Malware Targets Job-seekers

A new version of the Gameover computer Trojan is targeting job hunters and recruiters by attempting to steal log-in credentials for Monster.com and CareerBuilder.com accounts.

Gameover is one of several Trojan programs that are based on the infamous Zeus banking malware, whose source code was leaked on the Internet in 2011. Like Zeus, Gameover can steal log-in credentials and other sensitive information by injecting rogue Web forms into legitimate websites when accessed from infected computers.

The ability to inject content into browsing sessions in real time has traditionally been used by computer Trojans to steal online banking credentials and financial information. However, cybercriminals are increasingly using this technique to compromise other types of accounts as well.

For example, in February, researchers from security firm Adallom found a Zeus variant that stole Salesforce.com log-in credentials and scraped business data from the compromised accounts.

The latest development involves a new Gameover variant that contains a configuration file to target Monster.com accounts, one of the largest employment websites in the world, security researchers from antivirus firm F-Secure said.

“A computer infected with Gameover ZeuS will inject a new ‘Sign In’ button [into the Monster.com sign-in page], but the page looks otherwise identical,” they said.

After the victims authenticate through the rogue Web form the malware injects a second page that asks them to select and answer three security questions out of 18. The answers to these questions expose additional personal information and potentially enable attackers to bypass the identity verification process.

Targeting Monster.com is a new development, but the Gameover malware had already been targeting CareerBuilder.com, another large employment website, for some time.

Recruiters with accounts on employment websites should be wary of irregularities on log-in pages, especially if those accounts are tied to bank accounts and spending budgets, the F-Secure researchers said. “It wouldn’t be a bad idea for sites such as Monster to introduce two factor authentication beyond mere security questions.”

The authors of the Gameover Trojan program have been particularly active recently. In early February researchers from security firm Malcovery Security reported that a new variant of Gameover was being distributed as an encrypted .enc file in order to bypass network-level defenses. Later that month researchers from Sophos detected a Gameover variant with a kernel-level rootkit component that protected its files and processes, making it harder to remove.

Unlike most other Zeus spinoffs, Gameover is also using peer-to-peer technology for command-and-control instead of traditional hosted servers, which improves its resilience to takedown efforts by security researchers.

Source

IT Dissatisfaction Growing

Companies want to reduce spending on IT operations and infrastructure and shift resources to revenue-producing areas, according to two new studies. But businesses leaders and IT executives are also registering higher levels of dissatisfaction with IT as more demands are placed on technology.

The reports, by the Hackett Group and McKinsey & Co., both agree that business executives want IT to do more to improve the bottom line while companies spend less on infrastructure in the process.

The bad news for people who work in IT operations is that large businesses expect to cut IT staff positions by about 2% this year, thanks to automation and outsourcing, according the Hackett’s survey of 160 businesses with revenues above $1 billion.

One path to improved automation will likely be through adoption of software-defined infrastructures, something Bank of America plans to do.

IT budgets will grow by 1.7% this year as IT pivots, increasingly, from a service-providing operation to a revenue-generating one, the Hackett Group said in its study.

IT managers are being told that “you’ve got to grow the business, not just run the business,” said Mark Peacock, an IT transformation practice leader and principal at Hackett.

McKinsey & Co., in its online survey of more than 800 executives — with 345 having a technology focus — also found that executives want less of their budgets to go to infrastructure so more resources can be shifted to analytics and innovation.

The McKinsey survey found that business executives are less likely to say now that IT performs effectively, compared to their views two years ago.

“The IT executives are even more negative,” wrote McKinsey, with only 13% of them saying their IT organizations “are completely or very effective at introducing new technologies faster or more effectively than competitors.” That percentage was down from 22% in 2012.

The negative results “likely reflect the overall rising expectations for corporate IT,” wrote McKinsey.

When asked how to fix IT shortcomings, respondents cited improved business accountability, more funds for priority projects and a higher the level of IT talent, the report said.

