Spyware, Viruses, & Security forum


NEWS - April 22, 2013

by Carol~ Forum moderator / April 22, 2013 11:21 AM PDT
More "BadNews" for Android: New malicious apps found in Google Play

"The code family used to push malware circulated as early as June 2012."

The family of Android malware that slipped past security defenses and infiltrated Google Play is more widespread than previously thought. New evidence shows it was folded into three additional apps and has been operating for at least 10 months, according to security researchers.

BadNews, as the malicious ad network library is called, has been included in at least 35 different apps that were available on Google servers for download, researchers from antivirus provider Bitdefender said Monday. As Ars reported last week, figures provided by Google showed they had been downloaded anywhere from two million to nine million times. Although Google had removed 32 apps as of Friday, company security personnel didn't remove the additional three apps until they were flagged this weekend by Bitdefender. Apps that contain the BadNews code upload phone numbers, unique device identifiers, and other data from infected phones and then present end users with prompts to download and install fake updates for legitimate applications such as Skype.

The Bitdefender report came as researchers from security firm Fortinet reported the deactivation of a Google Play developer account that was also pushing a suspicious app.

Continued : http://arstechnica.com/security/2013/04/more-badnews-for-android-new-malicious-apps-found-in-google-play/
Post a reply
Discussion is locked
You are posting a reply to: NEWS - April 22, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - April 22, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
New Malware Targeting the Dutch Through Twitter
by Carol~ Forum moderator / April 22, 2013 11:31 AM PDT
In reply to: NEWS - April 22, 2013


As Twitter continues to secure its footing in the social network spectrum, it continues to be complemented by an ongoing deluge of spam and malware, intent on tapping into - and duping - the social network's 200 million plus users.

Tanya Shafir, a researcher at the security firm Trusteer recently discovered a new type of new malware being used by cybercriminals to infect otherwise legitimate Twitter accounts.

According to a post by Director of Product Marketing Dana Tamir on the company's blog today, the malware is "an active configuration of TorRAT" and is spreading via man-in-the-browser attacks.

Once a user stumbles upon a malicious page, the page injects Javascript (below) into the victim's Twitter account page, which in turn swipes the user's Twitter authentication token. With the token, the malware can contact Twitter's API and post whatever it sees fit - or in this case - a boatload of Dutch spam.

Continued : http://threatpost.com/new-malware-targeting-the-dutch-through-twitter/

Also: Malware Abuses Trust to Spread on Twitter

Collapse -
FBI Issues Warning on Boston Marathon Fraud
by Carol~ Forum moderator / April 22, 2013 11:31 AM PDT
In reply to: NEWS - April 22, 2013

The FBI issued a warning on Boston Marathon fraud after complaints of trickery via social media and e-mail scams. Since the April 15 explosions, cyber-criminals took advantage of human generosity and started to spread donation scams and spam loaded with malware.

Soon after the explosions, a Twitter account that resembled a legitimate Boston Marathon account lured users into donating a dollar each to victims. Though the account was suspended, scammers are likely to use the same method to register new fraudulent accounts.

"While Americans feel the need to assist or contribute to those affected by this tragedy; criminals see it as a way to exploit contributor's kindness," IC3 representatives said. "History has shown criminals utilize disasters to take advantage of those wanting to assist."

Over 125 dubious domains were also registered within hours of the Boston Marathon explosions. The FBI suspects these are fraudulent websites created from scratch, because cyber-criminals have registered fake websites following other disasters too. Police also warn that links appearing as legitimate, including fbi.gov, could be hyperlinked to redirect victims to malicious web sites.

Continued : http://www.hotforsecurity.com/blog/fbi-issues-warning-on-boston-marathon-fraud-5988.html

Collapse -
Groundhog day for routers
by Carol~ Forum moderator / April 22, 2013 11:31 AM PDT
In reply to: NEWS - April 22, 2013

Even if it is hardly surprising anymore, a shocking range of sometimes hair-raising vulnerabilities continues to lie dormant in popular router models. Sitecom WLM-3500 routers, for example, contain two undocumented backdoor accounts that provide attackers with simple ways of obtaining admin privileges and make arbitrary router configuration adjustments. Vulnerable devices are easy to find: The H's associates at heise Security discovered more than 10,000 potentially vulnerable routers straight away, the majority of them in Italy.

