s address bar and manually type the address.

Facebook: The end of secrets? Posted: Wednesday, January 20 2010 at 05:00 am CT by Bob Sullivan

What would a world without secrets look like? Thanks to Facebook, we may find out.

Privacy experts continue to watch in wonder as hundreds of millions of adults around the globe do things online that they would never do in person. Facebook CEO Mark Zuckerberg created a stir recently when he offered a simple explanation: He suggested Web users now see privacy as quaint, and = Facebook is creating a new social norm.

If you look at the data, he's right. According to researcher Larry Ponemon of The Ponemon Institute, Facebook has hypnotized even the most private people , an elite group he calls "privacy-centric." They make up only 8 percent of the population. These folks won't even sign up for supermarket loyalty cards, but they will post pictures and tell stories on Facebook. In fact, they are so mesmerized that, untrue to their nature, they don't even spend more time tweaking their Facebook privacy settings than regular users.

"People want to believe they are safe," Ponemon said. There’s really no way to participate in Facebook without self-revelation – it’s baked right into the product, he points out. Without stepping forward, posting pictures, making your identity searchable, and so on, there is no payoff on Facebook. Because of that, Facebook even trumps personal Web pages – people put pictures and stories on Facebook that they’d never post on their own blogs, he said. "(People) like the tool, so they convince themselves there really isn't much risk.”

Privacy and behavioral economics expert Alessandro Acquisti, a professor at Carnegie Mellon University, agrees that Facebook seems to be eroding even skeptics’ concerns about being overly exposed. But he disagrees with Zuckerberg. There's no new social norm, Acquisti said. There's just a grand illusion.

Facebook has managed to convince users of something economists call an "illusion of control," Acquisti claims. Consumers who think they have power over the outcome of a transaction will naturally be overly self-confident. The effect is most obvious in gambling, where a craps player might believe he or she can roll snake eyes just by tossing the dice a little softer, and thus bet a little more. Human beings are easy to sucker into an "illusion of control."

The illusion at work
Here's how it works in the privacy realm: When consumers believe they can control what happens to their personal information, they don't fret about divulging it. Facebook and other so-called Web 2.0 sites, Acquisti says, has given people a false sense of security about the availability of their personal information to others.

How? By standing by while consumers confuse two different privacy issues – divulging information, and controlling the information after it’s divulged. Facebook users indeed have great control over what information they submit to the service - they have complete controls over what they post in their profile, for example (ignoring, for now, the imposter threat). But they have little control over how the data will be used after it's posted to the site. In a recent yet-to-be published paper on the subject, the distinction is described as control over publication vs. control over access.

"People seem to conflate he two issues, so on a psychological level they feel better because they feel they are in control," Acquisti said. "They underestimate the risks of how the data will actually be used." In an experiment, students who had few qualms offering up very personal information -- such as how many sexual partners they had -- for a Facebook-like service showed far more reticence when told random researchers would be creating a profile for them. While the end result would be the same, the idea of a human handling the information - gave the students pause. Acquisti and fellow researchers Laura Brandimarte and George Loewenstein attribute the cause to losing control over the actual act of sharing the information.

One other possible explanation, however, would be second thoughts because of human involvement. One college technology professor I know asks students on the first day of class to stand in front and show their Facebook page on a large screen to the rest of the class. No one ever does. Students share things online >hey don’t want to share in person.

Don't mean what they say?
Acquisti’s “illusion of control” theory is one reason for Facebook users’ seemingly incongruous behavior – so many say they are concerned with privacy, but fail to act as if they are concerned. This privacy paradox, however, is best understood through the simplest explanation. Privacy transactions are notoriously difficult to judge. The payoff from sharing a little information today is obvious; the punishment that may happen in the future is not. Giving a supermarket your phone number today might net you a 50-cent coupon on a gallon of ice cream; that’s an obvious benefit. But what is the cost? Reams of junk mail in the future? A health insurance premium surcharge because your grocery store reveals your bad eating habits? It’s nearly impossible to say. And so it is with Facebook – a picture that looks like fun at 22 could be a career-killer at 32. But people rarely make good choices about vague possibilities 10 years away. If we did, there would be no French fry industry.

Sure, Facebook site settings offer some ways to manage who can see the information. But the settings are easy to evade or hack, and Facebook's terms of service can be changed at any time. Not long ago, Facebook friend pictures ended up in personal ads without the users' permission. The ads were pulled, but they represent a small window into big possibilities.

But even if Facebook privacy settings were completely trustworthy, Acquisti argues that a fundamental usability problem skews the service – and all social networking tools - toward privacy-risky behavior. Two years ago, he did research which showed that only 1 percent of Facebook users had even touched their privacy settings. Facebook says that number has now grown to 20 percent, but still, there is an obvious flaw. It’s far easier to share than conceal. It is an order of magnitude easier to upload photos, for example, than it is to hide them from sets of potential viewers using privacy settings. As a result, site users will always overshare.

"Technology has vastly enhanced our ability to disseminate information, but we still lack controls on how that information will be used," Acquisti said. "It’s like we have made faster cars but have been much slower to develop new brakes."

Nothing to hide? Really? How about... So what? So what if an ex-girlfriend will occasionally bump into a picture of you bumping and grinding your new beau? What, really, is the harm?

Acquisti, like many psychologists, is convinced of the power of secrets – and he’s not anxious to live in a world without them.

"I do believe that inside each of us is an innate need for privacy, and there is a need to share. Right now, technology is much better at making us reveal than helping us maintain privacy," he said.

The human need for privacy is real. While some elements of privacy are relatively recent human developments, fundamental privacy needs have always existed. Nowhere on the planet do humans regularly make love in public, notes anthropologist Helen Fisher in a recent Psychology Today article.

