14 total posts
Secret Bitcoin mining code added to e-sports software sparks
"E-sports league made $3,600 using the power-hungry GPUs of its users, admin admits."
Competitive video gaming community E-Sports Entertainment Association secretly updated its client software with Bitcoin-mining code that tapped players' computers to mint more than $3,600 worth of the digital currency, one of its top officials said Wednesday.
The admission by co-founder and league administrator Eric 'lpkane' Thunberg came amid complaints from users that their ESEA-supplied software was generating antivirus warnings, computer crashes, and other problems. On Tuesday, one user reported usage of his power-hungry graphics processor was hovering in the 90-percent range even when his PC was idle. In addition to consuming electricity, the unauthorized Bitcoin code could have placed undue strain on the user's hardware since the mining process causes GPUs to run at high temperatures.
"Turns out for the past 2 days, my computer has been farming bitcoins for someone in the esea community," the person with the screen name ENJOY ESEA SHEEP wrote. "Luckily I have family in the software forensics industry."
Continued : http://arstechnica.com/security/2013/05/secret-bitcoin-mining-software-added-to-video-game-sparks-outrage/
Network gaming company uses its "cheat-prevention" client to build a Bitcoin botnet
ESEA gaming client hijacks GPUs for Bitcoin mining
Rogue Employee Turns Gaming Network Into Private Bitcoin Mine
Games network used to 'mine' Bitcoins illegally
A primer on Bitcoin risks and threats
CoinLab Sues Mt.Gox Bitcoin Exchange For $75 Million
Java Applets May Fully Compromise Notes Users
Java applets may fully compromise Notes users with just one click from cyber-criminals sending them through HTML e-mails, according to an IBM security advisory. The vulnerabilities affect 8.0.x, 8.5.x, and the new Notes 9 versions, but the company promises to soon fix the problems.
"This would allow attackers to compromise users reading/previewing an email" through "arbitrary code executions," IBM says.
Full Disclosure researchers also said this can be used to load arbitrary Java applets from remote sources, for information disclosure. The attack may also be used to trigger an HTTP request once the mail is previewed or opened.
"Combined with known Java sandbox escape vulnerabilities, it can be used to fully compromise the user reading the email," researchers said.
Continued : http://www.hotforsecurity.com/blog/java-applets-may-fully-compromise-notes-users-6078.html
Huge Java hole in Lotus Notes
Java applets run wild inside Notes
See Vulnerabilities / Fixes:
IBM Notes Script Insertion Vulnerability
IBM Lotus Notes Script Insertion Vulnerability (2)
DHS: 'OpUSA' May Be More Bark Than Bite
The U.S. Department of Homeland Security is warning that a group of mostly Middle East- and North Africa-based criminal hackers are preparing to launch a cyber attack campaign next week known as "OpUSA" against websites of high-profile US government agencies, financial institutions, and commercial entities. But security experts remain undecided on whether this latest round of promised attacks will amount to anything more than a public nuisance.
DHS-OpUSAA confidential alert, produced by DHS on May 1 and obtained by KrebsOnSecurity, predicts that the attacks "likely will result in limited disruptions and mostly consist of nuisance-level attacks against publicly accessible webpages and possibly data exploitation. Independent of the success of the attacks, the criminal hackers likely will leverage press coverage and social media to propagate an anti-US message."
The DHS alert is in response to chest-thumping declarations from anonymous hackers who have promised to team up and launch a volley of online attacks against a range of U.S. targets beginning May 7. "Anonymous will make sure that's this May 7th will be a day to remember," reads a rambling, profane manifesto posted Apr. 21 to Pastebin by a group calling itself N4M3LE55 CR3W.
Reputation.com resets all user passwords following breach
Reputation.com, one of the places that helps to bury negative search results about you, has been hacked.
The online reputation management company on Tuesday sent a letter to customers telling them that its network security personnel had recently discovered and "swiftly shut down" an external attack on its network. [Screenshot]
Reputation.com said in the letter that the intruder(s) managed to siphon off names and email and physical addresses. In some instances, phone numbers, dates of birth and occupational information was also filched.
On top of that, a list of salted and hashed passwords for "a small minority" of users was accessed, the company said.
Although it's "highly unlikely" the passwords could be decrypted, the company immediately changed all users' passwords, it said.
