Group takes stab at defining spyware
A group of antispyware providers is about to offer a clearer definition of what is and isn't spyware. Ari Schwartz, an associate director at the Center for Democracy and Technology, which has led the work of the so-called Anti-Spyware Coalition, told CNET News.com the group will publish its first crack at a clearer definition today.
"Any unified approach to the spyware problem is going to require a common definition of what the problem is," Schwartz said. "One of the biggest challenges we have had with spyware has been agreeing on what it is."
When it comes to
Trojan takes advantage of London bombings
A new Trojan horse program is trying to take advantage of last week's terrorist attacks in London to spread, according to Finnish security firm F-Secure. The malcode arrives in e-mails as a .zip attachment. When opened, the file looks like a breaking news alert from CNN.com.
"The .zip file contains the file 'London Terror Moovie.avi <124 spaces> Checked By Norton Antivirus.exe,'" the firm said on its daily blog. "F-Secure detects the Trojan as SpamTool.Win32.Delf-H."
Microsoft: No special treatment for Claria
Microsoft denies it's giving Claria special treatment. In a statement on its Web site, the software giant said its decision to drop Claria from the quarantine list of its AntiSypware tool has nothing to do with its reported efforts to acquire the adware maker. Microsoft AntiSpyware in beta had been recommending users quarantine several Claria products, but not anymore.
Microsoft said the shift simply represents an effort to be "fair and consistent with how Windows AntiSpyware (beta) handles similar software from other vendors." The company said Claria, previously known as Gator, asked it to review AntiSpyware's classification of its products in January. Microsoft apparently decided to keep detecting Claria but allow users to decide whether to kill it or let it through.
"All software is reviewed under the same objective criteria, detection policies and analysis process," Microsoft said. "Absolutely no exceptions were made for Claria."
Microsoft is reportedly in discussions to buy Claria. The software giant wants to own an advertising network to compete with the likes of Yahoo and Google, according to recent media reports.
Poll: Sasser writer got off easy
Sasser's creator deserved a tougher sentence than what he got, according to the vast majority of those polled by Lynnfield, Mass.-based antivirus firm Sophos. The firm conducted a Web poll of more than 550 enterprise computer users and 78% said German teenager Sven Jaschan got off too easy. Seventeen percent of respondents agreed with the court's decision, while only 5% felt the sentence was too harsh.
"With almost 80% of those surveyed saying Jaschan's sentence was too lenient, it seems that many computer users aren't convinced justice has been served," Sophos security consultant Carole Theriault said in a statement. "Perhaps even more interesting about the Jaschan sentencing is Microsoft splashing out [$250,000] to the two unidentified people who helped track Jaschan down -- especially when speculation hints that these people are teenagers who may have had some involvement with Jaschan. It's good to see Microsoft taking strong action against such crimes, but it might struggle if it has to shed out big bucks for every virus writer who gets arrested."
Because he was a minor when he created the worm that infected networks worldwide, a German judge Thursday granted leniency in sentencing the teenager to 21 months of probation and 30 hours of community service. Jaschan, now 19, also had to repay a portion of the $154,000 in damages suffered by three German city governments and a public television station named as victims in the case tried this week in Verden, Germany.
Update plugs Bugzilla security holes
Attackers could exploit two vulnerabilities in Bugzilla to bypass certain security restrictions and gain knowledge of sensitive information, Danish security firm Secunia said in an advisory. Specifically, the Web-based bug-tracking system has two problems:
- Input passed to process_bug.cgi is not properly verified before being used, making it possible to change a flag on a bug report that the user does not have access to. It can also be exploited to e-mail the bug summary to the malicious user. The vulnerability affects versions 2.17.1 through 2.18.1, and development snapshots 2.19.1 through 2.19.3.
- A race condition when marking a bug report as private in the database can be exploited to view the report when there is a MySQL replication lag. The vulnerability affects versions 2.17.1 and above.
Users can protect their systems by updating to version 2.18.2, Secunia said.