Category: Computer Security
Windows Black Screen of Death is due to a malware attack, claim Microsoft
Been hit by the annoying Black Screen of Death since the last Windows update? Malware and not Windows itself is to blame, claim Microsoft.
Livedrive online storage system set to launch
Cloud storage system dynamically updates files across multiple PC's.
Microsoft to release beta of the free anti-virus of to-Morro
Microsoft is prepping a beta release of their free anti-virus software, Morro. There’s no fixed date as yet but with the full version set for launch by the end of the year The Soft has hinted that we’re looking at a matter of weeks/days.
The move comes as one hell of a pain for the likes of McAfee, Symatnec et al who’ve responded with the usual scaremongery about their experience in the field and superior levels protection and blah, blah, blah but their share prices have dropped by a per cent or nonetheless.
Morro appears to be a stripped down version of Microsoft’s failed $40-a-year Live OneCare suite, which was a commercial disaster, and is set to be pulled in November. Doubtless, it’ll have a significantly better uptake now that you don’t have to pay for it and I’ll be interested to see whether the likes of Dell still offer trials for subscription anti-virus. Looking forward to the waves.
Lost and Naked: A tale of hacking in World of Warcraft
What would you do if you woke up half-way across the world with no clothes on, and just a mining pick in your possession? That was the virtual reality that faced Luke Maskell when he logged into his World of Warcraft character, Häwk, one morning. His character had been hacked into and everything of value had been removed and sold.
“They must have stolen around ten to fifteen thousand gold worth of goods and cash,” says Luke, “they probably would have earned around £50-£80”. That might not sound like much, but for his character it represents months and months of play in the massively-multiplayer online world where one of the most controversial topics is that of gold farmers and selling equipment for real cash.
Selling gold and virtual items in World of Warcraft is very strictly against the rules set by developer Blizzard. The terms of use for the game state, quite firmly, that “you may not sell in-game items or currency for “real” money, or exchange those items or currency for value outside of the Game”.
But is it a crime? Well, a spokesperson for the Metropolitan Police told us that it was a very tricky one – it would need a test case to be determined, and it would depend on many factors. Complicating the matter is the fact that the virtual thief might not be resident in the UK, and Blizzard’s servers might be sitting in yet another country again. I put this to the Police spokesperson who sucked his teeth and told me that a court-case spanning three countries would be “absolute madness”.
“I certainly see it as a crime,” states Luke, defiantly, “the online assets are in the end, property of Blizzard, and someone is selling this property for real-world money without permission, they should be treated as any other criminal.”
It’s not completely clear how the attacker managed to gain access to Luke’s characters: “Virus scanners and anti malware software found a few stray cookies from websites I was unsure about, but nothing major like a trojan or virus. I don’t think I’ll ever find out how my details were stolen.”
Blizzard, for their part, offer plenty of advice on how to keep accounts secure. On their compromised accounts page they recommend you change passwords regularly and warn against installing dodgy-looking game modifications or using power-levelling services.
They also sell a device called an ‘authenticator’, which hooks up with your account and generates a second password that operates alongside your main one. This password changes every five minutes, so it’s impossible to log in if the authenticator isn’t in your possession.
Luckily, this story has a happy ending for Luke: “Blizzard were great with the issue. I went through both the in-game ticketing system and their online support site to get my items and account back under my control, and they responded quickly and professionally.”
“They advised me on steps to take to prevent any further hacks, fully restored all my items and gold, and even gave everything that was taken from the guild bank back, all within 3 days of the hack occuring. I was very impressed.”
His guild – a group of players that he plays with on a regular basis – were also very supportive, too: “From my guild, I got a general response of sympathy and people wishing me luck in getting all my items and money back from the game moderators. I had a lot of people in the guild offering me some cash to get me back on my feet and replace my items”
If you’re a player of World of Warcraft, or any other online game, put yourself in Luke’s shoes for a minute. Think about how long it took you to acquire the items that you’re using in-game, and how long it would take to replace them. Then go change your account password and buy an authenticator – in the long run, you’ll be very pleased you did.
