Week in review: New data breach legislation, cloud hacking and the return of the Alureon rootkit

Here’s an overview of some of last week’s most interesting news and articles:

Trojan simulates MS Security Essentials Alert, peddles fake AV
A Trojan imitating a Microsoft Security Essentials Alert has been spotted trying to convince users that their computer is infected and that the only thing to do is to pay for one of the five fake antivirus solutions offered.

U.S. military personnel targeted by malware
Fake email purportedly coming from Bank of America is asking holders of Military Bank accounts to update them by following the given link.

New data breach legislation
The “Data Security and Breach Notification Act of 2010” requires businesses and organizations that handle and store private consumer information to use “reasonable security policies and procedures” to protect such information and to “provide nationwide notice in the event of a security breach.”

DEFCON survey reveals vast scale of cloud hacking
A survey carried out amongst 100 of those attending this year’s DEFCON conference has revealed that an overwhelming 96 percent of the respondents said they believed the cloud would open up more hacking opportunities for them.

Businesses don’t improve security despite increased targeted threats
Thirty-one percent of businesses are operating without anti-spam, 23 percent have no anti-spyware and 15 percent have no firewall.

Microsoft releases mitigating tool for latest 0-day bug
HD Moore revealed last week that some 40 Windows applications are affected by a critical vulnerability that can be mitigated by a tool that allows system administrators to alter the library loading behavior system-wide or for specific applications.

Malware peddlers engaged in celebrity mass killings
Plane crashes and car accidents are the preferred methods of killing off celebrities in order to lure email recipients into opening a malicious attachment, Symantec reports.

Top scams and protection tips
What is it about these attacks that manage to fool so many people and what can we do to protect ourselves?

The dramatic increase of vulnerability disclosures
4,396 new vulnerabilities were documented in the first half of 2010, a 36 percent increase over the same time period last year. Over half, 55 percent, of all these disclosed vulnerabilities had no vendor-supplied patch at the end of the period.

U.S. visitors easy prey for online scammers
Travelers from the 36 countries that don’t require a visa to enter the U.S. must still register online for travel authorization. Since registrants are largely unfamiliar with official U.S. government sites and registration processes, this requirement is a dream come true for various scammers and other online criminals.

Top 10 best practices for payment application companies
Visa announced global industry best practices for payment application vendors, integrators and resellers that implement, install or manage payment-related systems on behalf of merchants.

iTunes/PayPal scam is due to phishing, not a bug?
A recent flurry of iTunes customers’ reports that their accounts must have been hacked and used to execute purchases via PayPal that occasionally total up to thousands of dollars, has raised the question of whether Apple’s App Store has again suffered a breach.

Nearly 3 million undetected “Hot Video” pages pushing fake AV
Google has indexed nearly 3 million “Hot Video” pages – all pushing fake AV.

Building secure software using fuzzing and static code analysis
Fuzzing and static code analysis promote building security into systems proactively, instead protecting vulnerable systems and reacting to security issues.

25% of new worms are designed to spread through USB devices
These types of threats can copy themselves to any device capable of storing information such as cell phones, external hard drives, DVDs, flash memories and MP3/4 players.

First rootkit targeting 64-bit Windows spotted in the wild
Alureon rootkit is back, and has acquired the ability to hijack computers running 64-bit versions of Microsoft Windows.