Malware writers have kept their focus on web-based attacks while actively looking for new ways to spread their products, according to a new report from BitDefender. Cyber Criminals Look For New Ways To Spread Malware Over the last six months, malware writers have continued their efforts to infect computer users in order to receive direct financial gain and to take control over their machines. “In the second half of 2009, we saw international events such as the advent of the H1N1 Swine Flu exploited to their full extent by malware authors in order to launch new infections,” said Vlad Vlceanu, Head of BitDefender Antispam Research Lab. “As cybercriminals continue to look for ways to enhance their e-threats, now more than ever, it’s essential for computer users to make sure they have a security solution in place that can provide them with advanced, proactive protection.” During the last six months the most active countries in terms of spreading malware were China, France and the United States, followed by Australia, Romania and Spain. Spam messages accounted for 88.9 percent of the total amount of electronic messages sent globally. Text-based messages are the most frequent forma of spam, while image based spam accounts for 2.3-2.5 percent. Compared to the first half of 2009, the amount of phishing messages has remained relatively unchanged, although phishers have switched their focus to institutions that could bring them the most profit in the shortest amount of time. Primary targets are PayPal, Visa and eBay, followed by HSBC, American Express and Abbey Bank. Ally Bank and Bank of America rank last with a little over one percent of the total amount of phishing messages. These messages mostly target English-speaking computer users who are using the services of at least one of the institutions previously mentioned. “2009 witnessed a wide range of security threats aiming at both end-users and at corporate networks,” said Vlceanu. “Extra caution and a highly-rated antimalware solution with antispam, antiphishing and antimalware modules are a must-have for anyone surfing the web in 2010.”

More here: 
Cyber Criminals Look For New Ways To Spread Malware

The amount of malware in circulation in 2010 will continue to grow as it has in 2009, according to the latest forecast from PandaLabs. PandaLabs Predicts 2010 Computer Threats Cyber criminals will again be focusing on social engineering techniques to infect computers, particularly those targeting search engines (BlackHat SEO) and social networks, along with “drive-by- download” infections from web pages. When it comes to social networks, there have already been many examples of worms and Trojans targeting Twitter and Facebook. Malware creators will continue to be drawn to these types of platforms since they attract millions of users. Windows 7 will also be a target for malware developers due to the widespread market acceptance of the new operating system. In addition, since nearly every new computer comes loaded with Windows 7, criminals will be adapting malware to the new environment. PandaLabs predicts mobile phones will not be a major target of cyber criminals because the market and platform is so diverse. The company argues the PC platform lacks diversity because 90 percent of the world’s computers run windows on Intel, meaning that any new Trojan, or worm has the potential victim pool of 90 percent of the globe’s computers. Throughout 2009, governments around the world including the United States, the UK and Spain, have expressed concern about the potential for cyber-attacks to affect economies or critical infrastructure. PandaLabs also saw this year how several Web pages in the United States and South Korea were the subject of attacks. 2010 will be the year in which all anti-malware companies will innovate to remain competitive as cloud-based security becomes the most effective way to fight today’s malware.

Go here to see the original: 
PandaLabs Predicts 2010 Computer Threats

A lot of security-related talk revolves around computers, and rightly so - historically, they’ve been the most vulnerable electronic device. But as cell phones get more and more advanced, experts are pointing out that it may prove necessary to be careful when using them, too. Mobile Security Becoming A Hotter Topic Brad Stone recently noted a number of ways in which phones can be compromised. On the most basic level, many smartphones are, of course, threatened by the same “don’t click on that” stuff that can harm computers. Visiting a malware-infected site or downloading a virus isn’t certain to be safe just because a person’s not sitting in front of a large monitor. Then there are applications to consider. Smartphone users are growing used to getting powerful little software bundles for free, and in the same way that people used to harm their computers while trying to download screensavers, they can do unpleasant things to their phones will trying to acquire a new game or restaurant finder. Phones’ connectivity can pose a problem, too. Stone wrote that the cofounders of a security company called Lookout “have been publicly demonstrating the weaknesses of mobile phones for some time. In 2005, they camped outside the Academy Awards ceremony in Hollywood and scanned the phones of stars walking the red carpet, using a short-range Bluetooth wireless connection. They found that as many as 100 of the phones were vulnerable to hacking over such a connection.” Consider demonstrating some care while using your phone, then, and perhaps power down before wandering near any hackers’ conventions, too.

