Tabbed Browsing In IE???

From Internet Week.com

Windows enthusiast site Neowin.net on Thursday claimed that Microsoft's MSN group is working on a new toolbar that will add tabs to Internet Explorer, an idea one analyst thinks could boost the whole browser-as-money-maker idea.

"MSN is currently developing a next-generation version of their popular MSN Toolbar Suite," said the Neowin site in a brief item. The updated version, Neowin claimed, would give current versions of Internet Explorer the ability to display multiple pages in one frame, organized by tabs, much as Mozilla's Firefox browser now offers.

MORE.....

Rootkits What They Are And Their Impact

This article is from a good friend of mine named Aaron Hulett and is sent out from his website ManageYourPC.com

Who is Aaron you ask?

Well he is not only a very good friend, he is also extremely intelligent and always willing to help. Here is some info for you:

Aaron is a senior at Oakland University studying for a Bachelor of Science in Engineering with a major in Computer Engineering. His past experience includes working as Chief Research Officer for Lavasoft's Ad-Aware program, and he currently works as a Trojan Analyst for Mischel Internet Security's TrojanHunter program.

Greetings.

Several on the forums have requested that I explain what rootkits are and how they impact today's malware. Here goes.

For those familiar with Unix systems, the account with the most power is root. On Windows systems, this is commonly Administrator. Rootkits are powerful tools designed to allow working at a very intimate level with the operating system. To understand how rootkits can be used maliciously, some understanding of operating system structure is needed.

The kernel is the brains of the operating system. It handles all the low-level items, such as memory interaction, loading files, communicating with devices, and so on. On top of that on Windows systems runs the Win32 application layer (there are more, but for simplicity, let's just go with this one). This layer handles things like presenting the user interface to you, and provides easy API calls for programmers, such as drawing an Open box on your screen, or an error message, and so on.

The rootkits themselves are not bad; the use of them with regards to malware is bad. Using rootkits, malware writers can intercept calls to APIs or even to the kernel. This is how they're able to hide file listings from within explorer or the command window. When you open an explorer window to, say, System32, there are API calls that take place which ask the kernel to read the disk, pull a list of files in this directory, and return that list so that it can be drawn as a nice set of icons for you. The rootkit allows for the malware program to intercept this request and remove its files from the resulting list. You get what looks like a complete set of files listed, when in fact a couple are missing because the rootkit prevented them from being returned in that list.

This goes on with running process, too, and it can go further than that. This is what makes rootkits used for malicious purposes very dangerous. By working very near the kernel, several common tasks can be manipulated, making their removal extremely difficult (try removing a file you can't even get listed).

In some cases, the rootkit used comes along for the ride during the infection process. More commonly, though, the functionality is included in the malware program files and only two or three are needed to complete infection and altering system calls such as pulling directory listings. The nice part is all programs MUST load into the memory (RAM) to execute. There's no way around that. So memory scans can find these items, but as you're probably guessing, it's not that easy. To remove these things, it requires antivirus/antitrojan/antimalware programs to also get deep within the OS to bypass the hiding functions in place by the malware to effectively clean it out. In some cases, it can be done, and in others, not. It depends on the capabilities of the scanning and cleaning components of the removal program.

What do I personally think this is going to lead to? Well right now, anyone that runs a Unix-based system knows that running as root all the time is a very very bad idea, so they don't. But when it comes to Windows, being told to not run as Administrator doesn't seem to phase anyone. The big reason in my opinion is that while running on, say, Linux with an account other than root means that things like web browsers, word processors, and etc. all work just fine, when it comes to limited user accounts on Windows, it causes a severe reduction in usability. Program writers of Windows software need to make their programs function in these limited states before a transition away from running as Administrator all the time can become a feasible option.

Until then, the standard security practices apply: run an antivirus, run a firewall, don't open attachments that look risky, stay away from malicious websites, and so on. If you have any questions, feel free to ask at the forums.

Until next time, take care.

Consider subscribing to Aaron's newsletter HERE

AOL Chatroom Monitor Faces Accusations

TechNewsWorld is reporting that

An Internet chat room monitor hired to keep children safe from sexual predators seduced a California girl online and was about to meet her for sex when he was found out by a co-worker, a lawsuit charges.

America Online states that the monitor was fired in April 2003 when they learned of the situation.

MORE.....

MS Longhorn News

If you're interested in the latest news concerning Microsoft's next OS release, I came across this extremely informative and up-to-date report by Jim Allchin from Microsoft in ComputerWorld online magazine.

Take a look HERE

Check Your Spelling Online

Were you ever typing away say in a post to some website or even just wonder the correct spelling of a word?

Well here is a cool site I came across that will check that spelling for you.

Go ahead give it a try.

A Cool Translation App.....

