A botnet capable of delivering almost four billion spam messages per day has been confirmed resurrected—more than four months after Microsoft celebrated its untimely demise. Researchers with Kaspersky Lab reported on Tuesday that Kelihos, a peer-to-peer botnet that also goes by the name Hlux, continues to spew spam in a variety of languages....

Apple co-founder Steve Wozniak is a big fan of smartphones running Google’s Android OS . . . and in some ways finds them superior to mobile phones running iOS. ”My primary phone is the iPhone. I love the beauty of it. But I wish it did all the things my Android does, I really do,” Woz told Dan Lyons. The both fascinating...

Vyacheslav Zakorzhevsky, a security expert with Kaspersky Lab, has written that a Java exploit first published in October and used in drive-by attacks has found its way into the Black Hole exploit kit, aimed primarily at “users in Russia, the US, the UK and Germany.”

“Java is probably the vector most commonly exploited by cybercriminals,” says SophosLabs security expert Paul Baccas, “and we don’t see any sign of this situation changing anytime soon.  The Black Hole exploit pack is the most commonly used malicious software installer that SophosLabs have been seeing in the last three months.” Together they make a noxious cocktail.

According to Oracle, there are more than 13 thousand million devices running Java. Criminals are turning to Java because they are businessmen – they tend to perform cost-benefit analyses. “Having so many devices using the same software is a great opportunity,” says Luis Corrons, technical director at Panda Labs. “That’s why cybercriminals have targeted Windows for so many years.” But since Microsoft started to build a more secure operating system, criminals have had to look elsewhere to get a good return. “The main condition,” continues Corrons, “is that it has to be widespread, such as PDF, Flash, and browsers. That’s the case with Java; it is widespread and it is really convenient for everyone, both users and cybercriminals.”

The problem with Java, says ESET senior research fellow David Harley, comes “from the fragmentation of its implementations across platforms and devices,” and he’s not sure “how far it’s possible to fix it across the board.”

If Oracle cannot fix it, it falls on the user to take more care (as it does in all security matters). It is worth noting that according to Microsoft research (Microsoft Security Intelligence Report, v11), the use of an exploit peaks a full two months after the software has been patched. Zealous patching is a great part of the solution.

“Once again we see that malware writers are forging ahead and are continually improving their creations,” concludes Zakorzhevsky. “It is, therefore, critical that all users install Java updates from Oracle in a timely manner.”

Microsoft is on a knife edge: It is developing a version of Windows that could ensure its continued success in the computer market — or it could completely cannibalize Microsoft’s profits and lead to the slow, painful, obsolescent death.

Windows 8, when you cut to the chase, is a tablet-oriented, touch-first skin on top of Windows 7. If you take into account the actual software stack and runtime, calling Metro a “skin” isn’t accurate at all, but as far as consumers and companies are concerned, that’s exactly what it is. There are two problems with this: First, if you already use Windows 7 — and hundreds of millions do — there is little reason to upgrade to Windows 8, much in the same way that everyone eschewed Vista and stuck with XP. Second, if everyone goes out and buys a Windows 8 tablet, Microsoft would collapse in a frothing fit of unprofitability.

You see, Windows 8 tablets, especially ARM variants, will be used almost exclusively in Metro mode — or, more accurately, tablet mode. At this point, Windows 8 ceases to be a “PC” operating system in the conventional sense of the word and enters a market that is dominated by Apple and Android and apps that cost between one and 10 dollars. On the desktop, Microsoft charges anywhere between $30 (OEMs) and $125 (retail box) for a Windows license, with the average being around $60. Android, by comparison, is free, and effectively so is iOS. A Microsoft Office license is even more costly, with an average price in the hundreds of dollars region. Mobile word processing apps like the iWork suite or Documents To Go, by comparison, cost just a few dollars.

Here’s the tricky bit: Microsoft has free or cheap alternatives to Windows and Office in the form of  Windows Phone 7, Office Mobile, and Office Web Apps. For around $15, OEMs can license an operating system that has all of the major mobile computing components and is a direct analog of the cross-platform iOS — but it can only be used on smartphones. To put this into perspective, though, remember that Microsoft gets around $15 per smartphone, or between $30 and $300 per desktop or laptop. If we look at Microsoft’s 2011 profits of $23 billion, 57% came from its Windows division (Desktop & Server) and 65% from Business (Office) (The totals come to 122% because of internal adjustments, and because Bing currently loses more than a billion dollars per year.) Windows Phone 7 and Xbox are flecks of crud on Ballmer’s heel in comparison.

