Infected XP owners left unpatched

Infected XP owners left unpatched

Some of the latest security updates for Windows XP will not be installed on machines infected with a rootkit virus.

A rootkit is sneaky malware that buries itself deep inside the Windows operating system to avoid detection.

Microsoft said it had taken the action because similar updates issued in February made machines infected with the Alureon rootkit crash endlessly.

The latest updates can spot if a system is compromised by the Alureon rootkit and halt installation.

Find and fix

The latest batch of updates for Windows was released on 16 April and some of them fix vulnerabilities in the core, or kernel, of Windows. This is the same place that rootkits try to take up residence.

When Alureon is present it monitors net traffic and plucks out user names, passwords and credit card numbers. It also gives attackers a back door into infected machines.

The virus first appeared in 2008 and has been spread via discussion forums, hacked websites and bogus pay-per-click affiliate schemes.

Notes for the security patch explained which "abnormal conditions" would prevent XP users applying the updates.

"These abnormal conditions on a system could be the result of an infection with a computer virus that modifies some operating system files, which renders the infected computer incompatible with the kernel update," read the statement.

By not applying the patch, Microsoft hopes to avoid a repeat of events in February which left many people struggling to get their computer working again.

Microsoft also wants to avoid a situation in which people become wary of updates because they provoke a crash.

It is not yet clear how many people have been left without the updates.

Microsoft urged those who are infected to ensure their machine is cleaned of the rootkit. It recommended using its malware removal tool or using rootkit detectors from other security companies.

Many modern security packages have them built in and will find rootkits when a machine is scanned.

Google's multiple-access pwd s/w hacked

Google's multiple-access password software hacked......
US Internet giant Google's password system that controls multiple access to almost all of its web services was hacked through an innocuous message sent to a Google employee in China, a media report said Tuesday.

Though Google had disclosed in January that intruders had stolen information from its computers in the cyber attack in December 2009, the extent of the theft has been a closely guarded company secret till now.

The programme, code named "Gaia" for the Greek goddess of the earth, was attacked in December, a source close to the investigation was quoted as saying by New York Times Tuesday.

It is intended to enable multiple access to users and employees, who can sign in with their password just once to operate a range of services.

Though Google quickly started making significant changes to the security of its networks after the intrusions, the theft has left open the possibility that the intruders may find weaknesses that the company might not even be aware of.

The theft began with a message sent to a Google employee in China who was using Microsoft's Messenger programme at that time. By clicking on a link and connecting to a "poisoned" website, the employee inadvertently permitted the intruders to gain access to his computer and then to the computers of a critical group of software developers at Google's headquarters in California.

The details of the theft have been a closely guarded secret. Google first publicly disclosed the theft January 12, 2010, on the company's website, which said the company was changing its policy towards China in the wake of the theft of unidentified "intellectual property".

This led to significant tension between the US and China, leading Secretary of State Hillary Clinton to urge China to conduct a "transparent" inquiry into the matter. In March, after discussions with the Chinese government, Google re-routed its mainland Chinese-language website to its Hong Kong-based site.

Google continues to use the Gaia system, now known as "Single Sign-On". The company also tightened security of its data centres and further secured the communication links between its services and the computers of its users.

However, having access to the original programmer's instructions, or source code, could also provide technically skilled hackers with knowledge about subtle security vulnerabilities in the programme that may have eluded Google's engineers.

"If you can get to the software repository where the bugs are housed before they are patched, that's the pot of gold at the end of the rainbow," George Kurtz, chief technology officer for McAfee Inc, was quoted as saying.

McAfee Inc was one of the companies that analysed the illicit software used in the intrusions at Google and at other companies last year.

When Google first announced the theft, it said it had evidence that the intrusions had come from China. The attacks have been traced to computers at two campuses in China, but investigators later said the true origin may have been concealed.