AntivirusWorld

The "CurseSMS" attack is a remote SMS/MMS denial of service, recently discovered by Tobias Engel, and disclosed at CCC. The attack consists in sending a maliciously crafted SMS to the potential target. Upon reception of the malicious SMS, the targeted device may no longer be able to receive any further SMS or MMS messages, its messaging system thereby effectively becoming deaf. Depending on the operating system version, this state may persist until the device is factory reset.

As the year comes to an end, Doctor Web sums up all events related to malware and outlines trends in its development for 2009. The share of malicious code of the total number of files scanned on user machines doubled this year while the amount of spam messages spreading malware dropped significantly due to the widely discussed closure of McColo. At the same time phishing attacks became more frequent. E-mail, removable data storage devices and web-sites have been used to spread malicious code over the Internet.

The number of files with malicious code found by anti-viruses on user machines increased steadily at the beginning of 2008 and by April it more than quadrupled. The figure didn’t change till July when the number halved reaching 0.01% of the total number of scanned files in August. It has remained virtually unchanged till the end of the year which means that one scanned file out of ten thousand is infected. The diagram below illustrates dependency between the share of infected files and the total number of scanned files.

German researchers have discovered more than 300 cybercrime servers full of stolen credentials on more than 170,000 people from 175 different countries - and it is only the tip of the iceberg, they say.

It's no surprise - surfing the Internet without a security software installed brings dangerous consequences, especially since the growth of Web threats have increased by nearly 2000 percent since 2005. According to Trend Micro threat researchers, more than 50 percent of the top 100 malware of 2008 came from the Internet and were accidentally downloaded by users surfing unknown or malicious Web sites.

The two most popular browsers on the market each received security updates on Wednesday.

Both Mozilla and Microsoft posted patches to address flaws in the latest versions of Internet Explorer 7 and Firefox.

The Mozilla patch addresses some eight security flaws in versions 2 and 3 of the browser. Among the fixes are several vulnerabilities which could be targeted in cross-site scripting attacks, as well as one which could be exploited to remotely execute code.

The pre-Christmas period is a lucrative time for criminal Internet gangs. The Internet community is sending pictures, presentations, information on offers – and coupons. The virus writers are taking an active part and are packing their harmful software in coupons.

Armies of hijacked computers are flooding the world with spam as hackers devise slicker ways to take over unwitting people's machines, according to a Cisco report released Monday.

Virus-infected computers are woven into "botnets" used to attack more machines and to send specious sales pitches to email addresses in low-cost quests to bilk readers out of cash.

"Every year we see threats evolve as criminals discover new ways to exploit people, networks and the Internet," said Cisco chief security researcher Patrick Peterson.

In the latest cyber crime, hackers are stealing account entry details for the social networking site from unsuspecting punters and using these infiltrated accounts to send spam messages to millions of other users.

These spam messages are usually disguised as links to video clips or photos from family and friends.

By clicking on the spam message, the victims' computers are infected with spyware that records all their keystrokes and copies details, including passwords, when they log into various sites.

Microsoft has warned users of Internet Explorer (IE) 7 that hackers have been attacking a vulnerability in the current version of the web browser that, in a worst-case scenario, could potentially lead to remote takeover of their computer - and the threat is rising rapidly.

Basically, a vulnerability in the browser has left it, according to Microsoft, 'exploitable', while the older IE 6 and Beta 2 version of IE 8 are also potentially vulnerable.

Top 10 exploitation attempts detected for this period, ranked by vulnerability traffic. Percentage indicates the portion of activity the vulnerability accounted for out of all attacks reported in this edition. Severity indicates the general risk factor involved with the exploitation of the vulnerability, rated from low to critical. Critical issues are outlined in bold:

Rank	Vulnerability	Percentage	Severity
1	Trojan.Storm.Worm.Krackin.Detection	36.9	Highy
2	Worm.Slammer	23.2	Highy
3	IE.IFRAME.BufferOverflow.I	0.5	Highy
4	MS.IIS.Web.Application.SourceCode.Disclosure	0.4	Mediumy
5	MS.Exchange.Mail.Calender.Buffer.Overflow	0.4	Highy
6	TCP.PORT0	0.3	Lowy
7	MS.IE.HTML.Attribute.Buffer.Overflow	0.3	Highy
8	MS.GDIPlus.JPEG.Buffer.Overflow	0.3	Criticaly
9	SSH.Client.Buffer.Overflow	0.3	Highy
10	Mambo.Function.Path.Validation	0.3	Mediumy