Spyware, Viruses, & Security forum


NEWS - February 07, 2013

by Carol~ Forum moderator / February 7, 2013 12:02 AM PST
Massive search fraud botnet seized by Microsoft and Symantec

[Screenshot] - Users with computers infected by the Bamital botnet malware will see this page every time they click a search result

A botnet that redirected clicks from millions of PCs has been, at least for the moment, shut down by Microsoft and Symantec. Based on the fraudulent traffic generated by the Bamital botnet, the two companies estimate that its operators netted more than $1 million a year by redirecting unsuspecting computer users to websites they didn't intend to go, cashing in on the traffic with online advertising networks.

Acting on a court order they obtained from the US District Court in Alexandria, technicians from the two companies—accompanied by federal marshals—showed up at two data centers today to take down the servers controlling the Bamital botnet. A server in an ISPrime data center in Weehawken, New Jersey was seized, while the operators of a LeaseWeb data center in Manassas, Virginia voluntarily shut down a server at the company's headquarters in the Netherlands. LeaseWeb is providing an image of that server to Microsoft and Symantec. "These servers were command and control servers, and were also absorbing the malicious traffic the botnet was creating," said Vikram Thakur, Principal Security Response Manager at Symantec in an interview with Ars.

Continued : http://arstechnica.com/security/2013/02/massive-search-fraud-botnet-siezed-by-microsoft-and-symantec/

Microsoft and Symantec take down Bamital botnet that had ensnared thousands of PCs
Microsoft, Symantec Join Forces to Take Down Bamital Click-Fraud Botnet
Microsoft and Symantec collaborate to disable click-fraud botnet
Microsoft busts Bamital botnet
Post a reply
Discussion is locked
You are posting a reply to: NEWS - February 07, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - February 07, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Microsoft launches 'Don't Get Scroogled by Gmail' campaign..
by Carol~ Forum moderator / February 7, 2013 1:11 AM PST
... to stop Google 'going through personal emails'

Microsoft's efforts to downplay Google's Gmail over its own Outlook.com service are well known amongst the tech crowd. In late-November the Redmond, Wash.-based corporation claimed that a third of new Outlook.com signups were people switching from Google's email service, and after the web giant dropped support for EAS, Microsoft quickly advised Gmail users to make the same switch. Now Microsoft is at it again, launching a new crusade titled "Don't Get Scroogled by Gmail".

The purpose of the campaign, according to the software firm, is to "educate consumers that Google goes through their personal emails to sell ads". Don't Get Scroogled by Gmail is aimed at American Gmail users and is supported by a GfK Roper study commissioned by Microsoft that found "70 percent of consumers don't know that major email providers routinely engage in the practice of reading through their personal email to sell ads", with a vast majority of people, 88 percent, disapproving of this practise once the information was brought to their attention.

Continued : http://betanews.com/2013/02/07/microsoft-launches-dont-get-scroogled-by-gmail-campaign-to-stop-google-going-through-personal-emails/

Microsoft launches 'Don't get Scroogled' campaign against Google
Microsoft launches campaign against Gmail over privacy
Microsoft Attacks Gmail with "Scroogled" Campaign
Collapse -
EU wants to force firms to report cyberattacks
by Carol~ Forum moderator / February 7, 2013 1:11 AM PST

More than 40,000 companies across the EU could be forced to warn regulators if their systems are hacked, under new cybersecurity proposals to be published today.

Firms involved in 'critical infrastructure' - including banks, search engine providers, cloud providers and hospitals - would be required to report to new national authorities to be set up in each member state, along with a a Computer Emergency Response Team (CERT).

"At the end of the day openness and transparency about your experience is going to result in a better environment for all," says Digital Agenda Commissioner Neelie Kroes.

According to Reuters, the rules would apply to around 15,000 transport companies, 8,000 banks, 4,000 energy firms and 15,000 hospitals. Firms with fewer than ten employees would be exempt.

After receiving a report, the national authority would then decide whether to make the attack public, weighing up public interest against the threat of reputational damage to the firm. It would also have the power to impose fines if a company failed to notify it of an attack.