What was not accessed:
Continued : http://nakedsecurity.sophos.com/2013/05/02/reputation-com-resets-all-user-passwords-following-breach/
Also: Reputation.com Notifies Customers of Network Attack
Backdoor Leads to Facebook and Multi-protocol IM Worm
Backdoor Leads to Facebook and Multi-protocol Instant Messaging Worm
From the Trendlabs Security Intelligence Blog:
DORKBOT, which became notorious for spreading via social media and instant messaging applications (e.g.Skype and mIRC etc.), is now found propagating in multi-protocol instant messaging (IM) apps like Quiet Internet Pager and Digsby.
These apps enable users to communicate via various IM apps. Digsby supports AIM, MSN, Yahoo, ICQ, Google Talk, Jabber, and Facebook Chat accounts while Quiet Internet Pager supports at least four different IM services. Thus, this malware may potentially affect more users because of its wider launchpad for propagation.
Detected as WORM_DORKBOT.SME, this worm sends out shortened URLs to the contacts found in the IM client of the infected system. These URLs point to a file, which is actually an updated copy of DORKBOT uploaded to the file-hosting site Mediafire. This is probably a maneuver to evade detection and easy removal from the system.
Continued : http://blog.trendmicro.com/trendlabs-security-intelligence/backdoor-leads-to-facebook-and-multi-protocol-instant-messaging-worm/
Android virus scanners are easily fooled
Researchers at Northwestern University and North Carolina State University have discovered (PDF) that anti-virus programs for Android can usually be bypassed using trivial means. The researchers developed DroidChameleon, a tool that can modify known malware apps in numerous ways to prevent them from being detected.
Most of the ten scanners they tested mainly performed signature-based analyses. In some cases, simply changing the package name in the metadata was enough for virus scanners to consider the malware harmless. Several scanners could be fooled by unpacking the malware and then creating new installation packages. In other cases, the researchers were successful after encrypting parts of the app or redirecting function calls.
Their conclusion is unambiguous: all ten anti-virus programs could be fooled in one way or another. Many of the methods the researchers used have long been common practice with Windows malware, and some have even been used for deploying Android malware in the past. Tested scanners included anti-virus programs from AVG, Dr. Web, ESET, ESTSoft, Kaspersky, Lookout, Symantec, Trend Micro, Webroot and Zoner.
Continued : http://www.h-online.com/security/news/item/Android-virus-scanners-are-easily-fooled-1856133.html
D-Link publishes beta patches for IP camera flaws
D-Link has published beta patches for vulnerabilities in the firmware of many of its IP surveillance cameras, which could allow a hacker to intercept a video stream.
The company said on its support forum that it will publish a full release of the upgraded firmware within a month. Some of D-Link's consumer IP cameras in its Cloud product line will automatically receive the updates.
"We are releasing beta firmware with the security patch for customers who want to manually update their cameras immediately," a D-Link administrator wrote on the company's support forum.
The administrator also posted instructions for how to upgrade the firmware. Users should not upgrade over a wireless connection, as an error could break the camera.
Security holes in McAfee's ePolicy Orchestrator
A McAfee security advisory details how its ePolicy Orchestrator (ePO) 4.5.6 and earlier and 4.6.5 and earlier are vulnerable to remote code execution and file path traversal. The current version, ePO 5.0 is not affected. ePO is McAfee's security management platform for managing and automating security workflows and compliance.
Two vulnerabilities were discovered in the software and both are exploited by registering a rogue agent on the ePO server and sending a maliciously crafted request. In one, the request makes use of SQL injection in the Agent-Handler component to gain the ability to execute code with system privileges. In the other, the request exploits the file upload process and allows an attacker to upload files into directories on the server, including the /Software/ folder where they can be downloaded by other systems.
Continued : http://www.h-online.com/security/news/item/Security-holes-in-McAfee-s-ePolicy-Orchestrator-1854555.html
Beware of encryption companies bearing gifts!
Ancient Roman propaganda poet Publius Vergilius Maro, better known as Virgil, famously had one of his more cynical characters cry out: [Screenshot]
If you don't know Latin, but you do know that Teucri refers to the people of Troy, and Danaos to the Greeks, you can probably guess what this is about.
The highlighted words mean, "Don't trust the horse, chaps!"
The thing about the Wooden Horse of Troy, of course, was the question that perplexed Laocoon, the priest who is speaking in the extract above, namely, "Why?"
Of all the gifts you could leave behind, why a giant wooden horse? Why that shape? Why that size?
Laocoon even flung his spear at the horse, by way of science, and noted that it didn't produce the sort of resonance that you'd expect from an innocently hollow wooden statue.
But no-one listened, and it didn't go so well for the Teucri after that.
