Stealthy Rootkit Slides Further Under the Radar

By Jeremy Kirk, IDG News Service - Wed Apr 15, 2009 2:20PM EDT

Thousands of Web sites have been rigged to deliver a powerful piece of malicious software that many security products may be unprepared to handle.

The malicious software is a new variant of Mebroot, a program known as a "rootkit" for the stealthy way it hides deep in the Windows operating system, said Jacques Erasmus, director of research for the security company Prevx.

An earlier version of Mebroot, which is what Symantec named it, first appeared around December 2007 and used a well-known technique to stay hidden. It infects a computer's Master Boot Record (MBR). It's the first code a computer looks for when booting the operating system after the BIOS runs.

If the MBR is under a hacker's control, so is the entire computer and any data that's on it or transmitted via the Internet, Erasmus said.

Since Mebroot appeared, security vendors have refined their software to detect it. But the latest version uses much more sophisticated techniques to stay hidden, Erasmus said.

Mebroot inserts program hooks into various functions of the kernel, or the operating system's core code. Once Mebroot has taken hold, the malware then makes it appear that the MBR hasn't been tampered with.

"When something is trying to scan the MBR, it displays a perfectly good-looking MBR to any security software," Erasmus said.

Then, each time the computer is booted, Mebroot injects itself into a Windows process in memory, such as svc.host. Since it's in memory, it means that nothing is written to the hard disk, another evasive technique, Erasmus said.

Mebroot can then steal any information it likes and send it to a remote server via HTTP. Network analysis tools such as Wireshark won't notice the data leaking out since Mebroot hides the traffic, Erasmus said.

Prevx saw the new variant of Mebroot after one of the company's consumer customers became infected. It took analysts a few days to nail down exactly how Mebroot was managing to embed itself in the operating system. "I think everyone at the moment is working on modifying their [antimalware] engines to find it," Erasmus said.

And those companies need to act fast. Erasmus said it appears that thousands of Web sites have been hacked to deliver Mebroot to vulnerable computers that don't have the proper patches for their Web browsers.

The infection mechanism is known as a drive-by download. It occurs when a person visits a legitimate Web site that's been hacked. Once on the site, an invisible iframe is loaded with an exploit framework that begins testing to see if the browser has a vulnerability. If so, Mebroot is delivered, and a user notices nothing.

"It's pretty wild out there now," Erasmus said. "Everywhere you go, you have a chance to be infected."

It's unknown who wrote Mebroot, but it appears that one aim of the hackers is to simply infect as many computers as possible, Erasmus said.

Prevx has a self-named specialized security product that works alongside antivirus software to detect drive-by browser exploits, password stealers, rootkits and rogue antivirus software.

Prevx released the 3.0 version of its product on Wednesday. The software will detect malware infections for free, but users must upgrade to get the full removal functionality. However, Prevx 3.0 will remove some of the more evil malicious software, including Mebroot, as well as any advertising software, known as adware, free of charge, Erasmus said.

http://tech.yahoo.com/news/pcworld/20090415/tc_pcworld/stealthyrootkitslidesfurtherundertheradar

With recent police activity, anti-terror adverts and CCTV everywhere no wonder we're all scared stiff

So it has now become one of the main causes of anxiety. Among all the other worries that people face - the recession, crime, hospital superbugs and terrorism - a new fear has emerged: that of the Big Brother state.

According to a survey by the Mental Health Foundation, we are a pretty fearful lot. In fact, more than seven million of us are living with some sort of anxiety problem.

And the proliferation of surveillance equipment such as CCTV cameras (of which we have more than the rest of Europe put together) only makes people more worried of the very things the cameras are designed to tackle: crime and terrorism.

It is ironic that something which is supposed to put our minds at rest has exactly the opposite effect.

But there is also a darker side to the proliferation of monitoring equipment which should also be a cause of great concern to us all.

The evidence can no longer be ignored that after a decade of New Labour, Britain has become a far worse place for honest citizens to live their lives as they please, away from the eyes and ears of the state.

In the name of 'efficiency' and 'national security', our civil liberties have been systematically eroded.

We have calmly allowed our rulers to grab enormous and unprecedented power. They claim it is needed to protect us from criminals, but in fact they are using it to bully and enslave us with a litany of regulation and red tape.

Police and other state officials have turned from our servants into our masters.

