Friday, February 10, 2012
Security
Error 404--Not Found |
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:10.4.5 404 Not FoundThe server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. If the server does not wish to make this information available to the client, the status code 403 (Forbidden) can be used instead. The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism, that an old resource is permanently unavailable and has no forwarding address. |
'Storm' Trojan horse taps into YouTube fever
Hackers bent on spreading the Storm Trojan horse have changed tactics again and are now trying to dupe users into clicking on links posing as YouTube videos, security vendors warn.
Other stories on this topic
M86 Security Labs report provides insight to plan security for 2012
02/10/12
The researchers at M86 Security Labs have just released their semiannual report about security trends and malware, spam and phishing activities they observed in the latter half of 2011. Use the 20/20 hindsight of this report to plan ahead for your security measures in 2012.
Google expands the scope of its vulnerability reward programs to cover Chromium OS
02/10/12
Encouraged by the success of its Web and Chromium vulnerability reward programs, Google has decided to expand their scope in order to cover security issues in Chromium OS as well.
Forget Public Cloud or Private Cloud, It's All About Hyper-Hybrid
02/10/12
Cloud computing has gone from being a promising technology to a reality that brings a unique set of challenges along with benefits. To fully leverage the disruptive potential of cloud without getting trapped in a web of integration complexity, CIOs and their IT organizations need to focus on what it means to rethink their business as a collection of services.
Story tools
Sponsored by:
E-Mail article
|
|
Print article
|
|
Contact author
|
Reprint
|
AIM article
|
del.icio.us |
Reddit
|
Digg
|
Stumble
|
Slashdot It!
|
Storm, a.k.a. Peacomm and Nuwar, is now spreading via e-mail that includes a link that appears to be to a YouTube video, said Johannes Ullrich, chief research officer at the SANS Institute, on the Internet Storm Center's blog this weekend. "The link looks like a link to YouTube, but actually points to a 'numeric' URL like old Storm variants," said Ullrich.
Placing the mouse cursor atop the bogus YouTube link will show a numeric IP address rather than the expected www.youtube.com, a good indicator of a scam attempt.
Recipients who click on the link see a message that claims the video is loading in the background, said Vinoo Thomas, a researcher at McAfee Inc.'s Avert Labs. Actually, said Thomas, "an embedded obfuscated JavaScript routine attempts a cocktail of browser and application exploits." If any of those exploits are successful, Storm gets dropped on the PC.
Over the weekend, Roger Thompson, a researcher at Exploit Prevention Labs Inc., identified the multistrike exploit package as "Q406 Rollup," a collection that has made the rounds since late last year. Similar to other hacker kits such as Mpack, Q406 includes a dozen or more exploits.
Storm's markers have become well-known for their skill at adapting their pitches to get users to open attached files or click on e-mailed links. Last week, a Symantec Corp. researcher said the group was "very adept" at creating persuasive messages. "They have a knack for latching on to the latest newsworthy events and capitalizing on the public interest in them," said Hon Lu. "And if no newsworthy events are happening at the time, then they will just make them up."
The Storm Trojan horse reportedly behind the summer's plague of malicious greeting card spam, and the machines it has infected -- by some accounts a massive botnet -- served as the launching pad for a huge wave of pump-and-dump stock scam spam earlier this month.
For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.
| Start a public discussion with other Network World users on this article (scroll up to send this article to a colleague). Log In | Register for an account (Why you should) |
Note: Register to have your user name appear; otherwise your comment will show up as "Anonymous."
*Anonymous comments will only appear once they are approved by the moderator.
Copyright 2008 Network World Inc.
|
Does Verizon's Voyager stack up to the iPhone? |
5 IT skills that won't boost your salary [1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]