The Hackett Group survey didn’t report on dissatisfaction, but it did find that the top goal for IT organizations this year is “to strengthen partnership and goal alignment between IT and the business.”

Source

Virtru Goes Office 365

Virtru has added Microsoft’s Office 365 and Outlook Desktop services to its growing list of compatible email platforms available on its encryption product.

The company, headquartered in Washington, D.C. and launched in January, is targeting people using major email providers who want stronger privacy controls for more secure communication.

The service is designed to be easy to use for end users who may not have the technical gumption to set up PGP (Pretty Good Privacy), a standard for signing and encrypting content.

Virtru is compatible with most major webmail providers, including Google’s Gmail, Yahoo’s Mail and Microsoft’s Outlook webmail, which replaced Hotmail.

Emails sent using Virtru through those services would look like gibberish, providing a greater degree of privacy. Law enforcement or other entities would not be able to read the content unless they could obtain the key.

Virtru uses a browser extension to encrypt email on a person’s computer or mobile device. The content is decrypted after recipients receive a key, which is distributed by Virtru’s centralized key management server.

Although Virtru handles key management, the company is working on a product that would allow that task to be managed on-site for users, as some administrators would be uncomfortable with another entity managing their keys.

Virtru has said it put aside funds to contest government orders such as a National Security Letter or law enforcement request that are not based on a standard of probable cause.

Source

Cisco Goes To The Cloud

Cisco Systems Inc will offer cloud computing services, pledging to spend $1 billion over the next two years to make a foray into a market currently dominated by the world’s biggest online retailer Amazon.com Inc, the Wall Street Journal reported.

Cisco said it will spend the amount to build data centers to help run the new service called Cisco Cloud Services, the Journal reported.

Cisco, which mainly deals in networking hardware, wants to take advantage of companies’ desire to rent computing services rather than buying and maintaining their own machines.

Enterprise hardware spending is dwindling across the globe as companies cope with shrinking budgets, slowing or uncertain economies and a fundamental migration to cloud computing, which reduces demand for equipment by outsourcing data management and computing needs.

“Everybody is realizing the cloud can be a vehicle for achieving better economics (and) lower cost,” the Journal quoted Rob Lloyd, Cisco’s president of development and sales as saying.

“It does not mean that we’re embarking on a strategy to go head-to-head with Amazon.”

Microsoft Corp last year said it was cutting prices for hosting and processing customers’ online data in an aggressive challenge to Amazon’s lead in the growing business of cloud computing.

Cisco could not be immediately reached for comment by Reuters outside regular U.S.business hours.

Source

Scientist Develop Anti-Faking PC

Scientists have developed a computer system with sophisticated pattern recognition abilities that performed more impressively than humans in differentiating between people experiencing genuine pain and people who were just pretending.

In a study published in the journal Current Biology, human subjects did no better than chance – about 50 percent – in correctly judging if a person was feigning pain after seeing videos in which some people were and some were not.

The computer was right 85 percent of the time. Why? The researchers say its pattern-recognition abilities successfully spotted distinctive aspects of facial expressions, particularly involving mouth movements, that people generally missed.

“We all know that computers are good at logic processes and they’ve long out-performed humans on things like playing chess,” said Marian Bartlett of the Institute for Neural Computation at the University of California-San Diego, one of the researchers.

“But in perceptual processes, computers lag far behind humans and have a lot of trouble with perceptual processes that humans tend to find easy, including speech recognition and visual recognition. Here’s an example of a perceptual process that the computer is able to do better than human observers,” Bartlett said in a telephone interview.

For the experiment, 25 volunteers each recorded two videos.

In the first, each of the volunteers immersed an arm in lukewarm water for a minute and were told to try to fool an expert into thinking they were in pain. In the second, the volunteers immersed an arm in a bucket of frigid ice water for a minute, a genuinely painful experience, and were given no instructions on what to do with their facial expressions.

The researchers asked 170 other volunteers to assess which people were in real discomfort and which were faking it.