Yahoo to cut hundreds of jobs

Posted on - Tue Apr 14, 2009 10:26PM EDT

SAN FRANCISCO (Reuters) -Yahoo Inc is preparing to lay off several hundred workers in the first round of cuts since Carol Bartz became chief executive in January, a source with knowledge of the situation told Reuters.

The layoffs could be announced next Tuesday, when Yahoo reports its first-quarter financial results, according to the source, who wished to remain anonymous because of the issue's sensitivity.

Yahoo's last round of layoffs was in December, under former CEO and co-founder Jerry Yang. The company, which is the No. 2 U.S. Internet search provider, finished 2008 with roughly 13,600 employees, down by more than 1,600 employees from the third quarter of 2008.

Yahoo declined to comment on the planned layoffs, first reported by the New York Times on Tuesday.

The cuts would come almost two months after Bartz implemented a broad internal management reorganization and as Yahoo explores partnerships to help revive its growth.

Yahoo and Microsoft Corp met recently to discuss a deal involving the company's search business, according to a source familiar with the matter who wished to remain anonymous.

The search company has projected that sales in the first quarter could be down as much as 16 percent at $1.53 billion.

Shares of Yahoo were up 3 cents at $14.10 in after hours trade.

(Reporting by Alexei Oreskovic; Editing Bernard Orr and Muralikumar Anantharaman)

Topical Spray Helped Men With Premature Ejaculation

MONDAY, April 6 (HealthDay News) -- A new spray enabled men with premature ejaculation to delay their orgasm six times longer than before, according to a study that included 300 European men.

The men, with clinically diagnosed premature ejaculation, were randomly selected to receive a placebo spray with no active ingredients (100 men) or the PSD502 spray, which contains 7.5 milligrams of lidocaine and 2.5 mg of prilocaine (200 men).

During the three-month study, the men used either the placebo or the PSD502 spray five minutes before intercourse. The men and their partners then used a stopwatch to record the time from vaginal penetration to ejaculation. The men were instructed to abstain from sexual activity or masturbation for 24 hours before each recorded episode of intercourse.

The men who used the PSD502 spray (treatment group) delayed their orgasm from an average of 0.6 minutes to 3.8 minutes, compared to just over 1 minute for those who used the placebo spray. That means the PSD502 spray helped men last 6.3 times longer than normal, compared to 1.7 times longer than normal for those who used the placebo, the study authors said.

The study found that after three months of treatment:

• 90 percent of the men in the treatment group were able to delay ejaculation for more than 1 minute following vaginal penetration, compared with 54 percent of those in the placebo group.
• 74 percent of men in the treatment group were able to last 2 minutes before ejaculation, compared with 22 percent of those in the placebo group.
• 62 percent of men in the treatment group said their orgasms were "good" or "very good" after three months, compared with 20 percent before the start of the study. For men in the placebo group, the figures were 19 percent at the end of the study and 21 percent before the start of the study.
• More patients and partners in the treatment group reported improvements in perceived control, personal distress, satisfaction with sexual intercourse, and interpersonal problems.

The most common problems noted in the study were loss of erection and a burning sensation in the vagina.

The study findings were published in the April issue of the journal BJU International.

"Premature ejaculation can be a very distressing condition for men and can cause distress, frustration and make them avoid sexual intimacy," lead researcher Professor W. Wallace Dinsmore, of the Royal Victoria Hospital in Belfast, U.K., said in a news release.

"Our study shows that when the PSD502 spray was applied to the man's penis five minutes before intercourse it improved both sexual performance and sexual satisfaction, which are key factors in treating premature ejaculation."

More information

The U.S. National Library of Medicine has more about premature ejaculation.

Keep an eye on the game

By Karen Kaplan, Los Angeles Times-Washington Post
Published: April 08, 2009, 23:09

Here's some evidence that staying hooked to your favourite games may be good for you after all.

According to a study published online in Nature Neuroscience, people who played 50 hours of action video games showed significant improvement in contrast sensitivity function, a key aspect of vision, .

Contrast sensitivity function refers to the ability to detect small differences in shades of grey, and it is one of the most vulnerable elements of vision. Scientists believe it is affected by deterioration of the eye itself.But a team of researchers from The University of Rochester and Tel Aviv University suspected that changes in the brain played a role as well. If so, they reasoned that mental exercise could offer some improvement.

To find out, they recruited video game novices in their 20s and asked some of them to play Atari's Unreal Tournament 2004 and Call of Duty 2 by Infinity Ward, two fast-paced games that require players to aim and shoot weapons from battle vehicles.

