Popular free antivirus provider GRISOFT has today launched the first non-beta version of its AVG Anti-Rootkit software, which is free to all home users. Unfortunately GRISOFT does not offer support for this new product so you'll have to rely on their forums if you run into any problems, but you should certainly consider adding this software to your PC security arsenal. Rootkits are among the newest and most difficult to detect forms of malware being circulated at present, and most standard virus scanners will have either no rootkit detecting abilities or be very limited in their effectiveness, so at present the best way to combat them is by using these standalone rootkit-detectors. Other free anti-rootkit software to look at includes RootkitRevealer, Rootkit Unhooker, Rootkit Buster, IceSword and Sophos Anti-Rootkit, although some are difficult to use and may not remove the rootkits for you - as rootkits are still relatively new and different software will be better at detecting different exploits, it is a good idea to use multiple scanners to complement each other. AVG Anti-Rootkit will work on the 32-bit versions of both Windows 2000 and Windows XP, although Windows Vista support is not mentioned.

Kaspersky Labs announced Thursday that it had discovered the first iPod specific virus. When executed the virus searches the hard disk for any .elf files. After infection if a user attempts to run a .elf file the virus displays a message which says, "'You are infected with Oslo the first iPodLinux Virus."

Fortunately for most iPod users you actually have to put the virus on your iPod-and your iPod needs to have Linux installed on it. Kaspersky labs stresses that the virus is not malicious and only a proof of concept.

WEP (Wired Equivalent Privacy), the technology used to secure many wireless networks around the world, has been demonstrated to be extremely insecure in new research by a team of cryptographic researchers at the University of Darmstadt in Germany. Using information collected by previous studies that demonstrated correlations in the encryption used by WEP, the team found that they could recover a 104-bit WEP key 50% of the time using just 40,000 captured packets, increasing to a 95% success rate with 85,000 packets. To put it into perspective, 40,000 packets can be captured in under a minute, and a 1.7GHz Pentium M can them work out the WEP key in about three seconds. WEP has been known to have security flaws since 2001, but this latest research demonstrates how weak the technology has become in recent years - if your hardware supports WPA or WPA2 it is highly recommended that you shift to that if you are worried about keeping hackers out of your wireless network.Source:University of Darmstadt via The Inquirer

It looks like Microsoft has decided against the major service packs given to Windows XP, instead deciding to stick with much smaller fixes where necessary. According to a senior Microsoft official, one of the reasons for this is because Vista is "high quality right out of the gate" (is that an admission that XP wasn't?), but the more likely reasons include the improved automatic updates and the improved bug-reporting technology. Although there will be 'lite' service packs for Vista, they won't be on the same scale as those that were released for XP. Dropping the large service packs is likely to be welcomed by many IT managers after SP1 for XP caused problems including slow-downs and crashes. There is still no date for the first service pack for Vista, but users on slower internet connections will certainly prefer the changes.

This time specially prepared animated cursors embedded into e-mails or websites give offenders the ability to execute any code. This issue applies to the Internet Explorer 6 and 7 using Windows 2000 SP4, XP SP2, XP Professional x64, XP 64-Bit for Itanium, 2003 (regardless the SP), 2003 x64 and Vista.
Microsoft responded to this and until they release the corresponding security update suggest this workaround:

As a best practice, users should always exercise extreme caution when opening or viewing unsolicited emails and email attachments from both known and unknown sources.

Heise Security reports that the Security Service Provider Determina told Microsoft about this exposure last year in December already.

If you receive an e-mail offering a download of Internet Explorer 7 Beta 2, delete it. A new virus is spreading all over the web. The e-mail includes a convincing graphic that looks like it could really be from Microsoft, and the virus is delivered when recipients click on the included link. The e-mails carry the subject line "Internet Explorer 7 Downloads" and appear to come from admin@microsoft.com. They include a blue, Microsoft-style graphic offering a download of IE 7 beta 2. Clicking the graphic will download an executable file called IE 7.exe. The file is actually a new virus called Virus.Win32.Grum. Security experts are still trying to analyze the virus, which may affect your registry, mail contact list or steal personal information from your computer.

