Updates

A compilation of the latest information about viruses and worms, security issues and patches to rectify the same

Vulnerabilities on the rise

According to a report from Microsoft with data from the National Vulnerability Database in the US, the number of flaws disclosed to the public jumped nearly five percent during the first six months of 2007, which is the fourth year in a row of increased reports. The software bugs were increasingly ranked as severe.

While Microsoft’s semi-annual report titled the Microsoft Security Intelligence Report stated that the number of vulnerabilities had decreased between the second half of 2006 and the first half of 2007, the latest figures from the National Vulnerability Database show a slight increase of nearly 5 percent to 3,600 flaws. The maintainers of the NVD have previously said that the numbers changed as the overlooked flaws are added.

The report also noted that viruses have dramatically dropped off the radar in the past 18 months; from making up approximately half of all malicious software detected by the company’s Windows Live OneCare safety scanner they accounted for only 12 percent of infections detected. Backdoor Trojan horses have taken up the slack, making up nearly half of all infections detected by Microsoft’s scanner in the first six months of 2007, up from about 8 percent in the first half of 2006. The report also noted that vulnerabilities are easier to exploit. During 2006, the average difficulty of exploiting vulnerabilities peaked with approximately 14 to 18 percent of flaws requiring a complex process to exploit. In the first half of 2007 it dropped to less than 4 percent.

According to Microsoft, Vista has significantly raised the bar for online attackers. The company’s Malicious Software Removal Tool found and cleaned 60 percent less malicious software on Windows Vista computers than on Windows XP Service Pack 2 systems.

Call center agent booked for identity theft

A Chicago Transit Authority (CTA) employee was recently charged with identity theft after she allegedly misused the credit cards of at least four customers.

According to CTA, the employee, Miranda Smith, took the numbers from customers who were using credit cards to buy CTA products over the telephone. A customer alerted the CTA Inspector General’s office after noticing unauthorized charges on their account. Within a week, Chicago police received reports of similar incidents, and teamed up with the inspector’s office to conduct the investigation.

The agent handled credit card transactions for 373 customers, and based on information, CTA officials estimate as many as 10 percent of the people she handled may have been victimized. Smith allegedly admitted to taking the credit card numbers and is in the process of being fired.

The CTA’s database is equipped with security codes that restrict access to customer credit card information, so that only Smith had access to the credit card numbers of the people that she handled. The CTA has said that it is contacting all the customers with whom Smith conducted credit card transactions and is offering those customers a year’s worth of free credit monitoring. The CTA has also established a hot line for victims to call and get information about credit monitoring.