No normal adult shares the same level of intimacy with their spouse, their friends, their colleagues, and strangers on the bus. It’s unhealthy – or just plain strange – to act otherwise, as anyone who’s ever uttered the words “too much information” can attest.

Meanwhile, the ability to keep secrets is a natural part of maturation. Children tell each other secrets to establish friendships. Adults keep secrets to gain advantage in business dealings. Journalists only gain the trust of sources by proving they can be trusted with secrets. Corporations often count secrets – intellectual property – as their most valuable asset.

And yet, the message implicit in avid use of Facebook is the credo of the 30 percent of adults who are privacy complacent by Ponemon’s scale – “I’ve got nothing to hide, so who cares?”

Privacy researchers spare no time in conjuring up doomsday plots in an attempt to make people care.

It’s easy to imagine an Internet predator using details left by kids to attack them (“Hey, I went to Riverdale Middle School, too! I’m sorry you are having a fight with your best friend…”)

Even sharing seemingly harmless details could have some future consequence.

Telling the world that your favorite rock band is the Beatles or Coldplay might seem innocuous enough, but what happens when an employment background firm shows that Coldplay fans who also like 60s music tend to come late to work? No law prevents that.

A slightly less ominous effect of lost privacy, something called “price discrimination,” is already a reality. Retailers have run numerous tests to hone the fine art of overcharging people who say they like something. For example: die-hard Coldplay fans are almost certainly likely to pay more for a new album than casual fans. Most won’t notice when their music retailer of choice slips in a $1 or $2 fan premium.

Data mining for everyone Until now, practicality has limited these kinds of scary possibilities, says Hugh Thompson, chief security strategist at People Security. Pulling together that much disparate information left all around the Web was a chore only government agencies would attempt. But that’s not true anymore. A host of new software programs aimed at small-time data mining are slowly becoming available. They scour the Web and create dossiers on target subjects in seconds. One, named Maltego, even provides visualizations of data points that connect people and things online.

“The critical barrier is it hasn’t been easy. It is now,” he said. “What was a ‘data wasteland’ is now the richest environment in human history for backgrounding people.“

It’s easy to see risks here. Few would argue with the need to keep medical conditions private, for example. Even exposed salary information, which sometimes is shared widely, can cause serious problems for the victim. Those with high incomes become an easy target for criminals.

But Acquisti conjures up even more fundamental concerns about lazy attitudes towards privacy. Information, he notes, is power.

“The minute someone knows something about you, they gain a measure of control over you,” he says. This is obvious in the case of an affair: If someone learns about your secret lover, they can hold a wide measure of control over your future. In a less obvious way, a future employer who knows that embarrassing Facebook photos from the past are hurting your job prospects can easily gain an upper hand in salary negotiations.

Worse still, the agency which might exercise that power someday might be a government, Acquisti notes. It would not be hard to use Facebook to determine who voted for McCain or Obama in 2008, even who is Republican and who is a Democrat. Maybe that’s okay; but if databases begin to erode the notion of secrets in politics, the election system could erode with it. Secret ballots are essential to a functioning democracy.

And perhaps the political threat won’t come in the United States. Perhaps, someday soon, foreign governments will screen travelers based on political positions mined from social networks.

“I’m worried about control in the future,” Acquisti said. “I feel that we are more and more getting adjusted to the idea that so much of what was done in private in the past is now done in public. I won't be surprised when corporations or governments make more and more claims on data. We are doing things today that 40 years ago we would have reacted by rioting, but now it is business as usual. By accepting these deals now we are paving the way for even more in the future. That’s why people who say they have nothing to hide…that argument is completely wrong.”

France joins Germany warning against Internet Explorer. By Jonathan Fildes Technology reporter, BBC News

Cliff Evans of Microsoft says IE8 is more secure than other browsers

France has echoed calls by the German government for web users to find an alternative to Microsoft's Internet Explorer (IE) to protect security.

Certa, a government agency that oversees cyber threats, warned against using all versions of the web browser.

Germany warned users on Friday after malicious code - implicated in attacks on Google - was published online.

But Microsoft told BBC News that IE8 was the "most secure browser on the market" and people should upgrade.

Cliff Evans, head of security and privacy, said that so far the firm had only seen malicious code that targeted the older version of its browser, IE6.

"The risk is minimal," he said.

For a web user to be affected, he said, they would have to be using IE6 and visit a compromised website.

"There are very few of them out there," he told BBC News.

However, if this did occur, a PC could become infected with a "trojan horse", allowing a hacker to take control of the computer and potentially steal sensitive information.

'Sophisticated attack'

Although the vulnerability has so far been exploited only in IE6, security researchers warned that could soon change.

"Microsoft themselves admit there is a vulnerability, even in IE8," said Graham Cluley of security firm Sophos.

This terrible piece of PR for Microsoft comes just as the IE browser which had almost total control of the market starts to come under pressure... Rory Cellan-Jones, BBC technology correspondent

Has China helped Google in the browser wars?

Mr Cluley said that because details of the exploit were now available online, hackers could soon change the code to target other versions of the browser.

He warned web users to be careful about clicking on links in unsolicited e-mails and advised all web users to upgrade their browser to the latest version, no matter which software they used.

The advice follows revelations that a "targeted and sophisticated" attack on Google exploited the vulnerability.

Google said last week that an attack on its corporate network had targeted the e-mail accounts of human rights activists.

The attack led Google to announce that it might withdraw from China, after it revealed that the attacks had probably originated in the country.

Following the news, Germany's Federal Office for Information Security issued a warning against all versions of Internet Explorer and recommended that users switch to an alternative such as Firefox or Google's Chrome.

