Spyware, Viruses, & Security forum


NEWS - December 13, 2012

by Carol~ Forum moderator / December 13, 2012 4:45 AM PST
FBI snares $850 million Butterfly botnet ring with help of Facebook

On Tuesday, the FBI announced that it had arrested ten people connected to a botnet that had spread through Facebook. Spread by a virus targeting Facebook users, the botnet caused over $850 million in losses to financial institutions, infected over 11 million computers, and stole credit card and bank account data. The botnet itself was shut down in October, according to an FBI statement.

This is the second major outbreak of botnets based on the Butterfly (aka Mariposa) bot tool. The first incarnation, discovered in December 2008 and shut down a year later, infected over 12 million PCs worldwide and was spread primarily through file-sharing and instant messaging attacks. It also harvested financial information from over 800,000 victims.

In the latest incarnation of Butterfly, the botnet spread itself using variants of Yahos, a virus that spreads itself by sending links via social networks and instant messaging. Victims clicked on the link, launching Yahos' attack. The malware, which in some variants disguised itself as an NVIDIA video driver, then downloaded and installed the botnet controls and browser exploits that captured users' credit card and bank account information. The spread of viruses like Yahos prompted Facebook to partner with McAfee in 2010 to provide tools to users to clean infected systems.

Continued: http://arstechnica.com/tech-policy/2012/12/fbi-snares-850-million-butterfly-botnet-ring-with-help-of-facebook/

Facebook Security, FBI Take Down Butterfly Botnet, Arrest 10
FBI arrests down Facebook botnet that stole $850 million
FBI compliments Facebook on combating botnet
Post a reply
Discussion is locked
You are posting a reply to: NEWS - December 13, 2012
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - December 13, 2012
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Three people arrested in U.K. over "police ransomware"
by Carol~ Forum moderator / December 13, 2012 5:14 AM PST

The U.K. Metropolitan Police's Central e-Crime Unit has arrested three individuals that have allegedly participated in a scheme to defraud Internet users by making them believe they have been caught doing something illegal.

To do that, the scammers used currently hugely popular ransomware that blocked the victims' computers and ask them to pay a fine via Ukash or Paysafecard in order to get their computers unlocked: [Screenshot]

On Tuesday, PCeU officers based at the Metropolitan Police Service and North West hubs, along with colleagues from Staffordshire Police, swooped down on two men and a women based in Stoke on Trent.

A 34-year-old man and 30-year-old woman are suspected of conspiracy to defraud, money laundering and possession of items for use in fraud, while a 26-year-old man has been arrested on suspicion of conspiracy to defraud.

Continued: http://www.net-security.org/secworld.php?id=14114

Also: Police arrest three over ransom malware attacks
UK Police Arrest 3 Individuals Suspected of Using Ransomware

Collapse -
IE exploit can track mouse cursor movements - even when ..
by Carol~ Forum moderator / December 13, 2012 5:14 AM PST
.. you're not in IE

A vulnerability affecting Internet Explorer versions 6 through 10 could make it possible for a hacker to monitor the movements of your mouse, even if the browser window is minimised.

According to UK-based web analytics firm Spider.io, this means that passwords and PINs could be captured by a canny thief if they are typed on a virtual (on-screen) keyboard. What's more, it's already being exploited by two display advertising networks, the company said, though it did not name them in its statement.

"As long as the page with the exploitative advertiser's ad stays open - even if you push the page to a background tab or, indeed, even if you minimize Internet Explorer - your mouse cursor can be tracked across your entire display," Spider.io said.

Continued :http://news.techworld.com/security/3416348/ie-exploit-can-track-mouse-cursor-movements-even-when-youre-not-in-ie/

Internet Explorer vulnerability lets hackers track your mouse movements
Internet Explorer tracks cursor even when minimised
Collapse -
Feds Convict Stock Scammers, Overlook Spammers
by Carol~ Forum moderator / December 13, 2012 5:15 AM PST

On Wednesday, the U.S. Justice Department announced that it had obtained convictions against a cybercrime gang that committed securities fraud through the use of botnets and spam. Oddly enough, none of the botmasters or spammers who assisted in the scheme were brought to justice or identified beyond their hacker handles. This blog post may change that.