As it happens, this story is about an App Store program that probably isn't a Trojan Horse - I didn't feel like paying six quid to find out, to be honest - but it is a great example of the sort of story that cries out for an answer to "Why?"
The software is called Redact Secure Messenger, and it claims to fill an important niche by sending "heavily encrypted messages from one phone to another without passing through any central servers."
Fake Iron Man 3 Streaming Sites Sprout on Social Media
From the Trendlabs Security Intelligence Blog:
While users are trooping to watch Iron Man 3, some may scour the Internet for bootleg copies or free movie streaming. This gives the bad guys an opportunity to serve users with their dubious schemes.
We conducted a simple Google query and found more than a hundred websites claiming that they provide movie streaming of Iron Man 3. (The movie has already opened in some countries but not the United States, making these claims more credible at first glance.) These supposed streaming sites using popular blog providers, with half of these sites using Tumblr. [Screenshot]
Once visited, these sites ask users to download a video installer file. Based on our analysis, we found that this file was what it said it was - a legitimate video player. This particular video player has been known to display aggressive ads in the past, although we did not see that behavior this time. In addition, the player could be used to download and view pornographic materials.
Online Activities Related to Elections in Malaysia
From the F-Secure Antivirus Research Weblog:
Malaysia's 2013 general elections are scheduled for Sunday, May 5, 2013. Political news coverage is currently inundating all news outlets, including social networking sites, as the country's political parties go into high gear in the final run-up to polling day.
The huge media interest creates an opportunity for malware writers to gain new victims using established social engineering techniques — and sure enough, this week Citizen Lab released a report (pdf) indicating that a sample of the sophisticated FinFisher (a.k.a. FinSpy) surveillance malware was discovered in a document crafted specifically for this event.
The malware was distributed in a booby-trapped Malay-language Microsoft Word document named "SENARAI CADANGAN CALON PRU KE-13 MENGIKUT NEGERI.doc" (In English: "List of proposed candidates for 13th General Elections according to states"). [Screenshot]
The report speculates that the attack document is targeting Malaysians looking for more information related to one of the most closely contested elections in the country's history. F-Secure detects the document in question as Trojan:W32/FinSpy.D.
Continued : http://www.f-secure.com/weblog/archives/00002549.html
Systems manager arrested for hacking former employer's
"He allegedly caused over US$90,000 in damages, the FBI said:
A 41-year-old systems manager was arrested for allegedly disrupting his former employer's network after he was passed over for promotions, leading him to quit his job and take revenge, the FBI said.
Michael Meneses of Smithtown, N.Y., who worked for a company that manufactures high-voltage power supplies, allegedly caused the company more than $90,000 in damages, the FBI New York Field Office said Thursday.
Meneses was employed at the company until January 2012, where he specialized in developing and customizing software the company used to run its business operations, according to the FBI. He was one of two employees responsible for ensuring that the software ran smoothly in order to keep production planning, purchasing and inventory control operating efficiently, it said. This role gave Meneses high-level access to the company's network, the FBI added.
Continued : http://www.networkworld.com/news/2013/050313-systems-manager-arrested-for-hacking-269385.html
Ex-Worker Created Havoc With Hacking, U.S. Says
Ex employee hacked into high-voltage power manufacturer's network
"Hidden" display ads hurt Web ad networks
Thank you for not viewing: "Hidden" display ads hurt Web ad networks
"Researcher finds at least 2% of US Web ads are stuffed in invisible webpages."
There's more than one way to fleece people using Web advertising. Botnets have been harnessed to generate fake clicks by injecting fake links into search results and to click randomly on webpages the infected computer's user never sees. But fraudsters are starting to get more sophisticated in their efforts to get rich off Web advertising.
As Dr. Douglas de Jager, CEO of Spider.io, reported in a blog post today, fraudulent advertising networks are now acting as middlemen between advertising networks placing Web display ads and those stuffing whole hidden webpages of ads into ad slots on legitimate sites. Instead of using bots, this sort of ad fraud uses real humans to generate the traffic—but it never actually shows them the ads that are served up to them.
Display advertising fraud targets ads that are paid for by pageview rather than by click. The use of real-time bidding to auction ad space on websites through exchanges such as Google's DoubleClick Ad Exchange and Microsoft's AdECN has made it possible for fraudulent ad traders to purchase an ad slot through one exchange and then sell it multiple times across others. They "fulfill" all those ads by putting them onto a webpage that gets served up within an ad slot on a legitimate site—with most of its ads hidden from view.