Cyber criminals related to the Mariposa botnet were finally arrested last month. The Mariposa botnet, a network of 12 zombie computers assembled together to steal personal information, is believed to have infected approximately 13 million computers in more than 190 countries. The botnet spread over P2P networks, infected USB drives and through web links. After a user was infected, malware would begin to install and allow the hackers to access sensitive information.

The Register reports that “half the roster of Fortune 1000 companies harboured machines infected by Mariposa at one time or another.” In fact, Christopher Davis, chief exec at Defence Intelligence in Canada, says, “It would be easier for me to provide a list of the Fortune 1000 companies that weren’t compromised, rather than the long list of those who were.”

After Davis first discovered Mariposa in May 2009, he teamed up with Georgia Tech Information Security Center, PandaLabs and law enforcement personnel to form the Mariposa Working Group. After months of collaboration, Panda Security, other security experts and law enforcement were able to shut down Mariposa on December 23, 2009.

Read more about the Mariposa botnet takedown >>

Are you using Internet Explorer 7 or 8? Beware, it’s possible that you are at risk for a recently discovered vulnerability revealed by iSEC Security Research.

“Microsoft is investigating new public claims of a vulnerability involving the use of VBScript and Windows Help files within Internet Explorer,” says Jerry Bryant, senior manager with the Microsoft Security Response Center. So far, “the current state of our investigations shows that Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2, are not affected.” In addition, Bryan also notes Microsoft hasn’t seen any attacks yet stemming from this vulnerability.

The Microsoft Security Response Center blog reminds us that “only Windows 2000 and Windows XP are impacted” and “Windows 2003 Server is also impacted, but the issue is mitigated in the default configuration due to the presence of the Internet Explorer Enhanced Security Configuration.”

A security advisory issued by Microsoft earlier today tells us, “the main impact of the vulnerability is remote code execution.” Basically, the F1 key (which activates Windows Help) could be used to execute malicious code that may pass along sensitive information of the user. Microsoft is currently working on a security patch to fix this flaw, so in the meantime, don’t hit that F1 key! You could also protect yourself by locking down the Windows Help system. Further instructions can be found on the MSRC blog post.

If you’re ready to drop IE, like Google did yesterday, you could always entertain the idea of switching to FireFox or Chrome…

As a massive company that relies on foreign contractors, “Apple is committed to ensuring the highest standards of social responsibility wherever our products are made.” Apparently, those foreign contractors are not as keen on Apple’s outlook regarding social responsibility.

In Apple’s 2009 audit for 102 of their supplier facilities, 17 “core” (another word for “serious”) violations were discovered. This includes three cases of underage labor where, “Apple discovered three facilities that had previously hired 15-year-old workers in countries where the minimum age for employment is 16.” In addition, the auditors also “found records of 11 workers who had been hired prior to reaching the legal age, although the workers were no longer underage or no longer in active employment” at the time of audit.

There were also eight cases of workers paying “recruitment” fees over the limits of local law and workers at 24 factories that were earning less than local minimum wage — recruitment fees were collected for the benefit and privilege of being able to work.

Oh, and what else? Well, there were 48 factories cheated their workers of overtime and 57 factories that cheated workers out of rightful sick leave and other benefits.

Business Insider and the Huffington Post both have great in-depth coverage if you are interested in more. To read Apple’s 2010 Supplier Responsibility Progress Report, see the Supplier Responsibility site or download the PDF.

What can I say? It’s a Friday… the week has finally dragged on and there isn’t much longer until the weekend officially starts. Rather than writing on one topic, I thought I’d share the best of what was going on today, in the world of tech and software at least…

Chinese Schools Spurred Online Hacking
Remember the series of cyber attacks not too long after Google first threatened to pull out of China? Although it was never proven at the time, China was highly suspected of launching those attacks. It’s recently been discovered that two schools in China may have been responsibly. According to the New York Times, “a series of online attacks on Google and dozens of other American corporations have been traced to computers at two educational institutions in China, including one with close ties to the Chinese military.”

Google Energy and a Photoshop iPhone app after the break >>

“F*ck You, Google” ran viral through the tech world not too long ago.  And Google (smartly) responded in haste. Have you read the post? Have you heard the chatter? It seems like the original blog post from author Harriet Jacobs has been made private, but Gizmodo has a copy.

Did you hear about the problems Google Buzz had when it first released? In a nutshell, privacy wasn’t a strong suit (pun not intended — har har har). In Harriet’s case, her abusive ex-husband (amongst many others) was automatically granted access to her Google Reader information. Since she had never created a Google profile or Buzz profile, there were no blocking options. Not cool, Google.

