Security Bytes

January 3, 2008  7:19 AM

Ransomware locks you out, demands $35

Leigha Leigha Cardwell Profile: Leigha

Sunbelt Software CEO Alex Eckelberry warns in a blog posting that new ransomware is on the loose, locking up victims’ machines and demanding $35 to return functionality to the user.

The bad guys are using the Delf.ctk Trojan to hijack the PCs, and victims are told to dial a 900 number that can be traced to “,” a payment processor also used by hardcore pornography Web sites to charge for access to their content, Eckelberry wrote. He offers a step-by-step account of what happens, complete with screen shots the victims encounter.

Eckelberry says a search on the US 900 number shows the first link as passwordtwoenter com, which shares an IP with a number of other similar sites:

p2e com
chargemybill com
chargemyphonebill com
password2enter com
passwordtoenter com
passwordtwoenter com
phonetoenter com
pin2enter com
pintoenter com
pintwoenter com
ptwoe com

“Apparently, this is a payment processor that’s now being used for malware, whether they know it or not,” he wrote.

January 3, 2008  7:05 AM

McAfee glitch leads to false detections

Leigha Leigha Cardwell Profile: Leigha

A reader emailed us yesterday warning that a link in our Dec. 20, 2007 Security Wire Perspectives email newsletter points to a page containing an exploit script. We puzzled over this one yesterday afternoon, but thanks to the folks at the SANS Internet Storm Center (ISC), the mystery appears to be solved.

According to ISC’s Pedro Bueno, others have reported that their AV was detecting the JS/Exploit-BO virus when visiting such sites as ESPN and Friendster.

It appears the problem is with the McAfee AV. He wrote that McAfee just released an emergency DAT to fix the false reading on some JavaScripts. The new DAT is available here.

December 21, 2007  9:01 PM

Money for nothing and security for free

Eric Parizo Eric Parizo Profile: Eric Parizo

During a time of year when it seems like we all spend waaaay too much on presents, holiday decorations and travel, among other things, it’s always nice to get a little something for free.

To that end, I thought I’d take a moment to point out a few free security offerings, courtesy of contributor Peter Gregory, who you may recall produced our Security School lesson this year on Windows Vista intrusion defense, and in his spare time serves as chief of infosec and risk management at Concur Technologies. 

This week Peter offers up a helpful entry on his blog covering free information security tools and services. It’s got a little something for passengers and sailors alike: free antivirus, antispyware and anti-rootkit tools — which will help that distant cousin who will surely ask you over Christmas dessert why his AV-free PC is running so slow lately — and hardened security pros can have some fun with the file eraser and data encryption tools.

And did I mention all this was free? 🙂

A very merry Christmas and happy New Year everyone!

December 20, 2007  2:53 PM

America’s Next Top H4×0r

David Schneier David Schneier Profile: David Schneier

Maybe it’s a result of the TV writers’ strike or maybe it’s just the natural next step in a world in which there are reality shows about dueling choirs and kids living alone, “Lord of the Flies” style. Whatever the reason, security is finally getting its due in the form of an upcoming Court TV documentary called “Tiger Team.” The show follows the exploits of a three-man team of penetration testers as they work their black magic on various corporate networks. But, in addition to using tools such as Core Impact to find soft spots in computer security, the team will be using various social engineering techniques to see how much havoc they can wreak on clients’ physical security, as well. The team itself is a group of experts from a company called Alternative Technology in Colorado.
For viewers accustomed to the absurd security-related antics on shows like “24” and movies such as “Swordfish” and “Hackers,” I’m not sure how exciting the sight of someone using an Apache exploit will be. But it’s got to be better than “Private Practice” or “Rock of Love.” The show premieres on Christmas night at 11 p.m. EST and PST.

December 20, 2007  12:52 PM

From Russia with love

Leigha Leigha Cardwell Profile: Leigha

Bill BrennerBeing in the Christmas spirit and all, I’m going to dispense with the usual advice-oriented column this week. Fear not, I’ll get back on theme after the New Year.

For this week, I want to focus on some blog chatter about the latest malicious creation to come out of Russia, because, well, it amuses me. It probably shouldn’t, but it does.

