Spyware, Viruses, & Security

Alert

NEWS - June 06, 2013

by Carol~ Forum moderator / June 6, 2013 5:04 AM PDT
US government shown to be collecting millions of Verizon phone records

Many of us who make phone calls every day might think that they are being monitored by an outside group or government entity. For millions of Verizon customers, that appears to be actually happening. The Guardian website reports it has received a leaked copy of a top secret court order that forces Verizon to turn over phone records to the National Security Agency.

The story has a link to a copy of the specific court order from the Foreign Intelligence Surveillance Court. It gives the US government permission to obtain phone records, both generated domestically and internationally, from Verizon's Business Network Services and Verizon Business Services. The court order does not seem to extend to Verizon's consumer phone service nor does it cover the Verizon Wireless mobile phone service.

While the court order does not allow the government to actually listen to the content of any Verizon phone calls, they can get information on things like the time and length of each call, the locations from where the calls originated and more. The court order also keeps Verizon from telling its affected customers their phone records are being turned over to the NSA.

Continued : http://www.neowin.net/news/us-government-shown-to-be-collecting-millions-of-verizon-phone-records

Related:
Report: Secret court order gives US access to Verizon call records
NSA legally forces Verizon to hand over all phone records on a daily basis
Report: NSA Was Granted Order to Snag Millions of Verizon Call Records for 3 Months
Verizon Breaks Silence on Top-Secret Surveillance of Its Customers
Post a reply
Discussion is locked
You are posting a reply to: NEWS - June 06, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - June 06, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Microsoft and FBI storm ramparts of Citadel botnets
by Carol~ Forum moderator / June 6, 2013 5:07 AM PDT
In reply to: NEWS - June 06, 2013

The ZeuS-derived Citadel botnet, which rose to public prominence last year, is being progressively disabled by Microsoft and the FBI is on the hunt for its masters.

Microsoft says Citadel was used to raid bank accounts around the world and netted more than $US500m. Redmond's Digital Crimes Unit says 1,000 of the estimated 1,400 botnets created by Citadel have now been booted offline.

According to Reuters, institutions hit by the botnet include American Express, Bank of America, Citigroup, Credit Suisse, eBay's PayPal, HSBC, JPMorgan Chase, Royal Bank of Canada and Wells Fargo.

Citadel, whose capabilities include keylogging, emerged after the source code for the infamous ZeuS cybercrime toolkit was released in 2011. The combination of open source code and forums for virus-writers allowed it to evolve quickly, getting features such as encrypted malware configuration files and blacklisting of security vendor Websites.

Microsoft's post concedes that not all of the botnets have been taken down, but Richard Boscovich of the Digital Crimes Unit believes it will "significantly disrupt Citadel's operation".

Continued : http://www.theregister.co.uk/2013/06/06/microsoft_feds_breach_citadel_botnets/

Also:
Microsoft, Authorities Disrupt Hundreds of Citadel Botnets with 'Operation b54'
Microsoft, FBI go after major bank-account stealing cybercrime ring
Microsoft and FBI collaborate to take down $500 million 'Citadel' botnet ring

Collapse -
Not the Mobile Antivirus You Were Looking For
by Carol~ Forum moderator / June 6, 2013 5:39 AM PDT
In reply to: NEWS - June 06, 2013

From the F-Secure Antivirus Research Weblog:

While browsing Malaysiakini (a popular Malaysian website) on an Android phone, one of our analysts spotted this advertisement: [Screenshot]

Clicking on the ad led to an external site displaying the following: [Screenshot]

Looks reminiscent of the kind of text we've seen for years on webpages pushing rogues for Windows systems (and sometimes Mac).

Clicking on the "Download and Scan Now" button leads to an image, which looks like an antivirus app: [Screenshot]

Clicking on the image brings you to a page that asks for your phone number and displays some interesting text: [Screenshot]

"This is an ongoing subscription service until you quit. You will receive 4 sms per week and chargeable at RM4 per message. Only [REMOVED] user will receives max 3 sms per week and chargeable at RM4 per message. Data charges are billed separately by mobile operators."

Continued : http://www.f-secure.com/weblog/archives/00002565.html

Collapse -
The most sophisticated Android Trojan
by Carol~ Forum moderator / June 6, 2013 5:39 AM PDT
In reply to: NEWS - June 06, 2013

From Kaspersky Labs:

Recently, an Android application came to us for analysis. At a glance, we knew this one was special. All strings in the DEX file were encrypted, and the code was obfuscated.