Microsoft, then, simply can’t afford to put Windows Phone 7 on its tablet “PCs.” If, during the next upgrade cycle, hundreds of millions of people bought WP7 tablets instead of Windows 8 tablets, Microsoft would lose billions of dollars and eventually go out of business. Microsoft is stuck between a rock and a hard place: It needs to be a serious competitor in the tablet market, but it simply can’t compete with Apple and Android in terms of cost, a problem that is exacerbated by Apple’s profits deriving from hardware rather than software. Remember the HP TouchPad? It was fatter, slower, and heavier than the iPad — but cost more. Windows 8 tablets, even if Microsoft cuts the margins on its cash cow franchises, cannot compete with iOS or Android on price — it’s as simple as that.

Fortunately, at least if you’re a Microsoft fan, there is a way out of this razor-sharp dichotomy. One method is for Microsoft to stick to its guns and call these Windows 8 tablets — whether they’re x86 or ARM — PCs. The inexorable cost difference between Windows 8 tablets and the competition will be ameliorated by the sheer awesomeness of being able to do anything with a portable slate. This is the route that Microsoft is currently taking, and given Ballmer’s painstakingly conservative efforts to milk Office and Windows for as long as possible it’s really the only feasible path.

There’s another option, though; one that would scare MS shareholders and the industry itself into a shocked stupor. Microsoft could buy out Nokia and create a beautiful Windows Phone 7 tablet. With the hardware and software both in-house, MS could compete with Apple on cost and production values. Furthermore, Microsoft could give up on the Metrofied Start screen and focus on making Windows 8 a first-class desktop-and-laptop enterprise-oriented OS. There would be a dip in Windows and Office licenses as consumers shift from PCs to their WP7 tablets, but Microsoft could mitigate that by offering more subscriber services. Think of Xbox Live and Xbox TV, but on your WP7 tablet. Instead of paying $300 for an Office license, think of paying $5 per month for oodles of SkyDrive space and access to both offline and online Office suites.

After almost 30 years of thundering ahead in the same direction, it would take cajones the size of cantaloupes to rock the Windows revenue boat — but at the same time, going full steam ahead and squeakily stipulating that Windows 8 tablets are PCs dammit! is a risky ploy as well. After all, if there has ever been a time when the definition — and fate — of PC s in question, it is now.

By making use of a technique called DNS poisoning, a cyberattacker managed to take down the websites of Samsung, Google, Gmail, YouTube, Yahoo, Apple, Linux, Microsoft and Hotmail hosted on the .cd domain extension which belongs to the Democratic Republic of Congo.

The hacker who calls himself AlpHaNiX managed to deface all the locations by inserting fake records into the cache of DNS servers, reports Security Web-Center. By doing this, the attacker can make sure that he can alter the responses to a DNS query, forcing the Internet users to a fake website instead of a real one.

Even though DNS cache poisoning is a method favored by many hackers thanks to its efficiency, it’s not easy to execute, in most cases the Domain Name System servers being provided by Internet service providers (ISPs) and organizations.

Judging by the messages left on the defaced websites, the hacker didn’t have anything “personal” with them, he just wanted to show his powers. Also, since the sites proudly display a Tunisian flag along with the message “Tunisia Rullz,” we can only assume that the hacker originates from Tunisia.

At the time of writing, Gmail.cd, Google.cd, Linux.cd, Samsung.cd, Hotmail.cd and Apple.cd are still defaced, while Youtube.cd was taken down altogether.

When trying to access Microsoft or Yahoo!, I am automatically redirected to .com domains, which means that steps are already taken to resolve the issue.

A few days ago we witnessed how websites belonging to NOD32 and Kaspersky were breached and defaced by hackers. At the time it turned out that Kaspersky’s site wasn’t actually legitimate, instead it was being set up by typosquatters who relied on the misspelled names of a site to lure users to their malicious locations.

