Spyware, Viruses, & Security forum


NEWS - March 07, 2013

by Carol~ Forum moderator / March 7, 2013 1:12 AM PST
Malware attack poses as security warning from Microsoft Digital Crimes Unit

Windows users - do you take your computer's security seriously?

If so, you might decide to take prompt action when you receive an email seemingly from the Microsoft Digital Crimes Unit.

But that would actually be a big mistake.

You may remember that the Digital Crimes Unit at Microsoft are the folks who have worked hard to bring down botnet servers, including those associated with Zeus, and investigated suspected malware authors.

Here's what today's spammed-out email, which uses the subject line "Security", looks like: [Screenshot]

Attached to the email is a file called Microsoft_STF_install.zip. And, according to the above email, "all users of the internet" should run the program to validate "there" (sic) email account.

Sounds serious, right?

Continued : http://nakedsecurity.sophos.com/2013/03/07/malware-attack-microsoft-digital-crimes/
Post a reply
Discussion is locked
You are posting a reply to: NEWS - March 07, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - March 07, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Rare Kaspersky bug locks up operating system
by Carol~ Forum moderator / March 7, 2013 1:32 AM PST
In reply to: NEWS - March 07, 2013

"By sending a computer running Kaspersky Internet Security 2013 a specially crafted IPv6 packet, attackers can cause the operating system to hang."

A bug in Kaspersky Internet Security 2013 has meant that the software can cause its host operating system to lock up if it receives a specially crafted IPv6 packet.

Posting on the Full Disclosure mailing list earlier this week, security consultant Marc Heuse said that if IPv6 connectivity to the target machine was possible, an attacker could send a specially crafted packet that would result in a denial of services.

"A fragmented packet with multiple but one large extension header leads to a complete freeze of the operating system. No log message or warning window is generated, nor is the system able to perform any task," he wrote.

At the time, Heuse said that the only solution was to remove the offending part of the product, or uninstall it in its entirety.

According to Heuse, he had previously reported the bug to Kaspersky on January 21, and again on Feburary 14.

Continued : http://www.zdnet.com/rare-kaspersky-bug-locks-up-operating-system-7000012227/

Collapse -
U.S. Banks Back Under DDoS Fire
by Carol~ Forum moderator / March 7, 2013 1:32 AM PST
In reply to: NEWS - March 07, 2013

After less than a six-week hiatus, attackers have resumed their distributed-denial of service attacks against U.S. financial institutions.

Last week, the cyber-group calling itself Izz ad-Din al-Qassam Cyber Fighters, threatened to launch a new wave of attacks against banks this week. "During running Operation Ababil Phase 3, like previous phases, a number of American banks will be hit by denial-of-service attacks three days a week on Tuesday, Wednesday, and Thursday during working hours," according to a post on text-sharing site Pastebin.

The warning came after a series of attacks targeted Bank of America, PNC Bank, CapitalOne, Zions bank, 5/3, Inionbank, Comerica, Citizenbank, Peoples, UFCU, Patelco, "and others," on Feb. 25. Yesterday and today, customers of PNC Bank, Wells Fargo, Citibank, Bank of America, and a number of other banks reported being unable to access their bank Websites and online banking pages, according to information compiled by sitedown.co.

While the attackers initially targeted some of the some of the largest financial institution in the U.S., mid-tier institutions, community banks, and credit untions were also targeted in late January.

Continued : http://www.securityweek.com/us-banks-back-under-ddos-fire

Also: Bank DDoS Attacks Resume

Collapse -
Android Responsible for 79 Percent of Mobile Malware in 2012
by Carol~ Forum moderator / March 7, 2013 5:43 AM PST
In reply to: NEWS - March 07, 2013

Android malware continued to gain in share in 2012 and was responsible for 79 percent of all threats for the year, up from 66 percent in 2011, according to security specialist F-Secure's latest Mobile Threat report.

In the fourth quarter alone, 96 new families and variants of Android threats were discovered, which almost doubles the number recorded in the previous quarter. A large share of the Android threats found in the fourth quarter was malware that generates profit through fraudulent short message service (SMS) practices, with 21 of the 96 Android threat variants found contributed by Premium SMS, a malware family that sends out messages to premium rate numbers.

