Mozilla disables password-stealing Firefox add-on

Mozilla has disabled and added to a block list a Firefox add-on that stole log-in information when users visited Web sites, the company says.

The software, called Mozilla Sniffer, had been downloaded about 1,800 times in the approximately five weeks it was available on, Mozilla reported in a blog post on Tuesday.

The blocklist will prompt the add-on to be uninstalled for computers running the program. Users who installed it should change their passwords.

Mozilla Sniffer intercepts login data and sends it to a remote server that appeared to be down, according to the blog post. … Read more

Password stealers and Conficker top June malware

June proved to be another hot month for malware with by a surge in attacks by a password-stealing bot and the return of old nemesis Conficker, according to a report released Tuesday by security software maker Sunbelt.

Designed to ferret out cached passwords and log-in credentials for banking sites, "Trojan-Spy.Win32.Zbot.gen" was the second-most prevalent piece of malware detected by Sunbelt last month, up from the No. 5 spot in May. The top spot, grabbing more than a quarter of all detections, was held by "Trojan.Win32.Generic!BT," a generic form of malware … Read more

Report: Google issues fix for hacked YouTube

Google has plugged a hole hackers used Sunday morning to festoon YouTube videos with off-color pop-ups and adult-site redirects, according to a news outlet.

Hackers took advantage of a cross-site scripting vulnerability that enabled them to insert code onto the popular video site's viewer-comments pages, IDG News Service said in a report. The hackers apparently had it in for Justin Bieber, focusing on clips related to the teen pop star, who's set to appear Sunday night on an NBC television celebration of the Fourth of July and who's reportedly one of the most popular attractions on YouTube. … Read more

McAfee offers new protection in the cloud

McAfee is tapping into the cloud for a new service designed to offer companies real-time malware protection without the need for any local resources.

McAfee said its new SaaS Web Protection, which launched Tuesday, combines the reporting capabilities from its other products with the same cloud-based platform found in its MX Logic service, which the company acquired almost a year ago.

Relying on its own Global Threat Intelligence network, automated sensors, and a group of more than 350 security experts, McAfee said the new service will be able to detect and predict security threats to customers in real time.

SaaS … Read more

Spam masquerading as Twitter e-mails lead to phishing, malware

E-mail inboxes are getting hit this week with spam campaigns that appear to be legitimate Twitter messages but which lead to malware and phishing sites, security firms warned on Wednesday.

Some e-mails masquerade as messages from Twitter's customer support team warning the recipient that the site has detected an attempt to steal the Twitter account password and prompting the recipient to click on a link to download a "secure module" to protect the account, according to Vietnamese antivirus firm Bkis and Trend Micro.

If the link is clicked on a Trojan horse designed to target Windows will … Read more

Malware found lurking in apps for Windows Mobile

Scammers are distributing apps for Windows Mobile-based smartphones that have malware hidden inside that makes calls to premium-rate numbers across the globe, racking up expensive bills unbeknownst to the phone's owner, a mobile security firm said on Friday.

The apps--3D Anti-Terrorist game, PDA Poker Art, and Codec pack for Windows Mobile 1.0--are being distributed on as many as nine popular download Web sites, including DoDownload, GearDownload, and Software112, according to John Hering, chief executive and founder of mobile security provider Lookout.

Someone has copied the programs and repackaged them with the malware inside, he said. Once the app … Read more

Survey: Corporate PCs cluttered with malware

Despite the efforts of IT departments, many PCs in the corporate and government world are littered with unauthorized software, most notably malware, says application-whitelisting company Bit9.

The results of Bit9's "2010 What's Running on Your Users' Desktops?" survey, released Monday, uncovered PCs with a significant amount of non-business software, including games, toolbars, and torrent software. Of greater concern, IT pros surveyed also discovered malware, such as ransom-ware, Trojans, and Chinese spyware.

Among the 1,282 IT professionals questioned for the survey, 68 percent of them said they have software restrictions in place, but 45 percent said … Read more

IBM: We distributed malware-ridden USB drives

IBM is apologizing for handing out USB drives at a security conference in Australia this week that had malware on them.

The thumb drives were distributed for free to people who walked up to the IBM booth at the AusCERT conference.

"Unfortunately we have discovered that some of these USB keys contained malware and we suspect that all USB keys may be affected," Glenn Wightwick, chief technologist at IBM Australia, wrote in a letter to AusCERT delegates that was reprinted on the Beast or Buddha blog.

"The malware is detected by the majority of current Anti Virus … Read more

Search-engine spam targeting popular news items

The earthquakes in Haiti and Chile, the Toyota recall, and Apple's iPad are just some of the search terms that cybercriminals are using to corrupt search-engine results, according to McAfee's first-quarter Threats Report released Tuesday.

Following a significant rise in search-engine spam last year, the bad guys are adopting the latest items in the news to trick search engines into indexing links that lead to malicious Web sites, the report says (PDF). Like other professionals, cybercriminals use analytics and page ranking to determine the most popular search terms to use to capture their victims, a trend that was … Read more

Lookout grabs $11 million in funding, adds execs


Accel Partners has been pretty busy handing over giant wads of dough to start-ups this week--and today is focusing its largess on San Francisco-based Lookout, a smartphone security provider.

The Palo Alto, Calif.-based venture firm will be the lead investor in an $11 million Series B funding for Lookout, which offers solutions to protect phones from malware and viruses, back up and restore valuable data and help users find their phones in the event they are lost or stolen.

Accel Partner Ping Li will join the start-up's board.

Lookout currently works only on phones using Google Android, Research … Read more