10 total posts
Three people arrested in U.K. over "police ransomware"
The U.K. Metropolitan Police's Central e-Crime Unit has arrested three individuals that have allegedly participated in a scheme to defraud Internet users by making them believe they have been caught doing something illegal.
To do that, the scammers used currently hugely popular ransomware that blocked the victims' computers and ask them to pay a fine via Ukash or Paysafecard in order to get their computers unlocked: [Screenshot]
On Tuesday, PCeU officers based at the Metropolitan Police Service and North West hubs, along with colleagues from Staffordshire Police, swooped down on two men and a women based in Stoke on Trent.
A 34-year-old man and 30-year-old woman are suspected of conspiracy to defraud, money laundering and possession of items for use in fraud, while a 26-year-old man has been arrested on suspicion of conspiracy to defraud.
Also: Police arrest three over ransom malware attacks
UK Police Arrest 3 Individuals Suspected of Using Ransomware
Feds Convict Stock Scammers, Overlook Spammers
On Wednesday, the U.S. Justice Department announced that it had obtained convictions against a cybercrime gang that committed securities fraud through the use of botnets and spam. Oddly enough, none of the botmasters or spammers who assisted in the scheme were brought to justice or identified beyond their hacker handles. This blog post may change that.
The defendants who pleaded or were found guilty in this case were convicted of orchestrating "pump-and-dump" stock scams. These are schemes in which fraudsters buy up low-priced stock, blast out millions of spam e-mails touting the stock as a hot buy and then dump their shares as soon as the share price ticks up from all of the spam respondents buying into the scam.
A press release from the U.S. Attorney for the District of New Jersey noted that ringleader of the scam, 44-year-old Christopher Rad, of Cedar Park, Texas, communicated with the spammers via Skype, addressing them by their hacker aliases....
Continued : http://krebsonsecurity.com/2012/12/feds-convict-stock-scammers-overlook-spammers/
Apple Addresses New SMS Trojan in Malware Lists
Apple has made updates to its malware definitions to address yesterday's news of a new OS X Trojan, SMSSend.3666, that was disguising itself as legitimate software and confounding Russian users.
The Trojan, first blogged about by antivirus firm Dr. Web, tricked users into entering their cell phone number in order to continue the installation of what appeared to be an official software installer. According to Dr. Web's report, after supplying attackers with their phone number, the victim would unknowingly "agree to terms of a chargeable subscription and a fee will be debited from their mobile phone account on a regular basis." This particular Trojan imitated the VKMusic 4 program, a popular Russian music client.
Apple now identifies the malware in its "Xprotect.plist" blacklist, part of the antimalware framework Apple rolled out with its Snow Leopard operating system in 2009.
News of the quick patch, first reported by Macrumors.com, marks a quick turnaround for Apple, yet falls in line with the company's daily malware list edits. The Cupertino company announced it would update its malware database on a daily basis following last year's Mac Defender malware fiasco.
Mac users hit with fake installer and SMS fraud
Apple Updates Xprotect Malware Definitions to Detect SMS Trojan
Joomla sites misused to deploy malware
The Internet Storm Center reports that a large number of Joomla sites are currently deploying malicious code and infecting visitors with malware; some WordPress sites are also thought to be affected. The German CERT-Bund Computer Emergency Response Team, which is operated by the German Federal Office for Information Security (BSI), has confirmed that similar attacks on and via Joomla servers have also been observed in Germany.
Thomas Hungenberg from CERT-Bund told The H's associates at heise Security that his findings indicate that, for several days, the compromised sites have been exploited to infect computers mainly with fake AV software via an exploit kit. To infect computers, the attackers embed an iFrame into the web sites that points to a Sutra Traffic Distribution System and eventually redirects to an exploit kit. Until recently, URLs ended in /nighttrend.cgi?8 as described by the ISC, but in the past few hours, other URLs such as hxxp://kwydcpkq.qhigh.com/gjgdyrzd77.cgi?8 have also been sighted.
Continued : http://www.h-online.com/security/news/item/Joomla-sites-misused-to-deploy-malware-1766841.html
Attackers Exploiting Vulnerabilities In Joomla, WordPress to Distribute Malware
Joomla, WordPress Sites Hit by IFrame Injection Attacks
That square QR barcode on the poster? Check it's not a...
Cybercrooks are putting up stickers featuring URLs embedded in Quick Response codes (QR codes) as a trick designed to drive traffic to dodgy sites.
