Lockdown.co.uk - The Home Computer Security Centre

LockDown is the source for security information and resources for the home computer user.




Web www.lockdown.co.uk   

0wning Vista from the boot

Filed under: April 27, 2007

From The Register:

“Just after vbootkit takes control, it hijacks the interrupt 13, then searches for Signature for Vista OS. After detecting Vista, it starts patching Vista, meanwhile hiding itself (in smaller chunks at different memory locations). The patches includes bypassing several protections such as checksum, digital signature verification etc, and takes steps to keep itself in control, while boot process continues to phase 2.

Phase 2 includes patching vista kernel, so as vbootkit maintains control over the system till the system reboots. Several protection schemes of Vista were analyzed such as the famous PE header checksum (every Windows EXE contains it), the Digital Signature of files.”

Read the full article at The Register

Russinovich: Malware will thrive, even with Vista’s UAC

Filed under: April 24, 2007

From Zero Day:

“Despite all the anti-malware roadblocks built into Windows Vista, a senior Microsoft official is lowering the security expectations, warning that viruses, password-stealing Trojans and rootkits will continue to thrive as malware authors adapt to the new operating system.”

Read the full article at Zero Day

Vista’s UAC Warnings Can’t Be Trusted, Symantec Says

Filed under: February 26, 2007

From PC World:

Hackers can trick Windows Vista’s User Account Control to hide malware, researcher found.

The process to spoof a UAC dialog is roundabout, but doable, said Whitehouse. It would start with a user falling for any one of the current hacker tricks. “The most likely scenario is that a user gets compromised by malicious code, from a Trojan [horse] or a vulnerability in a third-party application like Office or a browser,” he said in an interview.

Read the full article at PC World

Security watchers lambast Vista

Filed under: February 05, 2007

From The Register:

Windows Vista has only just left the starting blocks but security watchers have wasted no time in challenging claims that it provides improved security defences.

Virus Bulletin, the independent security certification body, has revealed that Microsoft’s own anti-virus product, Live OneCare, is among four anti-virus testing products that failed to reach the standard required for approval.

Read the full article at The Register

Botnet Eavesdropping: Inside the Mocbot (MS06-040) Attack

Filed under: August 21, 2006

From eWeek.com:

“The lesson here is once you get infected, you are completely under the control of the botmaster. He can put whatever he wants on your machine, and there’s no way to be 100 percent sure that the machine is clean,”

“The only way to be [completely] sure the system is malware-free is to completely wipe the hard drive and reinstall the operating system,”

Read the full article at eWeek.com

Eighty percent of new malware defeats antivirus

Filed under: July 19, 2006

From ZDNet Australia:

“The most popular antivirus applications on the market are rendered useless by around 80 percent of new malware, according to AusCERT.”

Read the full article at ZDNet Australia

Worm appears as Microsoft antipiracy program

Filed under: July 01, 2006

From Computerworld

Security analysts have detected a new piece of malware that appears to run as a Microsoft Corp. program used to detect unlicensed versions of its operating system.

Read the full story at Computerworld

Microsoft Sued Over WGA

Filed under: June 30, 2006

From Groklaw

A computer user is suing Microsoft Corp. over the company’s Windows Genuine Advantage anti-piracy tool, alleging that it violates laws against spyware.

The suit by Los Angeles resident Brian Johnson, filed this week in U.S. District Court in Seattle, seeks class-action status for claims that Microsoft didn’t adequately disclose details of the tool when it was delivered to PC users through the company’s Automatic Update system.

Read the full article at Groklaw

Microsoft warns of exploit code for dial-up bug

Filed under: June 27, 2006

From Network World

The exploit code targets a vulnerability in the Remote Access Connection Manager (RASMAN) service, used by Windows to create network connections over the telephone. The bug, which was patched June 13, is rated critical by Microsoft, the most severe rating available.

Read the full article at Network World

Windows riddled with Bots

Filed under: June 13, 2006

BetaNews has a story about the prevalence of malicious bots on the computers of unsuspecting users of microsoft windows.

Microsoft said in a report that the backdoor trojans “are a significant and tangible threat to Windows users.” However, the bots are not the only threat that Windows users face.

Read the full article at BetaNews