See the original post here: 
Mobile Security Becoming A Hotter Topic

The position of White House Cybersecurity Coordinator has finally been filled. Earlier this week, Howard Schmidt was awarded the job, and initial reactions to his appointment have been quite positive. White House Cybersecurity Czar Named Schmidt’s resume is almost impossible to criticize. He has ties to Carnegie Mellon’s CyLab, the Georgia Institute of Technology’s GTISC, Idaho State University, and the Ponemon Institute, signaling that he’s very intelligent. Furthermore, he spent a handful of years in the Air Force, and served as a police officer for over a decade. He’s worked for both Microsoft and eBay, too, and in between, filled a cybersecurity-related role for George W. Bush. Meaning he’s not exactly a bookworm with no real-world experience. Schmidt has appeared on all sorts of talk shows and authored a couple of books, as well, so he’s proven capable of communicating with people and handling the spotlight with little trouble. Now, as John Brennan, Assistant to the President for Homeland Security and Counterterrorism, explained on the White House Blog , “Howard will have regular access to the President and serve as a key member of his National Security Staff. He will also work closely with his economic team to ensure that our cybersecurity efforts keep the Nation secure and prosperous.” And Schmidt looks ready to take his duties very seriously. In a video introduction (also posted on the White House Blog and available for download), he characterized online threats as “one of the most serious economic and national security challenges we face as a nation.” Let’s hope some helpful measures will be introduced as a result of this development.

See the original post:
White House Cybersecurity Czar Named

Knowledge may be power, but it can also represent a path to anxiety and paranoia. Security expert Bruce Schneier highlighted this connection in a recent (and sure to be controversial) article calling upon people to more or less ignore the different security scares that occur on a regular basis. Bruce Schneier Recommends Security Chill Pill You might look at it this way: in a lot of large cities, murders occur on a regular basis, and the killers aren’t arrested at the scene of the crime. But other people don’t hide inside every time a crime is reported, barricading their doors and ordering bulletproof vests. Similarly, Schneier explained that not all vulnerabilities are serious, that there often isn’t much an end user can do, and that the odds of any given individual being affected are pretty small. So instead, he recommended six ways of preparing for everything in a reasonable fashion. First is to use an antivirus program. Few people would try to live Mayberry-style with their doors unlocked and windows open all the time, after all. Next, Schneier suggested, “Configure your OS and network router properly.” Have every piece of software that offers the option update itself automatically, too, so that security on every front can be as tight as possible. The next order of business is to just be safe online. Be careful about opening suspicious attachments, visiting iffy sites, and all that sort of stuff. You don’t want to invite an axe murderer inside. Finally, back up your data. If you can do this, you’ll minimize the odds of any problem becoming truly catastrophic. Schneier concluded, “[T]rust the vendors. They spent all last month scrambling to fix the SSL vulnerability, and they’ll spend all this month scrambling to fix whatever new vulnerabilities are discovered. Let that be their problem.”

See original here:
Bruce Schneier Recommends Security Chill Pill

It’s that time of year again: the time at which all sorts of organizations put together lists naming the best and worst things they’ve seen over the past 12 months. Below, you’ll find out what Forbes and iDefense determined to be very much in the “worst” category, as they got together to name “The Year’s Most-Hacked Software.” 2009’s “Most-Hacked Software” Named The big non-award goes to Adobe Reader. A whopping 45 bugs were found in it, which obviously isn’t great, averaging out to about one per week. Microsoft’s Internet Explorer came in second place with a better - but still not good - 30 bugs. Next up is what may be a more surprising pick in the form of Mozilla Firefox. It was plagued by 102 bugs. Just don’t try to perform an apples-to-apples comparison with other contenders, since the open source nature of Firefox means that all of its issues are discussed in public. Then we go back to Adobe with Adobe Flash. Apple Quicktime followed. Microsoft Office was next, and finally, Windows wrapped up the list. Perhaps this naming and shaming will encourage companies to do a better job of making their products safe. If not, at least it acts to provide security vendors and individuals with a little more information.

See the original post here: 
2009’s "Most-Hacked Software" Named