Spyware, Viruses, & Security

Alert

NEWS - April 03, 2013

by Carol~ Forum moderator / April 3, 2013 12:39 AM PDT
Ransomware uses victims' browser histories to win credibility

"Visited websites are listed as source of illegal material in order to make the bogus police messages more believable"

The authors of police-themed ransomware have started using the browsing histories from infected computers in order to make their scams more believable, according to an independent malware researcher.

Ransomware is a class of malicious applications designed to extort money from users by disabling important system functionality or by encrypting their personal files. A particular variation of this type of threat displays messages masquerading as notifications from law enforcement agencies.

The language of the messages and the agency names used in them change depending on the location of the victims, but in almost all cases the victims are told that their computers have been locked because they accessed or downloaded illegal content. In order to regain access to their computers, users are asked to pay a fine.

A new ransomware variant that employs this trick was spotted over the weekend by an independent malware analyst known online as Kafeine. Dubbed Kovter, this version stands out because it uses information gathered from the victim's browser history in order to make the scam message more credible, Kafeine said Friday in a blog post.

Continued : http://news.techworld.com/security/3438007/ransomware-uses-victims-browser-histories-win-credibility/

Also: Ransomware uses browser history to persuade users to pay up
Post a reply
Discussion is locked
You are posting a reply to: NEWS - April 03, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - April 03, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
iMessage Used in Irritating Denial of Service Attacks
by Carol~ Forum moderator / April 3, 2013 12:40 AM PDT
In reply to: NEWS - April 03, 2013

Some iOS app developers have reportedly been targeted in a denial of service (DOS) attack which makes use of some major oversights in Apple's iMessage app. Hopefully, Apple will take notice before the issue becomes more widespread.

According to the The Next Web, developers iH8sn0w, Grant Paul, and others have received innumerable messages on their iOS devices that can crash the app, and in some cases lock them out of their messaging systems entirely. This is particularly annoying because Apple's Messages app is used to manage both iMessages, which are sent from Apple's desktop messaging app, and text messages sent from cell phones.

"The iMessage spammer has now completely locked me out of my iOS Messages app, by sending long strings of Unicode chars," Tweeted Grant Paul on Friday. "Definitely a DoS."

Continued : http://securitywatch.pcmag.com/spam/309881-imessage-used-in-irritating-denial-of-service-attacks

Also:Some iMessage Accounts Hit Hard by Mass Messaging, DoS Attacks

Collapse -
Who Wrote the Flashback OS X Worm?
by Carol~ Forum moderator / April 3, 2013 1:36 AM PDT
In reply to: NEWS - April 03, 2013

A year ago today, Apple released a software update to halt the spread of the Flashback worm, a malware strain that infected more than 650,000 Mac OS X systems using a vulnerability in Apple's version of Java. This somewhat dismal anniversary is probably as good a time as any to publish some clues I've gathered over the past year that point to the real-life identity of the Flashback worm's creator.

Before I delve into the gritty details, a little background on this insidious contagion is in order. A keenly detailed research paper (PDF) published last year by Finnish security firm F-Secure puts the impact and threat from Flashback in perspective, noting that the malware boasted a series of "firsts" for its kind. For starters, Flashback was the first OS X malware to be "VMware aware" — or to know when it was being run in a virtual environment (a trick designed to frustrate security researchers). It also was the first to disable XProtect, OS X's built-in malware protection program. These features, combined with its ability to spread through a then-unpatched vulnerability in Java made Flashback roughly as common for Macs as the Conficker Worm was for Windows PCs.

"This means Flashback is not only the most advanced, but also the most successful OS X malware we've ever seen," wrote F-Secure's Broderick Ian Aquilino.

Continued : http://krebsonsecurity.com/2013/04/who-wrote-the-flashback-os-x-worm/

Related: The biggest Mac malware attack of all time - blogger names suspected mastermind

Collapse -
Firefox 20 Fixes 11 Critical Flaws, Adds Per-Tab Private
by Carol~ Forum moderator / April 3, 2013 1:36 AM PDT
In reply to: NEWS - April 03, 2013
.. Browsing

Mozilla has added a new privacy feature to Firefox that enables users to begin a new private browsing session in a separate tab while still running a normal session in other tabs. Firefox 20 also includes patches for 11 critical security vulnerabilities.

The new version of Firefox expands the capabilities of the private browsing function in the browser, a feature that allows users to browse without any cookies, logs or any other data retention. Some of the other major browsers, including Google Chrome, have the same kind of feature, but the extension of the private browsing function to a per-tab basis is a significant one.

"Firefox includes a new enhancement to private browsing that allows you to open a new private browsing window without closing or changing your current browsing session. You can shop for a birthday gift in a private window with your existing browsing session uninterrupted. You can also use a private browsing window to check multiple email accounts simultaneously," Mozilla said in a blog post.

