Spyware, Viruses, & Security

Alert

NEWS - October 08, 2013

by Carol~ Forum moderator / October 8, 2013 12:38 AM PDT
AVG and Avira anti-virus websites attacked by pro-Palestinian hackers

The website of AVG, makers of one of the world's most popular free anti-virus products, appears to have been hacked by a pro-Palestinian group.

Visitors to http://www.avg.com will not be greeted by the normal promotions for anti-malware software but instead be greeted by a patriotic rendition of the Palestinian national anthem (courtesy of an embedded YouTube video) and a message from a group calling itself "KDMS Team". [Screenshot]

Here is the (not terribly well spelt) message left by the website's defacers: [...]

It's possible that the hackers managed to change the website's DNS records, redirecting anyone who attempted to visit www.avg.com to a different IP address.

It's clearly embarrassing for a security company to hit in this fashion by hackers, but there is no indication that any customer information or sensitive data has been compromised.

Update: Another anti-virus company, Avira, has also been hit in what appears to be the same attack.

Continued : http://grahamcluley.com/2013/10/avg-website-palestinian-hackers/

Related:
WhatsApp homepage defaced by hackers, goes offline
Whatsapp.com Hacked by Pro-Palestinian Group
AVG, Avira and WhatsApp pwned by hacktivists' DNS hijack
WhatsApp, AVG and Alexa Hacked by Pro-Palestinian Kdms Team Hackers
Post a reply
Discussion is locked
You are posting a reply to: NEWS - October 08, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - October 08, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
4 Men Arrested in UK Over Links to Ross Ulbricht's Silk Road
by Carol~ Forum moderator / October 8, 2013 1:17 AM PDT

Three men in their early 20s have been arrested in Manchester while the fourth, a man in his early 50s has been arrested in Devon - all charged on suspicion of supplying illegal drugs.

The Silk Road website was shut down by the FBI last week following the arrest of Ross Ulbricht, the alleged administrator of the billion dollar operation. The website, which operated on the deep web, allowed people to anonymously buy and sell a range of illegal items including drugs, counterfeit currency, guns and even offered hitmen for hire.

The arrested were made by the newly-formed National Crime Agency (NCA) and follow the arrest of Ulbricht, 29, in San Francisco on Tuesday last. The NCA officers who made the arrests were working closely with law enforcement agencies in the US, and the UK arrests took place just hours after Ulbricht's arrest.

Continued : http://www.ibtimes.co.uk/articles/512243/20131008/silk-road-uk-arrests-manchester-devon-national.htm

Related:
Four UK men arrested over Silk Road links
Feds Arrest Alleged Top Silk Road Drug Seller

Collapse -
Confirmed: Alleged Blackhole Exploit Kit Author Arrested
by Carol~ Forum moderator / October 8, 2013 2:19 AM PDT
.. In Russia

A man alleged to be the author of the virulent exploit kit Blackhole has been arrested, leaving the security community celebrating a big success for law enforcement in the fight against cyber crime.

Yesterday Maarten Boone, a security researcher at Dutch firm Fox-IT, claimed the Blackhole creator known as 'Paunch' had been arrested in Russia. Research from Sophos last year had concluded the software, which throws exploit code at machines in the hope of infecting them with whatever malware the attacker chooses, was written in Russia.

But Troels Oerting, head of the European Cybercrime Centre, an arm of Europol, confirmed to TechWeekEurope an arrest had been made and details came through to his organisation yesterday.

"I know it is true, we got some information, but I cannot say anymore," Oerting told TechWeek. He said he could not reveal any more on the nature of the arrest.

Continued: http://www.techweekeurope.co.uk/news/blackhole-exploit-kit-author-arrested-in-russia-128978

Related:
Europol Confirms Arrest of Blackhole Exploit Kit Creator 'Paunch'
Blackhole Exploit Kit Author Arrested in Russia
Arrest of BlackHole Exploit Kit Author Paunch Confirmed
Collapse -
Microsoft hands out $28k for IE 11 bugs
by Carol~ Forum moderator / October 8, 2013 2:19 AM PDT

As the date of the release of the final version of Internet Explorer 11 for Windows 8 and RT draws near, Microsoft has announced that it has paid out over $28,000 to six researchers who have successfully participated in the month-long bug bounty program for IE 11.

Launched on June 26 and set to last until July 26, the aim of the program was to receive information about vulnerabilities while the new version of the browser is still in the Preview period, so that they could be fixed before the final version is actually released.