Did you ever come across a page or phrase in a language other than your own that you just had to know what it means? Or let's say you have an internet friend in a foreign country and you would like to make it easier for them to communicate in their native tongue but you don't know enough of the language to use it.

I came across this application called Babel Fish from Alta Vista, and it does a wonderful job of translating for you with just a couple clicks. Just copy and past the block of text you wish to read, click and viola you have an instant translation.

Give it a try HERE

Feinstein Proposes Legislation On Identity Theft

Senator Dianne Feinstein (D-CA), introduced federal legislation this week in the hope of bringing everyone under same protection regarding ID theft that is now enjoyed by the citizens of California.

The Senate Judiciary Committee held hearings Wednesday TechWeb News reports.

"After additional discussions with privacy rights advocates, it became clear that much more needed to be done to protect Americans," Feinstein said in a statement as she explained why she strengthened the bill.

Her bill is a strengthened version of California's "Security Breach Information Act".

It will require companies to notify its' customers whenever it is discovered their identity data has been compromised. Unlike the California law, TechWeb reports the proposed federal legislation will include

both electronic and non-electronic data, as well as encrypted and non-encrypted data, lets consumers put a seven-year fraud alert on their credit report, lays out the specific requirements companies must meet when they notify users, and levies stiffer penalties for non-compliance.

MORE.....

MS Gives A Sneak Peek Of Longhorn

"This is going to be a big deal," Jim Allchin, Microsoft group vice president, told CNET News.com on Thursday. While he acknowledged that Microsoft is unlikely to get throngs of people to show up outside retail stores on launch day as happened with Windows 95, he did say the company expects Longhorn to drive PC sales. "This product has something for everybody."

More on this story is available at TechRepublic

Reuters IM System Attacked By Worm

The London-based international media company Reuter's was forced to take its' IM system completely offline after an attack by the Kelvir worm. The worm was designed to look like legitimate instant messaging correspondence, and was attempting to lure users to the false website that would infect the users computers with Kelvir.

MORE.....

Spammers Rapped By California Court

Via TechWeb News:

A California Company had an injunction issued against them following accusations of sending e-mail spam for mortgage companies and other products including college degrees and prescription drugs. The amount of emails is reportedly in the millions.

The California attorney general Bill Lockyer along with the FTC said the company had violated the federal CAN-SPAM Act and also California's ati-spam act.

"Since at least Jan. 1, 2004, and continuing to the present (the) defendants have initiated the transmission of hundreds of thousands of commercial e-mail messages," the complaint said.

The company, Vision Media Ltd. Corp., and Optin Glogal, Inc. along with Rick Yang and Peonie Pui, were ordered to immediately stop operations of their spamming companies, then froze the firms' assets.

MORE.....

Face Time Tracks IM, P2P Threats

TechWeb/Security Pipeline is reporting that IM vendor Face Time has launched a new site that will track threats against instant messaging and peer-to-peer networks.

The site also features an index FaceTime's promoting as an indicator of the current danger to IM and P2P software.

Dubbed the "IMPact Index," the 1 through 9 score lets IT and security staffs "quickly assess the risk level posed by viruses, worms, and other malware propagating through real-time communication channels like IM, P2P, and IRC," said FaceTime in a statement. An index score of 7 or more, FaceTime added, means that security managers should take immediate action to protect their networks.

User of the site can also to receive e-mailed alerts, that they will use to describe IM and P2P viruses and worms in detail.

Visit FaceTimes website HERE

Bogus Web Journals Used As Trap

According to a report today from BBC Tech News.

It is being reported that hackers are attempting to add dangerous code to certain blog sites. Consequently some net surfers, if they are using unpatched Windows operating systems when visiting these blogs, could quite possibly end up with malicious programs such as keyloggers or other malware on their computers.

Filtering firm Websense said it had found hundreds of bogus blogs baited with all kinds of malicious software to snare the unwary.

Websense warned that the baited blogs could get past traditional security measures that try to protect people from malicious programs.

According to Websense, they had looked at some examples where hackers are creating legitimate looking weblogs, adding viral code or keylogging software to the page and then passing on the blog address on via spam or instant messenger

"These aren't the kind of blog websites that someone would stumble upon and infect their machine accidentally," said Dan Hubbard, Websense's research director. "The success of these attacks relies upon a certain level of social engineering to persuade the individual to click on the link."

In order to protect yourself when surfing new or unknown blogs, use the same precautions computer users should always employ. Do not read unsolicited messages received via IM or e-mail. Keep you Windows patches and your AV applications up to date, and install an anti-spyware product on your computer. Personally, I recommend using more than one anti-spyware application since very often one will identify and clean an object where the other may miss it.

Users were urged to keep anti-virus and patches up to date, regularly scan machines with anti-spyware products and exercise caution when reading unsolicited messages sent via e-mail or instant messenger.

MORE.....