How to Enable the My Computer Security Zone in Internet Options

SUMMARY
The My Computer security zone contains settings for how Windows and Internet Explorer manage unsigned controls. This security zone is hidden by default on the Security tab in the Internet Options dialog box. This article describes how to to view and modify the settings for the My Computer security zone by modifying a registry key.WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

The Flags value in the following registry key determines whether you can view the My Computer security zone on the Security tab in the Internet Options dialog box:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

The Flags value is a DWORD value. Setting the data value of the Flags value to 47 (in hexadecimal) causes the My Computer security zone to be displayed. Setting the data value of the Flags value to 21 (in hexadecimal) causes the My Computer security zone to be hidden.
http://support.microsoft.com/?kbid=315933

Posted in Internet, Security, Windows | No Comments

Tricky New Malware Challenges Security Vendor

A tricky malicious program has become more prevalent in spam, but experts don’t know what its creators plan to do with it.Many vendors are rating the malware–called “Warezov,” “Stration,” and “Stratio”–as a low risk. But they also say that it is tricky to deal with.

New Code Every 30 MinutesThe malware is a mass-mailing worm that affects machines running Microsoft Windows. When the malware infects a computer–usually after the user has opened an attachment containing the worm in a spam e-mail–it sends itself out again to other e-mail addresses found on the computer. The code is then capable of downloading new versions of itself as frequently as every 30 minutes from a batch of Web sites, said Mikko Hypponen, chief research officer at F-Secure, a security company in Helsinki.

Those new versions are created by a program on a server controlled by the hacker, Hypponen said.

In the past, malware has been known to create variations of itself, but the code to create those variations was contained inside the malware. So when a sample was obtained, security analysts could study it and identify potential new versions, he said.

Now, the hacker’s program is compiling the code and rapidly churning out new versions, but analysts don’t know how the new code is generated.

Security Firms Struggle to Keep UpThat characteristic is a headache for security software firms that issue special updates to their software to detect the malware. F-Secure alone has issued at least 150 signatures for the malware.

“It gets very complex to detect an attack like that because the code keeps changing,” Hypponen said.

Security firm Sophos has detected some 300 versions of the malware. For October, the malware was one of the most common pieces of malicious code found in spam messages, said Carole Theriault, senior security consultant with Sophos.

Since infected computers look to other domains to receive updated code, F-Secure has worked with ISPs to shut down domains hosting the new variants. So far, nine of ten domains have been shut down, Hypponen said.

Hacker Setting Up NetworkOddly, the malware doesn’t appear to do anything yet on the victim’s computers. It’s estimated up to a few hundred thousand computers are infected, a sizable number but not quite on the scale of large malware problems from a few years ago, Hypponen said.

A hacker could be waiting to harness enough infected computers to start a denial-of-service attack or send spam or rent out the network to a spammer, Hypponen said.

“We hope to one day find out why they are doing this,” Hypponen said. “We hope it’s nothing too bad.”

http://www.pcworld.com/article/127711-1/article.html?tk=nl_dnxnws

Posted in Internet, Security | No Comments

The world’s most sophisticated Trojan uncovered

Security experts have discovered new spambot software that installs its own anti-virus scanner to eliminate competition, alongside a number of other sophisticated features.

SecureWorks has described the Trojan, which it calls SpamThru, in detail. Others vendors have come up with different names for the software. One of the signs of its sophistication though is that few anti-virus scanners are aware of it, SecureWorks said.

“SpamThru is a money-making operation, and the author takes great care to make sure that detection by the major vendors is avoided by frequently updating the code,” said SecureWorks’ Joe Stewart in the company’s analysis.

SpamThru is a Trojan that turns a system into part of a network of bots designed to send out spam, a type of operation that’s been around for several years. While the Trojan’s network doesn’t seem especially large so far – at a couple of thousand of bots – SpamThru shows that criminals are now able to treat spam software development just like any other commercial development endeavour, Stewart said.

“The complexity and scope of the project rivals some commercial software,” he wrote. “Clearly the spammers have made quite an investment in infrastructure in order to maintain their level of income.” The company has come across previous Trojans that attempt to switch off other malware, in order to maximise system resources, but SpamThru installs a pirated version of Kaspersky AntiVirus for WinGate, customised to skip files known to be part of SpamThru itself, naturally.

“It patches the license signature check in-memory in the Kaspersky DLL in order to avoid having Kaspersky refuse to run due to an invalid or expired license,” Stewart wrote. It uses a custom peer-to-peer protocol to control communication with the network, which makes the bot network harder to kill. “Control is still maintained by a central server, but in case the control server is shut down, the spammer can update the rest of the peers with the location of a new control server, as long as he/she controls at least one peer,” Stewart wrote.

Each client has its own spam engine, creating spam from a template that’s transmitted usiung AES encryption to avoid giving access to competing spammers, SecureWorks said.

http://www.techworld.com/security/news/index.cfm?RSS&NewsID=7175

Posted in Internet, Security | No Comments

Web Bugs Trained to Track Your E-Mail

The tracer software that Hewlett-Packard investigators used to try to sniff out boardroom leaks sounded like it had been ripped from the pages of a bad science-fiction novel. That is, until the company began talking about it in detail at a congressional probe into the spying scandal.The technology tool the company used, called a Web bug, is designed to allow e-mail senders to track the path a message takes, including whether a recipient opens the message and forwards it to another party. And it turns out the technology is widely used in e-mail newsletters to track readers and also by law enforcement in investigations, security experts say.

