Spyware, Viruses, & Security

Alert

NEWS - January 11, 2013

by Carol~ Forum moderator / January 10, 2013 9:27 PM PST
Stable Chrome 24 supports MathML and closes security holes

The latest stable release of Google's Chrome browser brings support for mathematical notation with the MathML XML markup language, along with expanded datalist support. The developers have closed 25 security holes, most of which have been discovered using the AddressSanitizer tool. Google paid out a total of $6000 to the security researchers who discovered three of the eleven vulnerabilities rated with a high priority.

Two Facebook employees earned $4000 for discovering a same origin policy bypass that could be performed with a malformed URL (CVE-2012-5146). $1000 was paid for each of the use-after-free bugs that were discovered in SVG layout and DOM handling of the browser.

MathML support in Chrome 24 allows developers to express mathematical notation on web pages that are then rendered consistently in the browser. Expanded datalist support allows web developers to set specific dates and times for input elements and gives users the ability to enter arbitrary dates and times instead, if they wish to do so. Chrome also includes an updated Flash player (version 11.5.31.137) and miscellaneous speed and stability improvements. Information on all changes introduced with the update is available in the Chromium SVN revision log.

Continued : http://www.h-online.com/security/news/item/Stable-Chrome-24-supports-MathML-and-closes-security-holes-1781648.html

Also: Chrome 24 Fixes More Than 20 Flaws

See Vulnerabilities & Fixes: Google Chrome Multiple Vulnerabilities
Post a reply
Discussion is locked
You are posting a reply to: NEWS - January 11, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - January 11, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Fake Google Chrome Updates Return
by Carol~ Forum moderator / January 10, 2013 9:38 PM PST

From the GFI Labs Blog:

"Oh hey, a new Chrome update! I'd better hurry up and download the file from this random website with no apparent connection to anything remotely related to my web browser".

There are things better left unsaid, and the above is probably floating around near the top somewhere. A scam from a few months ago - fake Chrome update websites leading to Malware - has returned and is currently turning heads. [Screenshot]

The design of the website is identical to the initial rollout, urging the end-user to "Update Google Chrome: To make sure that you're protected by the latest security updates".

If you attempt to download the file while using Chrome, the following prompt appears quicker than Christopher Nolan can make a movie about it: [Screenshot]

The file itself has been around for a while, being seen on around 14 or so websites since around October and is listed at Malwr.com which mentions attempts to access Firefox's Password Manager local database - meanwhile, it's listed on the comments section of VirusTotal as being capable of stealing banking credentials. You'll notice they mention Zeus - indeed, one of the DNS requests made is to a site by the Malware is related to ZBot / Blackhole exploit kit attacks. In fact, it seems to want to swipe information of a very similar nature to a ZBot infection from August of 2012 detailed on the ShadowServer Blog (scroll down to the "data it tries to collect and steal").

Continued : http://www.gfi.com/blog/fake-google-chrome-updates-return/

Collapse -
My Birthday Calendar warning spreads quickly on Facebook, ..
by Carol~ Forum moderator / January 10, 2013 9:38 PM PST
.. generating panic

Facebook users are spreading a warning to their friends and family online about a supposedly malicious application called "My birthday calendar".

The warning about the birthday app claims that "just a click makes it starts (sic) sending requests to all your friends/contacts".

However, it appears that the warnings are causing much more traffic and wasting more time than the supposedly aggressive Facebook application.

Here's what a typical warning looks like: [Screenshot]

WARNING: URGENT! People are getting inquiries allegedly linked to a program called "my birthday calendar". "My birthday calendar" is a malicious application to retrieve data from all profiles. It's very aggressive, just a click makes it starts sending requests to all your friends/contacts. If a request comes from me just ignore it; NOTE please copy and warn your friends

We haven't seen any evidence that a Facebook application called "My Birthday Calendar" is behaving any differently from the many thousands of other Facebook apps.

Continued : http://nakedsecurity.sophos.com/2013/01/11/my-birtday-calendar-facebook-warning/
Collapse -
Hunting Down and Killing Ransomware
by Carol~ Forum moderator / January 10, 2013 9:39 PM PST

From Mark Russinovich's Blog:

Scareware, a type of malware that mimics antimalware software, has been around for a decade and shows no sign of going away. The goal of scareware is to fool a user into thinking that their computer is heavily infected with malware and the most convenient way to clean the system is to pay for the full version of the scareware software that graciously brought the infection to their attention. I wrote about it back in 2006 in my The Antispyware Conspiracy blog post, and the fake antimalware of today doesn't look much different than it did back then, often delivered as kits that franchisees can skin with their own logos and themes. There's even one labeled Sysinternals Antivirus: [Screenshot]

A change that's been occurring in the scareware industry over the last few years is that most scareware today also classifies as ransomware. The examples in my 2006 blog post merely nagged you that your system was infected, but otherwise let you continue to use the computer. Today's scareware prevents you from running security and diagnostic software at the minimum, and often prevents you from executing any software at all. Without advanced malware cleaning skills, a system infected with ransomware is usable only to give in to the blackmailer's demands to pay.

