Blackhat SEO Techniques Could Lead To Scareware infections

Thursday, April 22, 2010

Cyber criminals quick to pounce on McAfee crash story

Security experts are warning users searching for information on the breaking McAfee systems crash story to beware of malicious links in search results that could contain scareware.

Security giant McAfee caused widespread concern among users after it revealed that a problem with its anti-virus product caused some Windows XP systems to crash.

However, cyber criminals have been first to react to the incident, by using blackhat search engine optimisation techniques to ensure that their malicious web pages are returned first in a search for information on the incident.

Many of these will infect the user with malicious software designed to trick them into thinking they are infected and then paying a fee for 'anti-virus software' to alleviate the problem.

"These poisoned pages are appearing on the very first page of search engine results, making it likely that many will click on them,"
said Graham Cluley, senior technology consultant at Sophos.

"If you visit the links you may see pop-up warnings telling you about security issues with your computer. These warnings are fake and designed to trick you into downloading dangerous software, which could result in hackers gaining control of your corporate computers or the theft of your credit card details."

Rik Ferguson, senior security advisor at Trend Micro, said that he is not surprised that the news had been hijacked by cyber criminals.

"Unfortunately this is an ongoing trend, and we see it related to any newsworthy event,"
he said.

"People cannot afford to blindly trust the results offered by search engines, as abusing search trends has now become one of online crime's primary infection vectors."


Google using speed to rank search results

Sunday, April 11, 2010

Google is now using site speed as a consideration when ranking sites in its search results, giving webmasters yet more food for thought.

In a blog post yesterday, Google fellow Amit Singhal and principal engineer Matt Cutts revealed the news, arguing that speeding up the response times of your site is important for both site owners and users.

“Faster sites create happy users and we've seen in our internal studies that when a site responds slowly, visitors spend less time there,”
they wrote.

“But faster sites don't just improve user experience; recent data shows that improving site speed also reduces operating costs. Like us, our users place a lot of value in speed — that's why we've decided to take site speed into account in our search rankings.”

Singhal and Cutts recommended several tools webmasters can use to evaluate the speed of their sites. These include open source Firefox/Firebug add-on Page Speed, Yahoo tool YSlow, and a Google function in its Webmaster Tools section.

However, the web giant did concede that site speed will not be taken into consideration as much as, say, relevance, when evaluating the search rankings of a particular site.

“Currently, fewer than 1 per cent of search queries are affected by the site speed signal in our implementation and the signal for site speed only applies for visitors searching in English on at this point,”
noted the blog post.

“We launched this change a few weeks back after rigorous testing. If you haven't seen much change to your site rankings, then this site speed change possibly did not impact your site.”


Twice in two week Glitch diverts net traffic through Chinese ISP

Saturday, April 10, 2010

Internet service providers in China briefly tainted network routing tables on Thursday, marking the second time in two weeks operators in that country have done so, IDG news reports.

The bad networking information originated from IDC China Telecommunication and was soon retransmitted by China's state-owned China Telecommunications. ISPs including AT&T, Level3, Deutsche Telekom, Qwest Communications and Telefonica soon incorporated the data into their tables as well, IDG said.

As a result, routing information for 32,000 to 37,000 networks was affected, potentially causing them to be redirected through IDC China instead of their path. Some 8,000 of the networks were located in the US, including those operated by Dell, Apple, CNN, and Starbucks. Networks in Australia, China and elsewhere were also affected.

The incident comes two weeks after a similar networking anomaly caused people in Chile to be redirected to Chinese networks, potentially blocking websites such as Facebook and YouTube, which are banned in that country.

The snafu underscores the fragility of the Border Gateway Protocol, which is used to route traffic over the internet. The core net underpinning remains susceptible to man-in-the-middle attacks that can divert traffic to impostor networks.

At the 2008 Defcon hacker conference in Las Vegas, researchers demonstrated a BGP attack that allowed them to redirect traffic bound for the conference network to a system they controlled in New York. Also in 2008, large chunks of the internet lost access to YouTube when BGP tables inside Pakistan spread to other countries.

It's unclear how widely felt Thursday's incident was outside of Asia, IDG said. Routers frequently subscribe to several BGP routes and follow the shortest path. That means networks physically located in the US, Europe and elsewhere may have ignored the tables that traveled through China.

Internet service providers in China briefly tainted network routing tables on Thursday, marking the second time in two weeks operators in that country have done so, IDG news reports.

The bad networking information originated from IDC China Telecommunication and was soon retransmitted by China's state-owned China Telecommunications. ISPs including AT&T, Level3, Deutsche Telekom, Qwest Communications and Telefonica soon incorporated the data into their tables as well, IDG said.


Twitter leaks details of major redesign

Friday, April 9, 2010

Twitter has released statistics which it claims prove the site is a "global information network", as it prepares for a radical overhaul.

Matt Sanford, lead engineer for Twitter's international team, said in a blog post that over 60 per cent of new Twitter users have come from outside the US since the beginning of September.

The news follows Twitter creative director Doug Bowman's leaking of a screenshot of the new design for the site, in which user profiles show more information, such as when they joined and how many tweets they post a day.

Fred Wilson, principal of Union Square Ventures, which has invested in Twitter, has published a blog post indicating that the micro-blogging site could be about to undergo a major change.

Wilson said that third-party developers focused on the Twitter platform may have to consider more radical innovation, and the creation of "killer apps".

Wilson sits on Twitter's board of directors, and his views are likely to hold some weight. Twitter platform developer Doug Williams tweeted that Wilson's blog post was "incredibly timely", and that "all Twitter developers should read it".

"Much of the early work on the Twitter platform has been filling holes in the Twitter product. Mobile clients come to mind. Photo sharing services come to mind. URL shorteners come to mind. Search comes to mind,"
Wilson said.

"Twitter really should have had all of that when it launched, or it should have built those services right into the Twitter experience."

Williams warned that the time for developing applications that fill holes in Twitter's platform had passed, and that developers should now focus on areas such as social gaming, analytics and discovery.

He also encouraged developers to focus on applications for vertical markets, like the Stockwits application for finance, and for enterprise use.


iPad hardware weighs in at $259, say analysts

Wednesday, April 7, 2010

Analyst's teardown lauds "game changing" design

Industry analysts praised the internal design of Apple's iPad in the first major "teardown" reports on the device.

Research firm iSuppli took the iPad apart and found the hardware components and manufacturing costs for each 16GB Wi-Fi iPad added up to around $259.60 per unit. The cost for the 3G-enabled iPad, expected to be released later this month, would be higher due to the additional components.

The most expensive hardware on the iPad is the display. The company estimated that the screen and touch-sensing hard interface for the device costs come $109.50, roughly 44 per cent of the total cost of the device.

Meanwhile the casing for the iPad was estimated to cost $32.50, while the lithium ion battery was pegged at $21. The NAND flash memory for the iPad was also cited as major portion of the costs with its estimated $29.50 price tag.

The 16GB Wi-Fi iPad currently retails for $499 in the US. International release is tentatively scheduled for the end of April.

The firm said that the Apple tablet delivered a "game changing" design in the way it was constructed.

"The iPad’s design represents a new paradigm in terms of electronics cost structure and electronic content,"
said iSuppli principal analyst and teardown services manager Andrew Rassweiler.

The analyst explained that rather than start by designing a motherboard system to power the device and adding on peripherals such as touch screen or displays, the company used the screen and interface as the basis for the design and tailored the computing components to work with those systems.

"Everything is human-machine-interface-centric, with the printed circuit board and integrated circuits all there to facilitate the display of content as well as user inputs,"
he said.


Shadow Network busted Spies caught plundering secret Indian docs

An espionage gang that infiltrated Indian government computer networks across the globe has been pilfering highly classified documents related to missile systems, national security assessments and the United Nations, according to researchers who tracked the intruders for eight months.

The gang, dubbed the Shadow Network, was monitored by researchers from the Munk School of Global Affairs at the University of Toronto and the SecDev Group. With assistance from colleagues at the Shadowserver Foundation, the white hat hackers watched the spies as they systematically compromised computers in government offices on multiple continents.

Shadow Network members also infiltrated the systems of Indian embassies in Kabul, Moscow and Dubai, India's Military Engineer Services, and several private companies. Reports they grabbed were frequently stamped with "Secret," "Restricted," and "Confidential" notices. The plundered documents also included a year's worth of personal email from the Dalai Lama.

The researchers are the same ones who last year discovered another stealthy spy ring dubbed Ghostnet. That group also stole documents from the Dalai Lama and from governments and corporations in more than 103 countries.

It was while following Ghostnet that the researchers stumbled onto the Shadow Network, which is believed to be a separate operation. By gaining access to the control servers Shadow Network spies used, the researchers were able to observe the theft of vast amounts of Indian government documents.

To conceal their tracks and to build redundancy into their operation, the spies configured their control servers to work with a wide range of free internet services, including Twitter, Google Groups, Baidu Blogs, and Yahoo Mail. The free services allowed the attackers to maintain control of compromised computers even if they lost contact with the command and control servers, the researchers said.

Following a trail of digital breadcrumbs, the researchers traced the attackers to China's Sichuan Province, though they noted it's hard to say conclusively that's where the individuals were located. Chinese government officials strongly denied the government was behind the attacks.

