Apple’s new update to their MacOS operating system — code-named “Snow Leopard” — is (very quietly, as befits a big cat), on the prowl against Mac-targeted malware. One, indeed, wonders why all the secrecy. Apple itself isn’t advertising these protections, perhaps because they have a nationwide ad campaign running right now which does more than suggest that their operating system is never attacked by such malware. But the word is getting out, among the more tech-savvy of computer security reporters. Brain Krebs, at WashingtonPost.com, has the best wrapup of such reports (complete with screen shots): Apple has ... more

Microsoft admitted recently that spam attacks which “hijack” Windows Live Hotmail user’s email accounts are on the increase. While the users can still access their accounts, the hackers are simultaneously using them to send email out to the user’s contact list or address book. This type of attack is common to Hotmail, which has had several security problems over the years, so when the company itself issues a warning of this nature, you can bet a lot of it is going on. From a magazine directed at “the Microsoft partner community” comes the full report: Microsoft pointed to ... more

Twitter accounts are now being used as command-and-control channels of communication for at least one botnet. Twitter user accounts are sending out encrypted messages which point infected computers in the botnet to servers, for the purpose of uploading new malware. Brazilian thieves are using this method of communicating with their botnet to steal bank account information and passwords. But the truly scary thing is that nobody knows how many botnets are using such channels in this fashion. The Brazilian example was uncovered by a security firm, but it appears even they were somewhat surprised by the whole ... more

It seems the botnets are getting better at damage control. That’s really the only conclusion to be drawn from the activity in the past few days. ISP host “Real Host,” based in Latvia, was shut down by its upstream provider because it was an obvious host of the botnet Cutwail (among other reasons). For a blessed 48 hours, the Cutwail botnet’s activity fell by 90 percent, according to some reports. But it recovered in what seems to be record time, and bounced back to its former level of activity. When McColo was shut down just ... more

Malware sites seem to be increasing their sophistication to the point of offering the hapless victim whatever flavor of malware they’d like — Windows or Mac. While a lot of Mac users consider themselves immune from viruses, increasingly malware isn’t attacking vulnerabilities in software security, but rather getting the users themselves to install the malicious software (usually in the hopes of getting something for nothing — like a recent movie download, for instance). And not all Mac users are immune to this type of entrapment, sad to say. Ignoring the dangers of this type of enticement cuts ... more

Symantec has just announced their 100 “dirtiest websites” of the summer. [To view the full list, you must be a Norton Safe Web paying customer, but they do offer a partial list on their website.] These are the worst of a bad lot, spewing thousands of viruses and other nefarious malware out to the web at large, for months and months on end. Around half of these sites, as Norton says “…are, well, dirty” — adult content websites, in other words. But there are others in the mix as well, including several which appear (by their domain ... more

Trend Micro issued a new warning yesterday on Facebook apps which do nothing but create spam for your friends. A group of apps all appear to be doing the same thing, assumably making them harder to target. And the effort seems to be getting slightly more sophisticated as time passes, by changing from an easily-identifiable domain name to the harder-to-recognize numeric IP address. Elinor Mills at CNet has the full story (complete with screen shot image), from Rik Ferguson at Trend Micro: So far, six malicious applications have been identified: “Stream,” “Posts,” “Your Photos,” “Birthday Invitations,” “Inbox ... more

While this story is not exactly news to people who follow security trends online, the mainstream media certainly discovered it in the past few days. Social networking sites such as Facebook and Twitter have been targets for such attacks of late, but a report just out seems to have focused attention on these attacks in a more widespread way than before. If you’re interested in the mainstream news’ version of the story, all you have to do is enter “social networking” into a search engine such as Google News to see the numerous stories on the phenomenon this ... more

Albert Gonzalez, also known as “soupnazi” online, has been charged by the Justice Department with the theft of over 130 million credit and debit card numbers — the largest in history. These charges are in addition to Gonzalez’s former crime of stealing 40 million card numbers, for which he is already in jail awaiting trial. Since there are only a little over 300 million people in the United States, this represents an overwhelming amount of data stolen. The only good news from this story is that the data thefts happened over six months ago. That, and ... more

Yahoo has revived an old idea in the battle against spam, with a slight twist. They propose that users voluntarily pay a penny per email sent, which would then give them a “stamp” (how long before someone calls it an “e-stamp” I wonder…) which would allow spam filters to more easily differentiate between valid email and spam. The twist is that the money would go to the charity of the user’s choice — meaning that all the pennies would presumably add up to a tax deduction for them at the end of the year. But similar schemes have ... more