I don’t know if you’re aware of this, but the future of television begins today. Or, at least it does if you believe Microsoft, who’s using the term to describe the new Xbox 360 upgrade that goes live today. The update brings live TV and expanded on-demand video selections to the gaming console, meaning that now you won’t need that little box beside your TV to watch HBO, Comedy Central and PBS anymore. Apparently, your viewing tastes are somewhat broad; well done, you.

Now, all you’ll need is that… other little box. Yeah, maybe it’s just me, but this particular future of television feels just a little familiar.

It’s possible that I’m setting my sights a little too high on this, of course. After all, the new Xbox 360 upgrade doesn’t just mean that your gaming system is also your cable box now. It also allows you to use Microsoft’s Bing search engine, share things online and control everything via voice or movement commands to your Kinect controller.

Which, let’s face it, is pretty cool… but, at the same time, it feels like a distraction from the fact that, in terms of streaming content, this isn’t much more than another chance to do the same old, same old. After all, the content partnerships Microsoft has for streaming television and on demand video aren’t anything new; in order to watch HBO content, you’ll still have to be an HBO subscriber—which, unless something changes in the next month before HBOGo gets added to Xbox 360, actually requires you to have a cable contract.

The same is true of Netflix and Hulu. This isn’t a case of “all of your media consolidated into one simple package and device” as much as it’s a case of “What if your computer looked and acted like your Xbox, but you had to use Bing instead of Google?” Somehow, that seems just a little less of a selling point than any talk about the “future of television.”

Mike McGuire, analyst and research VP at Gartner disagrees, telling the Hollywood Reporter that “it’s an evolutionary step for the larger ‘future of TV’ debate,” primarily because of the user experience interface:

Xbox-Kinect elevates the whole TV-interface experience to a new level…I think content companies are going to have the opportunity to develop some very interesting content experiences on top of the Kinect/Xbox Live foundation.

I’m unconvinced by this argument. It may represent a different way to get to the content, but the basics of television pretty much remain the same when compared with current digital methods of watching content, whether it’s on-demand services from cable providers, Roku boxes, Apple TVs or watching material online. Even the addition of live television, which feels like the biggest part of this particular change, really just means that your television is mimicking your cable box or satellite receiver.

The future of television is undoubtedly coming, when we can pick-and-choose which channels and/or programs we want and, more importantly, not have to pay for those we don’t want. And we’ll have all the boxes consolidated into the TV set itself–hey, Apple and Google TV, aren’t you supposed to be doing that already?

But this new Xbox 360 upgrade? It’s shiny and it’s fun, and the Kinect camera will be the Siri of remote controls for awhile (just like Kinect was for games, not too long ago). But it’s really just a nice package showcasing what’s already out there.

The Windows Phone Marketplace continues to grow at a steady rate. In little over a year, the Marketplace now has over 40,000 published apps according to an estimate from All About Windows Phone. This number is not the total available to consumers, but the total number that has been submitted to the online store. An estimated 5,500 apps are no longer available to consumers because they were removed by Microsoft or the developer.

It’s estimated that 165 new apps are added each day to the Marketplace. This number should stay steady now that Mango has hit handsets and given the platform a much needed boost. The introduction of Nokia’s first Windows Phone handsets, the Lumia 800 and the 710, should help increase handset sales. This, in turn, should increase developer interest in the platform and boost app submissions. This isn’t a pie-in-the-sky dream from a Windows fanboy.  Early reviews of the Lumia 800 are favorable which bodes well for Nokia, Microsoft and Windows Phone.

[Via All About Windows Phone]

Microsoft’s leaked social search plans over the summer were no fluke; the company is working on its own social network called “Socl” that will be tested publicly, according to The Verge.

At a glance, Socl looks a lot like Facebook and Google+. A stream of status updates runs down the middle of the page, flanked by categories on the left and invitation options on the right. A strip across the top of the screen contains a search bar and notifications. There’s also a “Party” feature that lets users chat and watch YouTube videos together, just like “Hangouts” in Google+.