With fraudulent SMS, messages or notifications from these premium rate numbers and services are deleted, keeping the user unaware until charges appear on their bills. The report noted many Android-based threats employ similar tactics, with some signing up the victim to an SMS-based subscription service.

Continued : http://www.eweek.com/android/android-responsible-for-79-percent-of-mobile-malware-in-2012/

Android Accounted For 79% Of All Mobile Malware In 2012, 96% In Q4 Alone, Says F-Secure
F-Secure: Android to blame for 79% of all mobile malware in 2012
Android accounts for most mobile malware, says F-Secure

Collapse -
Software protects passwords via host of dummy cursors
by Carol~ Forum moderator / March 7, 2013 5:43 AM PST
In reply to: NEWS - March 07, 2013

Virtual keyboards have helped thwart keyloggers, but some danger while entering passwords still remained, as some malware is also capable of taking screenshots or even record short videos.

To remove that danger, Japanese security researchers have come up with a novel idea for protecting your passwords from screen-grabbing malware and nosy shoulder surfers.

SymmetricCursors is a system that conceals the position of the mouse's cursor by hiding it within a mass of dummy cursors moving across the screen at different speeds and in different directions, reports DigInfo TV. [VIDEO]

Sophos' Graham Cluley is doubtful that this solution would stymie cyber criminals for long.

"If the Japanese system was widely adopted, is it not possible that - just as malware authors evolved their attacks to steal screenshots rather than just grab keypresses - malware would be developed which would interrogate the computer and ask for the co-ordinates of the mouse cursor?" he asks.

Continued : http://www.net-security.org/secworld.php?id=14565

Collapse -
USA is the best country in the WORLD... for sending spam
by Carol~ Forum moderator / March 7, 2013 5:43 AM PST
In reply to: NEWS - March 07, 2013

The US has reclaimed its position as the world's leading spam-relaying country, but you'd be wasting your time looking for junkmail crimelords...

In the last three months, almost one-fifth (18.3 per cent) of all global spam has been pushed through computers in the US, according to figures from anti-virus firm Sophos.

However, the list illustrates the location of abused computers (almost always Trojan-infected zombie drones) pwned by spammers rather than the location of current spam kingpins. The latest figures suggest that the hackers who harvested compromised computers for spammers are reaping a bumper harvest in the Land of the Free, suggesting that the security of American computers needs to be improved.

In the latter half of 2012, India had been leading the way as a conduit for junk mail but it recently fell back to third place, relaying an estimated 4.2 per cent of spam between December 2012 and February 2013.

The Dirty Dozen, in order, are:

Continued: http://www.theregister.co.uk/2013/03/07/spam_relay_chart/

Related: US takes top spot in spam distribution

Collapse -
FTC dumps on scammers who blasted millions of text messages
by Carol~ Forum moderator / March 7, 2013 6:53 AM PST
In reply to: NEWS - March 07, 2013

The Federal Trade Commission today said it has filed eight court cases to stop companies who have sent over 180 million illegal or deceptive text messages to all manner of mobile users in the past year.

The messages -- of which the FTC said it had received some 20,000 complaints in 2012 -- promised consumers free gifts or prizes, including gift cards worth $1,000 to major retailers such as Best Buy, Walmart and Target. Consumers who clicked on the links in the messages found themselves caught in a confusing and elaborate process that required them to provide sensitive personal information, apply for credit or pay to subscribe to services to get the supposedly "free" cards. In some cases if users responded to the texts, they were subjected to other scams.

According to the FTC, once consumers entered their personal information, they were directed to another site and told they would have to participate in a number of "offers" to be eligible for their gift card. In some cases, consumers were obligated to sign up for as many as 13 of the offers. These offers frequently included recurring subscriptions for which consumers were required to provide credit card information. In other cases, they required consumers to submit applications for credit that would be reflected in their credit reports and possibly affect their credit score. If a consumer completed all of the "offers," they were then notified that to get the promised gift card, they had to find three others who also would complete the offers, the FTC stated.

Continued : http://www.networkworld.com/news/2013/030713-ftc-text-scam-267482.html

Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions

Coming soon

Get behind the wheel with Roadshow

Love cars? Climb into the driver's seat for the latest videos, reviews, shopping advice and picks by our editors delivered to your inbox every week.