Well, the story spread quickly. Techmeme picked it up, as did many other popular tech news sites. It wasn’t much later that Google responded to Harriet’s outrage saying “her report helped us discover one bug and one product issue in Google Reader.” Read more of their response at Business Insider. Lifehacker also reported today that as  “recently promised, Google has updated Gmail to include a ‘Buzz’ tab.” Users are now able to disable Google Buzz and banish it from sight (or site — har har har, I’m on a roll today!) of Gmail.

So, the latest news regarding all this hubbub? A local class action lawsuit has been filed in San Jose federal court against Google. Filed just yesterday on behalf of Florida woman Eva Hibnick, the complaint alleges Google “broke the law when its controversial Google Buzz service shared personal data without the consent of users,” according to the SFGate. Since Hibnick is filing on behalf of all Gmail users that were linked to Buzz, that could mean 31.2 million people against Google. The Computer Fraud and Abuse Act of 1984 is served up as an example of one law Google broke in regards to the complaint.

Google doesn’t really have much to comment yet. “We haven’t yet been served, so we can’t comment on the suit until we’ve had a chance to review it.”

Do  you know about Panda Security’s free Panda USB Vaccine utility? Panda Security is a world leader in cloud-based security solutions and they have a great tool to protect your external hard drives, USB drives and other NTFS drives. Did I already mention how it’s free? The Panda USB Vaccine tool is particularly helpful when you want to prevent an infected computer from contaminating your thumb drives or other external devices. The tool “vaccinates” those external drives (by disabling the autorun feature) to keep them from spreading the infection to other devices. Keep in mind, a Lifehacker article notes that Windows 7 no longer has the ability to auto-execute files from a USB flash drive. More information about the USB Vaccine and other free Panda Security products may be found on Panda’s site. But if you’re ready to jump the gun, grab it directly from Download.com.

The Bipartisan Policy Center, a nonprofit organization focused on various issues including national and homeland security, will be unleashing Cyber ShockWave on Tuesday, February 16th. Cyber ShockWave, a cyber-attack simulation, will allow the government to assess response times and improvement areas shall they ever encounter the real deal.

A group of high-ranking former White House, Cabinet and national security officials will band together to fend off this simulated cyber-attack. As the event unfolds, the participants will be advising the President and planning a strategical response. None of the participants have any advanced information regarding the simulated attacks. The event even goes as far as hiring professional scriptwriters to coach the security experts and a production company to recreate the White House situation room in the Mandarin hotel.

There is no doubt that Google’s (and other tech companies’) struggle with recent (most-likely) Chinese attacks have caused greater concern regarding our nation’s cyber-security. How do you think our nation will fair in this exercise?

Read the ComputerWorld article or the Bipartisan press release for more information regarding this event.

Spammed
Remember how the Australian Government green lighted an Internet filter not too long ago? In retaliation to the proposed filter, a group of hackers, who call themselves Anonymous, took down two government sites: the main website and the Parliament site. Ars Technica tells us “the plan was DDoS government servers first, and then followup with ‘a s***storm’ of porn-related emails, faxes, and prank cell phone calls to government officials.”

More Operation: Titstorm, sexting and YouTube’s new Safety Mode >>

Take the Endpoint Protection Small Business Edition “20-Minute” Challenge: fully deploy the software in just 20 minutes. At the CRN Test Labs, Endpoint Protection SBE was installed in 16 minutes. How long does it take you?

More information about the product may be found at the Symantec website. There’s also a quick blog breaking down the challenge.

If you just want to start the timer, the product is available for download here. The product is limited 30-day trialware, but once you’re convinced and ready to commit SoftwareMedia.com is ready for you. Feel free to hit up our licensing specialists and take advantage of our software licensing price guarantee!

A series of 23 cedar, cypress and evergreen trees were illegally removed from a Vancouver woman’s former home. Margaret Burnyeat, listed as the property owner up til June 24th, 2009, her daughter and Michael Safronick (of Michael Safronick Tree Care Limited) have been charged with violating an old tree bylaw. Although Burnyeat received a permit to remove two trees back in May, penalties in excess of the two permitted trees will run her anywhere between CA$500 and CA$20,000 (approximately $468 to $18,715). So, how did Google help the Canadian city fight this crime?

Continue reading to find how Google proves the tree killers guilty >>