Spyware, Viruses, & Security forum


NEWS - December 05, 2012

by Carol~ Forum moderator / December 5, 2012 4:18 AM PST
McAfee Security founder says he's now out of Belize, eluding investigators (Updated)

UPDATE: Many sites have pointed out that Vice Magazine, which is accompanying John McAfee as he runs away from Belizean law enforcement, seems to have accidentally revealed his location taken by an accompanying reporter. Based on the location data in the photo's metadata (EXIF), at least at the time of that photo, he was in Guatemala, just over the border from Belize. For what it's worth, McAfee now claims that the Guatemala GPS location was fake, too. In any case for all folks who want a little more privacy with their photos, here's some tips from Lifehacker. Still, McAfee adds: "I do not believe that Vice will remain with me further. Again, my apologies."

A few weeks ago, founder of McAfee Security John McAfee (he no longer has any connection to the company), was named by Belizean authorities as a "person of interest" in the murder of another American expatriate also living in the Central American country. Since then, McAfee has been on the lam, somehow managing to evade authorities in a country with 300,000 residents living in an area slightly smaller than Massachusetts.

After rumors of his arrest on his own website over the weekend, McAfee now reports that he is "safe" and outside of Belize for the moment, but he plans on returning.

Continued : http://arstechnica.com/tech-policy/2012/12/mcafee-security-founder-says-hes-now-out-of-belize-eluding-investigators/

Geo-Tagging Gives Away Location of Fugitive AV Guru
Antivirus most wanted: John McAfee traced to neighbouring Guatemala
Post a reply
Discussion is locked
You are posting a reply to: NEWS - December 05, 2012
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - December 05, 2012
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Microsoft Security Essentials fails AV-Test
by Carol~ Forum moderator / December 5, 2012 4:58 AM PST

In the current comparison tests run by AV-Test, the free Microsoft Security Essentials (MSE) suite was the only anti-virus product that didn't meet the institute's certification criteria. The laboratory publishes its results every other month. In the previous test, Microsoft's scanner performed well enough to be certified; MSE last failed the test two years ago.

AV-Test examines security programs' performance in terms of protection and repair as well as their usability, and candidates can achieve a maximum of 18 points in total. At least 11 points are required for certification; MSE narrowly missed this mark, scoring 10.5 points. Two months ago, Microsoft's anti-virus program was still achieving 12.5 points.

Points were lost in all areas: the program lost half a point in terms of protection and usability, and a whole point in the repair category. The protection result was mainly caused by MSE blocking fewer current threats: of the newly arrived malware samples, MSE only detected about 64% in October, while the average detection rate was 89%. Of the malware samples that were two to three months old, MSE detected 90%; the average detection rate was 97%.

Continued : http://www.h-online.com/security/news/item/Microsoft-Security-Essentials-fails-AV-Test-1761415.html

Collapse -
SMS Flaw Opens Twitter Users to Account Hijacking
by Carol~ Forum moderator / December 5, 2012 4:58 AM PST

A flaw in how Twitter handles SMS messages can be exploited by attackers who know the victim's mobile number, a security researcher has found.

With just the mobile phone number in hand, attackers can post messages from the victim's account and modify profile information, security researcher Jonathan Rudenberg wrote in a blog post Tuesday. Users who have registered a mobile number can post messages on the site via SMS messages. Users who have enabled this feature are vulnerable and should disable it until the security hole is closed, Rudenberg said.

Users can remove their mobile numbers from Twitter by visiting the Settings page.

The account hijack succeeds by spoofing the source number to be the mobile number associated with a Twitter user, Rudenberg wrote. Since many SMS gateways allow the origin address of a message to be set to any arbitrary identifier, the message's originating address cannot be trusted, Rudenberg said.

Continued: http://securitywatch.pcmag.com/none/305663-sms-flaw-opens-twitter-users-to-account-hijacking

Twitter Resolves SMS Bug (For Some Users)
Twitter: US Users Are Not Vulnerable to SMS Spoofing Attacks
Tweeting with SMS can open door to hacks on your Twitter account (updated)
Twitter fixes text account hijacking vulnerability, requires users to set PIN

Collapse -
Pentagon Deploying DARPA to Wage War on Backdoors
by Carol~ Forum moderator / December 5, 2012 4:58 AM PST

The speculation is rampant that certain manufacturers are installing backdoors in their own products or that foreign and criminal elements are exploiting weaknesses in the supply chain to compromise IT and networking equipment somewhere between vendors and their customers. The Pentagon is trying to find some way of guaranteeing that their hardware and software are secure, and so the Department of Defense is assigning its out-there research division, the Defense Advanced Research Projects Agency (DARPA), to do just that.

