This recent discovery comes as good news to security researchers as this makes it difficult for just any hacker to use the crimeware kit which in return may reduce the number of cybercriminals using Zeus. Zeus uses a key code which is based partly by the machines hardware configuration. In the case that the hardware configuration changes on a certain machine, it can prevent a hacker from running Zeus unless they are able to obtain a new activation code.

The Zeus builder kit, which was primarily designed to steal online banking login credentials, normally sells for USD$3,000 to USD$4,000 which is not a small amount of money for a beginner in hacking, who is not well established in his/her’s criminal activities and ultimately wants to get paid.

Zeus’s key code, not allowing modifications of the hardware it is run on, is somewhat different from a key code used in Microsoft Windows but uses the same concept to activate the software. The smallest modification of a system’s hardware will render Zeus useless forcing the user to obtain a new activation code. There is also no guarantee that the hacker will be able to obtain a new code as the seller may want them to pay again for uses of Zeus. There is also no guarantee that the hacker will be able to obtain a new code. Knowing that Zeus is somewhat “limited” in the aspect of activation similar to that of a non-licensed version of Microsoft Windows, is a victory for those trying to stop these cyberthieves.

Hackers locking-down Zeus with an activation key code is almost like setting up a form of anti-piracy for the hackers that sell the crimeware kit. Some of the modules have been known to cost up to as much as USD$10,000. The creators of Zeus have an interest to protect, just like the hackers, the use of Zeus for malicious purposes. Zeus has turned into a “professional hacker” tool instead of one that any amateur hacker can easily get his/her hands on and later get caught by authorities for their criminal activities.

In the past, Zeus was known to be one of the top 10 botnet threats in the United States and the culprit for targeting financial institutions bypassing anti-virus applications. Zeus has infected millions of systems and still continues to be a major threat. Do you foresee other “hacker tools” similar to Zeus getting anti-piracy key codes to protect to creators interest and investment in their malicious software?

The intentions of the Chinese government have been the highlight of several topics ever since a targeted cyber attack on Google’s Gmail accounts that originated from China back in December 2009. China’s censorship laws would be a conflict with Google since they forbid access to internet sites that criticize the government, promote certain religious content, or display pornography. Baidu, China’s number one search engine (the “Google search of China”), already abides by these stringent censorship laws.

Google has threatened to leave China and shut down its strictly monitored site, Google.cn, due to citing censorship rules. The targeted cyber attack against Google did not help the issue and now it seems to have come to a head as media outlets are reporting that Google appears to be getting closer to shutting down the Chinese Google site entirely.

Any company that has a massive presence over the Internet will eventually face some type of security threat or scrutiny for their actions or behavior even if they are following the rules in a particular country. Google seems have had their fair share with China lately. CNN Money has an exclusive video report on the matter stating that a Google spokeswoman said that the company doesn’t know the likelihood of reaching an agreement with the Chinese Government in running such a filtered site.

China has had quite an effort in attempting to control and filter internet content for their internet users. Lately, Chinese internet users have had to access Google.com unfiltered which would be a problem with Chinese officials. There have been reports of users no longer being able to access unfiltered sites probably from the actions of Chinese government. Still, malware and internet scams continue to be an issue concerning Chinese human rights activists.

What is your prediction? Will Google finally pull the plug on China? Will we continue to witness these debates over Google staying or leaving China for good?

Internet Explorer is one of the main targets for attacks against unpatched bugs that could allow a hacker to gain access to an affected system. Microsoft has warned users of vulnerabilities within Internet Explorer 6 and 7 just the other day issuing the Microsoft Security Advisory (981374). Even before then, Microsoft had acknowledged a newer VBScript exploit being able to plant malware on Windows XP systems.

Hackers are using certain versions of Internet Explorer that have certain vulnerabilities in order to launch drive-by attacks from malicious web sites. Computer users who may be running older versions of IE such as Internet Explorer 6 and 7 are more prone to becoming a victim of these drive-by attacks. Simply visiting a malicious page using IE can infect a users system in some cases.

