Microsoft Office users attacked by cybercriminals

By Jim Finkle
BOSTON (Reuters) - Microsoft Corp warned that cybercriminals have attacked users of its Office software for Windows PCs, exploiting a programing flaw that the software giant has yet to repair.

The world's largest software maker issued the warning on Tuesday as it released patches to address nine other security holes in its software.

"Despite today's fixes, Windows users continue to be under attack. Microsoft is taking two steps forward, while attackers are putting it one step back," said Dave Marcus, McAfee Inc's Avert Labs director of security research.

Cybercriminals target Microsoft programs because they are so widely used, allowing them to go after the largest number of potential victims with one set of code. (Windows runs more than 90 percent of the world's PCs. Office has some 500 million users).

Hackers take advantage of the Office vulnerability by booby-trapping websites with malicious code that loads onto computers running Office software. Infected PCs are commandeered into a botnet, a network of hijacked computers. They are used for identity theft, spamming and other cybercrimes.

Microsoft did not say how many machines were attacked.

Users can prevent attacks by disabling functions within the Office software that allow it to work over the Web. Microsoft has posted a tool for doing that on its website -- here

Office XP, 2003 and 2007 are vulnerable to the attacks.

(Reporting by Jim Finkle; Editing by Carol Bishopric and Richard Chang)


Poor IT job market may fuel online crime: Cisco

WASHINGTON (Reuters) - The ever-weakening job market could well lead to an increase in online crime as laid-off workers, especially those with computer skills, turn to scams to support themselves, Cisco Systems Inc said in a mid-year security report to be released on Tuesday.
Disgruntled employees may target their former employers, and Cisco warned that insiders "can be especially damaging for an organization because insiders know security weaknesses."

A former information technology analyst at the Federal Reserve Bank of New York was arrested in April along with his brother on suspicions of taking out loans using false identities. FBI investigators found a flash drive attached to the bank employee's computer with applications for $73,000 in loans in the names of stolen identities, the report said.

Cisco warned companies which use short-term IT consultants or who contract out the tasks to "be particularly vigilant about the level and term of their access to sensitive data."

The report included snippets of a conversation with a botmaster, or someone who remotely takes over computers without users' knowledge and often sells the resulting access to spammers.

The hacker declined to say how much he earned but said "'a guy I know'" can earn $5-10K weekly, by phising (sic) bank accounts." Phishing is the practice of convincing a victim to give up valuable information -- like a password to a bank account. The account can then be emptied.

(Reporting by Diane Bartz; Editing by Richard Chang)

Microsoft CEO laughs off Google OS challenge

SEATTLE (Reuters) - Microsoft Corp's (MSFT.O) chief executive attempted to laugh off the challenge of Google Inc's (GOOG.O) planned computer operating system on Tuesday, conceding only that it was "interesting".
"I will be respectful," Microsoft CEO Steve Ballmer said to laughs from the audience at a conference for the company's technology partners in New Orleans, which was broadcast over the Internet.

"Who knows what this thing is? To me, the Chrome OS thing is highly interesting," said Ballmer, choosing his words carefully and drawing more amusement from the largely pro-Microsoft crowd.

"It won't happen for a year and a half and they already announced an operating system," he added, referring to Google's Android system for smartphones.

Last week Google said it was planning a computer operating system based on its Chrome browser, aiming directly at the core business of Microsoft, the world's largest software company, whose Windows operating systems are used on more than 90 percent of personal computers.

Google's plan, based on the theory that access to the Internet is now the most important feature of any computing device, would be separate from its Android system already available for smartphones and soon for small PCs.

"I don't know if they can't make up their mind or what the problem is over there, but the last time I checked, you don't need two client operating systems," said Ballmer. "It's good to have one."

Despite the jovial tone of Ballmer's public remarks, Microsoft is taking Google's challenge seriously. Its new Bing search engine is a concerted attempt to take market share from dominant leader Google, and its announcement on Monday that it would offer some versions of its Office application on the Internet is a swipe back at Google's move into free, online software.

Ballmer's previous attempts to make light of new competition have not always been successful. He also derided Apple Inc's (AAPL.O) iPhone as too expensive, but it went on to take a significant share of the smartphone market.

