Spyware, Viruses, & Security forum

Alert

NEWS - February 27, 2013

by Carol~ Forum moderator / February 27, 2013 3:41 AM PST
Adobe releases third security update this month for Flash Player

"Latest advisory assigns top priority rating to Windows and Mac users."

Adobe has released an emergency security update for its widely used Flash media player to patch a vulnerability being actively exploited on the Internet. The company is advising Windows and Mac users to install it in the next 72 hours.

An advisory the software company issued on Tuesday said only that affected Flash flaws "are being exploited in the wild in targeted attacks designed to trick the user into clicking a link which directs to a website serving malicious Flash (SWF) content." It identified the bugs as CVE-2013-0643 and CVE-2013-0648 as indexed in the common vulnerabilities and exposures database. The advisory added the exploits targeted the Firefox browser. A spokeswoman said no other attack details are available.

Adobe's advisory assigns a priority rating of 1 to Flash versions that run on Microsoft Windows or Mac OS X computers. The rating is reserved for "vulnerabilities being targeted, or which have a higher risk of being targeted, by exploit(s) in the wild." The priority for Linux users carries a rating of 3, which is used to designate "vulnerabilities in a product that has historically not been a target for attackers."

Continued : http://arstechnica.com/security/2013/02/adobe-releases-third-security-update-this-month-for-flash-player/

Related:
Emergency Flash update blocks exploit targeted at Firefox
Adobe Patches Two Critical Flash Player Vulnerabilities
Adobe tells users to update Flash Player for the third time this month

Also see: Security Updates for Adobe Flash Player (APSB13-08)
Post a reply
Discussion is locked
You are posting a reply to: NEWS - February 27, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - February 27, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
MiniDuke Espionage Malware Hits Governments in Europe Using
by Carol~ Forum moderator / February 27, 2013 4:17 AM PST
... Adobe Exploits

New espionage malware has been discovered that targets a patched sandbox-bypass vulnerability in Adobe Reader. The attacks have hit a relatively small number of government victims in 23 countries, primarily in Europe, and rely on a string of unusual tactics, including the use of steganography to hide backdoor code, as well as the capability to reach out to Twitter accounts created by the attackers for links to command and control servers.

Dubbed MiniDuke by researchers at Kaspersky Labs and CrySyS Lab, these attacks were active as of one week ago. They rely on effective social engineering to deliver infected PDFs targeting Adobe Reader 9-11. The PDFs purport to be Ukraine's foreign policy and NATO membership plans, as well as information for a phony human rights seminar. The victims are not geographically similar; Kaspersky Labs reports 59 victims, most throughout Europe, a few Middle Eastern countries, Brazil and the United States.

"This is a unique and very strange attack. The many different targets hit in separate countries, together with the high profile appearance of the decoy documents and the weird backdoor functionality indicate an unusual threat actor," a Kaspersky and CrySyS report said. "Some of the elements remind us of both Duqu and Red October, such as the minimalistic approach, hacked servers, encrypted channels but also the typology of the victims."

Continued : https://threatpost.com/en_us/blogs/miniduke-espionage-malware-hits-governments-europe-using-adobe-exploits-022713

Also:
Bizarre old-school spyware attacks governments, sports Mark of the Beast
Old school malware used for spying on European govts
'Old School' MiniDuke Malware Targets European Governments Via Adobe
Collapse -
Fake Adobe Flash Update Installs Ransomware,
by Carol~ Forum moderator / February 27, 2013 4:17 AM PST
.. Performs Click Fraud

From the Symantec Security Response blog:

Adobe Flash is one of the most widely distributed products on the Internet. Because of its popularity and global install base, it is often a target of cybercriminals. Cybercriminals are using social engineering methods to distribute their malware through fake Flash update sites, often compelling unsuspecting users, who may be in need of a software update, to unknowingly install malware.

Recently, we came across the following site masquerading itself as an Adobe Flash Player update page:

http://16.a[REMOVED]rks.com/adobe/ [Screenshot: Fake Adobe Flash update page]

The attacker has created what appears to be a rather convincing landing page; however, there are a few inconsistencies. Most of the links resolve back to the attacking domain and all of the links within the page—besides the link to the malware itself—resolve back to the root directory of the site, resulting in a 404 error.

The attacker's main goal is to make sure that a successful installation occurs, and presents two options to the user for maximum return.

Continued : http://www.symantec.com/connect/blogs/fake-adobe-flash-update-installs-ransomware-performs-click-fraud
Collapse -
ISP's to Implement Pirate Notification System
by Carol~ Forum moderator / February 27, 2013 5:49 AM PST

From Bitdefender's "HOTforSecurity" blog:

Internet Service Providers in the US are reportedly working on implementing a copyright infringement notification system to flag subscribers who download or upload copyrighted material via peer-to-peer services.

