Spyware, Viruses, & Security forum

General discussion

NEWS - April 06, 2011

by Carol~ Moderator / April 6, 2011 12:54 AM PDT
Mobile-App Makers Face U.S. Privacy Investigation

Federal prosecutors in New Jersey are investigating whether numerous smartphone applications illegally obtained or transmitted information about their users without proper disclosures, according to a person familiar with the matter.

The criminal investigation is examining whether the app makers fully described to users the types of data they collected and why they needed the information-such as a user's location or a unique identifier for the phone-the person familiar with the matter said. Collecting information about a user without proper notice or authorization could violate a federal computer-fraud law.

Online music service Pandora Media Inc. said Monday it received a subpoena related to a federal grand-jury investigation of information-sharing practices by smartphone applications.

Pandora disclosed the subpoena, issued "in early 2011," in a Securities and Exchange Commission filing. The Oakland, Calif., company said it had been informed it is "not a specific target of the investigation." Pandora said it believed similar subpoenas had been issued "on an industry-wide basis to the publishers of numerous other smartphone applications."

Continued : http://online.wsj.com/article/SB10001424052748703806304576242923804770968.html

Pandora gets subpoena in grand jury app probe
Pandora subpoenaed in privacy probe of Apple, Android apps
Discussion is locked
You are posting a reply to: NEWS - April 06, 2011
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - April 06, 2011
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Tax prep maker warns customers of Epsilon email hack impact
by Carol~ Moderator / April 6, 2011 3:07 AM PDT
In reply to: NEWS - April 06, 2011

"Intuit customer addresses aren't part of the hacker haul, but TurboTax maker alerts users anyway"

Intuit on Tuesday warned its customers to be on alert for identity theft scams after a breach at a major marketing firm put millions of email addresses in hackers' hands.

Although the maker of the popular TurboTax tax preparation program and the Quicken personal financial software was not among the more than 50 companies whose customer data was stolen, it cautioned users nonetheless.

"Intuit is not an Epsilon customer so the information you have entrusted with Intuit is not affected," the company said in an alert published Tuesday on its site. "However, Epsilon serves many large organizations including banks, insurance companies and retailers [and] you may have received one or more notices from companies you do business with who are clients of Epsilon."

Irving, Texas-based Epsilon Interactive acknowledged last week that attackers made off with customer email addresses and names, but the company has not shared much more information than that. Others sources, including the IDG News service, however, have confirmed that dozens of companies have notified their customers that their information may have been filched.

Continued : http://www.computerworld.com/s/article/9215533/Tax_prep_maker_warns_customers_of_Epsilon_email_hack_impact

Collapse -
The Chinese bootkit
by Carol~ Moderator / April 6, 2011 3:07 AM PDT
In reply to: NEWS - April 06, 2011

From the Kaspersky Labs Weblog:

We recently discovered a new bootkit, i.e. a malicious program which infects the hard drive's boot sector. Kaspersky Lab detects it as Rookit.Win32.Fisp.a. The bootkit is distributed by Trojan-Downloader.NSIS.Agent.jd. The Trojan infects the computers of users who try to download a video clip from a fake Chinese porn site.

This downloader is remarkable in that it downloads other malicious programs using a NSIS engine and stores all links in the relevant NSIS-script. [Screenshot]

The dropper Rootkit.Win32.Fisp.a is among the files downloaded by the Trojan-downloader. This malicious program infects the hard drive's boot sector. More specifically, it saves the old MBR to the third sector and replaces it with its own. Starting with the fourth sector, it installs an encrypted driver and the remaining code. [Screenshot]

The malicious program gains control as soon as the infected computer boots. The first thing it does is to substitute the INT 13h interrupt by modifying the interrupt vector table. Then the bootkit restores the original MBR and resumes the normal boot process.

Once a specific part of the system has been booted, the bootkit intercepts the function ExVerifySuite. The installed hook replaces the system driver fips.sys with the malicious driver which was written to the start of the hard drive in an encrypted format. It should be noted that the driver fips.sys is not required for the operating system to run correctly, so the system won't crash when it is replaced.