On Friday, DARPA officials said that the DoD does not have the capacity to ensure the security of all of its devices in a timely fashion with the resources currently at its disposal. To remedy this, DARPA intends to develop a litmus test capable of determining the presence of backdoors and other malicious functions within the DoD's current and future IT infrastructure.

The "Vetting Commodity IT Software and Firmware" (VET) program plans to find, in their words, "innovative, large-scale approaches to verifying the security and functionality of commodity IT devices." The Pentagon's goals are as simple and straightforward as they are lofty. DARPA's announcement lists 'defining malice,' 'confirming the absence of malice,' and 'examining equipment at scale' as the primary technical challenges that the project will address.

Continued : https://threatpost.com/en_us/blogs/pentagon-deploying-darpa-wage-war-backdoors-120412

DARPA to Hunt for Malicious Functions in Hardware and Software
DARPA declares war on backdoors

Collapse -
How the Eurograbber attack stole 36 million euros
by Carol~ Forum moderator / December 5, 2012 4:58 AM PST

Check Point has revealed how a sophisticated malware attack was used to steal an estimated €36 million from over 30,000 customers of over 30 banks in Italy, Spain, Germany and Holland over summer this year.

The theft used malware to target the PCs and mobile devices of banking customers. The attack also took advantage of SMS messages used by banks as part of customers' secure login and authentication process.

The attack worked by infecting victims' PCs and mobiles with a modified version of the Zeus trojan. When victims attempted online bank transactions, the process was intercepted by the trojan.

Under the guise of upgrading the online banking software, victims were duped into giving additional information including their mobile phone number, infecting the mobile device. The mobile Trojan worked on both Blackberry and Android devices, giving attackers a wider reach.

Continued : http://www.net-security.org/malware_news.php?id=2344

Eurograbber SMS Trojan steals €36 million from online banks
Sophisticated Zeus Campaign Stole €36 Million From 30,000 Bank Accounts

Collapse -
Exploit kit authors thrive due to PoC code released by..
by Carol~ Forum moderator / December 5, 2012 6:55 AM PST
.. whitehats

Do exploit kit authors actually write the exploits they include in their offerings? Sophos' researcher Gabor Szappanos says the answer is a resounding "No."

Having spent the last year following the development of the Blackhole exploit kit, he says the last few exploits for zero-days added to it were all works of whitehat researchers who published their own exploit code online. In one particular case, the Blackhole author practically copy-pasted the published code into his exploit kit's code.

"The author of the Blackhole exploit kit seems to be more comfortable as a system integrator and web application developer than anything else, and is far from being a hardcore vulnerability researcher," he comments.

This revelation should not come as a total surprise, as other researchers have noted a similar pattern.

Continued : http://www.net-security.org/secworld.php?id=14069
Collapse -
Vrublevsky Sues Kaspersky
by Carol~ Forum moderator / December 5, 2012 6:56 AM PST

The co-founder and owner of ChronoPay, one of Russia's largest e-payment providers, is suing Russian security firm Kaspersky Lab, alleging that the latter published defamatory blog posts about him in connection with his ongoing cybercrime trial.

Pavel O. Vrublevsky, is on trial in Moscow for allegedly hiring the curator of the Festi spam botnet to attack one of ChronoPay's rival payment processors. He spent six months in prison last year after admitting to his part in the attack on Assist, a company that processed payments for Russian airline Aeroflot.

The events leading up to that crime are the subject of my Pharma Wars series, which documents an expensive and labyrinthine grudge match between Vrublevsky and the other co-founder of ChronoPay: Igor Gusev — the alleged proprietor of GlavMed and SpamIt, sister organizations that until recently were the largest sources of spam touting rogue Internet pharmacies. For his part, Vrublevsky has been identified as the co-owner of a competing rogue pharmacy program, the now-defunct Rx-Promotion.

Continued: http://krebsonsecurity.com/2012/12/vrublevsky-sues-kaspersky/

Collapse -
ATM Thieves Swap Security Camera for Keyboard
by Carol~ Forum moderator / December 5, 2012 6:56 AM PST

This blog has featured stories about a vast array of impressive, high-tech devices used to steal money from automated teller machines (ATMs). But every so often thieves think up an innovation that makes all of the current ATM skimmers look like child's play. Case in point: Authorities in Brazil have arrested a man who allegedly stole more than USD $41,000 from an ATM after swapping its security camera with a portable keyboard that let him hack the cash machine

The story comes from O Estado de S. Paulo ("The State of Sao Paulo"), a daily newspaper in Brazil's largest city. According to the paper, late last month a crook approached an ATM at the Bank of Brazil and somehow removed the security camera from the machine. Apparently, the camera was a USB-based device, because the thief then was able to insert his own USB stick into the slot previously occupied by the camera. As you can imagine, a scene straight out of Terminator 2 ensued.