Another Trojan horse is spreading through the Internet telephone network of Skype Ltd. The malicious code, known as both Warezov and Stration, is similar to an earlier version detected in February, but with a new URL and a new version of the malicious code, according to an alert posted Thursday by Websense Inc. Websense warns Skype users to watch for the message "Check up this," with a URL containing a hyperlink. When users click on the link, they are redirected to a site that is hosting a file named file_01.exe. Users are then prompted to run the file and if they do, several other files are downloaded and run. The downloaded files are other versions of the Waresov/Stration malicious code, so be careful when receiving messages from people not in your contact list.

Despite China, Russia and even Korea often being stereotyped as the main online criminals, security firm Symantec has revealed that its findings suggest most online attacks come from the United States, accounting for a huge 31% of attacks. China was the next behind after quite a gap, making up 10% of attacks - Germany proved to be a wildcard coming in at third with 7%. Servers in the USA account for 51% of phishing attacks - considering that the malicious firms can make up to $6 for each credit card number, online identity theft is becoming quite a profitable business.

The latest version of Mac OS X is now 10.4.9, meaning that this update is probably the last before Leopard is released. Apple improves "graphics drivers, Bluetooth, networking, image handling, font management, sync services, Dashboard widgets and Rosetta, Intel-based Macs' PowerPC compatibility mechanism" in this version of Mac OS X. Applications also load faster in this version of Mac OS X. All of the various updates available for Mac OS X can be grabbed here.

Anyone who's really been paying attention to the recent things coming through Windows Update knows that an update to the Windows Media Player 11 runtime recently has been released (say, wasn't patch Tuesday a few days ago?). Anyone who's been wondering what this update does need not look much further. There was apparently a problem with the way Windows Media Player "metered" the times a song bought over subscription services was put on a digital device. This led to all sorts of issues, such as entire music stores not working (it's not fun, trust me), and sometimes outright failures of Windows Media Player library to MP3 player transfers. You can read the full details from Microsoft as to how exactly they fixed this problem here. Or, you could just be glad that if you go through the trouble of paying for your music, you can rest assured you'll actually be allowed to listen to it.

According to Sophos' latest press release Administrators will be able to block network traffic essential for the multiplayer online game Second Life using Sophos Antivirus very soon. The implementation of its application control ability allows to control which websites and online applications can be accessed using the PC. This service, which intention it is to raise productivity in companies, will start with integration of the 'Second Life'-strings into the usual updates on 22nd of March.
That is a pretty unusual approach - Second Life might have 4 Million users. But only around 25000 can be seen online at the same time at most. They should have started with World of Warcraft which has around 2 Million users online everytime. I don't get the hype around Second Life. It's hideous and there is nothing really appealing in it. But that might just be me...

Microsoft quietly rolled out SP2 for Windows Server 2003 today as part of its critical updates list. Microsoft Windows Server 2003 Service Pack 2 (SP2) is a cumulative service pack that includes the latest updates and provides enhancements to security and stability. In addition, it adds new features and updates to existing Windows Server 2003 features and utilities. The SP2 update can be applied to all Windows Server 2003/Windows XP Professional x64 Edition products.

While eBay is upgrading their interface it got severe security problems underneath which it tries to cover up. Firemeg, a blog dedicated to eBay watching, has a rather comprehensive report about the latest doings of Vladuz, a Romanian hacker. Vladuz, who's intention it is to reveal the security issues, broke into the Trust & Safety board at eBay.com and posted "information of fifteen different eBay members, including social security numbers, credit card numbers, bank account and routing numbers, ATM PIN numbers, mother's maiden names, driver's license numbers, as well as home addresses and full contact information". It took the persons in charge nearly an hour before everything was deleted. But Vladuz was not beaten, he posted all the information again on 12 different subforums again.
As I already wrote, this is not the only thing Vladuz has done so far. At the end of February he was active in the eBay forums using a so called 'pinkliner' account, an account which got Administrator's rights. eBay, in order to appease the nervous public, said he just got aware of 'some' account login. But the real dubious thing is that the name of this account was "vladuzsgi" - what a coincidence...