Researchers and security experts suggest that the exploit code was posted publicly which makes us believe that similar attacks will grow to unprecedented numbers while other hackers are easily able to obtain the code. Microsoft may scramble to come up with a fix in a hurry which only supports our theory that the exploit has gone public.

In the meantime, computer users are still advised to either utilize an alternative web browser to Internet Explorer 6 or 7 until a patch is available to the latest IE exploit code. Upgrading to IE8 or modifying access to the iepeers.dll to disable scripting (not recommended for novice computer users) is also a solution in the interim that you may want to also consider.

We suspect that hackers will ramp up their efforts to attack systems through other yet-to-be discovered vulnerabilities within older versions of Internet Explorer. Do you use IE? If so, which version do you use and do you plan on upgrading or moving to another web browser application because of the recent security vulnerability attacks?

Businesses usually want their employees to be happy and productive at the same time. Then there is the balance of business benefits against risks considering the different world of social networking (Facebook and Twitter) and the negatives and positives that it presents in certain work environments. If you use the internet at work do you practice steps to avoid getting malware on your system from use of a social network?

Let’s face it, there is a totally new work-force generation from that of a decade ago. Computer network security and social network security has become a major part of running a business if you utilize computers connected to the internet. One of the prime reasons for a business banning use of social networks such as Facebook and Twitter is the productivity factor. Basically, a business thinks that spending time on Facebook and Twitter will result in lower productivity. The matter of social network security has been put on the back burner in some cases as to a reason that companies ban use of Facebook and Twitter.

Security analysts have found that the use of social networks can be beneficial and at the same time potentially damaging when it comes to security. Considering the numerous attacks on Facebook through computer worms and the various Twitter phishing scams that have grown to unprecedented numbers in the last couple years, it is no wonder that the majority of businesses do not ban use of these networks altogether. You may ask, why don’t they ban access? It comes down to the fact that social networks such as Facebook and Twitter are part of a company’s business. Some use the social outlets for marketing or communication.

Does the company that you work limits usage of Facebook and Twitter? Are you allowed to access the internet as long as you do not use any social networks at work? Share your story with us by commenting in below.

New attack code that allows hackers to inject malware onto a Windows XP machine running Internet Explorer 7 or 8 is currently being investigated by Microsoft. The vulnerability has been publicly claimed as involving Windows help files and VBScript within the Internet Explorer browser application. During the time of this discovery, Microsoft’s Security Response Center confirmed that this vulnerability does not affect those systems running Windows Server 2008, Windows Vista or Windows 7.

This new vulnerability would allow an attacker to sneak malware onto a user’s system disguised as a Windows help file .hlp in some cases forcing the computer user to press the F1 key after a popup message. The popup is initiated by VBScript obtained by a malicious web page that the user may visit from clicking on a link within a spam message. The winhlp32.exe file is usually affected giving an attacker unadulterated remote access to the infected system.

The scary part of this new exploit is that because it uses a VBScript initiated popup message, computer users are usually unable to tell if it is a legitimate popup notification and will naturally use the F1 key seeking help to address the “issue” thus prompting malicious actions to take place. A VBScript vulnerability can be similarly compared to the many vulnerabilities found in Adobe products where it requires a user to perform only one action which infects the system with malware and allows a remote attacker to gain access to the affected computer.

Many security researchers and companies have classified Windows Help files as potentially dangerous files as this tactic is nothing new to us.

“These are file types that are designed to invoke automatic actions during normal use of the files. While they can be very valuable productivity tools, they can also be used by attackers to try and compromise a system,” said Jerry Bryant, a senior manager with the Microsoft Security Response Center.

Microsoft is due for a new security update early next week. Hopefully, we expect Microsoft to release a new patch to resolve the VBScript bug in Win XP, IE7, and IE8. For now, no advise or instructions have been released for computer users to avoid or resolve this issue until a new patch is released. It can only be advised that users avoid use of Internet Explorer 7 or 8 in the meantime if they are running Windows XP.