According to a report issued by The Associated Press, the Copyright Alert System will allow copyright holders to prompt internet service providers to deliver a notification that the IP address is involved in illegal file exchanges.

It is commonly known that publishers often monitor uTorrent trackers and collect IP addresses involved in exchanging copyrighted materials such as games, music and movies. Under the new system, publishers will be able to submit these IP addresses, along with the time the infringement has been detected, to the Internet Service Provider. The ISP looks up who had the specific IP address at the respective time and notifies them that they are breaking the law.

Continued : http://www.hotforsecurity.com/blog/internet-service-providers-to-implement-pirate-notification-system-5497.html

Collapse -
Comcast Punishes BitTorrent Pirates With Browser Hijack
by Carol~ Forum moderator / February 27, 2013 7:42 AM PST

Comcast revealed today how it will deal with customers who receive multiple warnings under the newly launched "six-strikes" anti-piracy system. After four alerts the ISP will "hijack" web-browsers of suspected serial pirates with a persistent pop-up notification, making it impossible to browse the Internet. The pop-up will disappear after the customer "resolves the issue" with a Customer Security Assurance professional.

Earlier this week when the six strikes system launched, little was known (officially) about the punishments ISPs were planning for persistent pirates.

Since then Verizon reinstated their copyright alerts section, revealing the mitigation measured that leaked last month. Today Comcast follows with a brief overview on how they will handle things.

In common with other ISPs, Comcast will start out with friendly alerts informing customers that their account has been used to share copyrighted material. After four warnings, repeated offenders will then enter the "mitigation phase" during which their service will be interrupted.

Continued : http://torrentfreak.com/comcast-punishes-bittorrent-pirates-with-browser-hijack-130227/

Collapse -
Targeted malware attack piggybacks on Nvidia digital
by Carol~ Forum moderator / February 27, 2013 5:50 AM PST
... signature

When it comes to targeted attacks, Tibetan-themed campaigns seem to be a popular choice for attackers. They don't lose momentum and just keep coming back day after day.

Recently I saw one of these attacks which had an interesting chain of events. It used multiple layers, including one that abused a legitimate, signed Nvidia application. Although we were already protecting users, I decided to dig a little deeper and find out what was happening.

The path from malicious document to installed backdoor was not as simple as you might imagine.

What I found was a multi-stage installation process involving a security vulnerability, two stages of shellcode, an archive, and an innocent application abused by the attackers. In this article we will explore how the attack worked, including technical details along the way.

Continued : http://nakedsecurity.sophos.com/2013/02/27/targeted-attack-nvidia-digital-signature/

Related : Anti-Tibetan Attack Stems from Nvidia Abuse, Old RTF Vulnerability
Collapse -
IE10 for Windows 7 Globally Available for Consumes
by Carol~ Forum moderator / February 27, 2013 5:51 AM PST
IE10 for Windows 7 Globally Available for Consumers and Businesses

Rob Mauceri @ the IEBlog:

Published 26 Feb 2013

Internet Explorer 10 is available worldwide in 95 languages for download today. We will begin auto updating Windows 7 customers to IE10 in the weeks ahead, starting today with customers running the IE10 Release Preview. With this final release, IE10 brings the same leading standards support, with improved performance, security, privacy, reliability that consumers enjoy on Windows 8, to Windows 7 customers.

20% faster for real world Web sites

With IE10 we continue delivering the best performance for real world Web sites on your Windows device. As with Windows 8, IE10 on Windows 7 improves performance across the board with faster page loading, faster interactivity, and faster JavaScript performance, while reducing CPU usage and improving battery life on mobile PCs. In measurements in our performance lab, IE loads real world pages up to 20% faster in top sites for news, social, search, ecommerce, and more.

Continued : http://blogs.msdn.com/b/ie/archive/2013/02/26/ie10-for-windows-7-globally-available-for-consumers-and-businesses.aspx
Popular Forums
icon
Computer Help 49,613 discussions
icon
Computer Newbies 10,349 discussions
icon
Laptops 19,436 discussions
icon
Security 30,426 discussions
icon
TVs & Home Theaters 20,308 discussions
icon
Windows 10 360 discussions
icon
Phones 15,802 discussions
icon
Windows 7 7,351 discussions
icon
Networking & Wireless 14,641 discussions

CNET's Tech Minute

Top 3 news reading apps

With the latest tech, getting news delivered to your phone is easier than ever. Here's a roundup of apps that are customizable and useful for getting the news.