Slashdot

A post by Cyberveillance a couple of weeks back revealed a complex black-hat operation involving Google searches leading to hundreds of thousands of bogus blogs, exploiting the "long tail" of search results and isolated from Google's auto-detection of malware sites by a shifting network of redirectors. The fake blog posts are innocuous when visited directly, but make aggressive attempts to install a fake Windows anti-virus tool (which is actually a Trojan horse) if clicked through from Google. Other search engines do not index the bogus sites. The Unmask Parasites site has a detailed two-part analysis of the badware operation, which puts some numbers on its scope: almost 688,000 bogus scareware blogs can be located in Google; some of them have upwards of 1000 posts. This analysis also reveals that a large majority of the sites hacked to host fake blogs are on the network of Servage.net. From the second Unmask Parasites link: "What we have here is millions of rogue web pages targeting the long tail of web search (millions of keywords) where each page tries to install fake (and malicious) "anti-virus" software on visitors' computers. While this black-hat campaign is active for at least 6 months, webmasters of the compromised sites and their hosting providers don't simply notice this illicit activity. The good news is Google seems to have noticed this problem. Probably thanks to the Cyveillance blog post. During the week after that post I see a steady decrease in search results returned by the queries that you can find in this post."

nk497 writes "F-Secure researchers are calling attention to the fact that it's impossible to run third-party anti-virus on iPhones, because the SDK doesn't allow for it. It's a problem, as they claim malware will start to target the phone. 'None of the existing anti-virus vendors can make one, without help from Apple,' chief research officer Mikko Hypponen said. 'Apple hasn't been too interested in developing antivirus solutions for the iPhone, because there are no viruses, which of course, isn't exactly true.' At the moment, the only worms faced by the iPhone have targeted unlocked, jailbroken devices — so Apple's not too bothered protecting users of such phones." While Apple claims that the iPhone's closed nature offers protection to its users, and security vendors maneuver for a piece of a market now closed to them, clearly both sides are pushing their own self-interest.

An anonymous reader writes "The FreeBSD Release Engineering Team is pleased to announce the availability of FreeBSD 8 stable release. Some of the highlights: Xen DomU support, network stack virtualization, stack-smashing protection, TTY layer rewrite, much improved ZFS v13, a new USB stack, multicast updates including IGMPv3, vimage — a new virtualization container, Fedora 10 Linux binary compatibility to run Linux software such as Flash 10 and others, trusted BSD MAC (Mandatory Access Control), and rewritten NFS client/server introducing NFSv4. Inclusion of improved device mmap() extensions will allow the technical implementation of a 64-bit Nvidia display driver for the x86-64 platform. The GNOME desktop environment has been upgraded to 2.26.3, KDE to 4.3.1, and Firefox to 3.5.5. There is also an in-depth look at the new features and major architectural changes in FreeBSD 8.0, including a screenshot tour, upgrade instructions are posted here. You can grab the latest version from FreeBSD from the mirrors (main ftp server) or via BitTorrent. Please consider making a donation and help us to spread the word by tweeting and blogging about the drive and release."

Eugen tips news that Microsoft has sent DMCA takedown notices to several websites to stop them from offering the Computer Online Forensic Evidence Extractor (COFEE) tool for download after it was leaked earlier this month. One of the sites, Cryptome.org, has posted their correspondence with Microsoft over the software. "... Microsoft contacted Network Solutions, which hosts Cryptome, and since John Young, the owner of the website, wasn't too keen on losing his whole website for the sake of a single 15MB file, he removed the download link and sent Network Solutions a notice of compliance."

derrida writes "After over a year of intensive development and refactoring, Inkscape 0.47 is out. This version of the SVG-based vector graphics editor brings improved performance and tons of new features, including: timed autosave, Spiro splines, auto-smooth nodes, Eraser tool, new modes in Tweak tool, snapping options toolbar & greater snapping abilities, new live path effects (including Envelope), over 200 preset SVG filters, new Cairo-based PS and EPS export, spell checker, many new extensions, optimized SVG code options, and much more. Additionally, it would be wrong to not mention the hundreds of bug fixes. Check out the full release notes for more information about what has changed, enjoy the screenshots, or just jump right to downloading your package for Windows, Linux, or Mac OS X." We've been following the progress of Inkscape for years (2006, 2005, 2004).