Lewis is facing a charge that could land him in prison for five years and a $250,000 fine after his guilty plea to one count of conspiracy to intentionally damage a protected computer system. The case is being tried in Philadelphia where Lewis used certain social engineering tactics to obtain critical information on Comcast’s Fearnet.com site over the phone from a Comcast employee at his home in Clifton Heights, Pennsylvania.

Two other individuals, James Robert Black and Michael Paul Nebel, have been charged as co-conspirators in the hacking incident who were also part of the Kryogeniks hacking group. According to a Philadelphia news report, Black is expected to plead guilty and Nebel will enter a not-guilty plea.

Kryogeniks is known as a “phone phreaking” hacker group who do notify their victims though a phone call after the damage has already been done.

The main culprit, Lewis, was able to gain access to Comcast.net’s DNS (Domain Name System) account giving him control of the domain. Lewis later contacted a Comcast employee just to “inform” them on what he had done which was taking down the Comcast.net site and redirecting it to a page announcing that the Kryogeniks group hacked Comcast.

The message found on the hacked web page for Comcast.net read “KRYOGENIKS Defiant and EBB RoXed COMCAST sHouTz to VIRUS Warlock elul21 coll1er seven”, as shown in figure 1 below, for about 90 minutes until the site was reestablished.

Figure 1. Comcast.net website taken down by Kryogeniks hacker group.

Should the efforts of hacking groups such as Kryogeniks warrant a more stringent punishment? Will Lewis’ guilty plea and potential punishment send a message to other hackers who seek actions to take large websites, such as Comcast, offline?

The Chinese government has denied involvement thus far in the hacking attacks that lead to compromising Google’s systems, which lead to Google threatening to pull out of China. The U.S. government has taken a roll in asking for the Chinese foreign minister for a probe into the investigation of the matter after the hacking campaign ran its course last month.

The malicious code used in the attack was written to take advantage of flaws in certain versions of Internet Explorer and insert spyware onto vulnerable systems. In the recent discovery by U.S. analysts, it seems that the initial attack on Google was not launched by the man who wrote the malicious code. They have also discovered that he is not a government worker. A team of investigators found out that the launching of the spyware, or malicious code, was traced to two educational institutions in China, one having a close tie to the military.

In light of the recent Chinese cyber-spying campaign, some western experts believe software vulnerabilities have been used to steal commercial and military information. This very-well could be the underlying reason for the attacks but has not been confirmed.

Mischel Kwon, a former U.S. cybersecurity official who now works for RSA Security, said, “We’re realizing there are other aspects of this problem beyond the technological and that there are other agencies that need to get involved.”

Shanghai’s Jiaotong University and Lanxiang Vocational School are the two educational institutions that a team of U.S. contractors traced the launch of the malicious spyware code. Because Jiatong University has a high level of cyber security, one of the best in the country, it is suggested that the ones responsible could have compromised the schools’ computers. Both schools’ officials have denied any involvement according to a state-run news agency in China.

Security researchers have discovered a botnet that spreads primarily through routers and DSL modems. The vulnerable routers and modems are ones that have not been properly configured with an original password leaving them open and vulnerable to this new botnet.

If you are at all familiar with the name Chuck Norris, then you know that he is a famous U.S. actor known for martial arts and films such as “Missing in Action” , “The Way of the Dragon” and the TV series “Walker, Texas Ranger”. The Chuck Norris botnet gets its name from the actor because of its programmer’s italian comment in the sources code: “in nome di Chuck Norris” which means “in the name of Chuck Norris”. As to why such a comment was made, we think it could be because Chuck Norris, for the sake of all arguments, can be a vicious force to be reckoned with. We expect the Chuck Norris botnet to be just as “serious” as any character Chuck Norris has played in his career.

