Thursday, February 19, 2009

I'm flattered, but ...fake ZDNet review leads to malware

Malware writers have been using bogus antivirus products to infect computers--such rogue programs are not new. But Lawrence Abrams, owner of notified me this morning that one new rogue is posting a fake review written by one "Robert Vamosi."

This particular rogue is called Anti-Virus-1, and it takes over a computer's HOSTS file so that it redirects users to bogus reviews site, such as this one supposedly posted on (screenshot courtesy of

You can see a larger version here.

And here's the CNET review I also didn't write.

Note, I have never given any product a 9.5 in all my years reviewing antivirus programs. Also, look at the URL: -- this is not the URL format for a ZDNet review.

The forums at have more on this particular rogue.

Thursday, February 5, 2009

Microsoft plans 4 bulletins for Patch Tuesday

Microsoft today released it's advance notification for next week's Patch Tuesday. There are two critical patches (one each for IE and Microsoft Exchange Server) and two important patches (one each for SQL and Viso). Complete details can be found here.

Wednesday, February 4, 2009

Coordinated ATM attack nets $9 million

Up to 130 ATM machines in 49 cities worldwide were used in a coordinated attack on RBS Worldpay, a global payments services company. Within a 30 minute period on November 8th, 2008, the company lost an estimated $9 million dollars due to fraudulent ATM transactions.

While the company first disclosed the loss in November, the ambitious scale of the attack has only recently come to light. John Deutzman of Fox News in New York first reported the background on the attack on Monday.

According to the Fox investigation and statements from the FBI, someone gained access to the RBS Worldpay system. RBS issues payment cards which can be used like debit cards in any ATM worldwide. Whoever gained access to the RBS system was able to clone these cards and may have been able to obtain personal information about the account holders.

RBS officials told Fox they have sent out letters to anyone who might have been affected and are offering one-year credit protection for any one whose Social Security number may have been exposed.

There's a twist, however. Since ATM machines have a limit on how much you can withdraw in any one day, these cards had that limit lifted, allowing the "cashers," the individuals who walked up to the ATM, to withdraw very large quantities of cash. Authorities speculate that only 100 cloned card accounts were used at ATMs located in Atlanta, Chicago, New York, Montreal, Moscow and Hong Kong.

In the US, the FBI has circulated photos of the individuals withdrawing cash at the time of that attack. The hope is that one of these individuals will identify who hired them and move authorities closer to finding those responsible.