Spyware, Viruses, & Security forum


NEWS - November 01, 2013

by Carol~ Forum moderator / November 1, 2013 2:09 AM PDT
Meet "badBIOS," the mysterious Mac and PC malware that jumps airgaps

Three years ago, security consultant Dragos Ruiu was in his lab when he noticed something highly unusual: his MacBook Air, on which he had just installed a fresh copy of OS X, spontaneously updated the firmware that helps it boot. Stranger still, when Ruiu then tried to boot the machine off a CD ROM, it refused. He also found that the machine could delete data and undo configuration changes with no prompting. He didn't know it then, but that odd firmware update would become a high-stakes malware mystery that would consume most of his waking hours.

In the following months, Ruiu observed more odd phenomena that seemed straight out of a science-fiction thriller. A computer running the Open BSD operating system also began to modify its settings and delete its data without explanation or prompting. His network transmitted data specific to the Internet's next-generation IPv6 networking protocol, even from computers that were supposed to have IPv6 completely disabled.

Strangest of all was the ability of infected machines to transmit small amounts of network data with other infected machines even when their power cords and Ethernet cables were unplugged and their Wi-Fi and Bluetooth cards were removed. Further investigation soon showed that the list of affected operating systems also included multiple variants of Windows and Linux.

Continued : http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/

Related: The "BadBIOS" virus that jumps airgaps and takes over your firmware - what's the story?
Post a reply
Discussion is locked
You are posting a reply to: NEWS - November 01, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - November 01, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Java Attacks Jump as User Patching Lags: Kaspersky Lab
by Carol~ Forum moderator / November 1, 2013 2:18 AM PDT

A new study by researchers with Kaspersky Lab found that the number of attacks on their customers exploiting Java reached more than 14 million between September 2012 and August 2013.

The situation may be exacerbated by many users not keeping up to date with patches. According to Kaspersky Lab (pdf), of the 161 vulnerabilities detected in various versions of Java during the life of the study, most were in versions 1.5, 1.6 and 1.7, which are the most prevalent versions of the software.

"Remarkably, SE 6 U37 — released back in October 2012 — was the most recent version of Java 1.6 in the Top 10 most commonly used versions," according to the report. "The conclusions are obvious: one and a half months after the release of the latest version of Java, most users are still working with vulnerable versions."

Java security has had a rough year from both a security and a public relations standpoint. The presence of high-profile vulnerabilities and activity by attackers arming exploit kits with attack code prompted Oracle in January to pledge security improvements and additional outreach to educate the Java user community.

Continued: http://www.securityweek.com/java-attacks-jump-user-patching-lags-kaspersky-lab

Collapse -
Leveling Up: Gaming Trojan Adds Banks to Target List
by Carol~ Forum moderator / November 1, 2013 2:18 AM PDT

Symantec's Security Response Blog:

Malicious game downloads are not a new phenomenon, but malware authors are now exhibiting a greater degree of ambition in targeting online gamers. A gaming Trojan horse is now targeting user bank accounts in addition to user gaming credentials.

Threats such as Infostealer.Gampass have plagued online gamers for years, stealing user credentials and data. And even though Trojan.Grolker is a relative newcomer to the world of online gaming Trojans, it does have a new avenue of attack.

Symantec has been observing Trojan.Grolker in the wild since the middle of 2012. The majority of infections have been observed in South Korea, with smaller concentrations in Hungary. Attackers have targeted South Korea due to the popularity of online gaming in that country. [Screenshot: Countries targeted with Trojan.Grolker]

Continued : http://www.symantec.com/connect/blogs/leveling-gaming-trojan-adds-banks-target-list

Related: Gaming Trojan Grolker Updated to Steal Banking Credentials

Collapse -
Firefox's plugin-blocker slams into beta - but don't jump ..
by Carol~ Forum moderator / November 1, 2013 2:18 AM PDT
.. for joy, Flash haters

With its latest beta release, the Mozilla Foundation has taken a step further toward making click-to-run the default behavior for all plugins in Firefox.

"Outdated plugins are a big source of security vulnerabilities so this feature will ensure users are safe and Firefox runs smoothly," the Firefox team said in a blog post on Thursday.

Under the new system, instead of automatically running plugins when a page opens, Firefox will replace that content with boxes warning the user that the required plugins may be vulnerable to exploits. The content will only be displayed if the user explicitly activates the plugins - each a potential infection vector for malware.

The one exception to this new policy is Adobe's Flash Player plugin, which Mozilla has determined is used by too many websites to fall under the manual activation requirement. But Firefox users will only be able to dodge the click-to-run warning if the version of the Flash plugin they have installed is the latest one.

Continued: http://www.theregister.co.uk/2013/11/01/firefox_plugin_blocking_enters_beta/
Collapse -
How To Avoid CryptoLocker Ransomware
by Carol~ Forum moderator / November 1, 2013 7:55 AM PDT

Over the past several weeks, a handful of frantic Microsoft Windows users have written in to ask what they might do to recover from PC infections from "CryptoLocker," the generic name for an increasingly prevalent and nasty strain of malicious software that encrypts your files until you pay a ransom. Unfortunately, the answer for these folks is usually either to pay up or suck it up. This post offers a few pointers to help readers avoid becoming the next victim. [Screenshot]

According to reports from security firms, CryptoLocker is most often spread through booby-trapped email attachments, but the malware also can be deployed by hacked and malicious Web sites by exploiting outdated browser plugins.

The trouble with CryptoLocker is not so much in removing the malware — that process appears to be surprisingly trivial in most cases. The real bummer is that all of your important files — pictures, documents, movies, MP3s — will remain scrambled with virtually unbreakable encryption unless and until you pay the ransom demand, which can range from $100 to $300 (and payable only in Bitcoins).

Continued : http://krebsonsecurity.com/2013/11/how-to-avoid-cryptolocker-ransomware/

Collapse -
Google Chrome to Automatically Block Malicious Downloads
by Carol~ Forum moderator / November 1, 2013 7:55 AM PDT

Google is planning to add a new feature to its Chrome browser that will block malicious downloads automatically, helping to prevent drive-by downloads and the kind of malware that rides along with supposedly legitimate software.

The new addition to Chrome already is in the development queue, appearing in the company's Canary channel, which is the earliest development release available. The feature is meant to help protect users against the kind of malware that often is installed with users' knowledge and make changes to their machines or install other malicious components such as keyloggers or Trojans.

With this new feature enabled, Chrome will show users a small notification in the bottom of the browser window, alerting them that a download has been blocked automatically.

Continued : http://threatpost.com/google-chrome-to-automatically-block-malicious-downloads/102765

Chrome-related: Chrome gains factory reset button

Collapse -
Fake Snapchat Install Leads to Adware
by Carol~ Forum moderator / November 1, 2013 7:55 AM PDT

ThreatTrack Security Labs Blog:

Our Labs recently identified numerous files claiming to be Snapchat.exe, which is a popular photo messaging application. These files were most assuredly not Snapchat, so we were curious to find out what was going on.

As it turns out, a quick search in Bing brings forth answers: [Screenshot]

The very first entry under the search is an ad, leading to videonechat(dot)com. [Screenshot]

The website simultaneously talks about installing Snapchat, while listing the program as "Dorgem" in small letters in the grey box on the top right hand side.

At this point, you might want to take a wild guess as to whether you're going to end up with Snapchat, a hugely popular and current application, or a now discontinued webcam capture program called Dorgem which has been bundled with programs you likely don't need.

Continued: http://www.threattracksecurity.com/it-blog/fake-snapchat-install-leads-adware/

Collapse -
Thanks for this...
by Dafydd Forum moderator / November 1, 2013 8:05 AM PDT

..all relevant to me.


Collapse -
More Winwebsec Stolen Certificates Surface
by Carol~ Forum moderator / November 1, 2013 9:14 AM PDT

From ThreatTrack Security Labs:

November 1, 2013

Even more rogue Winwebsec certificates are making the rounds again.

ThreatTrack Security Labs has discovered a new certificate purportedly issued by Comodo for the company "Cognitive Finance Technologies," with cofite.com listed as the company's website.

Issues around Winwebsec malware signed certificates have been making the rounds for several weeks, most recently earlier this week involving Verisign certificates. All the previous Verisign certificates have been revoked. Earlier in October, Kuluoz Malware caused problems by dropping a signed Winwebsec certificate onto PCs. [Screenshot]

ThreatTrack Security Labs has alerted Comodo and Cognitive Finance Technologies to the Winwebsec certificates, but hasn't received a response as of the publishing of this article.

Continued : http://www.threattracksecurity.com/it-blog/winwebsec-certificates-surface-comodo/

* * * * * * * * * * * * * * * * * * * * * * * * * * * *

More Winwebsec Malware Signed Certificates

October 29, 2013

ThreatTrack Security Labs have been tracking a number of Winwebsec infections recently which have come complete with stolen signed certificates - not a good thing to have happen. In the past three weeks our researchers have found four different legitimate but compromised certificates from various companies being used to sign the rogue Winwebsec files, which could allow these extremely malicious files to bypass or sidestep security software and processes.

Two of those certificates are now revoked - the remaining two have been submitted to Verisign (with supporting data) for revocation, though so far we have not received any acknowledgement or other communication from Versign at time of writing. You'll notice only 3 certificates listed - the "missing" valid certificate was featured in this writeup a few weeks back, and the VT link can be seen here.

Continued : http://www.threattracksecurity.com/it-blog/winwebsec-stolen-signed-certificates/

Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions


Free trip to the Grand Prix

Don't miss your chance to win a trip to the Formula 1 Grand Prix in Monaco for you and a plus-one.