The French agency Certa issued a similar warning.

"Pending a patch from the publisher, Certa recommends using an alternative browser," it said.

The UK government had said that it would not issue a similar warning. However, it said the Centre for the Protection of National Infrastructure (CPNI)was "monitoring the situation" and would "publish further advice if the risks change".

Patch path

But Mr Evans said that calls to change browsers were "not very helpful".

"If you look at other browsers, it's likely they will have other vulnerabilities," he said. Chinese computer user The vulnerability was found to be used in an attack on Google

He pointed to a report by security firm NSS Labs reportedly showing that IE8 provided better security against phishing and malware than other browsers.

"We feel strongly that IE8 is most secure browser on the market," Mr Evans said.

His advice was echoed by Mr Cluley.

"Switching away will get away from this particular problem," he told BBC News. "But all browsers have security flaws."

Mr Cluley said that switching away from IE could create other problems, particularly for companies.

"Some web-based applications may not work at all if you're not using Internet Explorer."

Microsoft is currently working on a patch for the problem, but a spokesperson said it could not commit to a timeframe.

The firm traditionally releases a security update once a month - the next scheduled patch will be ready on 9 February.

Keep your PC out of ‘denial of service’ attacks Security important for minimizing chances of computer becoming a 'zombie'

As a home user, you can't stop such denial-of-service attacks like those that hit Twitter and Facebook Thursday from happening, but you can do your best to make sure that your computer is not being used to instigate them.

"Once an attack like this starts going, there isn’t a heck of a lot an individual can do," said Rob Housman of the Cyber Secure Institute think tank. "But I think people can become better consumers in advance. This ought to factor into, first, how you configure and run your own computer, and second, what ISP you select."
Why your Internet service provider? Because they provide the gateway to your computer, first and foremost. "You need to work with your ISP to fight such an attack and it usually requires signing up for anti-denial-of-service features which are usually only available to corporate customers," said Johannes Ullrich, chief research officer for the SANS Institute, a national organization that does information security training, research and certification.

Among the questions consumers should ask of their ISPs, Housman says: "What are their filtering methods? How advanced is their filtering to know what’s coming and going on their servers? How much bandwidth do they have to deal with it? Do they have a security team and a rapid-response team? Do they have automated detection, so they can tell when something’s happening, when there’s a change being made to their system that shouldn’t be made?"

Those are a lot of questions. But denial-of-service attacks cause a lot of problems, not the least of which is the frustration of not being able to log into a site when you want to.

"If you find that a popular site is responding slowly, or not responding at all, it is best to just not use the site for a bit to allow them to recover," said Ullrich. "The worst thing to do (during a denial-of-service attack) is to keep pressing 'reload' in your (Web) browser, as this may make the attack worse."

Secure your computer
Home users also need to make sure their computers aren't unwittingly being used to launch denial-of-service attacks, which often plagued sites like Amazon, eBay, ETrade and Buy.com in 2000, when online shopping was just kicking into high gear.

The way those attacks were done hasn't changed much since then, with "cybercriminal using a network of compromised computers to send a ton of traffic to the target Web site," said Joris Evers, security specialist for McAfee. Evers himself was trying to get onto Twitter Thursday morning when the site was down.

"The attacker has under his or her control tons of computers — tens of thousands, sometimes even hundreds of thousands of computers — and they instruct those computers all at the same time to start going to a site. And the servers that run the site then buckle under that traffic and go down."

"It is possible that regular home users, without knowing it, may have had their computers be part of this attack against Twitter, if their machines had been infected or compromised by an attacker and made part of the network of machines to attack Twitter," Evers said.

Such a network is known as a "botnet," a network of compromised computers. Each compromised computer is called a "zombie."

"So we have a network of zombies in a botnet that are all at the same time told by the attacker to go to, or send traffic to, a specific Web site," Evers said.

"If the owner of that Web site doesn’t have sophisticated means of filtering the traffic that’s coming in, to block the bad traffic and let through the good traffic, and if the infrastructure on the back end isn’t strong enough to stand up to all the requests coming in, it will go down."

No advance warning
You're not going to know if or when your computer is being used for such an attack, Evers said.

The best steps to take in advance are, if you have a PC with Microsoft Windows, run automated security and software updates from Microsoft (Msnbc.com is a joint venture of Microsoft and NBC Universal), and use and update anti-malware software that includes both anti-virus and anti-spyware protection — whether it's McAfee's or another company's, he said.

Also, use a firewall, "so that if people are trying to attack your computer from the Internet, there is this block that will stop them from breaking into your PC," Evers said.

Be Internet-savvy, he said, and as tried-and-true-and-tired as you are of hearing this one, it's important: "Don't open e-mail attachments from people you don't know, and don't click on links that go to the darker side of the Web, where you might encounter malicious software, or someone trying to break into your PC."

'Demand more'
Housman, who served in the Clinton administration as assistant director for strategic planning in the White House Drug Czar’s Office, said the Internet can be viewed as "a kind of a commons, and unless we all act to protect the commons, we all become vulnerable."

If some don't act, "Well, those are the computers that get taken over, those are the computers that become botnets, those are the ones that get used for denial-of-service attacks, and then we all suffer for it," Housman said.

"That's why it's important to become a smart consumer, and take yourself out of the (vulnerability) equation as much as you can."

Consumers need to "demand more" when it comes to Internet security, he said. "Demand more of the Obama administration, demand more of the technology providers, demand more of the technology companies. There are ways that we can secure these things, we just need to be willing to do it."