Just four days ago, we reported that Microsoft had updated Windows XP's Windows Genuine Advantage (WGA) software. Unfortunately, Windows Vista's version of WGA is very similar to the flawed Windows XP version. And so, Windows Vista may prompt users to activate Windows Vista when they do simple things not requiring activation, such as swap out a small piece of hardware (such as a DVD burner or a gigabyte of RAM). Thankfully, Windows Vista doesn't seem to report a genuine copy of Windows Vista as pirated, like the flawed version of XP WGA did.

Yesterday, Symantec launched its new Norton 360 software, a solution that combines anti-virus, anti-spyware, firewall, intrusion protection, anti-phishing, backup and tune-up, eliminating the need to purchase and manage multiple products. Norton 360 is now available for purchase through the Symantec online store, here. A 'hard-copy' will be available for purchase at various retail locations and online retailers in March 2007. An optional add-on pack with Anti-Spam and Parental Controls will also be available to Norton 360 customers in mid-March, at no additional charge.

"People today use their computers for much more than work or storing documents. If you ask most computer users what they rely on their PC for, they'll tell you they use it to surf the web, bank online, shop, keep in touch with friends and family, listen to music and store their favorite photos," said Enrique Salem, group president, Consumer Business Unit, Symantec Corp. "Norton 360 was created with these activities in mind. It not only protects against traditional online threats, but it also helps secure users' identity when transacting online and safeguards valuable files like music and photos."

"With Norton 360, Symantec is rejuvenating its consumer product line," said Andrew Jaquith, senior analyst, Yankee Group. "By combining the traditional security features with data backup and performance tuning, products like Norton 360 will expand the market for consumer security and data protection solutions."

The suggested retail price of Norton 360 is US$79.99 (includes one-year service subscription to use the product and receive Symantec's protection updates) and can be installed on up to three PCs.

A serious new flaw in Mozilla's browser, Firefox, has been discovered which could allow malicious sites to exploit a system using the browser with JavaScript enabled. Mozilla's error tracking system classes the vulnerability as critical, and attackers could potentially access your system using a specially crafted HTML file and then run malware remotely. The recommendation from Mozilla is to disable JavaScript in Firefox until a fix is released, but another good idea may be to install the NoScript add-on which will allow you to control which sites can use Java and Flash. This flaw is present on all versions of Firefox, including the new 2.0.0.2 update, and is yet another illustration that Firefox is not immune to security exploits.

I am really sorry for posting a headline like this because this is a dead serious issue Lockheed Martin und Boeing are being faced with. Today CNN reported on television that every fighter lost all navigation and communications when they crossed the international date line. These problems remind me of some bugs discovered around the turn of the year 2000, which would rather not come to my mind when thinking about the world's most expensive stealth fighter (361 million US Dollars per unit!).

The most recent version of Windows Genuine Advantage (WGA) software was met with a lot of complaints. The worst one by far was how WGA claimed that a copy of Windows was pirated when it wasn't (especially among corporate owners). There were also several instances when a simple hardware change (such as a WiFi card or a video card) made WGA demand a re-activation of Windows. Microsoft has listened to the consumer, and in response to these recent complaints, is morphing WGA to better fit the consumer. Instead of registering a copy of Windows as either Genuine or non-Genuine, it will now register it as Genuine, non-Genuine, or "unsure". There are no details of the functionality of an "unsure" copy of Windows. WGA is also much more relaxed when it comes to a recent hardware change. You can download the latest version of WGA here.

Microsoft's very own antivirus software, Windows Live OneCare, was recently found to be failing Vista users, and now the same has been discovered for its free anti-spyware application. In tests carried out by Australian company Enex Testlab, Windows Defender struggled to detect just half of the malware which it was tested with, with the quick scan finding missing most of the malware and the full scan finding only 53.3%. It would be best to note that the test was financed by competing company PC Tools, which claims the test was unbiased, although the winning software (detecting 88.7% of malware) was PC Tools' very own Spyware Doctor. Windows Defender was released as a final version in October 2006, so it is relatively new and of course (being free) costs less than Spyware Doctor.

