15 total posts
Fake Google Chrome Updates Return
From the GFI Labs Blog:
"Oh hey, a new Chrome update! I'd better hurry up and download the file from this random website with no apparent connection to anything remotely related to my web browser".
There are things better left unsaid, and the above is probably floating around near the top somewhere. A scam from a few months ago - fake Chrome update websites leading to Malware - has returned and is currently turning heads. [Screenshot]
The design of the website is identical to the initial rollout, urging the end-user to "Update Google Chrome: To make sure that you're protected by the latest security updates".
If you attempt to download the file while using Chrome, the following prompt appears quicker than Christopher Nolan can make a movie about it: [Screenshot]
The file itself has been around for a while, being seen on around 14 or so websites since around October and is listed at Malwr.com which mentions attempts to access Firefox's Password Manager local database - meanwhile, it's listed on the comments section of VirusTotal as being capable of stealing banking credentials. You'll notice they mention Zeus - indeed, one of the DNS requests made is to a site by the Malware is related to ZBot / Blackhole exploit kit attacks. In fact, it seems to want to swipe information of a very similar nature to a ZBot infection from August of 2012 detailed on the ShadowServer Blog (scroll down to the "data it tries to collect and steal").
Continued : http://www.gfi.com/blog/fake-google-chrome-updates-return/
My Birthday Calendar warning spreads quickly on Facebook, ..
.. generating panic
Facebook users are spreading a warning to their friends and family online about a supposedly malicious application called "My birthday calendar".
The warning about the birthday app claims that "just a click makes it starts (sic) sending requests to all your friends/contacts".
However, it appears that the warnings are causing much more traffic and wasting more time than the supposedly aggressive Facebook application.
Here's what a typical warning looks like: [Screenshot]
WARNING: URGENT! People are getting inquiries allegedly linked to a program called "my birthday calendar". "My birthday calendar" is a malicious application to retrieve data from all profiles. It's very aggressive, just a click makes it starts sending requests to all your friends/contacts. If a request comes from me just ignore it; NOTE please copy and warn your friends
We haven't seen any evidence that a Facebook application called "My Birthday Calendar" is behaving any differently from the many thousands of other Facebook apps.
Continued : http://nakedsecurity.sophos.com/2013/01/11/my-birtday-calendar-facebook-warning/
Hunting Down and Killing Ransomware
From Mark Russinovich's Blog:
Scareware, a type of malware that mimics antimalware software, has been around for a decade and shows no sign of going away. The goal of scareware is to fool a user into thinking that their computer is heavily infected with malware and the most convenient way to clean the system is to pay for the full version of the scareware software that graciously brought the infection to their attention. I wrote about it back in 2006 in my The Antispyware Conspiracy blog post, and the fake antimalware of today doesn't look much different than it did back then, often delivered as kits that franchisees can skin with their own logos and themes. There's even one labeled Sysinternals Antivirus: [Screenshot]
A change that's been occurring in the scareware industry over the last few years is that most scareware today also classifies as ransomware. The examples in my 2006 blog post merely nagged you that your system was infected, but otherwise let you continue to use the computer. Today's scareware prevents you from running security and diagnostic software at the minimum, and often prevents you from executing any software at all. Without advanced malware cleaning skills, a system infected with ransomware is usable only to give in to the blackmailer's demands to pay.
In this blog post I describe how different variants of ransomware lock the user out of their computer, how they persist across reboots, and how you can use Sysinternals Autoruns to hunt down and kill most current ransomware variants from an infected system.
Continued : http://blogs.technet.com/b/markrussinovich/archive/2013/01/07/3543763.aspx
Iran Denies It's Behind Cyber Attacks on US Banks
Iran has denied US media reports it carried out cyber attacks on US banks, the official IRNA news agency said Friday, quoting a statement from Tehran's UN mission.
"The Islamic republic of Iran categorically denies any involvement in cyber attacks on American banks and denounces such methods which are a violation of the sovereignty of nations," the statement said.
US media reported Wednesday that American financial institutions are being pounded with high-powered cyber attacks that some suspect are being orchestrated by Iran as payback for political sanctions.
"There is no doubt within the US government that Iran is behind these attacks," James Lewis, a former official in the state and commerce departments and now a computer security expert at the Center for Strategic and International Studies, told the New York Times.
While the identities of those behind the online onslaught officially remain a mystery, it was clear they were using a potent new weapon for slamming bank websites with overwhelming numbers or requests for information, reports said.