Microsoft Issues Virus Warning

Microsoft Corp. has taken the rare step of warning about a serious computer security vulnerability it hasn't fixed yet. The vulnerability disclosed Monday affects Internet Explorer users whose computers run the Windows XP or Windows Server 2003 operating software. It can allow hackers to remotely take control of victims' machines. The victims don't need to do anything to get infected except visit a Web site that's been hacked. Security experts say criminals have been attacking the vulnerability for nearly a week. Thousands of sites have been hacked to serve up malicious software that exploits the vulnerability. People are drawn to these sites by clicking a link in spam e-mail. The so-called 'zero day' vulnerability disclosed by Microsoft affects a part of its software used to play video.

Microsoft urged vulnerable users to disable the problematic part of its software, which can be done from Microsoft's Web site, while the company works on a 'patch' ó or software fix ó for the problem.

Facebook phishing attack sought passwords
Company says e-mails with fake links have now been blocked

A Facebook e-mail phishing scheme was discovered early Thursday among users of the popular social networking site who may have inadvertently clicked on a fraudulent Web link included in a Facebook message to them.

The bogus link took users out of and away from the real Facebook to a fake Facebook site, where they were asked to log in again, giving their passwords, which may have been captured by those behind the scheme.

Facebook said e-mails with the fake link were blocked within the first few hours of being sent out, and that those who may have fallen for the ruse have had their passwords automatically re-set "so that any data the bad guys have becomes useless very quickly," said company spokesman Barry Schnitt.

Users who did bite on the phishing lure will receive an e-mail from Facebook notifying them that their passwords have been re-set.

One version of the e-mail went like this: "Richard sent you a message. Subject: Hello. "Check 121.im" with "121.im" as a Web link and fake Facebook page.

The phishing scam grew rapidly because accounts that were compromised "immediately sent out hundreds of messages, all with the same content, with the same link," Schnitt said. He said it is "too early to tell" how many of Facebook's 200 million users were affected by the scam.

"We blocked the (fake) URL and that messages that were being sent," he said. "Then we went into inboxes and walls and deleted that content...Even if you (now have) one of these messages in your account, by the time you try to go to it, it will either be deleted, or when you click on the URL, it won't take you anywhere."

Schnitt urged users to make sure their Web browsers are updated to help flag and even block phishing Web sites.

"The other thing they should be is generally suspicious," he said. "Why is my friend sending me this link, why is my friend using broken English, what is this URL? Those are red flags. Those URLs (Web site addresses) weren't common URLS. Those should all be red flags for users."

"People are too quick to click," said Mary Landesman, senior security researcher for ScanSafe, which provides Web security as a service to businesses.

Some employers have banned the use of Facebook in the workplace, and Landesman says there's good reason for that.

"I don't want to say there's no legitimate business reason to use Facebook, but by and large, it is a non-business application and is being used for non-business purposes," she said. "And if you have employees at work that are accessing Facebook that fall for one of these e-mails, which could include a worm and infect the computer, then it becomes the enterprise's problem because they have malware on their computers.

"I don't want to sound harsh, saying 'Trust no one,' but as Web users we have to have a more critical eye, a more discerning eye on what we click on," Landesman said.

Click for related content Waiting for baby (on Facebook) Facebook backs down on policy changes Facebook surfing while sick costs woman job

Facebook and other social networking sites, including MySpace, have had previous problems with malware on occasion.

Facebook recently chose the MarkMonitor enterprise security firm to supplement its own security efforts. MarkMonitor noted last month that "social utility leaders such as Facebook can be prime targets for malware attacks due to the brand's strong appeal which can be used to trick users into being infected and the ability to use the communication platform as a distribution channel."

Koobface virus hits Facebook

A worm responsible for sending Facebook users malicious code appears to be limited in nature, although the social engineering attack may be used again, say experts.

Facebook representative Barry Schnitt said the worm isn't new; it dates back to August, although the variant that first appeared on Wednesday targets only Facebook users.
Craig Schmugar, threat researcher for McAfee Avert Labs, confirmed this in a call with CNET News and said that, in general, Koobface strikes only social-networking sites.

After receiving a message in their Facebook in-box announcing, "You look funny in this new video" or something similar, recipients are then invited to click on a provided link. Once on the video site, a message says an update of Flash is needed before the video can be displayed. The viewer is prompted to open a file called flash_player.exe.

A new mass-mailing virus targeting Facebook users directs victims to a site asking to download a Trojan masked as an Adobe Flash update. (Credit: McAfee Avert Labs)

Schmugar said the prompt for a new player should be a warning. "The messages you tend to get from these sites don't look quite right." For instance, IE will tell you where the update is coming from, and usually it's not an Adobe site.

If the viewer approves the Flash installation, Koobface attempts to download a program called tinyproxy.exe. This loads a proxy server called Security Accounts Manager (SamSs) the next time the computer boots up. Koobface then listens to traffic on TCP port 9090 and proxies all outgoing HTTP traffic. For example, a search performed on Google, Yahoo, MSN, or Live.com may be hijacked to other, lesser-known search sites.

Schmugar said this version of Koobface includes a bot-like component that could install other malicious apps at a later time.

Facebook's Schnitt said, "Only a very small percentage of Facebook users have been affected and we're working quickly to update our security systems to minimize any further impact, including resetting passwords on infected accounts, removing the spam messages, and coordinating with third parties to remove redirects to malicious content elsewhere on the Web."

Facebook has posted instructions on how to remove the infection.

McAfee's Schmugar said this attack is similar to e-mail attacks 10 years ago in that Koobface is using infected friends lists, reminiscent of early mass-mailing worms. As was the recommendation then, he advises users not to open any unexpected e-mail attachments, even if they are from someone you know.