LoJack laptop tracker service launches in Europe
If you’re the kind of person who likes to take your laptop out and about with you, whether or not you actually do work or just want a reason for sitting in Starbucks on your own, then you might be interested to hear that some software is about to hit UK shores that will track your computer should someone half-inch it while the diuretic that is caffeine works its magic on your bladder.
LoJack of Laptops embeds itself in the firmware of your machine either in the factory or at the user end and it sits so damn tight that it’ll survive reformats, OS re-installations, HDD removals, re-imaging and just about any other operation beginning with r.
Once stolen, and the service activated, your pilfered PC will do the forensic mining of key captures, registry scanning, file scanning, geolocation, and other investigative techniques to work out where it is, who’s got it and to get the authorities on their ass. How satisfying would it be to catch someone red-handed?
Naturally, LoJack don’t come cheap with a year’s subscription at £45.49 for Windows and Mac. It might be worth opting for insurance instead and buying yourself a brand new, upgraded model in the event of capture. You’d just better hope they don’t dig out your bank details.
Absolute Software
Conficker Watch: The worm awakens
The worm has turned. Conficker has awoken. It’s updating peer-to-peer and dropping in a mysterious load thought to be a keystroke logger. For the 3 to 12 million users thought to be infected, it would seem like a good time to stop using your bank accounts and start re-installing Windows.
The worm will contact sites like MySpace.com, MSN.com, eBay.com, CNN.com and AOL.com in order to check internet connectivity, drop the key logger.sys file behind a rootkit such that your anti-virus won’t be able to pick it up and then disappear with no further replication by 3rd May.
The .sys file will, of course, still be there and will still report back from the host computer to the rest of the botnet. All very pleasant stuff.
You can visit one of these two sites to see if your machine is infected.
(via CNET)
Old viruses take note of Conficker's successes
Despite Conficker’s relative no-shown on April 1st, its impact hasn’t gone unnoticed in the virus creators community. An updated version of Neeris – which dates from 2005 – is now doing the rounds exploiting the same flaw as last week’s media darling.
Security experts don’t think that the creators are related, just that Neeris has undergone a redesign after seeing Conficker’s success. As ever, if you’re fully patched up with the latest versions of Windows, then you’re probably safe. The quickest way to check, though, is visit an anti-virus site. Most viruses will stop you doing that.
(via eWeek)
Contract laptops to come with kill-switch
A growing trend among phone networks is to start offering netbooks and other low-cost laptops free to customers of their mobile broadband services. What happens, though, if the contract owner stops paying up? They lose kit worth hundreds of pounds that’s still in fully working order.
As a result, LM Ericsson AB, a Swedish company that produces laptop modems, has added a feature to its hardware that can remotely ‘kill’ a laptop, rending it useless. If carriers desire, then they can stop a customer who hasn’t paid up from using his or her machine.
It could also be used to secure lost or stolen machines – locking them down remotely. It’s a nice idea, but I’d be concerned about the risk of these devices malfunctioning, stopping legitimate customers from accessing services that they’ve paid for.
(via Yahoo!)
Top ten things we wish the Conficker worm would do (but it won't)
On April 1st, the infamous Conficker worm will unveil the full extent of its power. The virus, which has squirrelled away inside something like 15 million PCs, will ‘activate’ by receiving instructions from a mysterious central server.
It could spam, begin DDOS attacks, or just access all your files for identity theft purposes. But those are boring. Let’s have a look at what else it could do. Click through to the full post to begin.
UPDATE: 3 releases 80,000 names and addresses on its website
Mobile phone network 3 is in trouble today after an enterprising chap called ‘Dan’ (no relation to our Dan) stumbled across 79,035 names and addresses on their website. 3 rapidly took the list down.
Names and addresses aren’t exactly confidential – they’re available in the phone book – but most curiously of all, 3 claims that less than five percent of the info comes from 3 customers. That raises the rather thorny question of who the hell the rest of them are.
Any ideas? Drop us a tweet at @techdigest with your suggestions as to who these people might be.
