Spyware, Viruses, & Security forum


NEWS - October 02, 2013

by Carol~ Forum moderator / October 2, 2013 1:08 AM PDT
Blood-sucking botnet narrowly escapes extermination, lives to leech again

"P2P resiliency allows ZeroAccess to continue reaping click fraud windfall"

A highly resilient botnet conservatively estimated to generate about $700,000 per year in fraudulent advertising revenue narrowly escaped a shutdown engineered by whitehats from security firm Symantec.

Symantec researchers have estimated that ZeroAccess, until recently a network of about 1.9 million infected computers, generates about 1,000 fraudulent clicks per day on each machine it controls. It also harnessed the electricity and hardware at the disposal of compromised machines to carry out the mathematical operations required to "mine" bitcoins. The unusually large footprint combined with the high collective cost on advertisers and PC owners made ZeroAccess one of the most menacing botnets in current circulation. Symantec researchers set out to "sinkhole" the botnet by taking control of the command-and-control mechanism botmasters use to send and receive data from individual bots.

But there was a challenge. ZeroAccess implements a peer-to-peer architecture that was designed to withstand takedown attempts. Unlike traditional botnets that use a relatively small number of servers to communicate with infected machines, these bots exchanged data with hundreds of their peers, which in turn exchanged data with hundreds of peers.

Continued : http://arstechnica.com/security/2013/09/blood-sucking-botnet-narrowly-escapes-extermination-lives-to-leech-again/

ZeroAccess: The Most Profitable Botnet
Researchers sinkhole half a million ZeroAccess bots
Post a reply
Discussion is locked
You are posting a reply to: NEWS - October 02, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - October 02, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Portable USB drive fixes malware-crippled machines
by Carol~ Forum moderator / October 2, 2013 1:43 AM PDT

Malwarebytes launched Techbench, a tool to help IT workers fix and restore even the most malware-infected computers. The 16GB USB simply needs to be plugged into the infected computer, before it automatically scans and removes even the most advanced Trojans, spyware, worms and other malicious software.

Techbench automatically quarantines all malicious software on the USB stick to prevent reinfection. The software also uses Malwarebytes Chameleon, a product designed to neutralize modern malware automatic countermeasures.

The product was directly conceived by Malwarebytes' founder and CEO Marcin Kleczynski, himself a former computer technician. Marcin's many hours fixing infected computers at his local PC repair shop, even though they already had AV software installed, was what initially inspired him to set up Malwarebytes.

Commenting on the launch, Kleczynski said: "Techbench is made by technicians, for technicians. As an IT support worker, there is nothing more frustrating than dealing with an endless line of computers infected with stubborn malware, each needing a different type of fix.

Continued : http://www.net-security.org/malware_news.php?id=2605

Related: Malwarebytes puts automatic antivirus cleanup on USB stick

@ the Malwarebytes Unpacked Blog: Introducing Malwarebytes Techbench

Collapse -
(NT) Now that's brilliant, as would be Anti-Virus software. Rob
by Ziks511 / October 3, 2013 4:53 PM PDT
Collapse -
Facebook Graph Search can now paw through your posts and ..
by Carol~ Forum moderator / October 2, 2013 1:47 AM PDT
.. status updates

It's been nearly 10 months, but finally, the wait is over: We can now run Facebook searches to find single women who like men and like getting drunk and who might happen to mention such things in posts and status updates.

Thanks goes to the rollout of Facebook Graph Search's ability to search every single public Facebook post and status update ever made, announced by Facebook on Monday.

The searches can be modified by time - "All of my posts from 2012," for example - location, or the people who participated.

Graph Search for post and status updates is rolling out slowly to a small group of people who currently have Graph Search, Facebook says, including those who signed up for the limited beta of Graph Search, announced in January.

Continued: http://nakedsecurity.sophos.com/2013/10/02/facebook-graph-search-can-now-paw-through-your-posts-and-status-updates/

Facebook allows full personal data ransack with Graph Search
Facebook extends Graph Search to include posts, updates, comments
Collapse -
Yahoo Offers $12.50 as Bug Bounty
by Carol~ Forum moderator / October 2, 2013 1:47 AM PDT

Major companies have realized both the PR and practical value in paying security researchers a bounty for the responsible disclosure of bugs and vulnerabilities they find: it demonstrates a responsible attitude towards security while being a relatively inexpensive way of finding problems.

But it can also have a negative effect if not handled sensitively. Facebook famously denied Khalil Shreateh a bug bounty even though he had tried to report a bug 'responsibly.' Failing to do so, he demonstrated the flaw by posting directly to Mark Zuckerberg's wall.

The official response from Facebook was that since he did not follow their written procedure for reporting bugs, he did not qualify for a bounty. This is a reaonable position to take - but the widespread public perception was that he was denied a reward out of pique because he hacked Zuckerberg himself. So much so, in fact, that the security industry clubbed together and privately provided a $13,000+ reward (donated by more than 300 individuals).

Continued : http://www.infosecurity-magazine.com/view/34812/yahoo-offers-1250-as-bug-bounty-/

Yahoo pays first bug bounty - $12.50 in Company Store credit
Yahoo! Pays! Paltry! $12.50! Bug! Bounty! For! Nasty! Email! Vuln!
Yahoo offers its first tepid bug bounty

Collapse -
Barack Obama's SSL certificate, NASA and NIST among those..
by Carol~ Forum moderator / October 2, 2013 2:34 AM PDT
.. to fall as government shutdown hits sites

The United States government has begun a partial shutdown, after Congress failed to approve funding for government operations. It's obviously a huge news story if you live in America, but it also has an impact on the web for the rest of the world's surfers too.

