Spyware, Viruses, & Security forum

Alert

NEWS - April 05, 2013

by Carol~ Moderator / April 5, 2013 12:37 AM PDT
Alleged botnet mastermind and his coders busted by Russian, Ukrainian security

"Ring responsible for Carberp botnet arrested; trojan lives on as crimeware for sale"

Over a year after the arrest of eight of its members in Russia, the alleged leader of the original Carberp botnet ring that stole millions from bank accounts worldwide has been arrested, along with about 20 other members of the ring who served as its malware development team. The arrests, reported by the news site Kommersant Ukraine, were a collaboration between Russian and Ukrainian security forces. The alleged ringleader, an unnamed 28-year-old Russian citizen, and the others were living throughout Ukraine.

Initially launched in 2010, Carberp primarily targeted the customers of Russian and Ukrainian banks and was novel in the way it doctored Java code used in banking apps to commit its fraud. Spread by the ring through malware planted on popular Russian websites, the Carberp trojan was used to distribute targeted malware that modifies the bytecode in BIFIT's iBank 2 e-banking application, a popular online banking tool used by over 800 Russian banks, according to Aleksandr Matrosov, senior malware researcher at ESET. The botnet that spread the malware, which was a variant of the Zeus botnet framework, also was used to launch distributed denial of service attacks.

Continued : http://arstechnica.com/tech-policy/2013/04/alleged-botnet-mastermind-and-his-coders-busted-by-russian-ukranian-security/

Also:
Suspected hackers behind Carberp botnet, Eurograbber arrested
Carberp botnet developers team arrested in Russia
Carberp Trojan developers arrested in Ukraine
Discussion is locked
You are posting a reply to: NEWS - April 05, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - April 05, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Up to 1MIL Scribd user passwords may have been compromised
by Carol~ Moderator / April 5, 2013 2:49 AM PDT
In reply to: NEWS - April 05, 2013

"Scribd use of an old hashing algorithm has led to users' accounts being put at risk following a hacking attempt."

The world's largest document sharing site Scribd says it was hacked earlier this week and believes up to one percent of its 100 million users' passwords were compromised due to being stored with an outdated hashing algorithm.

"Earlier this week, Scribd's operations team discovered and blocked suspicious activity on Scribd's network that appears to have been a deliberate attempt to access the email addresses and passwords of registered Scribd users," Scribd said on its support page on Wednesday.

"Because of the way Scribd securely stores passwords, we believe that the passwords of less than one percent of our users were potentially compromised by this attack."

Continued : http://www.zdnet.com/up-to-1-million-scribd-user-passwords-may-have-been-compromised-7000013595/

Also:
Scribd reveals it was hacked this week, informs 'less than 1%' of its users their passwords were compromised
Scribd document-sharing service hacked
Scribd, "world's largest online library," admits to network intrusion, password breach

Collapse -
Skypemageddon by bitcoining
by Carol~ Moderator / April 5, 2013 2:51 AM PDT
In reply to: NEWS - April 05, 2013

From the Kaspersky Lab Weblog:

Is it a Skype day? Or maybe a Bitcoin one? Or maybe just both-

I say this because right after I published my previous post about malware ongoing campaign on Skype, a mate from Venezuela sent me a screenshot of her Skype client with a similar campaign in terms of propagation but different in terms of origins and purposes. Here is the original screenshot: [Screenshot]

(Translation from Spanish: This is my favorite picture of you)

This campaign is born right today and is ongoing too: [Screenshot]

Continued : http://www.securelist.com/en/blog/208194210/Skypemageddon_by_bitcoining

Related:
Skype Malware Stealing Victims' Processing Power to Mine Bitcoins
Malware Distributed via Skype Used for Bitcoin Mining

Collapse -
F-Secure rebuilds free Online Scanner
by Carol~ Moderator / April 5, 2013 2:52 AM PDT
In reply to: NEWS - April 05, 2013

F-Secure's free Online Scanner tool has been completely rebuilt to be faster, lighter and more powerful than before, and now even cleans up advanced rootkits, the most difficult-to-remove malware.

The tool, downsized to a slim 5MB, is easy to use with just a couple of clicks. It cleans without actually installing itself to the PC - so consumers can run it and then forget about it.

44 percent of consumers confess to being insecure when surfing the web due to concerns about clicking on an unsafe link that may lead to their computer getting infected,* and with good reason.

"Cyberspace is a jungle," says Kimmo Kasslin, Director, Security Research at F-Secure Labs. "Sites that are usually trustworthy are being compromised with malware, and users can be silently infected without any overt action - simply by landing on a malicious or compromised website. That's why it's always a good idea to run a quick scan - even if you have another security software installed."