Researchers at both Symantec Corp. and the University of Indiana say routers are at risk of highjacking. The research found that router users are succeptable to hijacking of their hardware through malicious code hiding in specially crafted websites that could change settings on the network devices and begin phishing attacks. These attacks are very dangerous to users an example givin by cbc.ca states, "For example, a person could enter the correct address of their bank's website into their web browser but they would be taken to a fake site designed to steal their banking information." The scary thing is that this particular type of attack works on The on all major consumer routers, including routers made by Linksys, Belkin, Netgear and D-Link, but only after a user on that device visited a specially crafted web page for it to work.

Daylight saving time arrives a little earlier - March 11 - and stays a little later - Nov. 4 - this year. And it's bringing a problem along with it that could affect everything from stock trades to airline schedules to your BlackBerry.

Software created before the law mandating the change passed in 2005 is set to automatically advance its timekeeping by one hour on the first Sunday in April, not the second Sunday in March. Congress decided that more early evening daylight would translate into energy savings.

The result is a glitch reminiscent of the Y2K bug, when cataclysmic crashes were feared if computers interpreted the year 2000 as 1900 and couldn't reconcile time appearing to move backward. If banks and other institutions aren't properly prepared, automatic stock trades reportedly might happen at the wrong hour, buildings that unlock at a certain time could stay shut, and airline flight schedules could be scrambled.MSNBC

When Microsoft shipped Windows Vista, they bragged about how secure it was, showing off the User Access Control (UAC) feature. UAC is something that asks a user if they really want it to run a program before simply running it (previous versions of Windows would simply run the program). "Hackette" Joanna Rutkowska found a disturbing loophole through UAC. Apparently, UAC works by running everything as an administrator, and simply asking for confirmation before executing a program. So if something like a game installer triggered off UAC, and a user hit "allow", the program could theoretically be allowed to run a bunch of other things that would individually require administrator privileges. When dealing with things like simple registry changes this is no problem, but when malware is piggybacking in an installer....this effectively ushers in the next generation of Trojan horse viruses. Microsoft does not consider this a serious threat, and thinks of it more like a minor weakness, which is the result of a "design choice".

During the last 24 hours, 13 of the internet's root servers have reported attacks by hackers in South Korea. The Homeland Security Department admitted that it has witnessed anomalous internet traffic, with three of the targeted servers being briefly overwhelmed by a series of attacks over 12 hour periods. This is being labelled as the most serious attack on the internet since 2002, although it still had almost no affect on internet users around the world. Initial reports suggest that malicious attempt is probably unlikely and it may simply have been hackers in South Korea having a bit of fun.

In a recent test carried out by Virus Bulletin, Microsoft's own antivirus software, Live OneCare, was one of four packages which failed. The test involved 15 antivirus packages designed for businesses using Windows Vista, all of which were released about two months ago. To pass the test, each package had to detect a set of viruses that are known to be circulating without giving any false positives. However, Live OneCare 1.5, McAfee VirusScan Enterprise 8.1i, G DATA AntiVirusKit 2007 and Norman VirusControl 5.90 all failed. Other software, including that from Computer Associates, Fortinet, F-Secure, Kaspersky, Sophus and Symantec, passed without problems. McAfee claims that the test did not use its latest update, whilst Microsoft has pledged to improve its software.

Microsoft has decided that they will not bother with closing the vista upgrade loophole, where the user does not actually need a copy of XP installed. According to TheINQ "People without a licensed copy of XP that use this workaround are violating the terms of use agreed to when they purchased the upgrade version of Windows Vista," a spokesvole told vnunet.com. Another quote the inquirer article reads "As such, we believe only a very small percentage of people will take the time to implement this workaround, and we encourage all customers to follow our official guidelines for upgrading to Windows Vista."

The vista upgrade version is about two-thirds of the retail price.