Members of the Shadowserver Foundation said they have already reported Shadow Network operations to China's National Computer Network Emergency Response Technical Team and called on the Chinese government to shutter the spy network.

The researchers' report, titled Shadows in the Cloud: An investigation Into Cyberespionage 2.0, is available here and there are additional details from The New York Times here.


PDF security hole opens can of worms

Tuesday, April 6, 2010

The security perils of PDF files have been further highlighted by new research illustrating how a manipulated file might be used to infect other PDF files on a system.

Jeremy Conway, an application security researcher at NitroSecurity, said the attack scenario he has discovered shows PDFs are "wormable". Computer viruses are capable, by definition, of overwriting other files to spread. Conway's research is chiefly notable for illustrating how a benign PDF file might become infected using features supported by PDF specification, not a software vulnerability as such, and without the use of external binaries or JavaScript.

The "wormable PDF" research comes days after another security researcher, Didier Stevens, showed how it was possible to both embed malicious executables in PDFs and manipulate pop-up dialog boxes to trick victims into running a malicious payload. Both Adobe and FoxIT are working on a fix against the security shortcomings in their respective PDF viewing packages illustrated by the research.

Conway, who last week published an advisory and proof of concept video demo on wormable PDFs, said he was inspired to hunt for related vulnerabilities in the PDF specification by Stevens' research. A fix capable of blocking the security loophole discovered by Stevens ought to also prevent the possibility of 'worming' PDFs.
"If the vendors figure out a method to prevent Didier’s example this same fix will stop this proof of concept as well," Conway writes.

A follow-up blog post by Conway explains the implications of the security shortcomings of PDF files in greater depth.

"I chose to infect the benign PDF with another, and launch a hack that redirected a user to my website, but this could have just as easily been an exploit pack and or embedded Trojan binary,"
Conway explains.
"Worse yet this dynamic infection vector could be utilised to populate all PDFs for some new O-day attack, thereby multiplying an attackers infection vehicles while still exploiting user systems ('worm-able')."

An informative blog post by Mikko Hypponen, chief research officer at net security firm F-Secure, explains how all sorts of unexpected content is supported by the PDF specification.

Media files, JavaScript and forms that upload data a user inputs to an external web server are all supported by the PDF specification in addition to embedded executables. These little-known features go a long way towards explaining both why PDF applications such as Adobe Reader takes ages to load and why the file format has become such a firm favorite with hackers over the last year or so, Hypponen notes.


China implicated in another major hacking attack

Security researchers in Canada have uncovered a new targeted malware network controlled by servers in China which has compromised computer systems in the Office of the Dalai Lama, Indian government, business and academic organisations and even the United Nations.

University of Toronto researcher Nart Villeneuve highlighted the main findings of the new Shadows in the Cloud report, revealing a "complex and tiered command-and-control infrastructure".

"The attackers misused a variety of services, including Twitter, Google Groups, Blogspot, Baidu Blogs, and Yahoo Mail, in order to maintain persistent control over the compromised computers,"
he said in a blog post yesterday.

"This top layer directed compromised computers to accounts on free web hosting services, and as the free hosting servers were disabled, to a stable core of command-and-control servers located in China."

Any concrete link with the Chinese authorities is unproven, but the report has managed to link the network with two individuals living in Chengdu and to the underground hacking community in China.

The report, which was compiled by Shadowserver Foundation and the Information Warfare Monitor, also claimed that the network had been involved in stealing countless documents marked 'secret' or 'confidential', and that over 1,500 letters sent from the Dalai Lama's office last year had been compromised.

"The nature of the data stolen by the attackers does indicate correlations with the strategic interests of the Chinese state. But we were unable to determine any direct connection between these attackers and elements of the Chinese state," wrote Villeneuve.

"However, it would not be implausible to suggest that the stolen data may have ended up in the possession of some entity of the Chinese government."

The new attack network bears several similarities to the GhostNet system uncovered by the same team of researchers about a year ago which heavily implicated China in cyber snooping activities.

The Chinese government is reported to have issued a stock denial of any such activities, claiming that they had been "stirred up" to cause trouble.

"We resolutely oppose all forms of cyber crime including hacking," China foreign ministry spokeswoman Jiang Yu is reported to have told a press conference.


iPhone 4.0 to be introduced this week

Apple is reportedly planning to outline the features for its next iPhone OS build this week.

The company has begun informing media outlets that it will be holding a special event on its campus Thursday 8 April to introduce the iPhone 4.0 firmware.

Little information was given about the new OS or what features it will introduce, but early rumours have suggested that the update could allow multi-tasking, a feature which would allow more than one application to run on the handset.

While the iPhone hardware is capable of multi-tasking, the feature is currently only accessible through 'jailbreaking,' a process of removing security protections that Apple has repeatedly advised against. Such modified handsets commonly have trouble with firmware updates.