Millions of computers around the world have been infected by botnets and we believe the Chuck Norris botnet will be able to seek out different types of computers since it has the ability to mainly infect systems through routers and DSL modems. If a computer user has a router or DSL modem that still uses the default login and password, then it is a prime target for the Chuck Norris botnet. Once infected with the Chuck Norris botnet, a compromised system can be used to initiate DDoS (distributed denial of service) attacks over the internet on other computers. In addition, this new botnet can be used to change the DNS (Domain Name System) settings on an affected router which can easily lead users to malicious or phishing web pages.

The Chuck Norris botnet can be controlled remotely sometimes through IRC (Internet Relay Chat). The botnet can be defeated by a restart of the infected system’s router. To eliminate the threat of Chuck Norris botnet, it is suggested that users use a strong password, update the routers firmware and enable the security features on the router or modem.

Live PC Care is a fake security application that uses several misleading methods to entice computer users into purchasing a full version of the Live PC Care program. In a new discovery, it was found that Live PC Care and other similar rogues make an attempt to offer computer users live technical support. The online support or “live tech support” that Live PC Care offers is actually an open line to a live person but they are only there to push computer users into spending an additional USD$30 to USD$100 on a bogus service.

The live technical support offered through Live PC Care directs computer users to an instant messenger connection with a real person after clicking on an Online Support button as shown in Figure 1 below. Through the instant messenger service, the support tech attempts to convince users to spend their money on the Live PC Care program costing upwards of USD$100 for the “full service” in addition to declaring that Live PC Care is a legitimate security application.

Figure 1. Live PC Care rogue anti-spyware program screen shot with “Online Support” button.

Hackers that create rogue applications have attempted to offer such services in other fake security programs such as WinFixer which offered tech support via a call center. In this case an actual call center was made available to users of WinFixer. The call center members were instructed to reassure victims that they were buying a legitimate security program.

In another incident, a scarware defendant agreed to pay $1.9 million to settle charges with the FTC for a scheme that tricked users into purchasing fake security programs. This Cincinnati man had set up a call center using ByteHosting Internet Services for technical support questions from computer users tricked into purchasing fake security applications. Users were even promised refunds which they never received.

The creators of rogue applications have caused massive headaches for thousands of computer users by coming up with new a creative ways of marketing their malicious programs. By offering technical support for their products is just one effective way that they can aggressively flood the market and essentially make more money with their rogue anti-spyware programs.

Computer users are urged to be cautious when they encounter a rogue application that seems to offer all of the typical features of a legitimate security program. Because Live PC Care offers live tech support via instant messenger does not mean it is a safe program no matter what the “support technician” has to say.

Figure 1. Panda Labs Fake Microsoft Outlook update spam message

Hackers will not stop at anything to exploit their latest malware. The Bredolab.Y Trojan variant and Security Tool rogue security program are just two examples of malware currently being spread through a new spam campaign that utilizes a fake Microsoft Outlook update message. Those affected by this new campaign have reported receiving a realistic-looking email message that appears to have come from Microsoft Support as demonstrated in figure 1 above taken from Panda Labs.

The spam email with the fake Microsoft Update is a dead giveaway after we took a closer look at it. First off, you must know that Microsoft does not issue updates or patches via email. In addition, the spam message includes an attachment zip file which may automatically install the Bredolab.Y Trojan upon executing the included .exe file.

Once a system is infected with the Bredolab.Y Trojan, it will install the rogue anti-spyware application Security Tool. Security Tool, by itself, has been known to cause havoc on any system that it is installed on by using deceiving tactics to force the purchase of the licensed version of Security Tool.

This is not the first time similar spam campaigns have been used to spread malware nor will it be the last time. Usually hackers will take advantage of recent news stories to spread malware via spam messages such as in the case of the Haiti Earthquake email scam campaign.

How many email messages do you receive each day and how many of them are spam campaigns attempting to spread some type of malware? Does your antivirus or antispyware application catch these threats if you accidentally open the attachment?