The file turned out to be a multi-functional Trojan, capable of the following: sending SMS to premium-rate numbers; downloading other malware programs, installing them on the infected device and/or sending them further via Bluetooth; and remotely performing commands in the console. Now, Kaspersky Lab's products detect this malicious program as Backdoor.AndroidOS.Obad.a. [Screenshot]

Malware writers typically try to make the codes in their creations as complicated as possible, to make life more difficult for anti-malware experts. However, it is rare to see concealment as advanced as Odad.a's in mobile malware. Moreover, this complete code obfuscation was not the only odd thing about the new Trojan.

Continued : http://www.securelist.com/en/blog/8106/The_most_sophisticated_Android_Trojan

Collapse -
Updated: More than 360,000 Apache websites imperiled by ..
by Carol~ Forum moderator / June 6, 2013 5:52 AM PDT
In reply to: NEWS - June 06, 2013
... critical Plesk vulnerability

"Publicly available attack code exploits remote-code bug in Plesk admin panel."

Update:

Contrary to what Ars reported earlier, Pleaks representatives responded promptly to requests for comment. Those responses were blocked by a spam filter. On Thursday morning, the company's vice president of shared hosting and control panels, Craig Bartholomew, told Ars that Plesk version 9.5.4 is not vulnerable, contradicting claims from kingcope that it is susceptible.

"Starting with Plesk 9.3, we have a CGI wrapper that deflects such calls to Apache," Bartholomew said. "You can't get directly to Apache this way. Our understanding is this vulnerability affects 4 percent of all Plesk installatons that we know of."

Bartholomew went on to say the attack code exploits the below-referenced CVE-2012-1823 vulnerability, but does so "with a twist."

Kingcope wasn't immediately available to respond. The text of the original article is below.

Hundreds of thousands of websites could be endangered by publicly available attack code exploiting a critical vulnerability in the Plesk control panel. This particular vulnerability gives hackers control of the server it runs on according to security researchers.

Continued : http://arstechnica.com/security/2013/06/more-than-360000-apache-websites-imperiled-by-crticial-vulnerability/

Related:
Plesk Zero-Day Exploit Results in Compromised Webserver
Supposed zero-day exploit for Plesk
Collapse -
Backdoor Wipes MBR, Locks Screen
by Carol~ Forum moderator / June 6, 2013 5:52 AM PDT
In reply to: NEWS - June 06, 2013

From the Trendlabs Security Intelligence Blog:

German users are at risk of having their systems rendered unusable by a malware that we're seeing being sent via spam messages. This particular malware, on top of its ability to remotely control an affected system, is able to wipe out the Master Boot Record - a routine that had previously caused a great crisis in South Korea.

We recently uncovered this noteworthy backdoor as an attached file in certain spam variants. The spam sample we found is in German and forces recipients to pay for a certain debt, the details of which are contained in the attachment. Those who open the attachment are actually tricked into executing the malware, in this instance, a backdoor. [Screenshot]

Like any backdoor, BKDR_MATSNU.MCB performs certain malicious commands, which include gathering machine-related information and send it to its command-and-control (C&C) server. However, the backdoor's most noteworthy feature is its capability to wipe the Master Boot Record (MBR). The wiping of the MBR was recently used in the high-profile (but different) attack against certain South Korean institutions. What makes this routine problematic is that once done, infected systems won't reboot normally and will leave users with unusable machines.

Continued : http://blog.trendmicro.com/trendlabs-security-intelligence/backdoor-wipes-mbr-locks-screen/

Collapse -
Phishers target Yahoo users
by Carol~ Forum moderator / June 6, 2013 6:21 AM PDT
In reply to: NEWS - June 06, 2013

From the Zscaler Research Threat Lab Blog:

Yahoo Mail introduced two-factor authentication in December 2011. Two-factor authentication can be used to prevent suspicious access to an account (login from a different country, numerous failed login attempts, etc.) and can be used to verify a user's identity when asking for a password reset.

Two-factor authentication has been in the news a fair bit lately as LinkedIn and Twitter have recently begun to offer the feature. We encountered an example whereby a phisher actually took advantage of heightened awareness of two-factor authentication to aid in an attack. The scam involved spoofed e-mails, which claim that all Yahoo users must turn on two-factor authentication:
[Screenshot: Phishing e-mail to Yahoo Mail users]

The e-mail has a spoofed FROM address (@yahoo.com) and a fake link to http: //update.yahoo.com/. The user clicking on this link is actually redirected to a phishing page at http: //www.antek.com/pics/tiles/yahoo.com.html as shown below:

Continued : https://research.zscaler.com/2013/06/phishers-target-yahoo-users.html

Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Tech Tip

Know how to save a wet phone?

It's not with a dryer and it's not with rice. CNET shows you the secret to saving your phone.