Microsoft Switzerland Security Blog

Conficker's First Birthday Looms - Seven Million IPs Still Infected

2009-11-06T09:59:00Z

As Conficker approaches the first anniversary of its appearance in the wild, the Shadowserver Foundation says that at least seven million IP addresses — each representing one or more computers — are now infected by the worm. http://www.infosecurity-magazine.com/view/4941/confickers-first-birthday-looms-seven-million-ips-still-infected/ Perhaps a very good idea for the seven millions to look at the free: Microsoft Security Essentials (MSE) Antimalware Software under: http://www.microsoft.com/security_essentials/...(read more)

Microsoft Security Intelligence Report volume 7 (January - June 2009) released

2009-11-03T09:20:00Z

The Microsoft Security Intelligence Report (SIR) provides an in-depth perspective on the changing threat landscape including software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software. Using data derived from hundreds of millions of Windows computers, and some of the busiest online services on the Internet, this report also provides a detailed analysis of the threat landscape and the changing face of threats and countermeasures and includes updated...(read more)

Phishing, Worms Spike This Year, Say Microsoft and McAfee

2009-11-03T09:18:00Z

Scammers are targeting social networks with phishing scams and relying more heavily on worms and Trojans to attack computers, according to security trend reports to be released Monday by Microsoft and McAfee. http://news.cnet.com/8301-27080_3-10387768-245.html The Microsoft Security Intelligence Report (v7) was released today and can be found here: http://www.microsoft.com/security/portal/Threat/SIR.aspx The McAfee press release along with report (PDF) can be found here: http://newsroom.mcafee.com/article_display.cfm?article_id=3591...(read more)

Windows 7 Security Story May Appeal to Enterprises

2009-11-02T09:52:00Z

The Windows 7 security story has three main chapters that have received a fair amount of attention: DirectAccess, BitLocker To Go, and AppLocker. With these, as well as features such as BranchCache and enhancements to UAC (user account control), officials at Microsoft have said they feel they are pushing out their most secure operating system yet. http://www.eweek.com/c/a/Security/Windows-7-Security-Story-May-Appeal-to-Enterprises-549002/ -Urs...(read more)

Free Microsoft Security Tool Locks Down Buggy Apps (EMET)

2009-11-02T09:48:00Z

EMET, short for Enhanced Mitigation Evaluation Toolkit, allows developers and administrators to add specific security protections to applications. Unlike mitigations released in the past, EMET doesn't require programs to be recompiled, so it can be used to fortify applications even when the source code isn't available. http://blogs.technet.com/srd/archive/2009/10/27/announcing-the-release-of-the-enhanced-mitigation-evaluation-toolkit.aspx -Urs...(read more)

Internet Phone Systems Become the Fraudster's Tool

2009-11-02T09:46:00Z

Cyber criminals have found a new launching pad for their scams: the phone systems of small- and medium-sized businesses across the U.S. In recent weeks, they have hacked into dozens of telephone systems across the country, using them as a way to contact unsuspecting bank customers and trick them into divulging their bank account numbers and passwords. http://www.computerworld.com/s/article/9140018/Internet_phone_systems_become_the_fraudster_s_tool -Urs...(read more)

Does Software Piracy Lead to Higher Malware Infection Rates?

2009-10-19T14:06:00Z

Yes it does, at least according to a recently released report [PDF] by the Business Software Alliance (BSA) which basically correlates data on the known piracy rates for particular countries and their malware infection rates, using public sources. http://blogs.zdnet.com/security/?p=4605&tag=col1;post-4605 Report: http://global.bsa.org/internetreport2009/2009internetpiracyreport.pdf Urs...(read more)

Cybersecurity Today: The Wild, Wild West

2009-09-28T08:54:00Z

If you purchased a brand new computer today with all the latest security software and plug it into the Internet, how long would it be before the first hacker probed it? Answer : About four hours... http://www.newsfactor.com/story.xhtml?story_id=12100CEDYE09 Probing? 4 hours? I attached lately a new FW to my ISPs network, it took less than ONE minute until the first knocked on the wall! ;-) However, the interesting fact would be, how strong such a new machine with all the latest (security) software...(read more)

Inside the Password-Stealing Business: The Who and How of Identity Theft

2009-09-28T08:50:00Z

With shopping and banking transactions occurring primarily online today, password stealing has become a common cyber crime. Whatever the vector of attack, in many cases some sort of password-stealing malware makes its way onto victims’ computers. McAfee Research Report: http://www.mcafee.com/us/local_content/reports/6622rpt_password_stealers_0709_en.pdf Some suggestions for creating strong passwords: http://www.microsoft.com/protect/fraud/passwords/create.aspx (This btw. is on our new Online Saftey...(read more)

Where in the World do Viruses come from?

2009-09-17T09:19:00Z

The U.S. continues to dominate as the main source of the world's viruses, producing 15.9 percent of all viruses. It is followed closely by Brazil, which produces 14.5 percent (similar levels to last month's 14.1 percent). You can see more about virus trends from the Microsoft Security Intelligence Report: http://www.microsoft.com/security/portal/Threat/SIR.aspx Urs...(read more)

Hacking Your Life (oh oh...)

2009-09-17T09:14:00Z

A Virginia woman discovered that her married boyfriend had other girlfriends, and she decided to seek revenge online. According to federal prosecutors, she hired computer hackers to help. Elaine Cioni paid hackers $100 [U.S] for the password to her boyfriend’s AOL e-mail account, according to prosecutors, and for an extra $100, she received the e-mail passwords of her boyfriend’s wife, children and one of his girlfriends. No one had a clue she had access. The Washington Post recently reported that...(read more)

Microsoft SDL team releases new security tools

2009-09-17T09:08:00Z

The Security Development Lifecycle (SDL) team at Microsoft released two security testing tools. BinScope Binary Analyzer BinScope is a Microsoft verification tool that analyzes binaries on a project-wide level to ensure that they have been built in compliance with Microsoft’s Security Development Lifecycle (SDL) requirements and recommendations. http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=90e6181c-5905-4799-826a-772eafd4440a MiniFuzz File Fuzzer MiniFuzz is a very...(read more)

SANS Outlines the Top Cyber Security Risks

2009-09-17T09:06:00Z

SANS released the "Top Cyber Security Risks" report which covers March-August 2009. The report features attack data from TippingPoint intrusion prevention systems protecting 6,000 organizations, vulnerability data from 9,000,000 systems compiled by Qualys, and additional analysis and tutorial by the Internet Storm Center and key SANS faculty members. http://www.net-security.org/secworld.php?id=8091 Urs...(read more)

Top 100 Virus-Infected Web Sites Exposed

2009-09-05T18:44:00Z

Simply visiting one of the "Top 100 Dirtiest" Web sites - without downloading or even clicking anything - could expose your computer to infection and put your personal information into the hands of criminals, anti-virus software company Norton Symantec said. http://www.smh.com.au/technology/technology-news/top-100-virusinfected-websites-exposed-20090820-erc8.html Urs...(read more)

New Attack Cracks Common Wi-Fi Encryption in a Minute

2009-09-05T18:35:00Z

Computer scientists in Japan say they've developed a way to break the WPA encryption system used in wireless routers in about one minute. Last November, security researchers first showed how WPA could be broken, but the Japanese researchers have taken the attack to a new level, according to Dragos Ruiu, organizer of the PacSec security conference where the first WPA hack was demonstrated. "They took this stuff which was fairly theoretical and they've made it much more practical," he said... http://www.thestandard.com/news/2009/08/26/new-attack-cracks-common-wi-fi-encryption-minute...(read more)