The difference with Socl is its emphasis on searching and tagging based on your interests. So if you want to find out about, say, funk music, you can type a query into the Bing bar on top and see what people are saying. Then, you can tag each post with terms like “funk,” “James Brown,” and so on. Friends will be able to see your searches and tags, and vice versa, the idea being that everyone in your network is helping to find signals in the noise.

Less clear is where all these status updates will come from. The Verge’s Thomas Houston writes that “you can plug into the potential traffic firehose that is Facebook,” but I can’t tell whether Microsoft is trying to build its own infrastructure of friends lists and groups as well. And will Twitter be involved, or is Socl just a way to categorize Facebook? (Also: how do you pronounce “Socl?”)

Microsoft may not even have all the answers yet. Socl is still being called a “Research Project,” as it was when the news first leaked in July. Although Microsoft is reportedly nearing the end of private testing, and will bring Socl to the public by invitation, it may never become a mainstream product.

In a similar incident that ravaged Sony’s PlayStation Network earlier this year, a list of usernames and their corresponding passwords of Xbox Live accounts, Microsoft’s gaming network, has been posted online.

According to tech news site PC Magazine, the software giant has downplayed the data dump, where 90 Xbox Live gamertags were posted on Pastebin.com. Microsoft said that it is only a “minor phishing incident,” not a big network breach, unlike what happened to the PlayStation Network.

“We do not have any evidence the Xbox Live service has been compromised. We take the security of our service seriously and work on an ongoing basis to improve it against evolving threats,” a Microsoft spokesperson said in a statement sent to the tech news site. “However, we are aware that phishing attackers will occasionally post small lists of victims on public channels, and we will work directly with the impacted members to resolve any unauthorized changes to their accounts.”

The company also recommended that users of the Xbox Live service follow its Account Security guidance, which is provided at xbox.com/security.

Earlier this year, Sony’s PlayStation Network suffered from a number of attacks from hackers that are believed to be part of the hack-attack group Anonymous. The attack took down the gaming service for weeks, rendering the company to resolve its security issues. The incident affected around 77 million accounts and cost Sony around $171 million.

Do you think this incident is the start of something bigger?

Microsoft is telling Windows users that they’ll have to reinstall the operating system if they get infected with a new rootkit that hides in the machine’s boot sector.

A new variant of a Trojan Microsoft calls “Popureb” digs so deeply into the system that the only way to eradicate it is to return Windows to its out-of-the-box configuration, Chun Feng, an engineer with the Microsoft Malware Protection Center, said last week on the group’s blog.

[ Windows 7 is making huge inroads into business IT. But with it comes new security threats and security methods. InfoWorld's expert contributors show you how to secure the new OS in the "Windows 7 Security Deep Dive" PDF guide. ]

“If your system does get infected with Trojan:Win32/Popureb.E, we advise you to fix the MBR and then use a recovery CD to restore your system to a pre-infected state,” said Feng.

A recovery disc returns Windows to its factory settings.

Malware like Popureb overwrites the hard drive’s MBR (master boot record), the first sector — sector 0 — where code is stored to bootstrap the operating system after the computer’s BIOS does its start-up checks. Because it hides on the MBR, the rootkit is effectively invisible to both the operating system and security software.

According to Feng, Popureb detects write operations aimed at the MBR — operations designed to scrub the MBR or other disk sectors containing attack code — and then swaps out the write operation with a read operation.

Although the operation will seem to succeed, the new data is not actually written to the disk. In other words, the cleaning process will have failed.

Feng provided links to MBR-fixing instructions for XP, Vista, and Windows 7

Rootkits are often planted by attackers to hide follow-on malware, such as banking password-stealing Trojans. They’re not a new phenomenon on Windows.

In early 2010, for example, Microsoft contended with a rootkit dubbed “Alureon” that infected Windows XP systems and crippled machines after a Microsoft security update.

At the time, Microsoft’s advice was similar to what Feng is now offering for Popureb.

“If customers cannot confirm removal of the Alureon rootkit using their chosen anti-virus/anti-malware software, the most secure recommendation is for the owner of the system to back up important files and completely restore the system from a cleanly formatted disk,” said Mike Reavey, director of the Microsoft Security Response Center, in February 2010.

Since then, Microsoft has added a check for the Aluereon rootkit to all security updates so that when the malware is detected, the updates are not installed.