The defendants who pleaded or were found guilty in this case were convicted of orchestrating "pump-and-dump" stock scams. These are schemes in which fraudsters buy up low-priced stock, blast out millions of spam e-mails touting the stock as a hot buy and then dump their shares as soon as the share price ticks up from all of the spam respondents buying into the scam.

A press release from the U.S. Attorney for the District of New Jersey noted that ringleader of the scam, 44-year-old Christopher Rad, of Cedar Park, Texas, communicated with the spammers via Skype, addressing them by their hacker aliases....

Continued : http://krebsonsecurity.com/2012/12/feds-convict-stock-scammers-overlook-spammers/

Collapse -
Apple Addresses New SMS Trojan in Malware Lists
by Carol~ Forum moderator / December 13, 2012 6:05 AM PST

Apple has made updates to its malware definitions to address yesterday's news of a new OS X Trojan, SMSSend.3666, that was disguising itself as legitimate software and confounding Russian users.

The Trojan, first blogged about by antivirus firm Dr. Web, tricked users into entering their cell phone number in order to continue the installation of what appeared to be an official software installer. According to Dr. Web's report, after supplying attackers with their phone number, the victim would unknowingly "agree to terms of a chargeable subscription and a fee will be debited from their mobile phone account on a regular basis." This particular Trojan imitated the VKMusic 4 program, a popular Russian music client.

Apple now identifies the malware in its "Xprotect.plist" blacklist, part of the antimalware framework Apple rolled out with its Snow Leopard operating system in 2009.

News of the quick patch, first reported by Macrumors.com, marks a quick turnaround for Apple, yet falls in line with the company's daily malware list edits. The Cupertino company announced it would update its malware database on a daily basis following last year's Mac Defender malware fiasco.


Related :
Mac users hit with fake installer and SMS fraud
Apple Updates Xprotect Malware Definitions to Detect SMS Trojan

Collapse -
Joomla sites misused to deploy malware
by Carol~ Forum moderator / December 13, 2012 6:06 AM PST

The Internet Storm Center reports that a large number of Joomla sites are currently deploying malicious code and infecting visitors with malware; some WordPress sites are also thought to be affected. The German CERT-Bund Computer Emergency Response Team, which is operated by the German Federal Office for Information Security (BSI), has confirmed that similar attacks on and via Joomla servers have also been observed in Germany.

Thomas Hungenberg from CERT-Bund told The H's associates at heise Security that his findings indicate that, for several days, the compromised sites have been exploited to infect computers mainly with fake AV software via an exploit kit. To infect computers, the attackers embed an iFrame into the web sites that points to a Sutra Traffic Distribution System and eventually redirects to an exploit kit. Until recently, URLs ended in /nighttrend.cgi?8 as described by the ISC, but in the past few hours, other URLs such as hxxp://kwydcpkq.qhigh.com/gjgdyrzd77.cgi?8 have also been sighted.

Continued : http://www.h-online.com/security/news/item/Joomla-sites-misused-to-deploy-malware-1766841.html

Attackers Exploiting Vulnerabilities In Joomla, WordPress to Distribute Malware
Joomla, WordPress Sites Hit by IFrame Injection Attacks

Collapse -
That square QR barcode on the poster? Check it's not a...
by Carol~ Forum moderator / December 13, 2012 6:06 AM PST
.. sticker

Cybercrooks are putting up stickers featuring URLs embedded in Quick Response codes (QR codes) as a trick designed to drive traffic to dodgy sites.

QR codes are two-dimensional matrix barcode that can be scanned by smartphones that link users directly to a website without having to type in its address. By using QR codes (rather than links) as a jump-off point to dodgy sites, cybercrooks can disguise the ultimate destination of links.

Security watchers have already seen spam messages pointing to URLs that use embedded QR codes. Now crooks have gone one step further by printing out labels and leaving them in well trafficked locations.

Warren Sealey, director enterprise learning and knowledge management, Symantec Hosted Services explained: "we've seen criminals using bad QR codes in busy places putting them on stickers and putting them over genuine ones in airports and city centres."