According to security software firm PC Tools, someone in Russia has created malware that flirts with females or males seeking relationships online in order to dupe them out of their personal data. Security Blog Log

CyberLover can conduct fully automated flirtatious conversations with chat-room visitors and dating sites to lure them into a set of dangerous actions such as sharing their identity or visiting Web sites rigged with malware. It can establish a new relationship with up to 10 partners in just 30 minutes and its victims cannot distinguish it from a human being.

“As a tool that can be used by hackers to conduct identity fraud, CyberLover demonstrates an unprecedented level of social engineering,” says Sergei Shevchenko, senior malware analyst at PC Tools. “It employs highly intelligent and customized dialog to target users of social networking systems.”

The sad thing is that the creators of CyberLover are certain to make money off this, since there are plenty of gullible people out there looking for love in all the wrong places.

Folks in the blogosphere are talking about how this thing comes close to passing the Turing Test, which I honestly had never heard of before today. According to an entry in Wikipedia, The Turing Test is a proposal for a test of a machine’s capability to demonstrate intelligence. Described by Alan Turing in the 1950 paper “Computing machinery and intelligence,” it proceeds as follows: a human judge engages in a natural language conversation with one human and one machine, each of which try to appear human; if the judge cannot reliably tell which is which, then the machine is said to pass the test.  [On a slightly unrelated note, Turing, an English mathematician, logician, and cryptographer whose life ended in suicide, will be the theme of the RSA security conference in April.]

Technologist Brad Templeton writes about CyberLover and the Turing test in his Brad Ideas blog, noting how it may be having a successful run by fooling people in a language that is a second language to the target, and/or claiming that it is using a second language for itself. With English as the lingua franca of the Internet and world commerce, he notes, it’s common to see two people talk in English, even though it is not the mother tongue of either of them.

“It’s easier to see how a chatbot, claiming to not speak English (or some other ‘common’ language) very well — and Russian not at all — might be able to fool a Russian whose on English is meager,” he wrote, “though you have to be pretty stupid to give away important information within 30 minutes to a chat partner you know nothing about.”

Curt Monash, a leading analyst of and strategic advisor to the software industry, wrote in the Text Technologies blog that it might be fun to point two copies of the bot at each other and watch them chat each other up.

Meanwhile, a visitor to the Slashdot blogging forum was reminded of a bot he created years ago that would randomly send people messages until the person at the other end stopped responding.

It spewed out nonsense sentences and most people ignored them from the start, the blogger noted, but even those that didn’t quickly got the idea when it cycled back on the same message more than once. One time, however, he remembered “this one guy replying back to this bot as if it was a real person for almost two hours!”

What I’m reminded of, though, is a conversation I had with security luminary Eugene Kaspersky in October. During a visit to Kaspersky Labs’ Massachusetts office, I asked Kaspersky why so much malware comes from his homeland.

A dismal economy and lax law enforcement is fueling the problem, nudging Russian computer programmers into an underground market where easy money can be made creating programs used to steal credit card and Social Security numbers.

“[Russian hackers] don’t see themselves as doing anything criminal,” Kaspersky said at the time. Many Russian programmers compare themselves to weapons manufacturers — they build the technology but are not the ones using it. In other words, they’re not responsible if someone else is pulling the trigger. Meanwhile, Kaspersky said, the Russian economy is still shaky enough that people are looking for ways to make a steady living, and building malware for online gangsters is one way to do it.

And so you can expect a lot more of this malware in the new year and beyond.

My take: If you can’t see the person in front of you, it’s probably best not to flirt with them in the first place.

About Security Blog Log: Senior News Writer Bill Brenner peruses security blogs each day to see what’s got the information security community buzzing. In this column he lists the weekly highlights. If you’d like to comment on the column or bring new security blogs to his attention, contact him at

December 20, 2007  5:56 AM

Mozilla releases Firefox 3 beta 2

Leigha Leigha Cardwell Profile: Leigha

Mozilla has delivered on its promise to release the second beta for Firefox 3 by year’s end. Security is to be a major part of Firefox 3, and I recently asked some IT professionals to play around with it and offer some additional impressions. The reviews were mainly positive.

Check out the report here.

