Spyware, Viruses, & Security

Alert

NEWS - January 07, 2013

by Carol~ Forum moderator / January 6, 2013 8:36 PM PST
Researchers Bypass Microsoft Fix It for IE Zero Day

Expect amped up pressure aimed in Microsoft's direction for a patch for the Internet Explorer zero day that surfaced last week, now that researchers at Exodus Intelligence reported today they have developed a bypass for the Fix It that Microsoft released as a temporary mitigation.

Their new exploit beat a fully patched Windows system running IE 8, the same version of the browser exploited by malware used in watering hole attacks against a number of political and manufacturing websites, including the Council on Foreign Relations in the U.S., and Chinese human rights site Uygur Haber Ajanski.

IE 6 and 7 also hold the same use-after free memory vulnerability (CVE-2012-4792) but are currently not being exploited. Microsoft said the impact of the attacks is limited; IE 9 and 10 are not vulnerable, Microsoft said. Yesterday's Patch Tuesday advisory previewing next Tuesday's batch of security updates did not include an IE patch.

Continued: https://threatpost.com/en_us/blogs/researchers-bypass-microsoft-fix-it-ie-zero-day-010413

Also:
Researcher sidesteps Microsoft fix for IE zero-day
"FixIt" Patch for CVE-2012-4792 Bypassed
Microsoft's Internet Explorer Zero-Day Fix Broken 'With Ease'
Post a reply
Discussion is locked
You are posting a reply to: NEWS - January 07, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - January 07, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Nvidia releases driver update to fix security exploit
by Carol~ Forum moderator / January 6, 2013 8:38 PM PST

Nvidia has quietly released a new set of drivers to patch up a security flaw found within the Display Driver service, which came to light via a U.K.-based researcher on Christmas day.

If you happen to be an owner of a GeForce graphics processing unit (GPU), then the quiet release of the latest GeForce-based drivers is certainly worth a quick download.

On Saturday, the firm made the new WHQL-certified graphics drivers -- version 310.90 -- available. The release notes say that the file "adds a security update for the NVIDIA Display Driver service (nvvsvc.exe)." However, it does not mention the fact that U.K. researcher Peter Winter-Smith discovered a flaw in December which makes the display driver service vulnerable to buffer overflow and code injection attacks. In other words, the security flaw could potentially be used by a remote attacker with a domain account to gain access to a system running older drivers.

In addition to killing off the security flaw, the driver update also comes complete with a number of bug fixes and performance enhancements for some gaming titles. New 3D Vision profiles have been added, and faster performance will improve a number of PC games including Call of Duty: Black Ops 2 and Assassin's Creed III.

Continued : http://www.zdnet.com/nvidia-releases-driver-update-to-fix-security-exploit-7000009448/

Also: NVIDIA Releases Fix For Dangerous Display Driver Exploit

Related: Nvidia Display Driver Service Attack Escalates Privileges on Windows Machines

See Vulnerabilities & Fixes : NVIDIA Graphics Drivers for Windows "nvsr" Named Pipe Buffer Overflow Vulnerability

Collapse -
I have Nvidia GeForce 310 installed
by Harv / January 7, 2013 9:05 PM PST

on my Windows 7 64-bit computer. I'm not sure if I should install NVidia GeForce 310.90 drivers.

Collapse -
Tough call
by bob b / January 7, 2013 10:49 PM PST

I have an old gpu.
I use old drivers.
I don't game.
It works fine.

I'd like to get the security update.......however....Nvidia imbedded the thing in a 160MB download.

That download gets me all the drivers and bells+whistles to support the latest gpu's and fixes for games.

I'm a little hesitant to apply that to my old gpu and muck things up.

For now I'm just going to sit on it and search for a way to update nvvsvc.exe.....that's where the security issue is......without having to update everything.

Collapse -
Any luck finding a workaround
by Harv / January 10, 2013 8:57 AM PST
In reply to: Tough call

to updating nvvsvc.exe without having to install the entire security update?

Collapse -
Work around
by bob b / January 10, 2013 11:45 PM PST

Nvvsvc.exe is a nvidia driver helper.
I have not found a good explanation of what it's for.