In this blog post I describe how different variants of ransomware lock the user out of their computer, how they persist across reboots, and how you can use Sysinternals Autoruns to hunt down and kill most current ransomware variants from an infected system.

Continued : http://blogs.technet.com/b/markrussinovich/archive/2013/01/07/3543763.aspx

Collapse -
Iran Denies It's Behind Cyber Attacks on US Banks
by Carol~ Forum moderator / January 10, 2013 10:13 PM PST

Iran has denied US media reports it carried out cyber attacks on US banks, the official IRNA news agency said Friday, quoting a statement from Tehran's UN mission.

"The Islamic republic of Iran categorically denies any involvement in cyber attacks on American banks and denounces such methods which are a violation of the sovereignty of nations," the statement said.

US media reported Wednesday that American financial institutions are being pounded with high-powered cyber attacks that some suspect are being orchestrated by Iran as payback for political sanctions.

"There is no doubt within the US government that Iran is behind these attacks," James Lewis, a former official in the state and commerce departments and now a computer security expert at the Center for Strategic and International Studies, told the New York Times.

While the identities of those behind the online onslaught officially remain a mystery, it was clear they were using a potent new weapon for slamming bank websites with overwhelming numbers or requests for information, reports said.

Continued : http://www.securityweek.com/iran-denies-its-behind-cyber-attacks-us-banks

Also: Iran Denies Being Involved in Cyberattacks Against US Banks

Related: Iran Tied to DDoS Attacks Against U.S. Banks, Report

Collapse -
New tool jailbreaks Microsoft Surface slabs in 20 SECONDS
by Carol~ Forum moderator / January 10, 2013 10:13 PM PST

Microsoft was quick to brush off the debugging hack that allows locked-down Windows RT Surface slabs to run any unauthorised desktop software. But now the exploit has been packaged into a slick jailbreaking tool that can unlock a Redmond fondleslab in seconds.

A programmer going by the name of Netham45 has released RT Jailbreak Tool v1, a batch file that automates the Windows RT trick first revealed by security researcher C. L. Rokr.

Netham45 reckons you can jailbreak a slab in about 20 seconds just by running the runExploit.bat file on the tablet and pressing a button, although it may ask a few "self-explanatory" questions afterwards.

The hack lets users install and run any desktop software of their choosing on Microsoft's Surface tablet-laptops and any other Windows RT devices. The Redmond giant wanted punters to only use cryptographically signed apps obtained from the official Windows Store, rather than any old program compiled for RT, the ARM port of Windows 8. The jailbreak hack simply disables this security signature check.

Netham45 has published a list of desktop apps recompiled to run on hacked Windows RT devices, here and here.

Continued : http://www.theregister.co.uk/2013/01/11/windows_rt_jail_break_tool/

Collapse -
How to mitigate: Vulnerability reported in Foxit PDF plugin
by Carol~ Forum moderator / January 10, 2013 11:16 PM PST
...for Firefox

When you think of PDF vulnerabilities and exploits, the first word that comes to mind is probably Adobe.

That's because Adobe's PDF reader has long been the most prevalent product in the marketplace, and the most heavily targeted by attackers and researchers.

But there are plenty of challengers in the PDF software market, and it's important to remember that just "being different" is not enough to deliver security on its own.

Also, since Adobe released Reader X, with its security-oriented sandbox, crooks and researchers alike have found Adobe's PDF nut much harder to crack.

You can therefore expect other vendors of PDF software to start feeling some of the heat that would probably have been aimed entirely at Adobe in years gone by.

Continued : http://nakedsecurity.sophos.com/2013/01/11/vulnerability-in-foxit-pdf-plugin-for-firefox/

Related: Current Foxit Reader can execute malicious code

Also:
PDF app Foxit Reader vulnerable to critical remote code execution flaw
'Better than Adobe' Foxit PDF plugin hit by worse-than-Adobe 0-day
Collapse -
Blackhole Spam Runs Return From Holiday Break
by Carol~ Forum moderator / January 10, 2013 11:16 PM PST

From Trendlabs Security Intelligence Blog:

Blackhole exploit kit (BHEK) spam attacks remain to be a prevalent threat up to this day. In fact, it is one of the top five consumer threats for 2012 due to its use of software vulnerabilities and social engineering tactic of leveraging companies like Verizon, Citibank AT&T, and Western Union among others. Furthermore, there are reports that BHEK recently released updates, which made this threat stealthier than before.

We have continuously monitored this threat and spotted several BHEK campaigns during the holidays. However, we noticed that the perpetrators behind these campaigns took a 'holiday break' so to speak since there weren't any BHEK spam runs from Dec 30 until January 7.