Conficker virus begins to attack computers on the quiet

The malicious software program Conficker, which many feared would wreak havoc on April 1, is slowly being activated security experts warned.

The virus, also known as Downadup or Kido, is quietly turning thousands of personal computers into servers of e-mail spam and installing spyware, they said.

It started spreading late last year, infecting millions of computers and turning them into 'slaves' that respond to commands sent from a remote server that effectively controls an army of computers known as a botnet.

Its unidentified creators started using those machines for criminal purposes in recent weeks by loading more malicious software onto a small percentage of computers under their control, said Vincent Weafer, a vice president with Symantec Security Response, the research arm of the world's largest security software maker, Symantec Corp.

'Expect this to be long-term, slowly changing,' he said of the worm. 'It's not going to be fast, aggressive.'

Conficker installs a second virus, known as Waledac, that sends out e-mail spam without knowledge of the PC's owner, along with a fake anti-spyware program, Mr Weafer said.

The Waledac virus recruits the PCs into a second botnet that has existed for several years and specializes in distributing e-mail spam.

'This is probably one of the most sophisticated botnets on the planet. The guys behind this are very professional. They absolutely know what they are doing,' said Paul Ferguson, a senior researcher with Trend Micro Inc, the world's third-largest security software maker.

He said Conficker's authors likely installed a spam engine and another malicious software program on tens of thousands of computers since April 7.

He said the worm will stop distributing the software on infected PCs on May 3 but more attacks will likely follow.

'We expect to see a different component or a whole new twist to the way this botnet does business,' said Mr Ferguson, a member of The Conficker Working Group, an international alliance of companies fighting the worm.

Researchers had feared the network controlled by the Conficker worm might be deployed on April 1 since the worm surfaced last year because it was programed to increase communication attempts from that date.

The security industry formed the task force to fight the worm, bringing widespread attention that experts said probably scared off the criminals who command the slave computers.

The task force initially thwarted the worm using the Internet's traffic control system to block access to servers that control the slave computers.

Viruses that turn PCs into slaves exploit weaknesses in Microsoft's Windows operating system.

The Conficker worm is especially tricky because it can evade corporate firewalls by passing from an infected machine onto a USB memory stick, then onto another PC.

The Conficker botnet is one of many such networks controlled by syndicates that authorities believe are based in eastern Europe, Southeast Asia, China and Latin America.

Cautions for MAC users, there are viruses that can affect your Mac Book

Depending on how closely you stick to the word of the law, you may or may not be aware of the potentially dangerous trojan called “OSX.Trojan.iServices.A” unleashed on some of the Mac community last week via a pirated copy of iWork ‘09. The trojan, discovered by Mac security software company Intego, allows the distributor of the malicious software to access and modify the affected system remotely, performing actions such as adding files. Such a vulnerability is potentially fatal to an operating system.

According to Intego’s numbers, more than 20,000 people have downloaded the affected file, a number which also says something about Apple’s ability (or desire?) to curb piracy of its proprietary software. Instructions on how to rid your computer of the virus in case you are among that unlucky 20,000 can be found here, but they can’t take away your shame.

This week, another round of infections has appeared, this time targeting a different, but similar group of pirates. The victims are users who downloaded a pirated copy of Adobe’s popular photo editing program, Photoshop CS4. Again, the people responsible for finding and broadcasting the existence of the trojan are Intego. This one is aptly dubbed “OSX.Trojan.iServices.B”, and actually comes from the serial generator that packages with the Photoshop installer, and not the installer itself. The CS4 trojan presents the same risks as the iWork ‘09 version. Intego reports 5,000 downloads to date.

With two such high-profile virus detections coming so closely on each other’s heels, the question inevitably arises: Is Mac’s status as a highly secure option to Windows in danger? Clearly, Mac users are beginning to present a more attractive target to hackers, because the platform itself is becoming more popular. Not only that, but Mac users may be even more susceptible than others, since they traditionally haven’t had to worry much about malicious attacks.

No doubt the conspiracy theories that security companies cause and cure viruses will also crop up, especially with two such similar detections from the same source in such a short period of time. The reaction might be especially strong, considering how secure most Mac users believe their computers to be.

Really, as it stands, the only people at risk are those trying to pirate software, so it’s not really a case of “Is the OS less secure?”, so much as it is one of “Are Mac users security savvy?”. Pirated software distributed via Torrents has always been a high-risk area, but those running a Mac OS have had the luxury of being less guarded about those types of threats because the malicious code they contained was generally written to attack Windows machines.

The time may have come to star learning more smart surfing practices, but I think the general Mac-using populace can hold off on putting their computers on lock-down. Unless, that is, they plan on pirating like crazy, in which case, shields up.

Beware Conficker worm come April 1, 2009

In an event that hits the computer world only once every few years, security experts are racing against time to mitigate the impact of a bit of malware which is set to wreak havoc on a hard-coded date. As is often the case, that date is April 1.

Malware creators love to target April Fool's Day with their wares, and the latest worm, called Conficker C, could be one of the most damaging attacks we've seen in years.

Conficker first bubbled up in late 2008 and began making headlines in January as known infections topped 9 million computers. Now in its third variant, Conficker C, the worm has grown incredibly complicated, powerful, and virulent... though no one is quite sure exactly what it will do when D-Day arrives.

Thanks in part to a quarter-million-dollar bounty on the head of the writer of the worm, offered by Microsoft, security researchers are aggressively digging into the worm's code as they attempt to engineer a cure or find the writer before the deadline. What's known so far is that on April 1, all infected computers will come under the control of a master machine located somewhere across the web, at which point anything's possible. Will the zombie machines become denial of service attack pawns, steal personal information, wipe hard drives, or simply manifest more traditional malware pop-ups and extortion-like come-ons designed to sell you phony security software? No one knows.