After this weekend's report of a dangerous flaw in IE (which Microsoft confirmed today), intrudere points out an exclusive report in The Register on a new hole in IE8 that could allow an attacker to pull off cross-site scripting attacks on Web sites that ought, by rights, to be safe from XSS. This is according to two anonymous sources, who told El Reg that Microsoft had been notified of the vulnerability a few months ago.

tsu doh nimh writes "Alan Ralsky, the 64-year-old dubbed the 'Godfather of Spam,' was sentenced to 51 months in prison on Monday, the Washington Post's Security Fix blog reports. According to anti-spam group Spamhaus.org, Ralsky has been spamming since at least 1997, using dozens of aliases and tens of thousands of 'zombies' or hacked PCs to relay junk e-mail. Also sentenced — to 40 months in jail — was Ralsky's 48-year-old son-in-law, Scott K. Bradley, and two other men named last year in a 41-count indictment for wire fraud, mail fraud, money laundering and violations of the CAN-SPAM Act." And eldavojohn writes "19-year-old Dmitriy Guzner, Anonymous member and Scientology DDoS attacker, received one year and one day in jail for his admitted crime. His sentence could have been a maximum ten years. According to the Church of Scientology, Anonymous has harassed and attacked them with '8,139 threatening phone calls, 3.6 million e-mails, 141 million hits on its website, ten acts of vandalism against its property, 22 bomb threats, and eight death threats against Church leaders.'"

1sockchuck writes "Virginia's new state IT system is experiencing downtime in key services because of a mind-boggling oversight: the state apparently neglected to require network backup in a 10-year, $2.3 billion outsourcing deal with Northrop Grumman. The issue is causing serious downtime for state services. This fall the Virginia DMV has suffered 12 system outages spanning a total of more than 100 hours, and downtime hampered the state transportation department when a state of emergency was declared during the Nov. 11 Northeaster."

An anonymous reader writes to tell us that finding malicious code might have just become a little harder. Last week at the ACM Conference on Computer and Communications Security, security researchers Joshua Mason, Sam Small, Fabian Monrose, and Greg MacManus presented a method they developed to generate English shell code [PDF]. Using content from Wikipedia and other public works to train their engine, they convert arbitrary x86 shell code into sentences that read like spam, but are natively executable. "In this paper we revisit the assumption that shell code need be fundamentally different in structure than non-executable data. Specifically, we elucidate how one can use natural language generation techniques to produce shell code that is superficially similar to English prose. We argue that this new development poses significant challenges for in-line payload-based inspection (and emulation) as a defensive measure, and also highlights the need for designing more efficient techniques for preventing shell code injection attacks altogether."

Pickens writes "The NY Times reports that a program to detect plutonium or uranium in shipping containers has stalled because the United States has run out of helium 3, a crucial raw material needed to build the 1,300 to 1,400 machines to be deployed in ports around the world to thwart terrorists who might try to deliver a nuclear bomb to a big city by stashing it in one of the millions of containers that enter the United States every year. Helium 3 is an unusual form of the element that is formed when tritium, an ingredient of hydrogen bombs, decays — but the government mostly stopped making tritium in 1989 after accumulating a substantial stockpile of Helium 3 as a byproduct of maintaining nuclear weapons. 'I have not heard any explanation of why this was not entirely foreseeable,' says Representative Brad Miller, chairman of a House subcommittee that is investigating the problem. Helium 3 is not hazardous or even chemically reactive, and it is not the only material that can be used for neutron detection. The Homeland Security Department has older equipment that can look for radioactivity, but it does not differentiate well between bomb fuel and innocuous materials that naturally emit radiation like cat litter, ceramic tiles and bananas — and sounds false alarms more often. In a letter to President Obama, Miller called the shortage 'a national crisis' and said the price had jumped to $2,000 a liter from $100 in the last few years. With continuing concern that Al Qaida or other terrorists will try to smuggle a nuclear weapon into the United States, Congress has mandated that, by 2012, all containers bound for the US be inspected overseas."