Continued : http://www.theregister.co.uk/2012/12/10/qr_code_sticker_scam/
Collapse -
Apple Patches Nine Vulnerabilities in QuickTime 7.7.3 Update
by Carol~ Forum moderator / December 13, 2012 6:06 AM PST

Apple shipped fixes for nine vulnerabilities in its QuickTime multimedia platform. The QuickTime 7.7.3 update resolves bugs for Windows 7, Vista, and XP service pack 2 and later.

The first two patches, discovered by IBM X-Force's Mark Yason and Microsoft's Jeremy brown respectively, resolve a buffer overflow in the handling of PICT files and REGION records, and a memory corruption issue in the handling of PICT files. Both vulnerabilities could be exploited if a user views a specially crafted PICT file, which in both cases could cause an application to crash or allow for arbitrary code execution.

The update also resolves three bugs that could cause unexpected application termination or enable the execution of arbitrary code if a user visits a maliciously crafted website. Two of the bugs were uncovered by chkr_d591, working with iDefense VCP. One was a use after free problem in the way the QuickTime plugin handled '_qtactivex_' parameters within a HTML object element and the other was a use after free flaw in Quicktime ActiveX control's handling of the Clear() method. The latter was discovered by TELUS Security Labs' Pavel Polischouk and addressed a buffer overflow in the QuickTime plugin's handling of MIME types.

Continued : https://threatpost.com/en_us/blogs/apple-security-patches-quicktime-s-773-update-windows-121312

Collapse -
Chinese PCs with Pirated Windows Have Security Bugs, Says MS
by Carol~ Forum moderator / December 13, 2012 6:06 AM PST

Chinese PCs running pirated Windows still have security vulnerabilities, according to Microsoft. The software giant launched a new campaign against piracy and warned users of security dangers they face when installing counterfeit products.

"What we are finding is that increasingly cybercriminals are targeting both businesses and consumers right here in China," said Nick Psyhogeos, vice president of Microsoft's original equipment manufacturer (OEM) business solutions group, as quoted by Computer World.

"Counterfeiters have pitched this story to consumers that software piracy or pirated products themselves don't cost anything, they're free. They've also pitched the story that it works just fine, it's good enough. Neither of those statements are accurate."

In September, the company announced it bought 169 PCs from China and discovered 91 per cent contained malware or deliberate security vulnerabilities. The investigation codenamed "Operation b70" also revealed the brand new computers had pirated versions of Windows. Some of the machines were bundled with "Nitol," a type of malware that remotely logged keystrokes and spied on users through their webcams.

Continued : http://www.hotforsecurity.com/blog/chinese-pcs-with-pirated-windows-have-security-bugs-says-microsoft-4802.html

Collapse -
Spam Campaign Flooding Towards Blackhole Exploit Kit
by Carol~ Forum moderator / December 13, 2012 7:10 AM PST

From the Symantec Security Response Blog:

In the last few months, we have seen an increase in the volume of malicious spam. The majority of these new spam emails contain links to the Blackhole Exploit Kit.

Earlier this year Symantec reported on malicious spam during tax season that lead to the Blackhole Exploit Kit. Similar attacks targeting well-known businesses occurred throughout 2012, affecting major brands in various service industries such as payroll, fax, and social media.

The emails claim to be contacting the recipient in regards to account transactions, pending notifications, company complaint reports etc.

The main purpose of these spam campaigns is to lure recipients into clicking on links contained in the emails. These links then lead to malicious code being downloaded, which exploits common vulnerabilities.

Note: Read The Blackhole Theory for more information about how this type of attack works.

Figure 1 shows the volume of Blackhole spam over the past three months. The attacks increased noticeably around September 18 and even more so in mid October. During this time, the attacks targeting social networks and payroll companies were prominent. Throughout the monitoring phase, we observed 19 companies being targeted by the spammers. Social media and payroll are the most popular industries targeted by spammers, contributing 35 and 31 percent respectively. [Screemshot: Figure 1]

Continued : http://www.symantec.com/connect/blogs/spam-campaign-flooding-towards-blackhole-exploit-kit

Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions


Free trip to the Grand Prix

Don't miss your chance to win a trip to the Formula 1 Grand Prix in Monaco for you and a plus-one.