According to the honor roll, the researchers who submitted qualifying vulnerabilities were:

Continued : http://www.net-security.org/secworld.php?id=15732

Also:
Researchers Nab $28k in Microsoft Bug Bounty Program
Microsoft hands out $28K to bug-hunters who found holes in IE 11

Collapse -
Researcher Takes Home $100k Prize From Microsoft For..
by Carol~ Forum moderator / October 8, 2013 8:17 AM PDT
.. New Attack

One day after announcing that it had paid researchers $28,000 for reporting a number of vulnerabilities in Internet Explorer 11, Microsoft revealed that it has written a much bigger check-this one for $100,000-to a researcher who has discovered a new attack technique that bypasses all of the exploit mitigations on the newest version of Windows.

James Forshaw, a researcher who also won a reward in the IE 11 bounty program this summer, submitted the technique to Microsoft, which validated it. The reward is part of the company's bug bounty program that incentivizes researchers to look for novel attack techniques that can defeat the modern anti-exploit technologies such as DEP and ASLR implemented in Windows. The program was announced in June, but Forshaw's technique is the first one to qualify for the $100,000 payout.

Microsoft officials said that one of the company's security engineers had discovered a portion of the technique as well, but that didn't prevent Forshaw from winning the bounty. Katie Moussouris, a senior security strategist at Microsoft, said that the company won't disclose the details of Forshaw's technique until engineers have had a chance to analyze it and implement defenses in Windows.

Continued : http://threatpost.com/researcher-takes-home-100k-prize-from-microsoft-for-new-attack/102548

Also: Microsoft awards its first $100,000 bounty for finding Windows 8.1 exploit
Collapse -
Adobe, Microsoft Push Critical Security Fixes
by Carol~ Forum moderator / October 8, 2013 6:34 AM PDT
Adobe and Microsoft today each issued software updates to fix critical security issues in their products. Microsoft released eight patch bundles to address 26 different vulnerabilities in Windows and other software - including not just one but two zero-day bugs in Internet Explorer. Adobe's patches fix a single critical vulnerability present in both Adobe Acrobat and Reader.

Four of the eight patch bulletins from Microsoft earned its most dire "critical" rating, meaning the updates fix problems deemed so severe that miscreants or malware could use them to break into vulnerable systems without any help from users. The patches impact a broad range of Microsoft products, including Windows, IE, SharePoint, .NET Framework, Office and Silverlight.

Front and center in the Microsoft patch batch is MS13-080, which addresses the zero-day IE vulnerability (CVE-2013-3893) that Microsoft first warned about on Sept. 17, as well as nine other security flaws in the default Windows Web browser. Amping up the threat level on this flaw, exploit code allowing attackers to leverage the flaw was released publicly last week as a module for the Metasploit exploit framework, a penetration testing toolkit.

Continued : http://krebsonsecurity.com/2013/10/adobe-microsoft-push-critical-security-fixes-3/
Collapse -
Hackers target high profile domains
by Carol~ Forum moderator / October 8, 2013 6:34 AM PDT

[Related to the first post in the thread: "AVG and Avira anti-virus websites attacked by pro-Palestinian hackers"]

From the Kaspersky Lab Weblog:

During the last days, several high profile domains have been defaced including domains from two prominent security companies. In addition to these, high profile domains such as alexa.com, whatsapp.com and redtube.com were also defaced. From our quick analysis It does not seem that the actual webserver has been compromised, the most possible attack vector was that the DNS have been hijacked.

When looking into this, there are some quite obvious traces but nothing that really confirms what the hackers did; or what kind of information they were able to obtain. When analyzing previous compromises and defaces it seems that there is a "new" trend within hacking groups and defacers to go for the DNS or domain registrars instead of compromising the actual webserver. When quickly analyzing the domain there were two indicators that stood out.

The domains who were compromised yesterday and today all had an very recent update record in their DNS, and they were all using the same DNS registrar - NETWORK SOLUTIONS, LLC.

Continued : http://www.securelist.com/en/blog/208214086/Hackers_target_high_profile_domains

Collapse -
Cryptolocker Ransomware: What You Need To Know
by Carol~ Forum moderator / October 8, 2013 6:58 AM PDT

From the "Malwarebytes Unpacked" Blog:

Just last month, antivirus companies discovered a new ransomware known as Cryptolocker.

This ransomware is particularly nasty because infected users are in danger of losing their personal files forever. [Screenshot]

Spread through infected websites, this ransomware has been targeting companies through phishing attacks.

Cryptolocker will encrypt users' files using asymmetric encryption, which requires both a public and private key.

The public key is used to encrypt and verify data, while private key is used for decryption, each the inverse of the other.

Below is an image from Microsoft depicting the process of asymmetric encryption. [Screenshot]

Continued : http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/#more-2127

* * * * * * * *

Interested in Cryptolocker? I came upon this post (by Grinler) last month: Cryptolocker. The thread will continue to be updated.

Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Tech for the holiday

Find recipes for July 4 with these foodie apps

The Fourth of July means fireworks, fun and food. If you're planning on a barbecue this weekend, we've got the apps to help you find holiday-inspired recipes.