Based on this w7 machine.
Nvvsvc.exe is not a running process.
Under services I do see nvidia driver helper.
That service points to nvvsvc.exe.
I have that service disabled.....its been disabled for a long time.
I have not found anything that does not function.
Ymmv.

My plans are to ignore this thing and not go looking for trouble.

Collapse -
Rather than installing the new version, I've set options
by Harv / January 12, 2013 2:56 PM PST
In reply to: Tough call

for Nvidia Display Driver Services Properties to "disabled" for Startup Type and "stopped" for Service Status in order to protect my pc against the security flaw. After reading what the update entailed on Nvidia's website, it looked like it primarily corrected bugs that affected gaming and little else. Not being a gamer, I'm going to take a pass on the update. Thanks for your advice.

Collapse -
Crimeware Author Funds Exploit Buying Spree
by Carol~ Forum moderator / January 6, 2013 8:41 PM PST

The author of Blackhole, an exploit kit that booby-traps hacked Web sites to serve malware, has done so well for himself renting his creation to miscreants that the software has emerged as perhaps the most notorious and ubiquitous crimeware product in the Underweb. Recently, however, the author has begun buying up custom exploits to bundle into a far more closely-held and expensive exploit pack, one that appears to be fueling a wave of increasingly destructive online extortion schemes.

An exploit pack is a software toolkit that gets injected into hacked or malicious sites, allowing the attacker to foist a kitchen sink full of browser exploits on visitors. Those visiting such sites with outdated browser plugins may have malware silently installed. In early October 2012, security researchers began noticing that a new exploit pack called Cool Exploit Kit was showing up repeatedly in attacks from "ransomware," malicious software that holds PCs hostage in a bid to extract money from users.

"Kafeine," a French researcher and blogger who has been tracking the ties between ransomware gangs and exploit kits, detailed Cool's novel use of a critical vulnerability in Windows (CVE-2011-3402) that was first discovered earlier in the year in the Duqu computer worm. Duqu is thought to be related to Stuxnet, a sophisticated cyber weapon that experts believe was designed to sabotage Iran's nuclear program.

Continued : http://krebsonsecurity.com/2013/01/crimeware-author-funds-exploit-buying-spree/

Collapse -
DHS website falls victim to hacktivist intrusion
by Carol~ Forum moderator / January 6, 2013 8:41 PM PST

Hacktivist group NullCrew recently announced a succesful intrusion (though intrusionette might be a better word) against a website in the DHS.GOV domain hierarchy.

DHS, of course, is the United States Department of Homeland Security.

The intrusionetted site was studyinthestates.dhs.gov, intended to help foreigners find out if and how they might be able to study at US schools, colleges and universities.

It looks as though the site was vulnerable to what's known as a directory traversal vulnerability.

That's where you construct a URL that persuades the server to navigate to a part of the web server you aren't supposed to be able to access, and to retrieve content from there.

Continued : http://nakedsecurity.sophos.com/2013/01/07/dhs-website-falls-victim-to-hacktivist-intrusion/

Collapse -
Fake "Facebook Security Team" account asks for credentials
by Carol~ Forum moderator / January 6, 2013 8:48 PM PST

An account posing as that of the Facebook Security Team has been spotted sending warnings to random users, trying to fool them into believing that their Facebook account will be suspended due to a violation of the social network's Terms of Service: [Screenshot]

The message offers a link for verifying the account, and it takes users to a third party Facebook application that requests them to enter their Facebook page name, email or phone and password.

If entered and submitted, that information is automatically sent to the scammers behind this phishing scheme and used to hijack the account.

If you have fallen for the trick, try to access your account. If you are able to do so, change your password immediately. If you have already been locked out, report the compromise and Facebook will help you regain control of the account.

Continued: http://www.net-security.org/secworld.php?id=14186

Collapse -
John McAfee says he infected laptops with malware..
by Carol~ Forum moderator / January 7, 2013 12:11 AM PST
... spied and stole passwords from Belize officials

Twenty years ago, John McAfee ran an anti-virus company.