Mozilla also made the same change for the Android version of Firefox.

Continued : https://threatpost.com/en_us/blogs/firefox-20-fixes-11-critical-flaws-adds-tab-private-browsing-040213

Also: Firefox enhances private browsing
Collapse -
Banking Trojan disguised as innocuous Word and WinHelp files
by Carol~ Forum moderator / April 3, 2013 1:36 AM PDT
In reply to: NEWS - April 03, 2013

Part of the job of a malware author is to constantly think up new ways of outsmarting researchers and bypassing automatic detection methods used by antivirus and other security software. These techniques are eventually recognized and incorporated into the defenses, but it's always interesting for malware analysts to unearth new ones.

Panda Security malware researcher Bart Blaze has recently discovered a banking Trojan targeting Brazilian online banking users that employs a novel way to hide its real nature: its executables are delivered in the guise of .hlp (WinHelp) files.

The attack starts with fake invoice notices delivered via email: [Screenshot]

Users who wish to review the invoice are urged to download a .zip file from a Dropbox account. Unfortunately, it contains an executable sporting a fake .docx extension and a MPEG-4 icon.

Once run, the currently poorly detected malware contacts a remote server and automatically downloads what seems to be a WInHelp file with a slightly better detection rate.

Continued: http://www.net-security.org/malware_news.php?id=2453

Collapse -
US Army Mobile Devices Lack Security
by Carol~ Forum moderator / April 3, 2013 1:36 AM PDT
In reply to: NEWS - April 03, 2013

Some 14,000 mobile devices belonging to the US Military Academy and the US Army Corps of Engineers were found lacking proper security policies.

The devices, used by Army personnel and civilians, were given access to sensitive and critical military networks and data. The IG report found that no management software was installed on any of the devices, and that no remote wipe function was added in case they were lost or stolen.

Posing serious security risks, the IG reports that sensitive networks may have been extremely vulnerable due to the security gap. Concluding that companies and institutions should impose stricter BYOD (Bring-Your-Own-Device) policies, the IG report places a high risk factor on improperly authenticated and monitored handhelds that access critical systems.

"In addition, the Army CIO inappropriately concluded that CMDs were not connecting to Army networks and storing sensitive information," the report said. "As a result, critical information assurance controls were not appropriately applied, which left the Army networks more vulnerable to cyber-security attacks and leakage of sensitive data."

Continued : http://www.hotforsecurity.com/blog/us-army-mobile-devices-lack-security-5836.html

Collapse -
Fool Me Once...
by Carol~ Forum moderator / April 3, 2013 2:12 AM PDT
In reply to: NEWS - April 03, 2013

When you're lurking in the computer crime underground, it pays to watch your back and to keep your BS meter set to 'maximum.' But when you've gained access to an elite black market section of a closely guarded crime forum to which very few have access, it's easy to let your guard down. That's what I did earlier this year, and it caused me to chase a false story. This blog post aims to set the record straight on that front, and to offer a cautionary (and possibly entertaining) tale to other would-be cybersleuths.

On Jan. 16, 2013, I published a post titled, "New Java Exploit Fetches $5,000 Per Buyer." The details in that story came from a sales thread posted to an exclusive subforum of Darkode.com, a secretive underground community that has long served as a bazaar for all manner of cybercriminal wares, including exploit kits, spam services, ransomware programs, and stealthy botnets. I've maintained a presence on this forum off and on (mostly on) for the past three years, in large part because Darkode has been a reliable place to find information about zero-days, or highly valuable threats that exploit previously unknown vulnerabilities in software — threats that are shared or used by attackers before the developer of the target software knows about the vulnerability. [Screenshot]

Continued : http://krebsonsecurity.com/2013/04/fool-me-once/

Collapse -
Ongoing malware attack targeting Apache hijacks 20,000 sites
by Carol~ Forum moderator / April 3, 2013 3:50 AM PDT
In reply to: NEWS - April 03, 2013

"Mysterious "Darkleech" exposes visitors to potent malware exploits."

Tens of thousands of websites, some operated by The Los Angeles Times, Seagate, and other reputable companies, have recently come under the spell of "Darkleech," a mysterious exploitation toolkit that exposes visitors to potent malware attacks.

The ongoing attacks, estimated to have infected 20,000 websites in the past few weeks alone, are significant because of their success in targeting Apache, by far the Internet's most popular Web server software. Once it takes hold, Darkleech injects invisible code into webpages, which in turn surreptitiously opens a connection that exposes visitors to malicious third-party websites, researchers said.