December 18, 2007  8:48 AM

Mega patch for Mac users

Leigha Leigha Cardwell Profile: Leigha

Apple users tend to have a false sense of security superiority when it comes to their beloved Mac machines. But you gotta give Apple some credit — when a security hole is discovered, the company is pretty good about patching it quickly.

This time around, Apple has released Security Update 2007-009 to fix some 41 flaws in Mac OS X and the Safari Web browser.

The SANS Internet Storm Center (ISC) Web site has a pretty good summary of what’s been fixed:

2007-009 10.5.1 includes fixes for CF Network, Core Foundation, CUPS, Flash Player Plug-in, Launch Services, perl, python, Quick Look, ruby, Safari, Samba, Shockwave Plug-in and Spin Tracer.

2007-009 10.4.11 Universal and 10.4.11 PPC include fixes for Address Book, CUPS, ColorSync, Core Foundation, Desktop Services, Flash Player Plug-in, gnutar, iChat, IO Storage Family, Launch Services, Mail, perl, python, ruby, Samba, Safari, Shockwave Plug-in, SMB, Spotlight, tcpdump and XQuery.

“Several of these issues are rather serious, so we strongly advise installing these updates at your earliest convenience,” ISC handler Maarten Van Horenbeeck wrote, adding that users can read up on the individual CVE numbers and vulnerability descriptions here.

December 17, 2007  10:40 AM


David Schneier David Schneier Profile: David Schneier

Every once in a while someone gets it so right that there really isn’t much to add. This post by Chris Hoff is as good as it gets. If you’re not reading his frequent posts on security, survivability and other assorted topics already, here’s the perfect chance to get started.

December 17, 2007  10:10 AM

Top 5 security stories of 2007? You tell us

Leigha Leigha Cardwell Profile: Leigha

It’s that time of year where we in the news business love to make lists of the top news stories of the year. I’ve drawn up a Top 5 list of my own for your amusement, but admit that my judgment could be off. And so I ask you, the reader, to look over my list and tell me if there’s anything you would add or detract. I’ll work your feedback into our final Top 5 story.

My list:

5.) Problems slow the deployment of Windows Vista

IT professionals struggled mightily to make sense of Microsoft’s Windows Vista, but compatibility problems slowed enterprise-wide deployments to a crawl.

4.) Security of the iPhone in doubt

Apple’s iPhone — the year’s most hyped piece of technology — quickly gained the attention of hackers eager to find security weaknesses. It didn’t take them long to find something.

3.) The pain of PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) got plenty of attention as the list of data breaches grew and compliance deadlines approached. By year’s end many were still struggling to meet all of PCI DSS’s requirements, but that didn’t stop some experts from insisting on even tougher provisions.

2.) Malware takes cyberspace by Storm

When Storm was first discovered in January, it looked like another typical worm outbreak. But Storm kept spreading throughout 2007 and it soon became clear that the malware was the creation of sophisticated botnet builders. By year’s end, it was continuing to spread in the form of smaller, more customized botnets capable of launching a variety of attacks.

1.) TJX data breach exposes 94 million records

TJX acknowledged a massive data breach in January that ultimately exposed more than 94 million records to online fraud. To date, it is the biggest systems breach in history.

December 13, 2007  3:30 PM

eEye founder Maiffret leaves the company

David Schneier David Schneier Profile: David Schneier

Marc Maiffret, the founder and longtime CTO of eEye Digital Security, has left the company to work on other projects. Maiffret is among the best-known hackers on the security scene and made his name in the early part of this decade by exposing a series of serious vulnerabilities in Microsoft products, particularly the company’s Web server product, IIS. Never afraid to speak his mind, regardless of the topic, Maiffret was a gold mine for reporters, including me, over the years and often drew the ire of officials at Microsoft and other software vendors who weren’t happy with the way Maiffret and eEye publicized their findings.

eEye has been going through a transition in the last few months, which has included layoffs and the exit of some top executives, including CEO Ross Brown. The company has struggled to find its footing as enterprise security provider and is now in a position where its competition is coming from heavyweights such as Symantec and IBM with virtually unlimited resources. So it’s not going to get any easier.

Maiffret is still serving as an adviser to eEye.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: