Attention: The forums are currently placed on Read Only.

Thank you for visiting the CNET forums. Our site is currently undergoing some maintenance. During this period (6:30 AM to 8 PM PDT,) you can read the forums content, however posting in the forum will not be available. We apologize for this inconvenience. Click here to read details

Spyware, Viruses, & Security forum

Alert

NEWS - April 04, 2012

by Carol~ Moderator / April 4, 2012 1:52 AM PDT
Apple Releases Java Update; Includes Fix for Vulnerability Exploited by Flashback Malware

From The Mac Security Blog:

Apple has released Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7, featuring a dozen security fixes, including one that has been used a recent variant of the Flashback malware, CVE-2012-0507. As the information about this update that Apple provides says,

Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user.

This is exactly what happens with the recent variant of the Flashback malware that we discussed yesterday.

It's worth noting that Java is no longer provided with Mac OS X 10.7 Lion, but the first time a user needs to run it - when a Java applet loads, or when a user launches a Java applet on their Mac - the system will ask if the user wants to download it. If so, Apple provides the download directly. Apple also maintains their own version of Java. The new version of Java is 1.6.0_31.

Java is quickly becoming a new vector of attack for malware, and the Flashback malware has notably used Java in several different ways, taking advantage of known or unpatched vulnerabilities to get through a Mac's defenses. Java applets are not affected by Mac OS X's quarantine system. This means that Mac users do not get a warning dialog when Java applets are downloaded as objects in a web page. This also gets around Apple's Xprotect malware scanning system, which does not scan objects in web pages.

If you have Java on your Mac, this 66.6 MB update will be available via Software Update. If not, your Mac will offer to download it the first time it is needed.

More information about this Java update is available here.

http://www.intego.com/mac-security-blog/apple-releases-java-update-includes-fix-for-vulnerability-exploited-by-flashback-malware/

Also:
Apple Issues Update to Prevent Flashback Malware from Infecting Mac OS X Machines
Apple and Mozilla take on Java vulnerabilities

See Vulnerabilities / Fixes: Apple Mac OS X update for Java
Discussion is locked
Collapse -
Gateline.net Was Key Rogue Pharma Processor
by Carol~ Moderator / April 4, 2012 2:42 AM PDT
In reply to: NEWS - April 04, 2012

It was mid November 2011. I was shivering on the upper deck of an aging cruise ship docked at the harbor in downtown Rotterdam. Inside, a big-band was jamming at a reception for attendees of the GovCert cybersecurity conference, where I had delivered a presentation earlier that day on a long-running turf war between two of the largest sponsors of spam.

The evening was bracingly frigid and blustery, and I was waiting there to be introduced to investigators from the Russian Federal Security Service (FSB). Several FSB agents who attended the conference told our Dutch hosts that they wanted to meet me, but in a private setting. Stepping out the night air, a woman from the conference approached, formally presented the three men behind her, and then hurried back inside to the warmth of the reception.

A middle-aged stocky fellow introduced as the senior FSB officer spoke in Russian, while a younger gentleman translated into English. They asked did I know anything about a company in Moscow called "Onelia"? I said no, asked them to spell it for me, and inquired as to why they were interested in this firm. The top FSB official said they believed the company was heavily involved in processing payments for a variety of organized cyber criminal enterprises.

Continued : http://krebsonsecurity.com/2012/04/gateline-net-was-key-rogue-pharma-processor/

Collapse -
Active Zeus C&Cs Remain Following Microsoft Takedown
by Carol~ Moderator / April 4, 2012 2:42 AM PDT
In reply to: NEWS - April 04, 2012

It appears that Microsoft's recent Zeus takedown attempt left some bots behind. Days after the company announced it had sinkholed the troublesome botnet, researchers say that there are still some C&C domains active.

FireEye Malware Intelligence Lab's Atif Mushtaq is reporting that, despite a largely successful takedown, part of the botnet has recovered from the takeover attempt. FireEye claims that this part of the botnet works with a Zeus variant that is well-known for rapidly changing command and control(C&C).

FireEye reports that the operation resulted in Microsoft gaining control of 147 of 156 C&C domains. Of the nine remaining domains, six are either dead or abandoned and present no threat. However, three of those C&C domains evaded the sinkhole and are actively sending and receiving commands.

Mushtaq is not certain how the Microsoft Digital Crime Unit missed some of the C&C domains.

"Their main concern should be the three active domains," Mushtaq wrote. "Without these domains completely destroyed, this botnet can not be officially declared as dead."

Continued : http://threatpost.com/en_us/blogs/active-zeus-ccs-remain-following-microsoft-takedown-040412

Also:
Microsoft takedown of Zeus botnets missed a few C&Cs
Botnets Takedowns: A Game of Whack-A-Mole?

Collapse -
Police Themed Ransomware Continues
by Carol~ Moderator / April 4, 2012 2:42 AM PDT
In reply to: NEWS - April 04, 2012

From the F-Secure Antivirus Research Weblog:

Over the last several weeks, we've been monitoring a rash of ransomware campaigns across Europe, in which messages, supposedly from the local police, are displayed demanding that a fine must be paid in order to unlock the computer. We wrote about a Finnish language variant last month. Attacks are still quite active according to our statistics. [Screenshot]

Even when somebody is savvy enough to recognize the message is a fake, the malware's accusations of offensive materials having been discovered on the user's hard drive creates a chilling effect, which has likely prevented some folks from seeking outside help.

Here's a screenshot we took earlier today using a recent variant: [Screenshot]

To unlock their computer, the user is asked to purchase a Paysafecard from a local convenience store chain (in Finland, it's R-Kioski) in the amount of 100 euros. The technique is effective, as even non-technical people who might not be able to use online payment services such as Webmoney or eGold will be able to walk to the nearest store to part with their money.

In this particular case, the e-mail address talletus@cybercrime.gov shown in the screenshot does not belong to the attackers. The domain cybercrime.gov is valid and belongs to the US Department of Justice.

Continued : http://www.f-secure.com/weblog/archives/00002344.html

From TrendLabs Malware Blog: Trojan on the Loose: An In-Depth Analysis of Police Trojan

Collapse -
New Android Malware Variant Can Remotely Root Phone
by Carol~ Moderator / April 4, 2012 8:27 AM PDT
In reply to: NEWS - April 04, 2012

A new version of Android malware has been tweaked so it doesn't require user interaction for an attacker to own the device, according to research published by Lookout Mobile Security yesterday.

An updated variant of the Legacy Native (LeNa) malware utilizes the GingerBreak exploit to gain root permission on Android phones. LeNa, according to Lookout principal engineer Tim Wyatt, hides its exploit in a functional JPEG file. The exploit communicates with a command and control server to install and launch packages unbeknownst to the phone's user.

Last fall, LeNa - looking like an authentic application - relied on a user to unwittingly utilize the SU utility to gain access and install a native binary file to the phone. LeNa was similar to DroidKungFu, a strain of malware that became popular in alternative Chinese markets last summer and collected various information about whatever phone it infected. While LeNa gained popularity in Chinese markets as well, it also surfaced in the Android Market (Google Play) a few times.

The malware has found a home on alternative mobile application marketplaces which are blocked by default on Android devices. While it doesn't appear to have made the jump to Google's new Play marketplace yet, the new version of LeNa has been seen making the rounds disguised as a version of the popular game Angry Birds Space.

Continued : http://threatpost.com/en_us/blogs/new-android-malware-variant-can-remotely-root-phone-040412

@ The Lookout Mobile Security Blog: Security Alert: New Variants of Legacy Native (LeNa) Identified

Collapse -
Cybercriminals target Google, LinkedIn & Mass Effect 3 users
by Carol~ Moderator / April 4, 2012 8:28 AM PDT
In reply to: NEWS - April 04, 2012

During March 2012, GFI Labs documented several spam attacks and malware-laden email campaigns infiltrating users' systems under the guise of communications purporting to be from well-known companies and promotions for popular products and services.

Google, LinkedIn, Skype and the video game Mass Effect 3 were among the brands exploited by cybercriminals in order to attract more victims.

"Taking advantage of the notoriety of companies, celebrities and major events is a tactic cybercriminals continue to use because it works," said Christopher Boyd, senior threat researcher at GFI Software.

"They know that Internet users are bombarded with countless emails every day, and these scammers prey on our curiosity and our reflex-like tendency to click on links and open emails that look like they're coming from a company we know and trust," he added.

Continued : http://www.net-security.org/malware_news.php?id=2055

Collapse -
Windows Hacker Tool Creates Word Docs that Can Infect Macs
by Carol~ Moderator / April 4, 2012 8:28 AM PDT
In reply to: NEWS - April 04, 2012

From The Mac Security Blog:

We recently published information about poisoned Word documents that can infect Macs with a backdoor. These documents look like Word files, but, when double-clicked, after displaying text, they infect Macs with a backdoor.

Intego's Malware Research Team has found samples of a Windows tool called MalHost-Setup.exe which can be used to create this type of infected Word file. (It can also be used to create Excel and PowerPoint files, but Intego has not seen any samples of these files being used to deliver this type of malware yet.) The sample found included an infected Word file with Mac-specific payload.

As we pointed out in our blog post, "the code in these Word documents is not encrypted, so any malware writer who gets copies of them may be able to alter the code and distribute their own versions of these documents." This tool suggests that this type of infected Microsoft Office file will become more common.

Continued : http://www.intego.com/mac-security-blog/windows-hacker-tool-creates-word-documents-that-can-infect-macs/

Collapse -
Mobile 'Wallets' Attract Greater Interest From Thieves,
by Carol~ Moderator / April 4, 2012 8:28 AM PDT
In reply to: NEWS - April 04, 2012
.. Researchers

From McAfee Labs Blog Central:

As mobile phones allow us to carry our money in an electronic "wallet," they will also become a greater target for crooks. Picking a pocket is a risky endeavor for a thieves, but it will be much less so if all they need to do is bump into their victims or brush by them with a mobile phone. Thieves are now more likely to go after both mobile payment software and phones enabled with near-field communications (NFC). However, things are not so bad; security researchers proof-of-concept (PoC) attacks against Google Wallet and Square's credit card readers have prompted improvements in security.

Security researchers have already tested Square's credit card readers, using exploits and keyloggers to intercept credit card numbers as they pass to their mobile phones. Square has now added encryption to new versions of its credit card reader. Does that mean that they're completely secure? Not necessarily. Security researcher Adam Laurie is taking a closer look. Laurie has a large amount of experience in reverse-engineering embedded systems and RFID hardware. His research includes finding vulnerabilities in hotel room safes, RFID passports, and chip and PIN credit cards. As word of the new, more secure Square readers arrived, he posted an open request on Twitter. This can only be good for the security of the mobile payment system.

http://blogs.mcafee.com/enterprise/mobile/mobile-wallets-attract-greater-interest-from-thieves-researchers
Collapse -
Bogus Apple gift card offer leads to phishing
by Carol~ Moderator / April 4, 2012 8:28 AM PDT
In reply to: NEWS - April 04, 2012

An email purportedly sent by Apple and offering to long term customers the possibility of buying a gift card worth a 100 Australian dollars for the price of 9 has been targeting Australian Apple devotees, warns Hoax-Slayer.

Dear Apple Customer, Apple is rewarding its long-term customers," states the email, then continues:

Your loyalty for our products made you eligible for buying an Apple Discount Card. With this only 9 AU$ Discount Card you will have 100 AU$ credit at any Australian Apple Store or on

To acquire your Apple Discount Card please click here

(You will receive your Apple Discount Card via e-mail in the following 24 hours after your payment has been made.)


The offered links take the victims to a website mimicking Apple's and first asks them to input their Apple ID, then to fill out a form with information such as name, address, date of birth, number of driving license, credit card number, expiration date, authorization number and more.

Continued : http://www.net-security.org/secworld.php?id=12697

Collapse -
How to Use Twitter Safely
by Carol~ Moderator / April 4, 2012 8:29 AM PDT
In reply to: NEWS - April 04, 2012

We've all heard of Twitter accounts getting hacked. It's happened to Ashton Kutcher, Justin Bieber, Steve Wozniak, numerous media outlets. Even we "normal" folks can be compromised, unwittingly. Recently my coworker accidentally clicked a URL-shortened link that resulted in her account spewing Direct Messages with a phishing link.

We were reminded again last week when Twitter took its popular application TweetDeck offline for a day after an Australian user discovered a bug that exposed a number of Twitter accounts.

As incredibly useful as Twitter is, we can't ignore the fact that we share the Twitterverse with spambots, cyber criminals, crazy exes, etc. So how do you stay safe on Twitter? It's a mixture of choosing the right Twitter client and remaining vigilant.

Continued : http://securitywatch.pcmag.com/security/296223-how-to-use-twitter-safely

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!