Conficker is clever in the way it hides its tracks because it uses an enormous number of URLs to communicate with HQ. The first version of Conficker used just 250 addresses each day -- which security researchers and ICANN simply bought and/or disabled -- but Conficker C will up the ante to 50,000 addresses a day when it goes active, a number which simply can't be tracked and disabled by hand.

At this point, you should be extra vigilant about protecting your PC: Patch Windows completely through Windows Update and update your anti-malware software as well. Make sure your antivirus software is actually running too, as Conficker may have disabled it.

Microsoft also offers a free online safety scan here, which should be able to detect all Conficker versions.

Conficker Worm Strikes Back With New Variant (PC World)

The Conficker/Downadup worm managed to slither onto millions of PCs worldwide at its height, but after it initially infected a computer it only really acted to spread itself, and didn't cause further harm. Until now.

Symantec reports today that it has found a new variant of the virulent worm that will identify antivirus software or security analysis tools running on the infected PC, and attempt to shut down those programs. This is a strong signal that the worm's mysterious creators haven't abandoned their creation in the face of worldwide attention, as some in the industry have theorized, but may still have plans to make a buck off their work.

Vincent Weafer, Vice President, Symantec Security Response, says the company has only seen the new variation as an update that was sent to an existing worm on a honeypot (a machine that's purposely left infected to watch for updates and changes). Symantec hasn't yet seen this functionality in a new worm variant that can spread on its own, Weafer says, but that may be coming.

In addition to the strike against security software, which is a common tactic for malware, the new functionality also expands the lists of domains Conficker will check each day for updates from 250 to 50,000. This is a clear attempt to counter an industry coalition that attempts to block access to those domains each day.

That coalition is largely successful, Weafer says, but while the worm's ability to reach a domain for an update is much lowered, it's not zero. And if one infected PC in a network can sneak through to pick up this update, it may be able to spread it to other already infected PC's using a peer-to-peer ability. Weafer estimates current infections in the hundreds of thousands, down from millions after a heavy worldwide cleanup effort.

Also, Symantec is still in the process of investigating the new code, according to Weafer, and may still find other new tricks in the new variant.

To protect against the Conficker worm, first make sure you've installed the patch that closes a targeted hole in the Microsoft Server Service. Next, protect any network shares and administrator accounts with a strong password, as Conficker will try to guess easy ones.

Finally, you can block the worm's third infection, which hijacks thumb drives and other removeable media, by disabling Autorun on Windows. PC World has a download available that can automate that step for Windows XP users, and Microsoft has posted manual instructions. Check my original Conficker post for more information on how it spreads.

How to tell, what to do if computer is infected

Computer-virus infections don't cause your machine to crash anymore.

Nowadays, the criminals behind the infections usually want your computer operating in top form so you don't know something's wrong. That way, they can log your keystrokes and steal any passwords or credit-card numbers you enter at Web sites, or they can link your infected computer with others to send out spam.

Here are some signs your computer is infected, tapped to serve as part of "botnet" armies run by criminals:

• You experience new, prolonged slowdowns. This can be a sign that a malicious program is running in the background.

• You continually get pop-up ads that you can't make go away. This is a sure sign you have "adware," and possibly more, on your machine.

• You're being directed to sites you didn't intend to visit, or your search results are coming back funky. This is another sign that hackers have gotten to your machine. So what do you do? • Having anti-virus software here is hugely helpful. For one, it can identify known malicious programs and disable them. If the virus that has infected your machine isn't detected, many anti-virus vendors offer a service in which they can remotely take over your computer and delete the malware for a fee.

• Some anti-virus vendors also offer free, online virus-scanning services.

• You may have to reinstall your operating system if your computer is still experiencing problems. It's a good idea even if you believe you've cleaned up the mess because malware can still be hidden on your machine. You will need to back up your files before you do this.

How do I know what information has been taken?

• It's very hard to tell what's been taken. Not every infection steals your data. Some just serve unwanted ads. Others poison your search result or steer you to Web sites you don't want to see. Others log your every keystroke. The anti-virus vendors have extensive databases about what the known infections do and don't do. Comparing the results from your virus scans to those entries will give you a good idea about what criminals may have snatched up.

Excel 2007 hit by 'zero day' attack.

Microsoft's Excel spreadsheet has a zero day (0-day) vulnerability that attackers are exploiting on the Internet, according to security vendor Symantec.

A 0-day vulnerability is one that does not have a patch and is actively being used to attack computers when it is publically revealed. The problem affects Excel 2007 and the same version of that program with Service Pack 1, according to an advisory on SecurityFocus, a website that tracks software flaws.

Other versions of Excel may also be affected, it said.

The program's vulnerability can be exploited if a user opens a maliciously-crafted Excel file. Then, a hacker could run unauthorised code. Symantec has detected that the exploit can leave a Trojan horse on the infected system, which it calls "Trojan.Mdropper.AC."

That Trojan, which works on PCs running the Vista and XP operating systems, is capable of downloading other malware to the computer. Microsoft said it is only aware of "limited and targeted attacks" and that it would release more information later on Tuesday.

Hackers have increasingly sought to find vulnerabilities in applications as Microsoft has spent much effort into making its Vista OS more secure.

Tech: What will go wrong in 2009 Posted: Tuesday, December 30 at 05:00 am CT by Bob Sullivan

At 12:30 a.m. on Dec. 2, hackers pulled off what might have been the perfect computer crime. You can expect a host of imitators during 2009.

