malware

Dell said human error was to blame for mistakes which led it to ship a number of replacement server motherboards to customers pre-loaded with spyware.

The company declined to say whether it was running anti-virus software at its factory but said it had taken 16 steps to improve processes.

The infection hit replacement PowerEdge 310, 410, 510 and T410 boards. The direct seller said less than one per cent of boards were affected and complete new server systems were quite safe.

Dell is still not admitting how the W32.Spybot worm got into its systems and onto its hardware.

A Dell spokesman said the problem was worldwide but all infected motherboards had now been removed from the supply chain and it was already shipping clean boards.

Read More.

Nearly a month after a Google engineer released details of a new Windows XP flaw, criminals have dramatically ramped up online attacks that leverage the bug.

Microsoft reported Wednesday that it has now logged more than 10,000 attacks. "At first, we only saw legitimate researchers testing innocuous proof-of-concepts. Then, early on June 15th, the first real public exploits emerged," Microsoft said in a blog posting.

"Those initial exploits were targeted and fairly limited. In the past week, however, attacks have picked up."

The attacks, which are being launched from malicious Web pages, are concentrated in the U.S., Russia, Portugal, Germany and Brazil, Microsoft said.

PCs based in Russia and Portugal, in particular, are seeing a very high concentration of these attacks, Microsoft said.

The Kraken botnet, believed by many to be the single biggest zombie network until it was dismantled last year, is staging a comeback that has claimed almost 320,000 PCs, a security researcher said.

Since April, this son-of-Kraken botnet has infected an estimated 318,058 machines - about half as big as the original Kraken was at its height in the middle of 2008, according to Paul Royal, a research scientist at the Georgia Tech Information Security Center.

Like its predecessor, the new botnet is a prodigious generator of spam, with a single machine with average bandwidth able to send more than 600,000 junk mails per day.

In a bid to cut down on fraud and inappropriate content, the organization responsible for administering Russia's .ru top-level domain names is tightening its procedures.

Starting April 1, anyone who registers a .ru domain will need to provide a copy of their passport or, for businesses, legal registration papers. Right now, domains can be set up with no verification -- a practice that has allowed scammers to quickly set up .ru domains under bogus names.

The changes will help Russia align its rules with international best practices, said Olga Ermakova, informational projects manager with the Coordination Center for the .ru top-level domain, in an e-mail interview. The .ru administrators care about the "cleanness" of the domain, she added. "We don't need negative content, and such content is often [created] by unknown users."

Malware-tainted memory cards may have ended up on as many as 3,000 HTC Magic phones, a greater number than first suspected, Vodafone said today.

The problem came to light earlier this month after an employee of Panda Security plugged a newly ordered phone into a Windows computer, where it triggered an alert from the antivirus software.

Further inspection of the phone found the device's 8GB microSD memory card was infected with a client for the now-defunct Mariposa botnet, the Conficker worm and a password stealer for the Lineage game.

Vodafone said it was an isolated incident, but an employee at Spanish security company S21sec discovered another phone with an infected card, which it sent to Panda. That phone was purchased directly from Vodafone's Web site in the same week as the first phone, according to Panda.

After an international take-down effort, a rogue ISP responsible for controlling large numbers of computers infected with data-stealing code is down for the moment, but it may be reconnecting with the Internet, according to security researchers.

Troyak, which is believed to be based in eastern Europe, was knocked offline earlier this month after other networks supplying its connectivity to the Internet stopped carrying its traffic due to complaints it was complicit in cybercrime.

Since then the network has fought a cat-and-mouse game with network providers in 12 countries and international law enforcement, according to Jart Armin, the pseudonymous editor of the Hostexploit.com Web site, which has been involved in the action.

When Panda Security found malware on a brand new Android-based Vodafone HTC Magic earlier this month, Vodafone said it was an "isolated local incident." Now, a second phone has been found harboring malware, including a program that turns infected machines into zombies as part of the Mariposa credit card and bank log-in-stealing botnet, according to Spain-based PandaLabs.

After hearing about PandaLabs' discovery, an employee at another Spanish security company, S21Sec, checked his recently-acquired HTC Magic and found the Mariposa malware lurking on it, according to a PandaLabs blog post on Wednesday.

The newest version of Zeus, a do-it-yourself crimeware kit responsible for millions of dollars in losses by consumers and businesses, comes with anti-piracy provisions similar to those used by Microsoft's Windows, a researcher said today. And that's a good thing.

Like Windows, Zeus 1.3 ties itself to a specific computer using a key code based in part on the machine's hardware configuration, said Kevin Stevens, a security researcher with Atlanta-based SecureWorks, and a co-author of a report on Zeus published last week. "It's just like a Windows license," said Stevens as he explained how the key code is generated.

A suburban Philadelphia school district remotely activates the cameras in school-provided laptops to spy on students in their homes, a lawsuit filed in federal court Tuesday alleged.

According to the lawsuit filed by a high school student and his parents, the Lower Merion School District of Ardmore, Pa. has spied on students and families by "indiscriminate use of and ability to remotely activate the Webcams incorporated into each laptop issued to students by the School District."

Approximately 1,800 students at the district's two high schools have been given laptops as part of a state- and federally-funded "one-to-one" student-to-laptop initiative.

Link shortening has become a commonplace on services like Facebook and Twitter. Heck, even Google shortens URLs within its products now. People seem to be getting more used to the idea that shortened URLs, despite not showing you where they lead, are safe. Part of that, is that the companies that are doing the shortening keep blacklists of sites with malware or spyware, to keep people from accidentally visiting sites that will do harm.