As Netcraft reports, among those who have suffered is Barack Obama himself. His website at http://www.barackobama.com may still be up and running, but no-one has paid for his SSL certificate to be renewed.

The certificate for this website is invalid. You might be connecting to a website that is pretending to be "barackobama.com", which could put your confidential information ay risk.

NIST, the National Institute of Standards and Technology, has a stark message on the front of its website at http://nist.gov/

NIST Closed, NIST and Affiliated Web Sites Not Available

Due to a lapse in government funding, the National Institute of Standards and Technology (NIST) is closed and most NIST and affiliated web sites are unavailable until further notice. We sincerely regret the inconvenience.

Continued: http://grahamcluley.com/2013/10/barack-obama-nasa-nist-government-shutdown/
Collapse -
Fake Facebook Mobile Page Steals Credit Card Details
by Carol~ Forum moderator / October 2, 2013 3:00 AM PDT

From the TrendLabs Security Intelligence Blog:

We recently encountered a mobile phishing page that looks very similar to the official Facebook mobile page. However, looking closely into the URL address, there are noticeable differences. The real Facebook page is located at https://m.facebook.com/login and has the lock icon to show that the page is secured. [Screenshot]

This page tries to steal more than Facebook credentials. Should users actually try to log in, the page then prompts users to choose a security question. This may sound harmless, but these same security questions might be used across several different sites, and can compromise your security as well. [Screenshot]

Once users are done, they are led to another page, this time asking for their credit card details.

Continued : http://blog.trendmicro.com/trendlabs-security-intelligence/fake-facebook-mobile-page-steals-credit-card-details/

Collapse -
Data Broker Hackers Also Compromised NW3C
by Carol~ Forum moderator / October 2, 2013 5:17 AM PDT

The same miscreants responsible for breaking into the networks of America's top consumer and business data brokers appear to have also infiltrated and stolen huge amounts of data from the National White Collar Crime Center (NW3C), a congressionally-funded non-profit organization that provides training, investigative support and research to agencies and entities involved in the prevention, investigation and prosecution of cybercrime.

Last week, KrebsOnSecurity reported that entrepreneurs behind the underground criminal identity theft service ssndob[dot]ms also were responsible for operating a small but powerful collection of hacked computers exclusively at top data brokers, including LexisNexis, Dun & Bradstreet and HireRight/Kroll. A closer analysis of the Web server used to control that collection of hacked PCs shows that the attackers also had at least one infected system for several months this summer inside of the NW3c.

Core to the NW3C's mission is its Investigative Support division, which according to the organization's site "provides timely, relevant and effective services to member agencies involved in the prevention, investigation and prosecution of economic and high-tech crimes. The section has no investigative authority but can provide analytical assistance and perform public database searches."

Continued: http://krebsonsecurity.com/2013/10/data-broker-hackers-also-compromised-nw3c/

Collapse -
Latest 100 Gigabit Attack Is One of Internet's Largest
by Carol~ Forum moderator / October 2, 2013 5:17 AM PDT

Quite possibly, the largest raw packet bandwidth attack in history slams a site for nine hours, but the site under attack stays afloat.

Unbeknownst to many people in the world, late last week one of the largest attacks in the history of the Internet was taking place—a massive nine-hour barrage that leveled an unrelenting 100 Gigabits of traffic at its peak.

The attack took place on Sept. 24, and to date the victim of the attack is remaining in the shadows, not wanting to be publicly identified. The target Website is protected by cloud security vendor Incapsula, which was able to withstand the massive distributed denial-of-service (DDoS) attack and keep the targeted Website up and running.

Incapsula co-founder Marc Gaffan explained to eWEEK that the attacked site is in an industry that is constantly under assault. The attack leveraged raw bandwidth under the control of the attacker and was not a DNS reflection or amplification attack, Gaffan said. In March of this year, another 100 Gigabit attack was reported that leveraged DNS reflection. With DNS reflection, the number of inbound connections to a target Website is amplified by taking advantage of poorly configured DNS servers.

Continued: http://www.eweek.com/security/latest-100-gigabit-attack-is-one-of-internets-largest.html

Collapse -
Obamacare Spam Surfaced Even Before Enrollment Starts
by Carol~ Forum moderator / October 2, 2013 5:17 AM PDT

From the TrendLabs Security Intelligence Blog:

October 1, 2013

As enrolment for the controversial Affordable Care Act or Obamacare starts today, cybercriminals already had a head start, spewing Obamacare-related spam as early as first weeks of September.

Spam containing the terms "medicare" "enrollment" "medical insurance" started surfacing during the first week of September. Some of these spam variants can be easily recognized as such. However, others appear professional enough to fool some users into opening the email and clicking the links in these messages. [Screenshot]

Once users click these links, they are lead to nefarious pages, in particular survey scam sites. These sites typically encourage users to disclose certain information by pretending to be consumer survey pages or promising enticing prizes or in this case, Apple products like iPad, iPhone 5 etc. [Screenshot]

Continued : http://blog.trendmicro.com/trendlabs-security-intelligence/obamacare-spam-surfaced-even-before-enrolment-starts/

Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions

CNET Holiday Gift Guide

Looking for great gifts under $100?

Trendy tech gifts don't require a hefty price tag. Choose from these CNET-recommended useful and high-quality gadgets.