Beginning early that morning and continuing for nine hours, customers who visited MyCheckFree.com to pay bills made an unexpected visit to computer servers in the Ukraine. The customers did nothing wrong; many followed a bookmark or even typed in the Web address manually, as security experts advise. And Checkfree didn't do anything wrong either. The company's computers weren't hacked.

Instead, criminals hijacked all traffic headed for the bill-paying service by tricking the Internet's domain name server system, which links common Web site names like msnbc.com to their numeric equivalents.

Checkfree had to send out notices to 5 million customers indicating they might have been victims of identity theft, though the number of visitors actually affected by the scam was probably closer to 160,000, according to the Wisconsin Office of Privacy Protection.

If you're wondering what computer headaches you should expect in 2009, the Checkfree attack should be high on your list, says Amit Klein, a domain name system expert at The Trusteer Security Research Group. He compared the attack to a phishing attack on steroids, and said it will probably keep security professionals up late at night. None of their fancy security tools can ward off complete interception of traffic headed to a Web site.

"(This attack) can bypass sophisticated network, authentication and end point security mechanisms," Klein said. “It is likely to become more common (next year).”

Once again, 2008 failed to bring a virus that brought the computer world to its knees. In fact, it's hard to imagine a worldwide attack on software that would have the impact of the notorious Melissa or LoveBug viruses, which stopped so many PCs that they created the equivalent of a snow day for office workers.

Targeted attacks and cell phones The Checkfree attack serves as reminder that computer criminals favor small, targeted, profitable attacks over loud, obnoxious ones. You don't hear much anymore about "bot networks," those armies of hijacked home computers that made headlines two years ago. But experts still believe millions of home PCs are enslaved by criminal software. As evidence, they point to the continued nuisance of spam, which represents about 81 percent of all e-mail and mostly originates on hijacked PCs, according to spam-fighting firm MessageLabs.

Even the latest hacker fad -- attacks on social networking sites like Facebook – is designed to quietly gather personal information rather than noisily destroy Web sites.

Don't get me wrong: I'm not saying we'll never have another computer virus epidemic. The next big nemesis, many security experts say, will not be a virus that slays personal computers, but one that wreaks havoc with your cell phone.

For years, technology writers have penned stories predicting that the coming year will be the one in which an ominous mobile worm that destroys handsets, calls all your friends and hacks into e-wallets to purchase thousands of cans of Coke from e-pay enabled vending machines in Japan.

All these things will happen. Smartphones will one day meet their match in the virus writing community. But I'm going to side with security researcher Vincent Weafer of Symantec, who proved to have a clear crystal ball a year ago when predicting the rise of Facebook-style attacks, and say that a mobile virus epidemic this year is unlikely.

Weafer thinks a killer smartphone virus is still a ways off, particularly because smartphones still account for just 11 percent of the cellular phone market, according to research firm Gartner. He reasons that virus writers won't focus their attention on cell phones until they believe they can knock a significant portion of them offline with a single worm.

More to the point, Weafer said, mobile phone attacks won't really take off until mobile banking takes off. Criminals go where the money is. And in countries like Brazil and China, where many viruses now originate, mobile banking is still several years off.

Other mobile phone features are ripe for attack, however. Weafer warned that authentication tools like password reminders are vulnerable. Many firms now send password resets or PIN codes through text messaging to telephones. It's generally considered safe for a Web site to send a password reminder to a cell phone number stored when customers sign up, a technique that's called "out of band" authentication. But criminals have caught on to that vulnerability and are hard at work looking to intercept such messages.

COMING NEXT YEAR

In addition to flying PINs, what should you watch out for next year to stay cybersafe? The Checkfree incident points to a larger problem:

There are new reasons not to trust the Web sites you visit. Getting a virus by clicking on an infected attachment is now passé; if your computer gets sick next year, it will probably be because you visited a booby-trapped Web site.

The Checkfree attack is just one way that criminals can take advantage of well-known brand names to attack your computer. Thanks to the proliferation of Web 2.0 services, which increasingly rely on third-party content that is “sucked” into traditional sites, there are new ways for criminals to place corrupt code on otherwise trustworthy pages. Attackers have spent the better part of this year finding vulnerabilities in Web software so viruses can be injected onto Web servers, so that you'll download them even if you only visit sites you trust.

Right before Christmas, Microsoft had to rush out a patch for a vulnerability in Internet Explorer that allowed just such an attack. The firm said that 1 in 500 Net users were exposed to the flaw during its first week of exploitation.

Mary Landesman, a virus expert at the ScanSafe security firm, said Web-delivered malicious software exploded at the end of 2008 -- in fact, more viruses were delivered this way in October than the entire year of 2007. As in the heyday of e-mail worms, she thinks Web-delivered viruses may get “out of control” during 2009 before companies reign them in. Unfortunately, in some cases the cure may be worse that the disease.

Most Web sites rely on third-party firms to place ads on their sites, and Landesman expects frustrated software designers will begin blocking all third-party connections or scripting to stop viruses.

To stay safe, Internet users must know that Web sites -- even trusted ones -- have the potential to infect their computers under certain circumstances. That means it is more important than ever to run up-to-date security software and to download the necessary patches. It's also important to know which sites the kids are visiting, as Web site attacks are more common on less popular sites like music download haunts and second-tier game sites. Users might consider turning off scripting capabilities in their Web browsers, but that means many popular Web sites won’t work properly.

Criminals are becoming much more precise with identity theft-related scams. By now, it seems absurd that anyone would fall for a traditional Nigerian scam promising riches from a recently-deposed royal family. But Weafer, the Symantec expert, said con artists are compiling databases of information that allow them to personalize attacks in believable ways. New Nigerian scams come bearing the recipient's first name, perhaps their hometown and in some cases, allude to other personal information such as family members?