The late winter to early spring period is commonly when Apple prefers to unveil its hardware and software updates for the iPhone, The new products are then released to the public later in the summer.

The news comes just days after the company delivered what many consider to be the biggest product release since the original iPhone. Apple said that in its first day of availability, the new iPad tablet delivered some 300,000 units.


iPad jailbroken in less than a day

Apple's iPad is selling well but hackers have been busy and the iPad has already been jailbroken, according to postings online.

Yesterday Twitter user MuscleNerd posted a video and picture of what appears to be a jailbroken iPad, credited to hacker Comex. Comex is a member of the iPhone Dev team, who have also said that a jailbreak is possible but have yet to release it.

Both attacks appear to depend on the use of a variant of the Spirit application that is used to crack iPhones.

Apple is playing a continuing game of cat and mouse with those who seek to use their own software on the devices. In the past updates have rendered devices useless and it bans some users from its App Store.


Microsoft cuts 'Series' lump from Windows Phone 7

Monday, April 5, 2010

It's just two months old, but Microsoft has already renamed its next operating system for Windows phones.

Microsoft's dropped the "Series" from the Windows Phone 7 Series - now the software will simply be called Windows Phone 7, according to a Microsoft team Tweet, below.

The Tweet gave no explanation why Microsoft is dumping the clumsy appendage, but David Webster, chief strategy officer in the company's central marketing group, did try to explain to TechFlash the thinking for inserting "Series" into an otherwise perfectly acceptable name in the first place.

Windows Phone is an OS, it's not a phone. The idea was that we needed a handle to refer to the devices that ran Windows Phone 7 - the family, in essence. Now, in a lot of the coverage and a lot of the usage cases, that context, I think, got lost. People got to thinking that the software was Windows Phone 7 Series, when really that was just an effort to refer to the devices that would be running Windows Phone 7.

No doubt the word "Series" made sense in some meeting of marketing drones who justify their existence on the value attached to the position of a comma in a sentence, or how people "connect" with a brand.

That's the kind of thinking at Microsoft that has, over the years, given us MSN versus Windows Live, and .NET on everything then .NET on just some things.

Here's to you Microsoft: keep sweating the message.


New Gmail launches for the iPad

Google has announced an enhanced version of its popular email client Gmail designed for the iPad.

In a blog posting, engineering manager Alex Nicolaou argued that Google’s work to optimise Gmail for touchscreen devices began when the first iPhones and Android handsets came onto the market.

He explained that this new version would take advantage of the iPad’s large touchscreen and tablet form factor to include “an experimental two-pane user interface”.

The new interface will feature a user’s conversations down the left hand side and messages in the right column, he added.

“All the features of the Gmail web app that you're used to, such as offline access and aggressive caching to reduce latency, are present in the iPad version,” Nicolaou explained.

“Tablet devices are still very new, so expect changes as we continue to optimise for this new format.”

The iPad was finally launched to great fanfare in the US on Saturday, with a UK release date expected by the end of the month.

Although it is being marketed, as the iPhone was originally, as primarily a consumer device, its enterprise credentials have been given a boost by the launch of a couple of new Citrix apps.

The latest research seems to indicate Apple could be on to yet another winner after its success with the iPhone. A new survey from price comparison site Kelkoo UK last week found that 40 per cent of consumers are ready to ditch their laptops for a tablet PC like the iPad.


A week in security: Apple and Microsoft patch numerous flaws

Sunday, April 4, 2010

A week in security: Apple and Microsoft patch numerous flaws

It was a busy week this week for both Apple and Microsoft, after the two tech giants were forced to patch critical flaws in their products, while Google’s spat with China continued and social networks were found wanting once again.

First, Microsoft’s Internet Explorer product was found wanting again, with the firm forced to issue an out-of-cycle patch for IE6 and IE7, the second time this year Redmond has had to release a patch outside its regular schedule.

"The out-of-band security bulletin is a cumulative security update for IE and will also contain fixes for privately reported vulnerabilities rated 'critical' on all versions of IE that are not related to this attack,"
said the company.

On the same day, Apple issued major security updates for Mac OS 10.5 (Leopard) and Mac OS 10.6 (Snow Leopard), as well as additional performance and stability updates for Snow Leopard. The security update includes 69 fixes for various components in Leopard and Snow Leopard, including nine vulnerabilities in QuickTime and four in the ImageIO component.

There was more trouble for Google this week as the tit for tat battle between the web giant and the Chinese government continued.

It emerged early in the week that some of Google’s mobile services were being blocked by China, while a senior Google security researcher argued that the attacks it suffered in January originating in the region represented a much wider threat to the internet.