Removes viruses + rootkits

Continued: http://www.net-security.org/secworld.php?id=14700

Also: F-Secure Online Scanner Removes Advanced Rootkits

Collapse -
Microsoft Passes Antivirus Test, But Just Barely
by Carol~ Moderator / April 5, 2013 2:52 AM PDT
In reply to: NEWS - April 05, 2013

Malware in the wild must change and evolve, always developing new ways to evade security products. In a similar fashion, those testing security solutions can't just keep doing the exact same thing. With its latest report on consumer and business antivirus solutions, German lab AV-Test has introduced a few changes.

For the past several years, AV-Test has rated antivirus products on three criteria: Protection, Repair, and Usability. The Protection score relates to how well the product handles both widespread malware and zero-day attacks. Repair refers to the product's ability to wipe out active malware and remove all traces from the test system. The degree of impact on system performance feeds into the Usability score, as does the number of false detections.

A New Plan
Starting with the current report, AV-Test has pulled the Repair criterion. They'll now be reporting on repair of existing malware infestations in separate, dedicated tests. According to the report, these special tests "will be performed over a longer period of time and also focus on stand-alone cleaning utilities and rescue media." Austrian lab AV-Comparatives has recently introduced a similar test specifically looking at how well antivirus products clean up known malware.

Continued: http://securitywatch.pcmag.com/security-software/310037-microsoft-passes-antivirus-test-but-just-barely

Collapse -
Australia charges alleged Anonymous member
by Carol~ Moderator / April 5, 2013 3:11 AM PDT
In reply to: NEWS - April 05, 2013

"The unidentified juvenile was charged on a number of counts related to unauthorized access to computer data"

Australian police have charged an unidentified juvenile, who is suspected to be a member of the hacker group Anonymous, on a number of counts related to unauthorized access to computer data.

The 17-year-old appeared in Parramatta Children's Court on Friday to face charges, and is scheduled to appear again in the court on May 17, the Australian Federal Police said in a statement.

"The juvenile is suspected to be a member of the online issue motivated group 'Anonymous' and allegedly committed serious offences on their behalf," AFP said Friday. The police did not specify in which Anonymous attacks the youth had participated.

The youth has been charged with six counts of unauthorised modification of data to cause impairment, one count of unauthorised access with intent to commit a serious offence, one count of possession of data with intent to commit a computer offence, and 12 counts of unauthorised access to restricted data, the police.

Continued: http://news.techworld.com/security/3439178/australia-charges-alleged-anonymous-member/

Also:
Teenaged-Anon Arrested in Australia
17 year-old alleged Anonymous member arrested in Australia

Collapse -
Account Hijack with a Twist: Facebook OAuth Exploitation..
by Carol~ Moderator / April 5, 2013 7:17 AM PDT
In reply to: NEWS - April 05, 2013
.. "Unfixable"

The advent of social networking did not change only the way people interact with each other, but also opened new challenges to authenticating a rich environment of applications to interact with the account.

Since logging into an application with your social network's credentials is like handing your house keys to people you barely know, the Open Authorization standard has become increasingly popular. It intermediates the interaction between end-users and third-party apps without sharing username/password combinations.

Researcher Nir Goldshlager found a way to hijack the authorization tokens of all users of a specific application just by exploiting a redirect in the app vendor's website.

Before reading further, take a look at how the OAuth framework works. If you don't feel like reading technical documentation, here's the rundown: The application you wish to use asks for a series of permissions to interact with your account. When you accept the interaction, Facebook offers the application an authorization token (think of it like a cookie) that is a random string providing temporary, secure access to Facebook APIs.

Continued : http://www.hotforsecurity.com/blog/account-hijack-with-a-twist-facebook-oauth-exploitation-unfixable-5870.html
Collapse -
Shylock Banking Trojan Upgraded Again:
by Carol~ Moderator / April 5, 2013 7:17 AM PDT
In reply to: NEWS - April 05, 2013
.. New Modules Boost Functionality

First discovered in 2011, the Shylock banking Trojan affects virtually all versions of Windows from Windows 2000 onward, and has turned into one of the most advanced forms of financial fraud malware around. And according to new discoveries by Symantec, Shylock has recently become even more powerful thanks to a number of new modules that significantly beef up its functionality and ability to steal money and sensitive data.

Shylock, which Symantec has creatively named "The Merchant of Malice", currently targets more than 60 financial institutions, a majority being UK-based banks, according to Symantec.

Shylock mainly executes man-in-the-browser (MITB) attacks against a preset list of target websites in order to capture user login credentials and trick users into performing fraudulent banking transactions.

Late last year, researchers from Trusteer discovered that Shylock could detect if it is was observed within a remote desktop session or being executed locally, something that helps it evade the detection and analysis from researchers.

Continued : http://www.securityweek.com/shylock-banking-trojan-upgraded-again-new-modules-boost-functionality
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.