And now that the holidays are over, cybercriminals behind BHEK campaigns are back again, this time spoofing companies like HP, Federal Reserve Bank, and Better Business Bureau. In particular, the Better Business Bureau BHEK spam claims to be a complaint report and urges its recipients to click a link pointing to the said claim letter report. The links eventually lead to sites that host the Blackhole Exploit Kit, which we detect as JS_BLACOLE.TPY. [Screenshot]

Continued : http://blog.trendmicro.com/trendlabs-security-intelligence/blackhole-spam-runs-return-from-holiday-break/

Collapse -
Bank DDoS Attacks Using Compromised Web Servers as Bots
by Carol~ Forum moderator / January 11, 2013 1:24 AM PST

A rash of politically and socially motivated distributed denial-of-service attacks against major U.S. banks has been able to intermittently disrupt online and mobile banking services. The attackers have been able to fire unprecedented amounts of traffic at the likes of Wells Fargo, Bank of America, PNC and many others, temporarily denying customers access to their accounts online.

The attackers claiming responsibility, Izz ad-Din al-Qassam, have used a mix of tools including PHP-based itsoknoproblembro, an offshoot of Brobot, according to Arbor Networks. Researchers at Incapsula, meanwhile, have discovered another tactic this week.

The organization posted a report that the attackers were using one of its clients, a compromised UK website, as a bot after a growing number of encoded PHP requests kicked off unusual alerts from the website.

"A closer look revealed that these intercepted requests were attempts to operate a backdoor and use the website as a bot— an unwilling foot soldier in a DDOS army," wrote security analyst Ronan Atias.

Continued : https://threatpost.com/en_us/blogs/bank-ddos-attacks-using-compromised-web-servers-bots-011113

Also: Secret footsoldier targeting banks reveals meaner, leaner face of DDoS

Collapse -
Homeland Security warns to disable Java amid zero-day flaw
by Carol~ Forum moderator / January 11, 2013 2:18 AM PST

"The U.S. Department of Homeland Security is the latest body to warn users to disable Java software amid escalating concerns over a serious, exploitable vulnerability"

The U.S. Department of Homeland Security has warned users to disable or uninstall Java software on their computers, amid continuing fears and an escalation in warnings from security experts that hundreds of millions of business and consumer users are vulnerable to a serious flaw.

Hackers have discovered a weakness in Java 7 security that could allow the installation of malicious software and malware on machines that could increase the chance of identity theft, or the unauthorized participation in a botnet that could bring down networks or be used to carry out denial-of-service attacks against Web sites.

"We are currently unaware of a practical solution to this problem," said the DHS' Computer Emergency Readiness Team (CERT) in a post on its Web site on Thursday evening. "This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits. Exploit code for this vulnerability is also publicly available."

Java users should disable or uninstall Java immediately to mitigate any damage.

The latest flaw, as earlier reported by ZDNet, is currently being exploited in the wild, security experts have warned. Alienvault Labs have reproduced and verified claims that the new zero-day that exploits a vulnerability in Java 7, according to security expert Brian Krebs.

Continued : http://www.zdnet.com/homeland-security-warns-to-disable-java-amid-zero-day-flaw-7000009713/

Related: Zero-Day Java Exploit Debuts in Crimeware

Also:
Disable Java! Recent 0-day exploit is included in exploit kits
Kill that Java plugin now! New 0-day exploit running wild online
Nasty New Java Zero Day Found; Exploit Kits Already Have It
Protect against latest Java zero-day vulnerability right now: Mal/JavaJar-B

Collapse -
I've been reading about this
by itsdigger / January 11, 2013 2:34 AM PST

but I'm a little confused. Should I uninstall Java Runtime Environment also?

Collapse -
You can remove it or disable it..
by Carol~ Forum moderator / January 11, 2013 3:02 AM PST

Digger..

Chances are you don't need Java installed. Some instances where you might need it would be if you use OpenOffice, or play online games.

Java 7 Update 10 allows you to disable it, instead of removing it. At the bottom of "Dangerous vulnerability in latest Java version" it explains how to disable it in different browsers.

You asked if you should uninstall Java Runtime Environment also? I'm not sure what you mean by "also". Do you have more than one version installed? All prior/older versions should be removed, with the exception of the most recent version. And that would be only if you plan to disable it, as opposed to removing it completely.

Still confused? Let us know..
Carol

Collapse -
Thanks Carol
by itsdigger / January 11, 2013 3:23 AM PST

I thought I uninstalled Java a month or so ago but still had JRE so that's why I was confused. Thank you for you're time...Digger

Collapse -
You're welcome, Digger
by Carol~ Forum moderator / January 11, 2013 3:41 AM PST
In reply to: Thanks Carol

If you're interested..

There's a small utility called JavaRa which cleans up any leftover Java files after an uninstall. It's safe and easy to use. Not a necessity. Just a suggestion.

Carol

Collapse -
I used Revo Uninstaller
by itsdigger / January 11, 2013 3:47 AM PST
In reply to: You're welcome, Digger

in it's advanced mode so I'm pretty sure JRE is gone. Thank You ...Digger

Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Tech for the holiday

Find recipes for July 4 with these foodie apps

The Fourth of July means fireworks, fun and food. If you're planning on a barbecue this weekend, we've got the apps to help you find holiday-inspired recipes.