A new phishing trojan captures screen shots of browser activity when an infected machine visits a banking site, adding an imaging capability to its repertoire. The trojan, which targets Barclays Bank, has apparently found a way to defeat one of the banking industry's more secure login systems.
Phishing trojans are typically auto-downloaded from a bogus web page, and secretly log keystrokes as the victim visits an online banking site. Barclays uses a two-step login that includes a secret word as well as the usual username and passord. After the initial login screen, a second page presents a pair of drop-down boxes in which bank customers must select letters from their secret word. Because the secret word is never typed into the keyboard, trojans are unable to capture all the info needed to access the Barclays account.
The "Purchase confirmation" trojan, documented at Codefish Spamwatch, has evolved its multi-faceted attack to address this obstacle.
E-commerce firm 2Checkout
, which processes credit card payments for online merchants, says it has been hit with a distributed denial of service ((DDoS) attack after it rebuffed an extortion attempt. The 2Checkout site experienced rolling outages from the attack, which began on April 9 and was still ongoing as of April 16, according to a statement on the company's web site
"2Checkout continues to fight an extortion based ('Pay us or else we will continue to attack') DDOS attack," the company said earlier this week. "We apologize for any service interruptions. Rest assured that our full staff in addition to some consultants are working relentlessly in conjunction with our providers to combat and minimize any effects of the attack."
Will Monday, 5 April 2004, be celebrated as the day Microsoft
began turning into an open source company?
At first sight, the Windows Installer XML (WiX) toolset
released then is just the latest piece of software distributed under Microsoft's Shared Source
Initiative. This is the company's increasingly
complex attempt to steal some of open source's thunder by offering classes of users
degrees of access to the underlying code - mostly to look
at, but in certain circumstances to
Microsoft's nervousness about letting others see its source can be
judged by the
plethora of different licensing schemes now available. It is also reflected in the low-
description of the "WiX Shared Source Licensing Program". It is only when you follow
the link to the SourceForge page where the
project is hosted that you discover that WiX is being released under a
licence that is fully approved by
the Open Source Initiative. In other
words, WiX is Microsoft's first open source code.
Microsoft's Windows Update
web site has been experiencing slow response times
in the wake of yesterday's release of critical security updates. A browser request through Internet Explorer eventually raises the site after an extended wait, and in some cases it is possible to successfully download and install updates over a broadband connection. Dynamically updating performance charts for Windows Update are available here
The service is struggling for availability at a crucial moment of need for Windows users. Microsoft yesterday released four security updates, including three critical patches that Microsoft urged customers to install immediately. They include a patch for an SSL vulnerability that leaves Windows 2000 and NT4 SSL sites open to remote compromise. The current sluggish performance of Windows Update is a particular challenge for Windows users on dial-up Internet connections, as the Windows XP download is 3 megabytes.
"After the release of yesterday's security updates, the number of requests to Windows Update was double the usual volume," said a Microsoft spokesperson. "The slowdowns didn't last very long. We've added some system resources to support Windows Update, and are not seeing much trouble anymore."
This morning the DNS for windowsupdate.microsoft.com was being managed by Savvis Communications though its Digital Island content distribution network (CDN). CDNs help manage Internet traffic (including DDoS attacks) by using large, geographically distributed networks of servers to move files closer to the end user. Microsoft used a CDN service from Akamai to keep its web site online last August, when the Blaster worm programmed machines to launch a DDoS on the Windows Update site. Microsoft's strategy drew considerable attention, as the front page of the www.microsoft.com site was served by Linux machines on Akamai's network. Today Savvis was using Windows Server 2003 to manage the Windows Update traffic. This evening the site is being served from a netblock assigned to Hotmail, Microsoft's e-mail service.
Microsoft has issued a fix for a security vulnerability that has exposed tens of thousands of sites offering encrypted transactions to potential compromise. The bug in Microsoft's Secure Sockets Layer (SSL) library allows remote attackers to gain control of unpatched Windows 2000 and Windows NT4 servers offering encrypted services over the internet.
The vulnerability was revealed Tuesday by Internet Security Systems, which warned that "hackers will aggressively target this vulnerability given the high-value nature of Web sites protected by SSL," which secures web sites for online banking, stock trading and retailing. Microsoft issued a critical security update Wednesday to address the vulnerability, which allows a buffer overflow in Private Communications Transport (PCT) packets. "An attacker who successfully exploited this vulnerability could take complete control of an affected system," Microsoft said in its advisory, adding that "only systems that have SSL enabled" are vulnerable. SSL is only commonly used protocol for encrypted transactions of financially important or confidential information on the Web.
More than 132,000 web-facing SSL servers are running either Windows 2000 or Windows NT4, according to our March Secure Server Survey, representing nearly 45 percent of all SSL servers. The PCT and SSL 2.0 protocols targeted by the exploit are enabled by default in Win2K and NT4.
March was a banner month for domain registrars, as Dotster
, Go Daddy
were the fastest-growing providers in our Hosting Provider Switching Analysis
, adding more than a half million hostnames between them.
Go Daddy and eNom may be benefiting from speculative purchases amid growing awareness of improvements in the domain resale market. The planned sale of whitehouse.com (a porn site often confused with whitehouse.gov) gained widespread media notice in the U.S. last month, with many stories noting the sale of men.com for $1.3 million in December. In the first quarter of 2004, at least 24 domains changed hands for $25,000 or more at auction, according to domain industry observers.
Top Hosting Providers By Growth, Feb 04 to Mar 04
|Global Media Online