Tag Archives: microsoft

Threat Report Reveals Google replaces Microsoft as Number One Vendor for Vulnerabilities

16 Nov

Finally FastInternet safety tips from the Finally Fast team

Google replaced Microsoft as the number one vendor for reported vulnerabilities, with a total of 82, due to existing vulnerabilities in Chrome as the browser grows in popularity. Oracle came in second, with 63; Microsoft fell to third place, with 58, all according to Trend Micro’s Third Quarter Threat Report.

Trend Micro threat researchers also witnessed a significant shift from mass compromises to targeted attacks, particularly against large enterprises and government institutions. Their work led them to the uncovering of one of the most notable groups of targeted attacks during the third quarter – the LURID downloader.

These attacks, which were classified by Trend Micro as advanced persistent threats (APTs), targeted major companies and institutions in over 60 countries, including Russia, Kazakhstan, and the Ukraine. The cybercriminals behind these attacks launched over 300 malware campaigns in order to obtain confidential data from and take full control of affected users’ systems over an extended period of time. LURID was successful because it was targeted by its nature. By zoning in on specific geographic locations and entities, LURID compromised as many as 1,465 systems.

Other notable security attacks, scams, breaches and exploits

Trend Micro threat analysts came across a new DroidDreamLight variant with enhanced capabilities and routines. Disguised as battery-monitoring or task-listing tools or apps that allow users to see a list of permissions that installed apps utilize, copies of this new Android malware littered a Chinese third-party app store.

In the first half of July, Trend Micro researchers spotted a page that enticed users to click a link to get free invitations to Google’s latest stab at taking a slice of the social media pie—Google+. Instead of invitations to join the site, however, all the users got was an “opportunity” to take part in a survey that put them at risk.

LinkedIn users were also part of a criminal scam that tricked them into clicking a malicious link to a supposed Justin Bieber video that redirected them to a malicious site.

The most notorious spam runs this quarter led to the download and execution of two banking Trojans: The first campaign featured a spam that purported to come from the Spain National Police; the second supposedly came from the Internal Revenue Service.

India and South Korea was part of the top three spam-sending countries. The United States, which commonly takes the top spot, was not on the top 10 spam-sending countries list most likely due to the arrest of several spambot operators.

Notable security research wins

In addition to the discovery of the LURID downloader, Trend Micro and other global security teams made impressive takedowns in Q3:

After months of monitoring, Trend Micro researchers uncovered a SpyEye operation controlled by a cybercriminal residing in Russia with the handle, “Soldier,” and his accomplice in Hollywood, California. This botnet operation, which amassed more than US$3.2 million within six months, targeted large enterprises and government institutions in the United States, as well as organizations in Canada, the United Kingdom, India, and Mexico. More details on this win can be found in Trend Micro’s research paper, “From Russia to Hollywood: Turning Tables on a SpyEye Cybercrime Ring.”

Trend Micro researchers were also able to gather in-depth information on two of the largest FAKEAV affiliate networks to date—BeeCoin and MoneyBeat. More details on how FAKEAV affiliate networks work can be found in the research paper,”Targeting the Source: FAKEAV Affiliate Networks.”

Photo Credit

Microsoft confirms existence of critical browser security hole in Internet Explorer

12 Mar

A fresh threat to the security of computers running Microsoft’s Internet Explorer 6 or 7 browsers has been discovered, the company confirmed this week.

The Daily Telegraph, a British newspaper, says that users of particularly old (version 5.01) or particularly new (version 8) releases of the browser are not vulnerable to the attack – but that that all other IE users must be aware of the possibility of remote code execution.

Microsoft reports that the problem is due to “an invalid pointer reference being used within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.”

This latest critical flaw comes roughly a month after a similar vulnerability had to be fixed via a rare unscheduled patch from the company. Experts say that, in addition to practicing safe browsing habits, IE users should download the latest version of the software as soon as possible.

Small business moving to Windows 7

5 Mar

Microsoft chief financial officer Peter Klein told CNET recently that the company has sold 90 million licenses for Windows 7. In December, the company reported total sales of 60 million.

Part of the reason for the sales increase is the popularity of Windows 7 within the business community, according to Klein. Microsoft’s previous release Windows Vista was not successful in the business community as most opted to remain with Windows XP.

“Windows Vista was a generation of the operating system that was passed up by small businesses; they stayed with XP,” Microsoft vice president Brooks told CNET. “We’re seeing a lot of trends at retail that are telling us small businesses are starting to come back in the marketplace.”

The company is pleased that more retailers are selling PCs pre-loaded with Windows 7. This is a sign that its newest operating system has become a hit with consumers of all kind. The increased advertising for Windows 7, highlighting the operating system’s utility and customizability is also thought to be responsible for the sales increase.

According to The Register, a UK-based technology news website, Microsoft expects Windows 7 sales to total more than 300 million worldwide by the end of 2010.

Windows 7 gains online users

5 Feb

It hasn’t taken long for Windows 7 to gain a share of online users, according to a recent report by Net Applications. According to the findings, Windows 7 already makes up a little more than 10 percent of all online traffic measured at the end of January. The OS – released in late October – also made large strides for the whole period and had an average of 7.51 percent of web traffic, or a jump of more than a 33 percent over December, according to Net Applications data for January. While Microsoft’s OS gained in users online its Internet Explorer web browser lost some ground, perhaps in the face of much negative press following attacks on Google’s infrastructure, although the report did not give reasons for the slip. And it was Google’s own Chrome web browser that gained from the IE misstep. Internet Explorer use dropped to 62.18 percent where Chrome grew by more than half a point to 5.2 percent versus its December 2009 usage, according to Net Applications January tracking. Meanwhile, Apple’s Safari only increased a small amount to 4.51 percent, while Firefox actually fell slightly to 24.41 percent.


Get every new post delivered to your Inbox.

%d bloggers like this: