Spyware, Viruses, & Security forum


NEWS - May 14, 2013

by Carol~ Forum moderator / May 13, 2013 11:10 PM PDT
Outbreak! Fake Amazon UK emails spammed out, delivering malware

Beware! A spate of malicious emails have been spammed out by online criminals, disguised as legitimate communications from the UK branch of online retail giant Amazon.

In a widespread attack, email messages have been distributed designed to trick computer users into opening an attachment disguised as information about an order for an unnamed item.

Here's part of a typical message seen by the experts at SophosLabs: [Screenshot]

From the looks of things, the body of the email itself - which have a subject line of "Your Order with Amazon.co.uk" - is harmless.

Any links contained inside the email do indeed go to the legitimate Amazon UK website, rather than a webpage hosting malware, and there are not attempts to phish for information.

Continued : http://nakedsecurity.sophos.com/2013/05/14/amazon-malware-email/
Post a reply
Discussion is locked
You are posting a reply to: NEWS - May 14, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - May 14, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Dear hacker: Please help us eavesdrop on our customers
by Carol~ Forum moderator / May 13, 2013 11:26 PM PDT
In reply to: NEWS - May 14, 2013

"Saudi telecom seeks help monitoring encrypted Twitter data according to e-mails"

Mobily, a Saudi Arabian telecommunications company with 4.8 million subscribers, is working on a way to intercept encrypted data sent over the Internet by Twitter, Viber, and other mobile apps, a security researcher said Monday.

Moxie Marlinspike, the pseudonymous cryptographer who has identified several security bugs in the secure sockets layer protocol used to protect website transactions, said he learned of the project after receiving an e-mail from company officials. Carrying the subject line "Solution for monitoring encrypted data on telecom," it said the project was required by "the regulator." Marlinspike believed this meant the government of Saudi Arabia. In follow-up e-mails, the Mobily officials said they were looking for ways to bypass the protections built into the SSL and Transport Layer Security protocols so telecom workers could monitor messages spreading terrorism.

"One of the design documents that they volunteered specifically called out compelling a [certificate authority] in the jurisdiction of the UAE or Saudi Arabia to produce SSL certificates that they could use for interception," Marlinspike wrote in a blog post. "A considerable portion of the document was also dedicated to a discussion of purchasing SSL vulnerabilities or other exploits as possibilities."

Continued : http://arstechnica.com/security/2013/05/dear-hacker-please-help-us-eavesdrop-on-our-customers/

Related: Moxie Marlinspike >> Blog >> A Saudi Arabia Telecom's Surveillance Pitch

Collapse -
Telecom fraud - phishing and Trojans combined
by Carol~ Forum moderator / May 13, 2013 11:26 PM PDT
In reply to: NEWS - May 14, 2013

From the Kaspersky Lab Weblog:

In China telecom fraud has become an increasingly common crime. Last year there were more than 170,000 telecom fraud cases, causing the loss of over $12.5 billion. The fraudsters usually call their victims and trick them into transferring cash to a criminal gang via an ATM. But recently a new breed of telecom fraud, which combines phishing sites and backdoor Trojans, has emerged.

Last week the police from the Dongcheng sub-branch of Beijing's Public Security Bureau asked us to help investigate a telecom fraud case. The victim was defrauded of $100,000. After our investigation, the fraudsters' tactics were laid bare.

So how does the scam work? How was the victim deceived?

First you get a call from a 'public prosecutor' saying that you are implicated in a financial crime and you must help with the investigation. Of course, you deny everything, but the 'public prosecutor' advises you to check if you are listed in an official database as a suspected criminal. To do this, they tell you to visit the "Supreme Procuratorate's" website, which is, of course, a phishing site: [Screenshot]

Next they will ask you to check if you are really listed as a criminal by checking your information in the "online finance crime database". This database, of course, is highly confidential and can only be accessed after downloading and running a "plugin": [Screenshot]

That alleged plugin is, in fact, a customized teamviewer application: [Screenshot]

Continued : http://www.securelist.com/en/blog/877/Telecom_fraud_phishing_and_Trojans_combined

Collapse -
Android malware continues to rise
by Carol~ Forum moderator / May 13, 2013 11:26 PM PDT
In reply to: NEWS - May 14, 2013

The first quarter of 2013 was marked by firsts for Android malware that add complexity to the Android threat landscape.

According to F-Secure Labs, January through March saw the first Android threat distribution outside of apps via email spam, the first targeted Android attacks, and the first Android advanced fee fraud scam. Additionally, examples of increased commoditization of Android malware surfaced.

The number of new mobile threat families and variants continued to rise by 49 percent from the previous quarter, from 100 to 149. 136, or 91.3% of these were Android and 13, or 8.7% Symbian. Q1 2013 numbers are more than double that of a year ago in Q1 2012, when 61 new families and variants were discovered.

The new Android techniques are a cause for concern, says Sean Sullivan, Security Advisor at F-Secure Labs. "I'll put it this way: Until now, I haven't worried about my mother with her Android because she's not into apps. Now I have reason to worry because with cases like Stels, Android malware is also being distributed via spam, and my mother checks her email from her phone."

Continued : http://www.net-security.org/malware_news.php?id=2492

@ F-Secure: F-Secure Labs Webinar: Mobile Threat Report Q1 2013

Collapse -
AP news agency spied on by US government
by Carol~ Forum moderator / May 14, 2013 12:41 AM PDT
In reply to: NEWS - May 14, 2013

News agency Associated Press (AP) has accused the US government of secretly and illegally obtaining phone records for 20 of the news agency's phone lines. The agency has revealed (PDF) that its General Counsel Laura Malone was informed of the action by a letter from the US Department of Justice (DoJ). The data related to calls made over a two-month period in 2012 from AP phone lines in New York, Washington and Hartford, Connecticut and in the House of Representatives. The letter from the DoJ failed to provide a reason for its spying activities.

In a letter to the DoJ, the agency asserts that there is no justification for collecting such a broad range of data, which can be used to identify details of the activities of AP staff, including communication with informants. The letter states that AP was given no prior notice of the seizure of its data and that the seizure did not relate to a specific investigation as the law requires.

AP believes that the Department of Justice has infringed its fundamental rights and has asked the government to return the telephone records and destroy all copies. It has also demanded an explanation of the events and clarification of how the government will mitigate the effects of its espionage activities against AP and its reporters.

Continued : http://www.h-online.com/security/news/item/AP-news-agency-spied-on-by-US-government-1862842.html

Obama Administration Secretly Obtains Phone Records of AP Journalists
Government admits seizing two months of AP phone records
AP blasts feds in secret seizure of journalists' phone records tied to story on Al Qaeda-Yemen spying operation

Collapse -
Dorkbot Malware Infects Facebook Users; Spies Browser ..
by Carol~ Forum moderator / May 14, 2013 12:41 AM PDT
In reply to: NEWS - May 14, 2013
... Activities and Grabs Data

A new variant of the Dorkbot malware infects Facebook users worldwide, spreading from one friend to another through the social network's internal chat. The Bitdefender Labs have caught and blocked the worm, which is capable of spying on users' browsing activities and stealing their personal details. The malware family mainly circulates in the US, India, Portugal, the UK, Germany, Turkey and Romania.

The Dorkbot malware poses as a "jpg" image but is actually an executable file. As an IRC bot, the malware is easily coordinated by the attackers from a control and command server. Besides stealing usernames and passwords, the botmaster may also order other malware downloads.

A variant similar to the one currently spreading was detected by the antivirus company two years ago. Like other malware, Backdoor.IRCBot.Dorkbot can update itself once installed on the victim's computer.

Continued : http://www.hotforsecurity.com/blog/dorkbot-malware-infects-facebook-users-spies-browser-activities-and-grabs-data-6165.html
Collapse -
Meet the Con Man Who Pulled Off a Federal Sting That Cost..
by Carol~ Forum moderator / May 14, 2013 12:41 AM PDT
In reply to: NEWS - May 14, 2013
... Google $500 Million

Meet the career con man who made a fortune selling illegal pharmaceuticals online—and pulled off a federal sting that forced Google to pay $500 million

On February 25, 2009, a then 34-year-old career con man named David Anthony Whitaker left the Wyatt Detention Facility in Central Falls, Rhode Island, and slid into the backseat of an unmarked government car. He was dressed in traditional prison garb—khaki pants, brown shirt, handcuffs, leg irons. A federal agent sat beside him. A second car followed to make sure nobody trailed them or attempted an ambush. Not that anyone expected trouble. This was merely standard procedure when transporting a government cooperator.

That's what Whitaker was now: a cooperator. It felt surreal. One year ago he was in Mexico, living the most fulfilling life he'd ever known in his chaotic, troubled years on the planet. He had been bringing in obscene amounts of money by selling black-market steroids and human growth hormone online. He had a multimillion-dollar apartment in a country club in Guadalajara. He had a cabin in the mountain town of Mazamitla. He had lots of cars—an orange 4Runner, a BMW, a Jeep. He'd even funded the construction of a local hospital. Sure, he had to live under an alias and was on the run from US Secret Service agents who were trying to nail him for a long-standing multicount fraud complaint. But he had a lawyer on retainer, and at least the local cops were easy to pay off.

Continued : http://www.wired.com/threatlevel/2013/05/google-pharma-whitaker-sting/all/
Collapse -
Skype with care - Microsoft is reading everything you write
by Carol~ Forum moderator / May 14, 2013 4:16 AM PDT
In reply to: NEWS - May 14, 2013

Anyone who uses Skype has consented to the company reading everything they write. The H's associates in Germany at heise Security have now discovered that the Microsoft subsidiary does in fact make use of this privilege in practice. Shortly after sending HTTPS URLs over the instant messaging service, those URLs receive an unannounced visit from Microsoft HQ in Redmond.

A reader informed heise Security that he had observed some unusual network traffic following a Skype instant messaging conversation. The server indicated a potential replay attack. It turned out that an IP address which traced back to Microsoft had accessed the HTTPS URLs previously transmitted over Skype. Heise Security then reproduced the events by sending two test HTTPS URLs, one containing login information and one pointing to a private cloud-based file-sharing service. A few hours after their Skype messages, they observed the following in the server log:

Continued : http://www.h-online.com/security/news/item/Skype-with-care-Microsoft-is-reading-everything-you-write-1862870.html

Collapse -
Microsoft fixes two critical IE security flaws, including
by Carol~ Forum moderator / May 14, 2013 4:59 AM PDT
In reply to: NEWS - May 14, 2013
... 'nuke' zero-day

Microsoft has dished out 10 security patches, which will fix a total of 33 vulnerabilities. In all, two of the bulletins will resolve 'critical' security flaws.

Included in the patches are eight important updates for Windows, Office, Lync, the .NET Framework, and Windows Essentials, which are hitting the usual update channels today, such as Windows and Microsoft Update.

Bulletin 1 (MS13-037) patches 11 privately reported vulnerabilities in all versions of Internet Explorer 6 and above, including for Windows 8 devices and Windows RT-based tablets. The most severe vulnerability would allow hackers to install malware on an affected machine through a specially-crafted webpage. Microsoft said lower user permissions would mitigate the damage caused by such malware.

Bulletin 2 (MS13-038) relates to the recent "nuke-bug" flaw in Internet Explorer 8, which was discovered earlier this month.

The "watering hole" attacks were aimed at federal government employees at the U.S. Department of Labor and U.S. Department of Energy — the latter focuses on nuclear weapons research and testing. The DOL's website was compromised to direct visitors to a malware-ridden site, which triggered a drive-by download to install the Poison Ivy Trojan. The malware is linked to a hacker group based in China.

Continued: http://www.zdnet.com/microsoft-fixes-two-critical-ie-security-flaws-including-nuke-zero-day-7000015369/

Also: Microsoft fixes 33 vulnerabilities
Collapse -
Firefox now logs your browser's start up time, run time,
by Carol~ Forum moderator / May 14, 2013 5:41 AM PDT
In reply to: NEWS - May 14, 2013
Firefox now logs your browser's start up time, run time, number of crashes, and sends the data to Mozilla

Mozilla on Tuesday announced the release of Firefox 21. In the changelog, the company included an interesting point that's worth elaborating on: "Preliminary implementation of Firefox Health Report."

Those with a sharp memory will remember that Firefox Health Report (FHR) was first announced back in September 2012 and described as a new feature that sends data back to the company in order to help it "build a more excellent browser." In addition to prioritizing development, Mozilla also said FHR would help it "improve performance, fix problems and let users see how their browsing experience compares against other instances of Firefox."

We predicted that the feature would eventually hit the stable version of the browser in Firefox 19 or maybe even Firefox 20. We were off by a version number, and even then, this is only an early version of FHR.

Continued : http://thenextweb.com/insider/2013/05/14/firefox-now-logs-your-browsers-start-up-time-run-time-number-of-crashes-and-sends-the-data-to-mozilla/
Collapse -
That sucks!
by itsdigger / May 14, 2013 5:58 AM PDT

It seems like no matter what we do or where we go , we get tracked. Now even when I go into my settings in Firefox and check the box that say's "Tell websites I do not want to be tracked", Firefox is sill tracking me ? What do we have to do? Always use a Live Cd ?.

Collapse -
Internet Explorer best at blocking malware
by Carol~ Forum moderator / May 14, 2013 6:37 AM PDT
In reply to: NEWS - May 14, 2013

NSS Labs released the results and analysis from its web browser security comparative evaluating the protection offered by five browsers - Safari 5, Chrome 25/26, Internet Explorer 10, Firefox 19 and Opera 12 - against malware downloads (also known as socially engineered malware).

While Chrome's malware download protection improved significantly - rising to more than 83% from 70% in NSS' October 2012 comparative test - Internet Explorer 10 continues to outperform the other browsers with a block rate of 99.96%.

Safari, Firefox and Opera continue to lag far behind Chrome and Internet Explorer with overall block rates of 10.16%, 9.92% and 1.87% respectively.

Application reputation technology boosts block rates

Both Google and Microsoft utilize application reputation services to enhance their general URL blocking capabilities.

Continued : http://www.net-security.org/malware_news.php?id=2493

Latest study finds IE10 is better at blocking malware than Chrome, Safari, Firefox, and Opera
Which Web Browser Offers Best Malware Protection? NSS Labs Releases New 2013 Web Browser Group Test Results
Internet Explorer 10 Much Better than Firefox and Chrome at Blocking Malware - Study

Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions


Free trip to the Grand Prix

Don't miss your chance to win a trip to the Formula 1 Grand Prix in Monaco for you and a plus-one.