A spokesperson for the California attorney general’s office said that HP’s use of Web bugs is not linked to the October 4 charges of five people, including former HP chairperson Patricia Dunn and contractors, on allegations that they used false pretenses to access individuals’ phone records. That case is about the practice of so-called pretexting.

However, HP’s boardroom leak investigation did use the Web bug technology as part of an unsuccessful attempt to trick a journalist for CNet Networks into revealing her confidential source on the company’s board of directors, according to HP security investigator Fred Adler, who testified at a U.S. congressional subcommittee hearing on September 28. (Adler was not one of those named in the California charges.)

Prior to Adler’s testimony, it was unclear what technique HP had used.

You’ve Already Been BuggedRichard Smith, an information security expert who founded Boston Software Forensics, says that most people who use the Internet have been subject to Web bugs. “Any kind of commercial e-mail is probably going to have them in there,” he says.

HP turned to a small Australian company called ReadNotify.com to help track the e-mail messages. ReadNotify tracks both e-mail and Microsoft Office documents. It will tell when the e-mail you sent was read, and will guess the location of the recipient, based on the reader’s IP address.

The ReadNotify service is popular in law enforcement and also in industrial espionage investigations, said Chris Drake, ReadNotify’s chief technology officer.

In an e-mail exchange, Drake said that he was informed of the HP case by the media, adding, “This is an extremely common and effective use of our technology.” Drake said his company believes such use is legal in Australia, as well as in the United States.

How They WorkHere’s how Web bugs operate: The bug’s author puts an image on a Web server and assigns the image a unique Web site address, or URL, and then sends an e-mail that contains a link to this image. The image can be hidden from sight or displayed in plain view–a corporate logo, for example.

When the recipient opens the e-mail, that person’s computer looks up the image and in doing so sends that information to the Web server. Another way of implementing the tracking technology is for ReadNotify users to add ‘.readnotify.com’ to the end of the recipient’s e-mail address.

While Drake characterized ReadNotify’s e-mail tracking tools as sophisticated, security consultant Smith noted that the tools use the same techniques as other Web bugs.

Are They Legal?When the question of whether Web bugs are legal has been tested in the United States, courts have tended to focus on whether this type of technology violates federal wiretapping laws, says Chris Jay Hoofnagle, senior staff attorney with the Samuelson Law, Technology and Public Policy Clinic at the University of California, Berkeley.

Hoofnagle says state courts could take up the issue of Web bugs, considering the existence of antihacking laws in states such as California. California law prohibits certain uses of computer resources without the permission of the user, and nobody knows for sure whether HP’s actions would violate this law or similar statutes in other states, Hoofnagle says. At the hearing before House Energy and Commerce Committee members, HP’s Adler said his company had used Web bugs “a dozen to two dozen” times in the three years he had worked there and considers them to be a legitimate investigative tool.

http://www.pcworld.com/article/127444-1/article.html?tk=nl_dnxnws

Posted in Internet, Privacy | No Comments

New Web browser makes privacy pitch

A new entrant to the crowded Internet browser market is attempting to put privacy issues centre stage by stressing it will not retain details of the websites it has visited.

The Browzar software has been specifically designed to protect users’ privacy, the company said, implying that the other main browser do not.

Most browsers like Microsoft’s Internet Explorer automatically save users’ searches in Internet caches and histories. Users have the option of deleting the history folder and emptying the Internet cache, but most users either don’t know how to or tend not to, leaving a trail of where they’ve been online behind them in the browser.

Browzar is being officially launched today at Browzar.com. It is free and users don’t have to register. It automatically deletes Internet caches, histories, cookies and auto-complete forms, and is the brainchild of Ajaz Ahmed, the man behind Freeserve, the first UK Internet service provider (ISP) to offer free Internet access to customers in the late 1990s. He sold Freeserve – which quickly became the UK’s largest ISP – to France Telecom in 2001 for ?1.6 billion.

“Privacy is becoming a bigger issue,” Ahmed said, pointing to the recent leak of more than 20 million user search queries by AOL. “The AOL story highlights the issue that some of the things people are searching for are very, very personal.”

The Browzar site contains a page of stories from users who have either discovered things they rather not have known about their friends and loved ones through their Web browser’s history or auto-complete feature or who have had information revealed they would have preferred kept private. For example, Ahmed cited a statistic that 35 percent of people using matchmaking websites are already married.

While Freeserve was focused on the needs of the UK market, Ahmed hopes Browzar will have global appeal, particularly anywhere users are going online on shared computers, for instance, at Internet cafes.

Browzar is small, 264Kb, and downloads within a few seconds. The browser is currently available for Windows and Ahmed plans versions for Mac OS and Linux. It is still in beta testing and should enter general availability some time next month.

http://www.techworld.com/security/news/index.cfm?RSS&NewsID=6752

Posted in Internet, Privacy, Security | No Comments