Computer security: A swarm of many stripes | The Economist.

“Hackers come buzzing in from expected, and entirely unexpected, places”

Bank Trojan Takes Aim at Firefox Users

Excerpts:

The world’s most feared banking Trojan, Zeus, is going after Mozilla Firefox users for the first time, security company Trusteer has reported.

Also known as Zbot, Zeus is designed to steal banking logins from its victims using sophisticated web form spoofing as well as keyloggging. …

According to Trusteer, version 2.0 of the Zeus Trojan has cracked Firefox security, and real examples targeting the browser are now being seen at a rate of one in 3,000 PCs scanned by the company’s Rapport service.

Mozilla last night announced that two experimental Firefox add-ons, Master Filer and the Sothink Web Video Downloader version 4, infected victim PCs with Trojans when either add-on was installed.

via Malicious Firefox Add-ons Installed Trojans – PCWorld.

Adobe Warns of PDF Phishing Scam – PCWorld.

A new phishing scam is trying to fool people into thinking it comes from Adobe, announcing a new version of PDF Reader/Writer. The message is making its way into e-mail boxes now, and the real Adobe urged any recipients to simply delete it.

How to Stop 11 Hidden Security Threats – PC World.

Additional Security Resources

Many sites and services on the Web can help you learn more about computer security threats or can analyze your machine to make sure it is clean and safe.

Some of the personal details that you might share on social networks, such as your high school, hometown, or birthday, are often the same items used in “secret” security questions for banks and Websites. An attacker who collects enough of this information may be able to access your most sensitive accounts.

via How to Stop 11 Hidden Security Threats – PC World.

Software Firms Fear Hackers Who Leave No Trace – NYTimes.com.

If hackers could steal those key instructions and copy them, they could easily dull the company’s competitive edge in the marketplace. More insidiously, if attackers were able to make subtle, undetected changes to that code, they could essentially give themselves secret access to everything the company and its customers did with the software.

The fear of someone building such a back door, known as a Trojan horse, and using it to conduct continual spying is why companies and security experts were so alarmed by Google’s disclosure last week that hackers based in China had stolen some of its intellectual property and had conducted similar assaults on more than two dozen other companies.

Security Fix – What To Do When Scareware Strikes.

First thing: Take a deep breath and don’t panic!

The New York Times reports today :

In a survey of 443 companies and government agencies published last month, the Computer Security Institute found that 64 percent reported malware infections, up from 50 percent the previous year. The financial loss from security breaches was $234,000 on average for each organization.

The long-term answer, some experts assert, lies in setting the software business on a path to becoming a mature industry, with standards, defined responsibilities and liability for security gaps, guided by forceful self-regulation or by the government.

Just as the government eventually stepped in to mandate seat belts in cars and safety standards for aircraft, says James A. Lewis, a computer security expert at the Center for Strategic and International Studies, the time has come for software.

If you are using Internet Explorer, either make sure your security level is set to “High” or else, use another browser.

Microsoft Warns of IE Zero-day Used in Google Attack

A critical zero-day flaw in Internet Explorer was exploited as part of the attack on Google and other companies, according to both Microsoft and McAfee.

The flaw allows for a Web-based attack against IE 6 SP 1 on Windows 2000, along with IE 7 and 8 on XP, Server 2003, Vista, Server 2008, Windows 7 and Windows Server 2008 R2. According to Microsoft’s security advisory, the company has only seen active attacks against IE 6 so far.