Top

Why stay away from BitTorrents & P2P sites

February 12, 2009 by · 1 Comment 

iwork-09-trojan

Source: Intego.com

P2P, BitTorrent, and other file sharing services may offer a convenience for those looking to exchange large files or other collaboration uses. However, when using such sites for pirated software, audio, and other data, many users are unaware of the dangers involved in “convenient” downloads.

Intego, a security firm, recently released an alert for a Trojan horse found in a pirated version of Apple iWork 09. Although the software works as a legitimate copy of iWork 09, an additional package also installs itself, giving remote access to a malicious user. This can allow the malicious user to install additional malware, monitor the unsuspecting user, or even start copying personal files. As of the date of their security warning, at least 20,000 people have downloaded this malicious software.

This is a prime example of the inherent dangers of BitTorrent and peer to peer websites. Users should use other means to test new software (i.e. a trial version), purchase their own “legitimate” copies, and stay away from free software from unknown sources. Even legitimate sources should be scrutinized, as they can be compromised as well. Most vendors post a MD5 hash of their software which validates that it hasn’t been changed. Free MD5 hash utilities can be used to check the integrity of the downloaded file against the hash provided by the vendor. For more information, use your favorite search engine to find free MD5 hash utilities.

Valentines Day Malware – Beware

February 3, 2009 by · Leave a Comment 

valentines-malware

Source: Panda Labs

The month of February can bring a lot of unwanted e-mail, some from old friends, others from unknown sources. Specifically, “evildoers” use this time to circulate their malicious code via spam e-mail. Some of these messages may include images of hearts and other Valentines related pictures.

In more targeted attacks, attackers may use personal information found online or through recently compromised sources. For instance, the databases of Monster.com and USAJobs.Gov were recently compromised. In their press releases, the information accessed by unauthorized sources included user names, passwords, names, e-mail addresses, and phone numbers. Attackers could use this information to personalize spam e-mail, leading to users clicking on malicious links.

PandaLabs recently reported a new variant of a worm called Saint Valentine. They have numerous URLs that are known distributors of this worm. The list can be found here

Bottom

Warning: Unknown: open(/home/content/30/5076530/tmp/sess_d5i35be8rgpfom8fjr2j2o4e54, O_RDWR) failed: No such file or directory (2) in Unknown on line 0

Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct () in Unknown on line 0