Continued : http://www.securityweek.com/iran-denies-its-behind-cyber-attacks-us-banks
Also: Iran Denies Being Involved in Cyberattacks Against US Banks
Related: Iran Tied to DDoS Attacks Against U.S. Banks, Report
New tool jailbreaks Microsoft Surface slabs in 20 SECONDS
Microsoft was quick to brush off the debugging hack that allows locked-down Windows RT Surface slabs to run any unauthorised desktop software. But now the exploit has been packaged into a slick jailbreaking tool that can unlock a Redmond fondleslab in seconds.
A programmer going by the name of Netham45 has released RT Jailbreak Tool v1, a batch file that automates the Windows RT trick first revealed by security researcher C. L. Rokr.
Netham45 reckons you can jailbreak a slab in about 20 seconds just by running the runExploit.bat file on the tablet and pressing a button, although it may ask a few "self-explanatory" questions afterwards.
The hack lets users install and run any desktop software of their choosing on Microsoft's Surface tablet-laptops and any other Windows RT devices. The Redmond giant wanted punters to only use cryptographically signed apps obtained from the official Windows Store, rather than any old program compiled for RT, the ARM port of Windows 8. The jailbreak hack simply disables this security signature check.
Netham45 has published a list of desktop apps recompiled to run on hacked Windows RT devices, here and here.
Continued : http://www.theregister.co.uk/2013/01/11/windows_rt_jail_break_tool/
Blackhole Spam Runs Return From Holiday Break
From Trendlabs Security Intelligence Blog:
Blackhole exploit kit (BHEK) spam attacks remain to be a prevalent threat up to this day. In fact, it is one of the top five consumer threats for 2012 due to its use of software vulnerabilities and social engineering tactic of leveraging companies like Verizon, Citibank AT&T, and Western Union among others. Furthermore, there are reports that BHEK recently released updates, which made this threat stealthier than before.
We have continuously monitored this threat and spotted several BHEK campaigns during the holidays. However, we noticed that the perpetrators behind these campaigns took a 'holiday break' so to speak since there weren't any BHEK spam runs from Dec 30 until January 7.
And now that the holidays are over, cybercriminals behind BHEK campaigns are back again, this time spoofing companies like HP, Federal Reserve Bank, and Better Business Bureau. In particular, the Better Business Bureau BHEK spam claims to be a complaint report and urges its recipients to click a link pointing to the said claim letter report. The links eventually lead to sites that host the Blackhole Exploit Kit, which we detect as JS_BLACOLE.TPY. [Screenshot]
Continued : http://blog.trendmicro.com/trendlabs-security-intelligence/blackhole-spam-runs-return-from-holiday-break/
Bank DDoS Attacks Using Compromised Web Servers as Bots
A rash of politically and socially motivated distributed denial-of-service attacks against major U.S. banks has been able to intermittently disrupt online and mobile banking services. The attackers have been able to fire unprecedented amounts of traffic at the likes of Wells Fargo, Bank of America, PNC and many others, temporarily denying customers access to their accounts online.
The attackers claiming responsibility, Izz ad-Din al-Qassam, have used a mix of tools including PHP-based itsoknoproblembro, an offshoot of Brobot, according to Arbor Networks. Researchers at Incapsula, meanwhile, have discovered another tactic this week.
The organization posted a report that the attackers were using one of its clients, a compromised UK website, as a bot after a growing number of encoded PHP requests kicked off unusual alerts from the website.
"A closer look revealed that these intercepted requests were attempts to operate a backdoor and use the website as a bot— an unwilling foot soldier in a DDOS army," wrote security analyst Ronan Atias.
Continued : https://threatpost.com/en_us/blogs/bank-ddos-attacks-using-compromised-web-servers-bots-011113
Also: Secret footsoldier targeting banks reveals meaner, leaner face of DDoS
I've been reading about this
but I'm a little confused. Should I uninstall Java Runtime Environment also?
You can remove it or disable it..
Chances are you don't need Java installed. Some instances where you might need it would be if you use OpenOffice, or play online games.
Java 7 Update 10 allows you to disable it, instead of removing it. At the bottom of "Dangerous vulnerability in latest Java version" it explains how to disable it in different browsers.
You asked if you should uninstall Java Runtime Environment also? I'm not sure what you mean by "also". Do you have more than one version installed? All prior/older versions should be removed, with the exception of the most recent version. And that would be only if you plan to disable it, as opposed to removing it completely.
Still confused? Let us know..
I thought I uninstalled Java a month or so ago but still had JRE so that's why I was confused. Thank you for you're time...Digger
You're welcome, Digger
If you're interested..
There's a small utility called JavaRa which cleans up any leftover Java files after an uninstall. It's safe and easy to use. Not a necessity. Just a suggestion.
I used Revo Uninstaller
in it's advanced mode so I'm pretty sure JRE is gone. Thank You ...Digger