Continued : http://www.tgdaily.com/security-brief/69328-eu-wants-to-force-firms-to-report-cyberattacks

EU to force organisations to report major security breaches
EC data breach reporting plans to impact Apple, Facebook and Google

Collapse -
Download: H2 2012 Threat Report
by Carol~ Forum moderator / February 7, 2013 1:11 AM PST

From the F-Secure Antivirus Research Weblog:

What's been demanding our attention in the second half of 2012? Discover the answer to that question in our H2 2012 Threat Report! It pretty much sums up all the important cases we've seen from July to December of 2012. Whet your appetite with short articles on passwords and corporate espionage, and then move on to the case studies on the following:

• Bots
• ZeroAccess
• Zeus
• Exploits
• Web
• Multi-platform attacks
• Mobile

Download a copy from here.



Related: Bots, Zeus, Web Exploits: the Most Potent Threats of 2012

Collapse -
Ransomware Spam Pages on Github, Sourceforge, Others
by Carol~ Forum moderator / February 7, 2013 3:27 AM PST

From the GFI Labs Blog:

There's currently a large and determined effort to infect computers with Ransomware, courtesy of the Stamp EK exploit kit (if you want to know about the other name the kit has, visit the Sophos blog via the bottom Tweet. The language deployed by the kit authors is possibly not safe for work, so if you'd rather roll with Stamp EK that's fine by me).

The bait for most of these redirects to Ransomware appears to be a slice of US news reporters in various "fake" (ie nonexistent) nude pictures, along with a smattering of film actresses / singers - in other words, the usual shenanigans. Curiously, we've observed a lot of wrestlers / people involved in the wrestling industry listed on many of the spam pages too (including Vickie Guerrero, who is named on the fake Youtube page hosted on Github below). [Screenshot]

There are pages and pages of ripped content sitting on various websites such as one located on a .ua domain.

Continued : http://www.gfi.com/blog/ransomware-spam-pages-on-github-sourceforge-others/

Collapse -
Critical Flash Player Update Fixes 2 Zero-Days
by Carol~ Forum moderator / February 7, 2013 6:19 AM PST
Adobe today pushed out an emergency update that fixes at least two zero-day vulnerabilities in its ubiquitous Flash Player software — flaws that attackers are already exploiting to break into systems. Interestingly, Adobe warns that one of the exploits in use is designed to drop malware on both Windows and Mac OS X systems.

Adobe said in an advisory that one of the vulnerabilities — CVE-2013-0634 - is being exploited in the wild in attacks delivered via malicious Flash content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform, as well as attacks designed to trick Windows users into opening a Microsoft Word document delivered as an email attachment.

Adobe also warned that a separate flaw - CVE-2013-0633 - is being exploited in the wild in targeted attacks designed to trick the user into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash content. The company said the exploit for CVE-2013-0633 targets the ActiveX version of Flash Player on Windows (i.e. Internet Explorer users).

Updates are available for Windows, Mac, Linux and Android users. The latest Windows and Mac version is v. 11.5.502.149, and is available from this link. Those who prefer a direct link to the OS-specific downloads can grab them here. To find out if you have Flash installed and what version your browser may be running, check out this page.


Continued : http://krebsonsecurity.com/2013/02/critical-flash-player-update-fixes-two-zero-days/

Also: Security Updates for Adobe Flash Player (APSB13-04)
Collapse -
Mobile spammers release DIY phone number harvesting tool
by Carol~ Forum moderator / February 7, 2013 6:19 AM PST

Dancho Danchev @ the Webroot Threat Blog:

Need a good reason not to connect to the public Web with your phone? Wonder where all that SMS spam is coming from? Keep reading.

Mobile phone spammers have recently released a new version of a well known phone number harvesting tool, whose main objective is to crawl the public Web and index mobile phone numbers, which will later be used for various malicious and fraudulent purposes.

More details:

Sample screenshot of the DIY phone number harvesting tool: [Screenshot]

Second screenshot of the DIY phone number harvesting tool: [Screenshot]

The second screenshot displays the results of the tool in the following order: unique number of the harvested phone number, the actual phone number, name of the owner, logo of the mobile operator, name of the mobile operator, date and country (in this case, Russia).

Third screenshot of the DIY phone harvesting tool: [Screenshot]

Continued : http://blog.webroot.com/2013/02/07/mobile-spammers-release-diy-phone-number-harvesting-tool/

Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions


Free trip to the Grand Prix

Don't miss your chance to win a trip to the Formula 1 Grand Prix in Monaco for you and a plus-one.