Although the attacks have been active since at least August, no one has been able to positively identify the weakness attackers are using to commandeer the Apache-based machines. Vulnerabilities in Plesk, Cpanel, or other software used to administer websites is one possibility, but researchers aren't ruling out the possibility of password cracking, social engineering, or attacks that exploit unknown bugs in frequently used applications and OSes.

Continued : http://arstechnica.com/security/2013/04/exclusive-ongoing-malware-attack-targeting-apache-hijacks-20000-sites/

Rleated:
Darkleech infects scores of Apache servers
Darkleech Attacks Hit 20,000 Websites

Collapse -
Update for Sophos Web Protection Appliance
by Carol~ Forum moderator / April 3, 2013 3:50 AM PDT
In reply to: NEWS - April 03, 2013

Security firm Sophos has asked that its customers install version 3.7.8.2 of the Web Protection Appliance immediately. At the end of February, staff at security firm SEC Consult discovered vulnerabilities in the product's web-based user interface. Sophos has closed the security holes in the latest version.

The vulnerabilities allow attackers to harvest sensitive data such as passwords and session cookies and provide access to private certificate keys. These keys can be used to sign arbitrary certificates that could serve for man-in-the-middle attacks or phishing attacks within a company network because all clients in a network will accept the certificates.

Sophos says that SEC Consult Vulnerability Lab privately reported the security holes on 21 February. No public exploits for the vulnerabilities (CVE numbers CVE-2013-2641, CVE-2013-2642 and CVE-2013-2643) are believed to have appeared.

http://www.h-online.com/security/news/item/Update-for-Sophos-Web-Protection-Appliance-1834672.html

See Vulnerabilities / Fixes : Sophos Web Appliance Multiple Vulnerabilities

Collapse -
Facebook Claims it's a "Bug"
by Carol~ Forum moderator / April 3, 2013 3:50 AM PDT
In reply to: NEWS - April 03, 2013

From the F-Secure Antivirus Research Weblog:

Yesterday's post noted the disappearance of Facebook's option to clear searches.

Late last night, I spoke with Zach Miners, of IDG News Service. He investigated the situation and was told by Facebook:

"Its disappearance was caused by a bug and was not intentional." [Screenshot]

A bug?

Really. What a complete load of bollocks. When your company motto is "Move Fast and Break Things", I'm rather more inclined to believe it's a case of oversight, human error, and/or incompetence. [Screenshot]

Or perhaps "bug" is Facebook lingo for "oops, my bad"?

Seriously Facebook... STOP MOVING SO FAST!

When it comes to security and privacy controls: done is — NOT — better than perfect.

http://www.f-secure.com/weblog/archives/00002535.html

Collapse -
Stealthy BaneChant Trojan Lurks in Word File, Relies on
by Carol~ Forum moderator / April 3, 2013 4:01 AM PDT
In reply to: NEWS - April 03, 2013
.. Multiple Mouse Clicks

Much like malware that was discovered last year, a new Trojan has been reported that relies on detecting mouse clicks to evade sandbox analysis. BaneChant masquerades as a Word document and incorporates advanced evasion techniques making it stealthier than its predecessor.

Researchers at FireEye spotted the malware in a malicious document that translates to "Islamic Jihad.doc," a title that suggests the malware is targeting governments via spear phishing attacks in the Middle East and Central Asia, according to a post on the company's blog by Chong Rong Hwa yesterday.

The malware, discovered by FireEye's Abhishek Singh, can send information about the infected computer to attackers and can also set up backdoors to allow remote access that could let an attacker further execute malicious activities.

Once victims open the document, the malware downloads a binary and leverages a shortened URL to disguise what it's doing from malware detection services. Instead of communicating directly with a command and control server, this Trojan communicates with the URL shortening service, ow.ly, which then contacts the C+C server.

Continued : https://threatpost.com/en_us/blogs/stealthy-banechant-trojan-lurks-word-file-relies-multiple-mouse-clicks-040213
Collapse -
Aggressive Android adware and malware on the rise
by Carol~ Forum moderator / April 3, 2013 4:01 AM PDT
In reply to: NEWS - April 03, 2013

With adware gleaning more user data from people devices than they would normally need too and developers bundle more than one adware framework into their apps, user privacy is increasingly taking a backseat to profit for developers and advertisers.

More and more unknown third parties now have access to user browsing history, phone numbers, email address and everything they need to compile comprehensive and personalized user profiles.

User privacy is taking a serious blow as adware targeting Android devices jumped 61 percent worldwide in the five months through January, while malware expanded 27 percent and adware in the US expanded 35 percent, according to a study by Bitdefender Labs. The number of Trojan reports spiked 37 percent in December 2012.

Continued : http://www.net-security.org/malware_news.php?id=2452

Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Tech Tip

Know how to save a wet phone?

It's not with a dryer and it's not with rice. CNET shows you the secret to saving your phone.