TechJaws

In what is called a sophisticated attack, hackers sending out spam email to users with links to what looked like CNN.com news feeds. When users go to the site and click on the news “stories” they get a message saying their flash player is incorrectly installed. While some savvy users decided to click “cancel”, the clever hackers broke their will by trapping them in an endless loop. Clicking “cancel” would yield a warning that the site would not display without the update, and clicking through the warning would bring the original message back up.

When users accepted the update they instead get a piece of malware, which phones home to a central server, which installs loads more malware. Over a 140 million bogus emails were sent in the last 2 days. Also over 1,000 pages had been hacked to be used to display the links. A Denver-based security company MX Logic Inc. helped to discover the attack and is investigating its origins.

Over the past few weeks, MX Logic stated on its corporate website it has been seeing more single-line spam, meaning an email that contains a brief bait based on fake news headlines such as “US track team disqualified from Olympics” or “Beijing Olympics postponed indefinitely” followed by a link. Once the user is hooked, the email will link to a “video codec” download to view the video, when in fact, it is malware.

Malicious gadgets — if a user were to download one of them it could be used in a variety of other attacks, including one where one gadget steals information from another, a valuable attack against gadgets that store personal user information according to reports.

It’s a threat even for the biggest Web companies, including Google Inc., whose “gadgets” — little programs like calendars or daily photo feeds that users can implant onto their personalized Google home pages — are increasingly juicy targets for hackers, two security researchers said Wednesday.

The issue is that users building their own customized applications, and distributing them through Google, might have evil intentions and try to exploit those programs once they’re installed on users’ pages. Many users are inclined to inherently trust what they download from Google.

Due to the lack of moderation for uploaded gadgets there’s no way of telling if something is bad until it’s too late.

Beware of what you download!

This could result in Microsoft losing some of its market share with pre-loaded Windows Vista on new PCs. This looks like the tide is changing and it could be good for all consumers PCs become cheaper with Linux preloaded instead of Windows Vista.

On Tuesday, IBM put its reputation and strength behind Linux distributors Canonical, Novell, and Red Hat in building Microsoft free PCs for business.

Also at the LinuxWorld conference in San Francisco, IBM announced its first certified package of open source software for Linux-based supercomputers.

In the Microsoft-related announcement, IBM and its partners said there’s market demand for less expensive PCs than those that ship with the Windows operating system and Microsoft’s Office suite of applications. The four companies see Vista, the latest version of Windows, as opening the door for OS rivals.

Among the complaints of Vista is that it requires more powerful computers than those running XP, the previous version of Windows. As a result, many businesses have delayed upgrading to Vista until the end of their hardware life cycle.

IBM said this gives it and the Linux distributors the opportunity to work with hardware partners to offer PCs preloaded with Linux and IBM’s Open Collaboration Client Solution, which includes Lotus Notes, Lotus Symphony, and Lotus Sametime.

This is getting really bad that our identity can be easily obtained by these cyber-crooks. The feds charge 11 people for stealing over 41 million credit and debt card numbers from nine major retailers.

Who can you trust these days? No one! It’s a free-for-all in the online crime that keeps growing each day.

The data breach is believed to be the largest hacking and identity theft case ever prosecuted by the Department of Justice, which said the suspects were charged with conspiracy, computer intrusion, fraud and identity theft.

Three of those charged are U.S. citizens while the others are from places such as Estonia, Ukraine, Belarus and China.

The indictment returned Tuesday by a federal grand jury in Boston alleges that the suspects hacked into the wireless computer networks of retailers including TJX Cos., BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW and set up programs that captured card numbers, passwords and account information.

“They used sophisticated computer hacking techniques that would allow them to breach security systems and install programs that gathered enormous quantities of personal financial data, which they then allegedly either sold to others or used themselves,” Attorney General Michael Mukasey said at a news conference. “And in total, they caused widespread losses by banks, retailers, and consumers.”