malware

Oracle has rushed out a new Java security patch designed to plug up a range of holes in the software.

The February Critical Patch Update for Java SE addresses 50 security vulnerabilities, 44 of which affect the use of Java as a plug-in for Web browers, according to an Oracle blog posted Friday. If not properly patched, the plug-in could open the door for attackers to remotely execute code on a PC or Mac by directing users to malicious Web sites.

"The popularity of the Java Runtime Environment in desktop browsers, and the fact that Java in browsers is … Read more

Even though the prevalence of threats for the Mac remains relatively minimal, malware on OS X has raised its ugly head a bit in the past few years. Some in the Mac community have been affected by threats such as the Flashback malware, DNSChanger, and the MacDefender Trojan, among others. As a result, while the most effective way of keeping a Mac secure is to follow safe browsing and computing practices, you may also be considering using anti-malware utilities. But which ones perform best?

Recently, Mac security analyst Thomas Reed attempted to tackle this question in part by putting a … Read more

For most computer users, the idea of having malware or adware creeping onto your machine has become an accepted fate that comes with being online. More-tech-savvy users can manage to stay clean for a while but, like the flu, everybody gets it eventually. Whether it was through a questionable e-mail sent by a friend or from a moment of weakness when you clicked on that video link promising playful kittens, suddenly you find your beloved computer starting to behave strangely. It might be a quick process; it might not happen right away, but you will know right away something is … Read more

To improve security and cut crashes, Firefox will block plug-ins including Microsoft Silverlight, Adobe Reader, Apple's QuickTime and Oracle's Java, Mozilla said.

Only the newest version of Adobe Systems' Flash Player will be run by default, said Michael Coates, Mozilla's director of security assurance, in a blog post yesterday.

Plug-ins extend a browser's ability to run software or handle different media and file formats, but that extra ability opens new avenues for attack. They've been a staple of Web development for years, but browser makers are working hard to reproduce their abilities directly with Web … Read more

The United States is responsible for the highest number of botnet servers in the world, according to new data from McAfee.

A map and a list of major countries posted by McAfee yesterday show the greatest concentration of botnet servers to be in the U.S., with 631. That's more than two and a half times higher than the second country on the list -- the British Virgin Islands with 237.

The Netherlands took third place with 154 servers, followed by Russia with 125, Germany with 95, and Korea with 81. Among the Top 10, Canada fared the best … Read more

U.S. authorities have charged three foreign nationals with creating and distributing a virus that allowed thieves to steal tens of millions of dollars from victims' bank accounts.

The three are accused of creating the Trojan virus Gozi, which infected more than 1 million computers worldwide and 40,000 in the United States, including computers belonging to NASA, according to court documents unsealed today by U.S. Attorney Preet Bharara in Manhattan. Nikita Kuzmin, 25, Deniss Calovskis, 27, and Mihai Ionut Paunescu, 28, are accused of creating "one of the most financially destructive computer viruses in history."

The … Read more

Following recent security vulnerabilities in Java, malware developers are taking a new approach to exploit the Java platform by issuing false updates that pose as legitimate updates for the runtime.

The latest version of the Java runtime that fixes recent vulnerabilities is update 11, and Kaspersky labs is reporting that a new malware is out that poses as "Java Update 11." The malware is packaged in a Java archive file called "javaupdate11.jar" that contains two Windows-based executables called "up1.exe" and "up2.exe." When installed the programs open a back door … Read more

Microsoft isn't too happy with the results of a recent test that found fault with its antivirus software.

For the second time in a row, the company's Security Essentials failed to win certification from AV-Test, a German-based testing lab that evaluates the efficacy of antivirus products. Out of 25 programs tested, only three failed to gain AV-Test's thumb's up for certification.

Microsoft's Forefront Endpoint Protection, which is geared toward corporate customers, also failed to gain certification.

Microsoft responded to the test via a blog posted yesterday, challenging its findings.

"Our review showed that 0.… Read more

Lately Java has been getting a bit of bad press, thanks to several consecutive security holes that have been exploited by malware developers. One notable occurrence was the Flashback malware threat that affected a number of OS X users, which (though due in part to Apple's negligence about Java upkeep) was rooted in the Java runtime. More recently, Java 7 has seen a new zero-day vulnerability that has been circulating in exploit kits.

In response to these threats, many in the tech community have recommended that people uninstall Java altogether. However, this can be impractical for some, as many … Read more