Lisa Vaas

This Halloween, do not fall for Dancing Bones, “the most amazing dancing skeleton.” Spam advertising the Halloween-themed site is leading users to a dancing skeleton game that installs a Trojan, which gives crooks remote access to victims PCs. Sophos and other security firms are warning that spam bearing the following subject headers is the latest […]

Security has slipped backwards on the evolutionary ladder in Apples latest Mac OS X release, security researchers say, with Leopards firewall having more holes than its namesake cat has spots. “The short answer is the Leopard firewall is … ugly and a step backwards from 10.4,” said Rich Mogull, an independent security consultant and founder […]

Another group has joined the Russians to modify PDFs and jack up spamming of the rigged files to a level that reached what researchers called “massive” proportions over the weekend. “The default e-mail list [a sampler] that comes with one gmail spam bot contains 10,000 starter addresses,” Don Jackson, a security researcher with SecureWorks, told […]

Disregard the photos of fat green buds with names like “Super Skunk” or “Holland Haze” and steer clear of spam advertising that “Big Buddha Bud is the bomb.” Security vendor F-Secure said the paranoia over an e-mail that advertises “legal herbs” for smoking purposes is justified, given the fact that the joint shop doing the […]

Vendor representatives on a panel Oct. 25 at Interop boasted that behavior-based observations can stop Storm-infected clients, even after NAC has given them carte blanche admission to a network. Fat chance, an expert said, given the vendors three-year-old detection methods. “A lot of guys who made claims that theyre doing more than AV, theyre doing […]

NEW YORK—Virtual machines are threatening to crack the walls of data centers with a host of potential security threats—nothing thats been publicly exploited yet but a fact thats borne out by a slew of vulnerabilities patched over the past seven months by major virtualization vendors VMware, Microsoft and XenSource. David Lynch, vice president of marketing […]

A malicious PDF attack launched earlier this week is downloading a variant of the Gozi Trojan—the same malware thats been used to steal personal data with a black market value of over $2 million, including bank, retail and payment services account numbers as well as Social Security numbers. SecureWorks, which originally discovered the Gozi Trojan […]

Websense, a security company headquartered in fire-savaged San Diego, is warning that scammers are milking the tragic situation by masquerading as charity organizations. Websense posted an image showing one suspicious eBay auction purporting to be a request for donations from the San Diego Fire Rescue Relief Effort. “Please put the item you want to buy […]

Storm Worm Botnet Lobotomizing Anti-Virus Programs”> NEW YORK—The ever-mutating, ever-stealthy Storm worm botnet is adding yet another trick to its vast repertoire: Instead of killing anti-virus products on target systems, its now doing a hot fix with a memory patch to render them brain-dead. The finding was made by Sophos and was mentioned by Joshua […]

During the first half of 2007, Microsofts Malicious Software Removal Tool detected 31.6 million phishing scams—an increase of more than 150 percent over the previous six months—and tracked a 500 percent increase in Trojan downloaders and droppers, according to the companys latest Security Intelligence Report. The report, produced every six months, this time around found […]