After they registered a 50 percent accuracy rate, which is no better than a coin flip, the researchers gave the volunteers training in recognizing when someone was faking pain. Even after this, the volunteers managed an accuracy rate of only 55 percent.

The computer’s vision system included a video camera that took images of a person’s facial expressions and decoded them. The computer had been programmed to recognize that one kind of facial movement combinations suggested true pain and another kind suggested faked pain.

Source

AMD Buys Mobile Patents

China’s Lenovo is acquiring patents related to 3G and 4G technologies from U.S.-based Unwired Planet for $100 million, as the company sets about expanding with its proposed Motorola Mobility acquisition.

The 21 patent families that Lenovo is purchasing from Unwired Planet will help the Chinese company grow its smartphone and mobile business in new markets, it said Thursday.

In addition, Unwired Planet is licensing its patent portfolio to Lenovo for an unspecified number of years. The Nevada-based company develops mobile technologies in use by carriers including AT&T and Sprint. After its deal with Lenovo closes, Unwired Planet said it will have about 2,500 issued and pending international patents in its portfolio.

Although Lenovo is best known as a PC maker, the company is aiming to becoming a major vendor of mobile phones. Already, in its home market of China, Lenovo ranks as one of the biggest smartphone vendors, and has dozens of different models on the local market.

Lenovo’s mobile phone business is set to grow even larger. In January, the company announced it planned to buy Motorola Mobility from Google for $2.9 billion.

With the proposed acquisition, Lenovo’s handset business will get a foothold in the North American market. The company plans to keep the Motorola business intact, and even use the business to sell phones in its home market of China.

The Motorola deal will also help Lenovo shield itself from patent-related lawsuits that have been used to try to stymie the businesses of other handset makers. By buying Motorola, Lenovo will take ownership of more than 2,000 patent assets and also gain access to Google’s own patent portfolio.

Lenovo’s deal with Unwired Planet is expected to close in 30 days.

Source

AMD To Focus On China

Advanced Micro Devices has relocated its desktop chip business operations from the U.S. to the growing market of China, adding to its research lab and testing plant there.

The desktop market in China is growing at a fast pace and its shipments of desktops and laptops are equal in ratio, said Michael Silverman, an AMD spokesman, in an email. “The desktop market in China remains strong,” Silverman said.

The move of AMD’s desktop operations was first reported by technology news publication Digitimes, but the chip maker confirmed the news.

The company is also developing tailored products for users in China, Silverman said.

AMD’s move of desktop operations to China brings them closer to key customers such as Lenovo, said Dean McCarron, principal analyst at Mercury Research.

“Not that they don’t have their sales in the U.S.,” but a significant number of those PCs are made in China and then shipped internationally, McCarron said.

AMD is the world’s second-largest x86 processor maker behind Intel. Many PC makers like HP and Dell get products made in China.

Being in China also solves some desktop supply chain issues because it moves AMD closer to motherboard suppliers like Asustek and MSI, which are based in Taiwan, but get parts made in China. Chips will be shipped to customers faster and at a lower cost, which would reduce the time it takes for PCs to come to market, McCarron said.

AMD already has a plant in Suzhou, which Silverman said “represents half of our global back-end testing capacity.” AMD’s largest research and development center outside the U.S. is in Shanghai.

Some recent products released by the company have been targeted at developing countries. AMD recently starting shipping Sempron and Athlon desktop chips for the Asia-Pacific and Latin America markets, and those chips go into systems priced between $60 and $399. AMD is targeting the chips at users that typically build systems at home and shop for processors, memory and storage. The chips — built on the Jaguar microarchitecture — go into AMD’s new AM1 socket, which will be on motherboards and is designed for users to easily upgrade processors.

China is also big in gaming PCs, and remains a key market for AMD’s desktop chips, said Nathan Brookwood, principal analyst at Insight 64. “White box integrator’s play a big role in China,” he said.

Source

HP Unveils 3D Plan

Hewlett-Packard Co will unveil plans to enter the commercial 3D-printing arena in June, saying it has resolved a number of technical issues that have hindered broader adoption of the high-tech manufacturing process.

Chief Executive Meg Whitman told shareholders the company will make a “big technology announcement” that month around how it will approach a market that has excited the imagination of investors and consumers.

Critics have accused the sci-fi-like technology of being over-hyped and still too immature for widespread consumer adoption.

Industry observers have long expected HP, the largest of several printer-making companies from Canon to Xerox, to eventually get into the business. Whitman said HP’s inhouse researchers have resolved limitations involved with the quality of substrates used in the process, which affects the durability of finished products.

“We actually think we’ve solved these problems,” Whitman told an annual shareholders meeting. “The bigger market is going to be in the enterprise space,” manufacturing parts and prototypes in ways that were not possible before.

“We’re on the case,” she said without elaborating.

HP executives have estimated that worldwide sales of 3D printers and related software and services will grow to almost $11 billion by 2021 from a mere $2.2 billion in 2012.

The nascent 3D-printing market is now dominated by a number of smaller players like MakerBot, a unit of Stratasys that is concentrating on selling more affordable devices to consumers.

Contract manufacturers like Flextronics however already use the technology to help craft prototype parts or devices for corporate clients.

“HP is currently exploring the many possibilities of 3D printing and the company will play an important role in its development,” CTO and HP Labs director Martin Fink said in a February blogpost on HP’s website.

“The fact is that 3D printing is really still an immature technology, but it has a magical aura. The sci-fi movie idea that you can magically create things on command makes the idea of 3D printing really compelling for people.”

Source

Zeus Attached To Cancer Email Scam

Thousands of email users have been hit by a sick cancer email hoax that aims to infect the recipients’ computers with Zeus malware.

The email has already hit thousands of inboxes across the UK, and looks like it was sent by the National Institute for Health and Care Excellence (NICE). It features the subject line “Important blood analysis result”.

However, NICE has warned that it did not send the malicious emails, and is urging users not to open them.

NICE chief executive Sir Andrew Dillon said, “A spam email purporting to come from NICE is being sent to members of the public regarding cancer test results.

“This email is likely to cause distress to recipients since it advises that ‘test results’ indicate they may have cancer. This malicious email is not from NICE and we are currently investigating its origin. We take this matter very seriously and have reported it to the police.”

The hoax message requests that users download an attachment that purportedly contains the results of the faux blood analysis.

Security analysis firm Appriver has since claimed that the scam email is carrying Zeus malware that if installed will attempt to steal users’ credentials and take over their PCs.

Appriver senior security specialist Fred Touchette warned, “If the attachment is unzipped and executed the user may see a quick error window pop up and then disappear on their screen.

“What they won’t see is the downloader then taking control of their PC. It immediately begins checking to see if it is being analysed, by making long sleep calls, and checking to see if it is running virtually or in a debugger.

“Next it begins to steal browser cookies and MS Outlook passwords from the system registry. The malware in turn posts this data to a server at 69.76.179.74 with the command /ppp/ta.php, and punches a hole in the firewall to listen for further commands on UDP ports 7263 and 4400.”

Source

Do Chip Makers Have Cold Feet?

It is starting to look like chip makers are having cold feet about moving to the next technology for chipmaking. Fabricating chips on larger silicon wafers is the latest cycle in a transition, but according to the Wall Street Journal chipmakers are mothballing their plans.

Companies have to make massive upfront outlays for plants and equipment and they are refusing, because the latest change could boost the cost of a single high-volume factory to as much as $10 billion from around $4 billion. Some companies have been reining in their investments, raising fears the equipment needed to produce the new chips might be delayed for a year or more.

ASML, a maker of key machines used to define features on chips, recently said it had “paused” development of gear designed to work with the larger wafers. Intel said it has slowed some payments to the Netherlands-based company under a deal to help develop the technology.

Gary Dickerson, chief executive of Applied Materials said that the move to larger wafers “has definitely been pushed out from a timing standpoint”

Source

« Previous Page — Next Page »