Microsoft shares fell 15 cents to $23.08 on Tuesday afternoon on the Nasdaq.

(Reporting by Bill Rigby, editing by Matthew Lewis and Gerald E. McCormick)

Defence hacker was 'looking for aliens'

From correspondents in London
Reuters
July 31, 2008 08:21am

A BRITISH computer expert has lost his appeal against extradition to the US where he is accused of "the biggest military hack of all time" and could face up to 70 years in prison.
Gary McKinnon was arrested in 2002 after US prosecutors charged him with illegally accessing computers, including the Pentagon, US army, navy and NASA systems, and causing $US700,000 ($741,240) worth of damage.

In 2006, Mr McKinnon said he was just a computer nerd who wanted to find out whether aliens really existed and became obsessed with trawling large military networks for proof.

However, Britain's highest court, the House of Lords, ruled that the gravity of the charges should not be understated and they would carry a maximum life sentence under English law. It turned down his appeal against extradition.

Mr McKinnon's lawyers had argued that sending him to the US would breach his human rights, be an abuse of the English court process and should be barred as his extradition was sought "for the purpose of prosecuting him on account of his nationality or political opinions".

A district court ruled in May 2006 that he should be extradited, a decision upheld at London's High Court in April 2007. But in October three of Britain's top judges gave McKinnon permission to take his case to the House of Lords.

If found guilty in the US, Mr McKinnon could face up to 70 years in prison and fines of up to $US1.75 million.

Using his own computer at home in London, Mr McKinnon hacked into 97 computers belonging to and used by the US Government between February 2001 and March 2002.

Mr McKinnon is accused of causing the entire US Army's Military District of Washington network of more than 2000 computers to be shut down for 24 hours.

Using a limited 56K dial-up modem and the hacking name "Solo" he found many US security systems used an insecure Microsoft Windows program with no password protection.

He then bought off-the-shelf software and scanned military networks, saying he found expert testimonies from senior figures reporting that technology obtained from extra-terrestrials did exist.

At the time of his indictment, Paul McNulty, US Attorney for the Eastern District of Virginia, said: "Mr McKinnon is charged with the biggest military computer hack of all time".

NASA hacker launches last-ditch plea

AAP
July 14, 2009 07:57pm

A MAN who hacked into NASA computers will launch a last-ditch effort in Britain's High Court to avoid extradition to face charges in the US.

Gary McKinnon, who suffers from Asperger's Syndrome, has admitted to hacking into 97 US computers from his London home in 2001 and 2002 following the September 11 terror attacks.

The 43-year-old claims he was looking for evidence of UFOs and aliens on the high-security computer systems belonging to the US Army, Navy, Air Force and Department of Defence.

Former home secretary Jacqui Smith granted requests for Mr McKinnon's extradition in October 2008, with the Crown Prosecution Service backing up her decision in February.

Two High Court judges will now begin a judicial review of the decisions after requests by Mr McKinnon's lawyers who hope he can instead face trial in Britain.

If the unemployed computer administrator is extradited, he faces up to 60 years in jail if found guilty.

However if he stands trial in Britain Mr McKinnon is likely to face a much less severe sentence.

His mother Janis Sharp said she feared for her son's mental health if he was extradited.

"It's very frightening because you can feel that the end is very close," she told the Daily Mail.

"I am very scared because when I walk into the court it's like waiting to hear the death sentence."

Mr McKinnon's lawyers claim prosecutors failed to take into account medical advice warning that their client could commit suicide if extradited.

They also argue it's inconsistent with previous cases involving Britons who hacked into US computers but were prosecuted on home soil.

The Crown Prosecution Service has stood by its decision to recommend extradition.

Newly appointed Home Secretary Alan Johnson said it was up to prosecutors to decide whether to Mr McKinnon should stand trial in Britain or the US.

Mr McKinnon's attacks on the US Government computers allegedly caused mass chaos and caused an estimated $US900,000 ($A1.15 million) worth of damage.

US prosecutor Paul McNulty described it as "the biggest hack of military computers ever - at least ever detected".