According to security company McAfee, actress Cameron Diaz is used most often as malware bait, with search strings using her name having a ten percent chance of coming up with an infected site.
Dave Marcus, McAfee’s director of security research and communication says searching for “Cameron Diaz and screensavers” increases that rate to 20 percent.
McAfee, as it has done since 2007, compiled the search phrases containing names of celebrities, athletes and politicians trying to calculate the percentage of sites that are tagged as dangerous.
Diaz surpassed Jessica Biel, last year’s “champion,” who fell to third place. Julia Roberts took second, while Gisele Buendchen and Brad Pitt rounding out the list.
“It’s a simple fact. The bad guys read the same news as the good guys,” said Marcus.
Marcus also explained why Diaz jumped so high, as the McAfee list was composed during the month where two of her films were in theaters, “Knight and Day” and “Shrek Forever After.”
Phishers and attackers use the names to trick unsuspecting users into visiting malicious sites, which then installs malware on their computers.
Result for: attackers
Adobe Systems said on Tuesday that it patched a critical vulnerability that affected the Adobe Download Manager. The Download Manager is used when Internet users download Flash or Reader software from Adobes websites.
A critical vulnerability was discovered that could be used by attackers to remotely install malicious software on a victims PC. In order to fulfill an exploit, an attacker would lead the victim to a special modified link on the adobe.com domain.
The combination of the two combined to make a very serious security threat. The download manager is usually removed from a users’ PC as soon as a computer is restarted. Users of the download manager in the past can ensure security by making sure the directory - C:Program FilesNOS - is not present.
More information on the issue is available at:
http://www.adobe.com/support/security/bulletins/apsb10-08.html
Result for: attackers
Two researchers plan to provide details at next week’s PacSec 2008 conference in Tokyo on how Wi-Fi Protected Access (WPA) is vulnerable to attack. Of course, this does not mean that WPA is as vulnerable to compromise in the same way that Wired-Equivalent Privacy (WEP) is, far from it in fact. The weakness in WPA is being reported by Martin Beck and Erik Tews, two graduate students in Germany. The attack could make it possible to compromise certain communications in less than 15 minutes.
The researchers found the weakness in the lesser of two WPA security protocol, Temporal Key Integrity Protocol (TKIP). Attackers can use the techniques to decrypt limited communications and can recover a special integrity checksum and send up to seven custom packets to clients on the network, according to SecurityFocus.
“The new attack on WPA is not a complete key recovery attack,” Tews said in an email to SecurityFocus. “It just allows you to decrypt packets and inject packets with custom content. But there is only a single short-term key recovered during the attack.”