QR codes are two-dimensional matrix barcode that can be scanned by smartphones that link users directly to a website without having to type in its address. By using QR codes (rather than links) as a jump-off point to dodgy sites, cybercrooks can disguise the ultimate destination of links.
Security watchers have already seen spam messages pointing to URLs that use embedded QR codes. Now crooks have gone one step further by printing out labels and leaving them in well trafficked locations.
Warren Sealey, director enterprise learning and knowledge management, Symantec Hosted Services explained: "we've seen criminals using bad QR codes in busy places putting them on stickers and putting them over genuine ones in airports and city centres."
Continued : http://www.theregister.co.uk/2012/12/10/qr_code_sticker_scam/
Apple Patches Nine Vulnerabilities in QuickTime 7.7.3 Update
Apple shipped fixes for nine vulnerabilities in its QuickTime multimedia platform. The QuickTime 7.7.3 update resolves bugs for Windows 7, Vista, and XP service pack 2 and later.
The first two patches, discovered by IBM X-Force's Mark Yason and Microsoft's Jeremy brown respectively, resolve a buffer overflow in the handling of PICT files and REGION records, and a memory corruption issue in the handling of PICT files. Both vulnerabilities could be exploited if a user views a specially crafted PICT file, which in both cases could cause an application to crash or allow for arbitrary code execution.
The update also resolves three bugs that could cause unexpected application termination or enable the execution of arbitrary code if a user visits a maliciously crafted website. Two of the bugs were uncovered by chkr_d591, working with iDefense VCP. One was a use after free problem in the way the QuickTime plugin handled '_qtactivex_' parameters within a HTML object element and the other was a use after free flaw in Quicktime ActiveX control's handling of the Clear() method. The latter was discovered by TELUS Security Labs' Pavel Polischouk and addressed a buffer overflow in the QuickTime plugin's handling of MIME types.
Continued : https://threatpost.com/en_us/blogs/apple-security-patches-quicktime-s-773-update-windows-121312
Chinese PCs with Pirated Windows Have Security Bugs, Says MS
Chinese PCs running pirated Windows still have security vulnerabilities, according to Microsoft. The software giant launched a new campaign against piracy and warned users of security dangers they face when installing counterfeit products.
"What we are finding is that increasingly cybercriminals are targeting both businesses and consumers right here in China," said Nick Psyhogeos, vice president of Microsoft's original equipment manufacturer (OEM) business solutions group, as quoted by Computer World.
"Counterfeiters have pitched this story to consumers that software piracy or pirated products themselves don't cost anything, they're free. They've also pitched the story that it works just fine, it's good enough. Neither of those statements are accurate."
In September, the company announced it bought 169 PCs from China and discovered 91 per cent contained malware or deliberate security vulnerabilities. The investigation codenamed "Operation b70" also revealed the brand new computers had pirated versions of Windows. Some of the machines were bundled with "Nitol," a type of malware that remotely logged keystrokes and spied on users through their webcams.
Continued : http://www.hotforsecurity.com/blog/chinese-pcs-with-pirated-windows-have-security-bugs-says-microsoft-4802.html
Spam Campaign Flooding Towards Blackhole Exploit Kit
From the Symantec Security Response Blog:
In the last few months, we have seen an increase in the volume of malicious spam. The majority of these new spam emails contain links to the Blackhole Exploit Kit.
Earlier this year Symantec reported on malicious spam during tax season that lead to the Blackhole Exploit Kit. Similar attacks targeting well-known businesses occurred throughout 2012, affecting major brands in various service industries such as payroll, fax, and social media.
The emails claim to be contacting the recipient in regards to account transactions, pending notifications, company complaint reports etc.
The main purpose of these spam campaigns is to lure recipients into clicking on links contained in the emails. These links then lead to malicious code being downloaded, which exploits common vulnerabilities.
Note: Read The Blackhole Theory for more information about how this type of attack works.
Figure 1 shows the volume of Blackhole spam over the past three months. The attacks increased noticeably around September 18 and even more so in mid October. During this time, the attacks targeting social networks and payroll companies were prominent. Throughout the monitoring phase, we observed 19 companies being targeted by the spammers. Social media and payroll are the most popular industries targeted by spammers, contributing 35 and 31 percent respectively. [Screemshot: Figure 1]
Continued : http://www.symantec.com/connect/blogs/spam-campaign-flooding-towards-blackhole-exploit-kit