The backdoor access credentials were accepted in all of their spot checks. While Sitecom has released a firmware version 1.07 that, the company says, no longer contains the backdoors, routers don't tend to be too fussed about keeping their firmware updated, and it is unlikely that the update will be installed on a significant number of devices in the foreseeable future. The hole was discovered and reported to Sitecom by security expert Roberto Paleari from Emaze Networks.

Continued : http://www.h-online.com/security/news/item/Groundhog-day-for-routers-1847381.html

Collapse -
Pro-Assad Supporters Hijack CBS on Twitter
by Carol~ Forum moderator / April 22, 2013 11:32 AM PDT
In reply to: NEWS - April 22, 2013

The Syrian Electronic Army has claimed responsibility for hacking three CBS Twitter feeds, and a San Diego radio station on Sunday. The compromised accounts were used to spread propaganda.

CBS confirmed that the Twitter feeds for 60 Minutes, 48 Hours, and a Denver affiliate (CBSDenver) were all compromised in order to spread propaganda supporting the Assad regime. The offending comments were deleted and control restored to the accounts within hours.

The Syrian Electronic Army (SEA) claimed responsibility for the messages posted, which included comments that President Obama was "shamelessly in bed with Al-Qaeda" and that the CIA was arming Al-Qaeda terrorists in Syria. Other messages were more direct, including a warning that the "American people must stop their government, before the whole world is destroyed."

Digital propaganda efforts such as these have been ongoing since the start of the recent problems in Syria, the most notable of which focused on false news being published on Reuters, reporting setbacks by the Free Syrian Army. Last month, a similar situation took place on the weather feed for the BBC, this too was claimed by the SEA.

Continued : http://www.securityweek.com/pro-assad-supporters-hijack-cbs-twitter

Collapse -
Tea Leaves Say Breach at Teavana
by Carol~ Forum moderator / April 22, 2013 11:32 AM PDT
In reply to: NEWS - April 22, 2013

Multiple sources in law enforcement and the financial community are warning about a possible credit and debit card breach at Teavana, a nationwide tea products retailer. Seattle-based coffee giant Starbucks, which acquired Teavana late last year, declined to confirm a breach at Teavana, saying only that the company is currently responding to inquiries from card-issuing banks and credit card brands.

Over the weekend, KrebsOnSecurity received a tip from an anonymous reader who said Teavana had suffered a data breach that exposed credit and debit card information. A source at a major U.S. credit card issuer confirmed that the card brand has seen fraud rates indicative of a breach emanating from virtually the entire Teavana franchise, which spans more than 280 stores nationwide. Separately, a federal law enforcement official who asked not to be named said agents were indeed investigating a possible breach at Teavana.

On Sunday, I sent an inquiry to Teavana's public relations folks. Today, I heard back from Starbucks spokeswoman Jaime Riley, who said Starbucks "takes its obligation to protect customers' financial information very seriously," and that the company "has safeguards in place to constantly monitor for any suspicious activity." But she said the company doesn't comment on ongoing investigations.

Continued : http://krebsonsecurity.com/2013/04/sources-tea-leaves-say-breach-at-teavana/

Collapse -
Chrome and Java Pwn2Own Vulnerabilities Explained
by Carol~ Forum moderator / April 22, 2013 11:32 AM PDT
In reply to: NEWS - April 22, 2013

Details have been disclosed about vulnerabilities exploited in Chrome and Java during the Pwn2Own contest. Google made patches available for the Chrome flaw within 24 hours, while Oracle patched Java fully last week. Details were not disclosed by the researchers, who netted tens of thousands for their exploits, until last Friday, more than a month after the contest.

The exploits in question here used a variety of techniques to break both the popular browser and the browser plug-in. Java has had a particularly miserable year in terms of security, starting shortly after Christmas with a number of zero-day exploits used high profile targeted attacks. Chrome, meanwhile, remains a difficult challenge for researchers and hackers alike. Not only is it a popular target during Pwn2Own, but Google runs a concurrent Pwnium event during the CanSecWest Conference challenging researchers to take a crack at the browser.

MWR Labs researchers were able to take down an up-to-date version of Chrome running on a fully patched Windows computer during the contest. Not only did they find and exploit a previously unknown flaw in Chrome, but were able to chain that together with a kernel exploit targeting Windows to elevate privileges and own the browser.

Continued : http://threatpost.com/chrome-and-java-pwn2own-vulnerabilities-explained/

Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions


Having Wi-Fi troubles?

From the garage to the basement, we blanketed every square inch of the CNET Smart Home with fast, reliable Wi-Fi.