Where does this information come from? It's easily gleaned from social networking sites like Facebook.

"What we're talking about is much more like data mining," Weafer said. In the underground data trade, criminals now pay much more for data sets that include geographic location or employment information, Weafer said.

Criminals are using social networking sites to trick "Forgot your password?" features on many Web sites. By gleaning information such as victim's pet names, school affiliations and middle names, criminals can sometimes pass the "question" challenges provided by sites to authorize password retrievals. Then, they get their hands on login information for private e-mail, corporate networks and even online banking.

Cybercriminals will continue to hit people where they are most vulnerable, targeting the recently unemployed. Security firm McAfee warned in November that work-at-home scams have skyrocketed. Scams that offer to help victims file for unemployment benefits -- tricking them into paying for something that should be free -- also have risen.

Finally, expect more lost and stolen data next year. The year 2008 brought remarkable data breaches and thefts, including 4 million credit cards exposed to hackers by grocery chain Hannaford Brother, announced in March; 12 million customer identities lost on a backup tape by Bank of New York Mellon in March; 3.4 million motor vehicle records transmitted online by the Colorado motor vehicle department; millions of birthdays inadvertently exposed by Facebook; and 2 million identities stolen by a former Countrywide Financial employee. There’s no reason to believe that depressing trend won’t continue.

Serious flaw in Internet Explorer not fixed yet. Flaw lets criminals infiltrate victims' machines by visiting tainted Web sites

updated 5:57 p.m. ET, Mon., Dec. 15, 2008

SAN FRANCISCO - Users of all current versions of Microsoft Corp.'s Internet Explorer browser might be vulnerable to having their computers hijacked because of a serious security hole in the software that had yet to be fixed Monday.

(Msnbc.com is a joint Microsoft - NBC Universal venture.)

The flaw lets criminals commandeer victims' machines merely by tricking them into visiting Web sites tainted with malicious programming code. As many as 10,000 sites have been compromised since last week to exploit the browser flaw, according to antivirus software maker Trend Micro Inc.

The sites are mostly Chinese and have been serving up programs that steal passwords for computer games, which can be sold for money on the black market. However, the hole is such that it could be "adopted by more financially motivated criminals for more serious mayhem — that's a big fear right now," Paul Ferguson, a Trend Micro security researcher, said Monday.

"Zero-day" vulnerabilities like this are security holes that haven't been repaired by the software makers. They're a gold mine for criminals because users have few ways to fight off attacks.

The latest vulnerability is noteworthy because Internet Explorer is the default browser for most of the world's computers. Also, while Microsoft says it has detected attacks only against version 7 of Internet Explorer, which is the most widely used edition, the company warned that other versions are also potentially vulnerable.

Microsoft said it is investigating the flaw and is considering fixing it through an emergency software patch outside of its normal monthly updates, but declined further comment. The company is telling users to employ a series of complicated workarounds to minimize the threat.

Many security experts, meanwhile, are urging Internet Explorer users to use another browser until a patch is released.

FBI warns of cyber crimes, scammers

The joy of the holidays doesn't deter crime. According to the Federal Bureau of Investigation, criminals may find more avenues to commit those acts this time of year as online communication and shopping increases.

The agency this week issued a release to warn people that criminals are finding more ways to steal money and personal information via the Internet this holiday season.

Following are ways to reduce the chance of falling victim to a scam.

* Do not click on links in unsolicited e-mail and do not respond to unsolicited e-mail (spam). In the greeting card scam, recipients are sent e-cards, some of which may appear to be from a family member or friend. The mail would then require the person to click a link to retrieve the card and could take the victim to a malicious Web page. Malware is designed to infiltrate or damage a computer without the user's informed consent.

* Log on to official Web sites instead of linking to them from an unsolicited e-mail. Spoofing scams are used to steal personal information and occur when criminals create a false or shadow copy of a Web site or e-mail. Network traffic between the victim's browser and the shadow page are sent through the spoofer's machine, including credit card numbers and other personal information.

* Avoid completing forms in e-mail messages that ask for personal information. Phishing and vishing attacks happen when a person gets an e-mail reporting a problem with an account. The person is then asked to follow a link to update the account or fix the problem. The link would actually direct one to a fraudulent Web site where PIN numbers and other information could be compromised.

Worm uses familiar brands to lure people. Holiday Coupons Emails McDonald's, Coca-Cola, and Hallmark.

On Tuesday security vendor WebSense issued an alert warning that holiday coupon e-mails from familiar companies may be malicious code in disguise, in this case a mass-mailing e-mail worm.

The warning cites one spoofed McDonald's e-mail that claims to present their latest discount menu, and asks the recipient to print out the attached coupon. A similar mailing pretending to be from Coca-Cola asks recipients to print out details about their new online game, and also offers recipients a chance to win Coca-Cola drinks for life. Websense says the attached zip file contains files named either coupon.exe or promotion.exe, both of which contain dropper files for remote access Trojan horses.

Previously, Websense issued an alert for a holiday-themed animated postcard.

This cute holiday card could install a worm on your PC, says McAfee. (Credit: McAfee)

On Wednesday, McAfee identified a third holiday-themed e-mail using the Hallmark brand. McAfee has named the malware used as W32/Xirtem@MM and says this particular worm carries a built-in SMTP engine that mass-mails copies of itself to e-mail addresses harvested from an infected machine.

In all cases the e-mail appears to be legitimate, using images taken from the McDonald's, Coca-Cola, and Hallmark sites.

To avoid compromise, antivirus experts recommend not opening e-mail attachments as well as keeping your desktop's antivirus protection up-to-date