Microsoft slams F-Secure for Windows Vista virus report

A proof of concept virus security company F-Secure described as a "first Vista virus" doesn't affect the operating system at all, Microsoft had said.

The exploit that the security expert describes targets a new command shell technology called MSH that is currently under development under the codename Monad.

Contrary to what F-Secure suggested, MSH won't be part of Windows Vista, a spokeswoman for Microsoft told vnunet.com.

"The current plan is that Monad will not be included in the final version of Windows Vista. Monad is being considered for the Windows Operating System platform for the next three to five years," she said.

Instead, users will find "some of the technology" in the next version of Exchange that is due out in the second half of 2006, as we reported earlier. Microsoft hadn't previously given full disclosure about its plans not to include MSN in Vista.

The first operating system that possibly could be affected by MSH will be Longhorn server, not Windows Vista.

"It is a possibility that Monad’s timing could align with the update release to Longhorn Server, but it is too early to confirm that this will be the case," she said.

Longhorn Server is the next version for Windows Server 2003 and is scheduled for release in 2007.

MSH is a command-line shell tool that lets IT administrators manage as system. It is similar to the command shell in Unix, Linux and OS X.

A first beta of the technology was released in June. MSH isn't part of the Vista beta that was launched two weeks ago.

F-Secure in a blog posting on its website pointed to a proof of concept virus that an Austrian virus writer had developed. It has named the viruses Danom, using the reverse spelling of Monad.

Microsoft further undermined F-Secure's report by pointing out that the virus used a proven method to use command shells in all operating systems to launch a virus.

"The viruses do not attempt to exploit a software vulnerability and do not encompass a new method of attack," the spokeswoman said.

Backing up his company's official statement, a Microsoft developer by the name of Lee Holmes blased the report by F-Secure on his blog.

"It's a misleading title," Holmes said about F-Secure post, "as it's an issue that affects any vehicle for any executable code on any operating system."

In an email to vnunet.com, F-Secure's director of anti-virus research Mikko Hyppönen defended his original posting.

"I stand by my blog entry. Everything I wrote was accurate at the time of writing."

He confirmed that the method of attack isn't new, but the viruses still qualify as new because they target the new MSH platform.

"But I also understand Microsoft is concerned as these Danom viruses are now widely reported in the media as [the] first viruses for Windows Vista when, as we now know, MSH won't even ship with Vista," Hyppönen concluded.

Read more!

Google for Related Stuff:

First Family of Windows Vista Viruses Unleashed

Microsoft's newest operating system in beta only a week, but already leaky.
An Austrian hacker has earned the dubious distinction of writing what are thought to be the first known viruses for Microsoft's Windows Vista operating system. Written in July, the viruses take advantage of a new command shell, code-named Monad, that is included in the Windows Vista beta code.
But Microsoft says
The viruses were published last month in a virus-writing tutorial written for an underground hacker group calling itself the Ready Ranger Liberation Front, and take advantage of security vulnerabilities in the new command shell. Unlike the traditional Windows graphical user interface, which relies heavily on the mouse for navigation, command shells allow users to employ powerful text-based commands, much as Windows' predecessor, DOS, did.

Who Done It
The viruses were written by a hacker calling himself "Second Part To Hell," and published on July 21, just days after Monad was publicly released by Microsoft, according to Mikko Hyppönen, chief research officer with Helsinki's F-Secure. Second Part To Hell is the pseudonym of an Austrian-based hacker who also goes by the name Mario, Hyppönen says.

Because of its sophistication, the new command shell offers new opportunities for hackers, Second Part To Hell wrote in the tutorial, a copy of which was obtained by the IDG News Service. "Monad will be like Linux's BASH (Bourne Again Shell)--that means a great number of commands and functions," he wrote. "We will be able to make as huge and complex scripts as we do in Linux."

F-Secure has named the virus family Danom (Monad in reverse). Having examined the code, Hyppönen says that the Danom family is disruptive, but not capable of causing significant damage to Windows users. "These are proof-of-concept viruses," he says, "where virus writers want to break new ground and write the first viruses for a new platform."

Most security experts had not expected to see a Windows Vista virus so soon, Hyppönen says. "The only surprise here is that it came so early," he says. "It's been eight days since the beta of the operating system was out." Monad was released several days prior to the Windows Vista beta.

Concerns Raised
Still, Danom's release does raise questions about whether Microsoft should enable the Monad shell by default in Windows Vista.