Others were assigned to The Sims 2 from Electronic Arts, an elaborate simulation game that doesn't ask players to make any quick or visually precise moves. Participants were asked to play their games for a total of 50 hours over nine weeks. The researchers measured each player's contrast sensitivity function before and after their training and found that the sensitivity of people assigned to the shoot-'em-up games improved by an average of 58 per cent. Those who played The Sims improved, too, but not as much as those who played action games.

The benefits lasted for months and may even last for years. "Generally our results establish that time spent in front of a computer screen is not necessarily detrimental to vision,"the authors of the research wrote.

Woman finds $357,959 cashier's check and returns it

By JOHN ROGERS, Associated Press Writer John Rogers, Associated Press Writer – Wed Apr 8, 4:49 pm ET

LOS ANGELES – As she walked from a post office, Talon Curtis thought she'd found one of those gimmicky sweepstakes offers on the ground that scream something like "$357,959.55" in big bold letters and "This is not a real check" in much smaller type. But just as she was about to do her part for a cleaner planet and deliver the paper from the parking lot to a trash can, she noticed it was a real cashier's check with a real signature.

"I couldn't believe it. I almost passed out," Curtis, who works as a loan negotiator, told The Associated Press on Wednesday. "I have never seen a check that big. Not in my possession, anyway."

She immediately set out to find its rightful recipient, but it was Saturday afternoon and the banks were closing. On Monday, with help from KCAL-TV reporter Dave Malkoff, she located the check's owner, who had arrived at her bank in a panic.

"I think she had walked in at the same time the bank manager called me back," Curtis said. "I could hear her walking up to him. and I could hear all this commotion in the background."

Curtis said she spoke briefly with the woman on the phone about a possible meeting, but Pacific Mercantile Bank instructed her to mail the check to them instead.

Not willing to take a chance on the mail, Curtis delivered it personally. A bank employee confirmed it had arrived.

Curtis said she never thought of keeping the check for herself, and she declined the woman's offer of a reward. Still, she's just a little disappointed.

"I just wanted to see her face," Curtis said, laughing. "I just wanted to let her know that there are honest people left in this world."


http://news.yahoo.com/s/ap/20090408/ap_on_fe_st/odd_big_check

Gossip writer out of job after "Wolverine" review

LOS ANGELES - Columnist Roger Friedman is out at FoxNews.com after reviewing an illegally downloaded copy of Fox's "X-Men Origins: Wolverine" last week.

Friedman, who wrote the Fox411 column for FoxNews.com, met with Fox News executives Monday. Following the meeting, the company issued a statement saying the parties had "mutually agreed to part ways immediately."

Friedman could not be immediately reached for comment.

By admitting to having downloaded the film, which doesn't arrive in theaters until May 1, Friedman earned a big thumbs-down from News Corp., Fox News' parent company.

The trouble began Tuesday when an illicit copy of the film made its debut onto the Web. Fox immediately condemned the theft and copying of an unfinished workprint of the film and enlisted the FBI and the Motion Picture Assn. of America to track down the perpetrators.

Downloading a copy of the film himself, Friedman wrote a positive review that appeared in his Fox411 column Thursday.

"I doubt anyone else has seen this film. But everyone can relax. I am, in fact, amazed about how great "Wolverine" turned out. It exceeds expectations at every turn," he wrote.

But he also described how easy it is to download any film or TV show and joked he might decide to catch up on some other recent films via illegal downloads.

Fox -- pointing that out Fox News is a separate business under the News Corp. banner -- responded Friday, "This behavior is reprehensible and we condemn this act categorically, whether the review is good or bad."

Parent News Corp. issued its own condemnation, saying, "Roger Friedman's views in no way reflect the views of News Corp.," and adding, "Once we learned of Roger Friedman's post, we asked Fox News to remove it, which they did immediately."

After word began to circulate late Saturday that Friedman had been removed as well, News Corp. amended its statement, adding that Fox News had "promptly terminated Mr. Friedman."

But the columnist's status still appeared unclear Sunday afternoon.

Friedman would not comment except to say, "Reports of my death have been extremely exaggerated."

"This is an internal matter that we are not prepared to discuss at this time," a Fox News spokesperson said, leaving the entire matter in question.

Twenty-four hours later, Fox News and Friedman had gone their separate ways.