The week in security: Flashback, brethren continue assault

Malware authors continued to pull new cards from their bags of tricks, with suggestions a new approach uses JavaScript to look for mouse movements, indicating that the visitor is a real person and not a security vendor’s automated malware scanner. In the absence of mouse movement, no malware will be offered.

Another attack was using Zeus malware to suck data out of cloud-based payroll services, while Trend Micro security researchers warned of a new form of ransomware that overwrites a system’s master boot record (MBR) and demands payment to restore the original data.

Meanwhile, Adobe and Microsoft were fixing holes that buried payloads in carefully designed RTF files and Symantec offered new versions of its pcAnywhere and pcAnywhere Solution remote-access tools designed with a new security model. Oracle announced plans to patch 88 different security issues in its products, and Mozilla announced it was working on a new feature that will force users to click before its Firefox browser runs plug-ins like Flash videos, Java applets or PDF files.

Also needing a security update was Mac OS X, which got attention from vendors after Flashback malware became the Mac’s first bona-fide mass infection. Reports said 600,000 Macs had been infected, but the cure was no better than the ailment after Kaspersky offered a detection tool and quickly recalled it after users complained that it was killing off their systems.

Meanwhile, security bods were comparing security defences to onions, and considering the best way to protect healthcare data in the face of varying priorities for CSIOs. A report said Japanese ATMs would start using palm scanners instead of cash cards, while estimates suggested online-banking services are being hit by up to 100 million process from malware every day.

Finally, a US appeals court had an interesting take on allegations a man had committed computer hacking by convincing ex-co-workers to feed him customer information, while a Spanish pharmaceutical firm took an interesting approach to developing a secure cloud environment.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Adobe SystemsKasperskyKasperskyMacsMicrosoftMozillaOracleSymantecTrend Micro Australia

Show Comments