Because Monad's scripting capabilities will be used by only advanced users, Hyppönen believes Microsoft should not offer the software as part of the standard Windows Vista package when it becomes commercially available in the second half of 2006. This would make the software less prevalent, and therefore less attractive to virus writers, he says.

Microsoft "got burned" in including similar software, called Windows Script Host, by default in its Windows 2000 operating system, he says. "Since it was on the system, all the virus writers were exploiting it," he says.

Microsoft was unable to comment on this story at press time.

Read more!

Google for Related Stuff:

Yahoo Hears Call of Audio Search

Yahoo is testing a new search-engine feature that will pore through millions of songs offered by popular internet music services like iTunes, Rhapsody and Napster.

The free service, available at Yahoo Search, boasts an index of more than 50 million audio files, including newscasts, speeches and interviews posted online, as well as the internet's deepening pool of "podcasts." The index identifies the content by reading metadata embedded in the files.

Other internet search engines already find audio files, but Yahoo (YHOO) is touting its as the most comprehensive, largely because it has received permission to index downloadable songs offered by virtually all of the internet's top music services.

The expansion coincides with an increasing emphasis by Yahoo and other search engines on indexing online video. The diversification beyond searching simple text online reflects the web's evolution into a multimedia hub -- a shift that the top search engines hope to parlay into profits.

Read more!

Google for Related Stuff:

Stanford Computer Scientists Unveil New Anti-Phishing Software

A pair of browser plug-ins changes how passwords are transmitted and detects phishing sites.
A pair of Stanford University computer science professors unveiled today a new password scheme designed to thwart phishing at bank and other sites where a user's identity and money are at risk. Dubbed PwdHash, the technique involves hashing the user's password with the domain name of the site in a way that ensures that the target site is the real one, and not a site designed by phishers to capture user information.

"Phishing attacks fool users into sending their passwords to an unintended website," says PwdHash inventor Dan Boneh, an associate professor of computer science and electrical engineering, "and since Internet users often use the same password at many websites, a phishing attack on one site will expose their passwords at many other sites." Boneh and co-inventor John Mitchell say they can change all that.

Their research group has developed an extension to popular web browsers that overhauls the security of passwords with only the slightest change in the daily web-surfing experience. To tell PwdHash to do the hashing users have to type "@@" or the press the F2 key before typing in their password. In user tests, people had no problem remembering to enter @@, Mitchell says.

Users will have to change their passwords using PwdHash at sites where they have accounts to take advantage of PwdHash. But users can do this at their own pace, Mitchell says. "Besides, changing passwords is something people should do anyway," he says. Caveats from the developers include the fact that PwdHash does not work for the AOL browser and cannot protect users who have downloaded software that can read their keystrokes as soon as they type them.

SpoofGuard is another browser extension developed by the team. It apparently can recognize illegitimate pages and warn users when they visit them. After installing SpoofGuard, a user would only have to watch his or her screen to avoid many phishing sites. PwdHash would then be the second line of defense.

Further information and free, prototype versions of both PwdHash and SpoofGuard are online at Stanford PwdHash and Stanford SpoofGuard.

Read more!

Google for Related Stuff:

Yahoo to Start Tests of Ads on Blog Sites

Call it the battle of the blogs. Yahoo is testing a system that will let it place ads on Web sites of bloggers and other small- and medium-size publishers, a market that was created and is dominated by Google.

Yahoo will invite 2,000 sites to take part in the test, beginning today, and will open the system to blogs and other publishers by the end of the year.

Two years ago, Google reached out to publishers - mainstream media companies and bloggers alike - with technology that can analyze the content on a given page to select related ads.Google places ads on hundreds of thousands of sites, industry specialists say, including big sites like The New York Times on the Web and myriad small blogs and specialized sites. Indeed Google has been an important contributor to the vast proliferation of Web logs as it has been able to provide at least some income for even small-time bloggers.

Yahoo has a much smaller program, working with a few hundred sites like CNN.com. Yahoo says its new small-site service will let a Web site specify what categories of advertising it does or does not want on a given page. Moreover, Yahoo will offer a telephone number that even small publishers can call for help, something that Google does not make readily available.

Yahoo appears to be focusing on a weakness in Google's offering for small publishers, said John Battelle, a blogger and author of "The Search," a book on Google and its rivals to be published in September by Portfolio Hardcover.

"Google is the 800-pound gorilla and until now there aren't even any chimps around," he said. "You hear two complaints over and over again: They are a black box and you can't get anyone on the phone to help you."
Let's wait and see what yahoo brings to the bloggers.

Read more!

Google for Related Stuff: