Friday, April 12, 2013

SECURITY - Online Gaming Firms Targeted by Malware

"'Winnti' Malware Targeting Online Gaming Firms" by Chloe Albanesius, PC Magazine 4/12/2013

News of game-related hacks are nothing new; they have dominated headlines in recent years, from the massive Sony PlayStation Network takedown to the more recent hack of The War Z.

Attacks on gaming firms might not be isolated incidents, however.  Researchers at Kaspersky Lab this week said they uncovered a series of targeted attacks originating in China that are taking aim at Web-based gaming companies.

"According to our estimations, this group has been active for several years and specializes in cyber attacks against the online video game industry," Kaspersky said in a blog post.  "The group's main objective is to steal source codes for online game projects as well as the digital certificates of legitimate software vendors.  In addition, they are very interested in how network infrastructure (including the production of gaming servers) is set up, and new developments such as conceptual ideas, design and more."

Kaspersky started investigating the group - known as Winnti - in the fall of 2011 at a behest of a computer game publisher that detected malware on its network.  The malware was pushed out to users via a standard update, prompting concern that the company was spying on its users.

"However, it later became clear that the malicious program ended up on the users' computers by mistake; the cybercriminals were in fact targeting the companies that develop and release computer games," Kaspersky said.

Once installed on someone's computer, the hackers could control that machine without the user's knowledge.  The malware was "the first time we saw Trojan applications for the 64-bit version of Microsoft Windows with a valid digital signature," Kaspersky said.  Previous incidents of digital signature abuse had only hit 32-bit systems.

The digital certificate in question belonged to South Korea-based KOG, which also produced MMPRG, like Kaspersky's client.  Ultimately, the certificate was revoked, but "over the next 18 months we discovered more than a dozen similar compromised digital certificates."

Kaspersky said that its research suggests that at least 35 companies from around the world have been infected by Winnti malware at some point in time, with a "strong focus" on Southeast Asia.

Friday, April 5, 2013

WINXP - Updates Coming to an End

"When will Microsoft pull the plug on your version of Windows or Office?" by Ed Bott, ZDNet 4/4/2013


Summary:  The countdown for Windows XP is about to get serious.  In one year, Microsoft officially stops supporting XP.  What happens when the clock runs out?  And how long until your current version of Windows or Office suffers the same fate?

For the next year or so, Microsoft will officially offer support for four versions of Windows for desktop and notebook PCs.

Windows XP, the oldest of the bunch, celebrates its 12th birthday this fall.  It kicks off a year-long farewell tour next week, counting down to April 8, 2014, when Microsoft officially ends its support.  XP lived longer than any version of Windows ever, getting multiple extensions on its retirement date to placate customers who said no to Vista.  But April 2014 is the end of the road.

XP will not get a last-minute reprieve.

Let me say that again, in boldface this time:  Microsoft will not extend the support deadline for XP.  If you're still relying on XP, you should have a plan to switch to a supported platform, whether it's from Microsoft or someone else.

April 8, 2014 is a deadline, not a death sentence.  PCs running XP will not stop working when the clock runs out.  In fact, XP diehards won’t notice anything different except an eerie quiet on Patch Tuesday.  Newer Windows versions, including Windows Vista, Windows 7, and Windows 8, will continue to get security patches and bug fixes via Windows Update, but not XP.  When the extended support period ends, so do those updates.  (Large enterprise customers who have custom support agreements with Microsoft and who are willing to pay dearly for the privilege might be able to get custom updates after the official end of support.  But consumers and small businesses will not have that option.)

None of this should be a surprise.  As I’ve noted before, Microsoft has a well-established support life-cycle for its software products.  It’s basically an agreement that the company makes with everyone who commits to Windows.  The terms of that agreement don’t change often, which is an important assurance for business customers who tend to be conservative in their approach to upgrades.

Six months after the launch of Windows 8, it’s become obvious that Windows 7 is the new Long Term Support version.  And I'm starting to get more questions from readers who are concerned that Microsoft is going to try to kill off Windows 7.

MY OPINION:  Microdunce can shove their to-hell-with-consumer policies up you-know-where.

I am NOT about to downgrade my PERFECTLY WORKING WinXP Desktop to a more hoggish, all eye-candy, version that will require me to manually reinstall over 100 apps.