He's not had anything to do with the company that bears his name (and was subsequently acquired by Intel) since the early 1990s, but that doesn't mean that his involvement with malware has come to an end.

Many people have been following the bizarre story of John McAfee, who has been on the run from the Belize police since mid-November, had his location leaked to the world in a photo's EXIF meta-data, and was hastily deported from his Guatemala hide-out to the United States.

Throughout his escapades, John McAfee has been keeping the internet entertained and informed of his swashbuckling exploits via his blog.

Most recently, John McAfee claims that he gave Belize officials cheap laptops that had been deliberately pre-infected with keylogging spyware.

Continued : http://nakedsecurity.sophos.com/2013/01/07/john-mcafee-infected-laptops/

Related:
John McAfee Created His Own Botnet to Spy on Belizean Officials
John McAfee the Belize spymaster uncovers 'ricin, terrorist plots'
Collapse -
Ubisoft investigating compromised Uplay accounts
by Carol~ Forum moderator / January 7, 2013 1:13 AM PST

According to a report by GameSpy, users on Ubisoft's forums have been complaining about having lost access to their accounts on the company's Uplay online service. Starting around 30 December, many of the affected users say they have received emails telling them that the email addresses for their accounts had been changed to addresses associated with particular sites under the Russian .ru and .su top-level domains, suggesting that the hacks are part of a larger attack by a hacker or group of hackers. According to GameSpy, Ubisoft has confirmed the situation and said that "a limited number" of accounts are affected. No personal or financial details were compromised, according to the company.

Ubisoft did not give details of how the hackers managed to breach the accounts, but access for affected users was restored promptly once staff in charge of the matter returned from their holiday breaks. Some users in the forum thread in question claimed to have randomly generated passwords for their Uplay account. Uplay is Ubisoft's DRM and multiplayer matchmaking system; users who lost access to their accounts were unable to play games registered through it.

Continued : http://www.h-online.com/security/news/item/Ubisoft-investigating-compromised-Uplay-accounts-1778618.html

Also: Ubisoft probes sudden rash of hijack attacks on gamers' accounts

Collapse -
Internet Explorer zero-day exploit found on more websites...
by Carol~ Forum moderator / January 7, 2013 1:13 AM PST
.. Fingers point towards Elderwood Project

Paul Baccas, a researcher at SophosLabs, has uncovered two new sites which have been hit by the recently-discovered Internet Explorer zero-day remote code execution vulnerability.

The attacks bear all the hallmarks of previous infections spread by the so-called Elderwood Project.

First up is a website serving the Uyghur people of East Turkestan: [Screenshot]

A folder called "netyanus" had been created on the website, containing the following files:

Helps.html
deployJava.js
news.html
robots.txt
today.swf
xsainfo.jpg

The website has since been cleaned-up of its malware infection, but clearly whoever infected it had an interest in infecting anyone who visited the site.

Continued : http://nakedsecurity.sophos.com/2013/01/07/internet-explorer-zero-day-attack-websites/
Collapse -
Iran Developing Software to Control Social-Networking Sites
by Carol~ Forum moderator / January 7, 2013 1:13 AM PST

Iran is developing "intelligent software" to control how Iranians can access social-networking sites, according to Associated Press.

The new software will prevent Iranians from being exposed to malicious content while allowing them to take advantage of the "useful aspects" of the Internet, said Iran's chief of police, Gen. Esmail Ahmadi Moghadam, AP reported. Moghadam did not specify which social networking sites would be controlled or when the software will go live.

"The designing of intelligent software to control social networking Web sites" is underway, Moghadam said.

The Iranian government heavily restricts access to social networking sites such as Facebook and Twitter as well as other sites that authorities believe promote dissent or are morally corrupt as part of its strict censorship policy. However, many Iranians bypass the official filters using proxy software and Virtual Private Networks (VPN).

Continued : http://securitywatch.pcmag.com/none/306619-iran-developing-software-to-control-social-networking-sites

Also: Iran Designing Software for Controlled Social Media Access

Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Tech Tip

Know how to save a wet phone?

It's not with a dryer and it's not with rice. CNET shows you the secret to saving your phone.