The attacker was then able to connect a folding keyboard to the ATM's computer and restart the machine. The newspaper story isn't crystal clear on the role of the USB device — whether it served as a replacement operating system or merely served to connect the keyboard to the machine (it's not hard to imagine why this would be so easy, since most ATMs run on some version of Microsoft Windows, which automatically installs drivers for most USB-based input devices).

Continued: http://krebsonsecurity.com/2012/12/atm-thieves-swap-security-camera-for-keyboard/

Collapse -
How script kiddies hijacks your browser to steal password
by Carol~ Forum moderator / December 5, 2012 6:56 AM PST
How script kiddies can hijack your browser to steal your password

"Technique also works for any data entered into a browser's search box."

[Screenshot: A demonstration showing a site that hijacks a browsers search function and intercepts the contents.]

Be careful what you type on your computer while surfing the Web. It very well could be funneled to a script kiddie who has appropriated a handful of lines of code and inserted it into his site.

The hack has been possible for years, but two proofs of concept published this month graphically demonstrate just how easy it is for even savvy people to fall for it. Both demonstrations use JavaScript to hijack the search command found in all standard browsers. The script is activated when a user presses the ctrl+f or +f keys, causing whatever is typed after that to be sent to a server under the control of the website operator rather than to the browser's search box.

Proofs of concept here and here show how this method could be used to trick people into divulging their password or credit card number respectively. The pages pose as lists that catalog leaked user data and invite visitors to search it to see if their information is included.

Continued : http://arstechnica.com/security/2012/12/how-script-kiddies-can-hijack-your-browser-to-steal-your-password/
Collapse -
Five Most Dangerous Malware Trends of 2013
by Carol~ Forum moderator / December 5, 2012 6:57 AM PST

Amit Klein @ the Trusteer Blog:

Looking back over the past months of our research findings, 2012 was characterized by the increasing sophistication of malware's ability to evade detection and the beginning of financial fraud platforms like Zeus, SpyEye and others crossing over to attack enterprise endpoints. We expect criminals to continue to innovate in 2013 and step up attacks against enterprises. Trusteer's security research group identified what they believe will be the top five most dangerous trends in malware in 2013. Our findings, which include Google attacks, native 64-bit Windows malware and increasingly advanced evasion techniques, are summarized in the infographic below.


Malware is currently the leading method cybercriminals use to compromise enterprise networks and financial institutions' customer accounts. Unfortunately, we see strong indications that cybercriminals are investing considerable development resources to make malware even more sophisticated and evasive.

Continued : http://www.trusteer.com/blog/five-most-dangerous-malware-trends-of-2013

Collapse -
Tumblr troubled by trojan text - Update
by Carol~ Forum moderator / December 5, 2012 7:06 AM PST

An outbreak of a worm on Tumblr, the microblogging platform, hit many accounts by taking advantage of the platform's reblogging capability. The payload of the worm was the publication of a posting angrily explaining how the worm's authors hated Tumblr users, was analysed by Sophos which noted that the malicious code was embedded mostly as a Base64-encoded string hidden within a data URI. Once decoded and executed, it would pull code and content from another website.

The code would direct users to a login page if they were not logged into Tumblr at the time, but if they were logged in, it would reblog the message in the user's account. As the message contained the malicious code, the worm was spread through the reblogging. As an extra factor for confusion, on leaving the page, it was possible that the malicious code would display a dialog claiming Tumblr would be down for maintenance for several hours.

Tumblr confirmed the worm was spreading early on and within a couple of hours announced they had the worm breakout under control. But the problem demonstrates, yet again, the importance of cleaning and validating text input into web applications and ensuring that output text is not in a position to be executable by user's browsers. This is doubly important for social media and sharing sites where the systems are akin to a petri dish for self-replicating code.

Continued : http://www.h-online.com/security/news/item/Tumblr-troubled-by-trojan-text-Update-1761800.html

Related: Tumblr worm proliferated due to XSS flaw

Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions


CNET bought a house!

Take a look inside the house where we will be testing connected locks, thermostats and other smart home products so we can tell a complete story.