Continued : http://www.securelist.com/en/blog/434/The_Chinese_bootkit

Collapse -
McAfee recovers from Sesame Street email filter mix-up
by Carol~ Moderator / April 6, 2011 4:29 AM PDT
In reply to: NEWS - April 06, 2011

McAfee has apologised for a Sesame Street-style mix-up over the weekend that temporarily prevented any customers with addresses that start with the letter A from receiving email.

The glitch - which involved the managed email filtering service from MX Logic, acquired by McAfee back in 2009 - bounced emails sent to supported inboxes that began with an A or a non-alphanumeric special character (eg, @£$).

In a statement, McAfee blamed a rogue script for the mix-up, which has now been resolved.

During scheduled maintenance late Saturday evening and early Sunday morning, a subset of customers experienced temporary account verification issues, impacting non-alphanumeric email addresses and aliases up to the letter "a".

The engineering team monitoring the scheduled maintenance addressed the issue. The root script that caused this issue has been identified and fixed.

Reg reader Simon, who tipped us off about the glitch, said his firm was obliged to turn off the filtering service on Monday morning, as a workaround, until the glitch was resolved.

Continued : http://www.theregister.co.uk/2011/04/06/mcafee_email_filter_screw_up/

Collapse -
Unqualified Names in the SSL Observatory
by Carol~ Moderator / April 6, 2011 4:30 AM PDT
In reply to: NEWS - April 06, 2011

From the Electronic Frontier Foundation (EFF):

Internet certification authorities (CAs) are charged with the task of vouching for the identities of secure web servers. When you browse to https://www.wellsfargo.com/, your browser knows it's the real wellsfargo.com because VeriSign, a CA, says it is.

However, if CAs don't validate the identities of the sites they vouch for, the whole system breaks down. In this post, I'll discuss one way in which CAs frequently fail.

Using data in EFF's SSL Observatory, we have been able to quantify the extent to which CAs engage in the insecure practice of signing certificates for unqualified names. That they do so in large numbers indicates that they do not even minimally validate the certificates they sign. This significantly undermines CAs' claim to be trustworthy authorities for internet names. It also puts internet users at increased risk of network attack.

Normally, a public CA like Verisign or Comodo should sign only public names. On the internet, only fully-qualified domain names are public and routable. For example, "www.eff.org." is a fully-qualified name. By contrast, the name "www" is unqualified or not fully-qualified. This name is not globally unique, and may refer to a different computer on my network than it does on your network. (On some networks, it may not refer to any computer at all.)

Continued : https://www.eff.org/deeplinks/2011/04/unqualified-names-ssl-observatory

Collapse -
PandaLabs Quarterly Report Q1 2011
by Carol~ Moderator / April 6, 2011 4:30 AM PDT
In reply to: NEWS - April 06, 2011

These first three months have witnessed some particularly intense virus activity and there have been a number of serious incidents during this period, such as: the largest single attack against Android cell phones, intensive use of Facebook to distribute malware, and an attack by the Anonymous hacktivist group against the HBGary Federal security firm.

There has been a new surge in the number of IT threats in circulation: in the first three months of the year, there was a daily average of 73,000 new samples of malware, the majority of which were Trojans. This means that hackers have created 26 percent more new threats in the first months of 2011 than in the corresponding period of the previous year.

Once again, over this quarter Trojans have accounted for most new threats, some 70 percent of all new malware created. Yet there is a logic to this, as these types of threats are favored by organized criminals for stealing bank details with which to perpetrate fraud or steal directly from victims' accounts.

The quarterly report can be downloaded from here.


Collapse -
DHCP client allows shell command injection
by Carol~ Moderator / April 6, 2011 4:30 AM PDT
In reply to: NEWS - April 06, 2011

The Internet System Consortium's (ISC) open source DHCP client (dhclient) allows DHCP servers to inject commands which could allow an attacker to obtain root privileges. The problem is caused by incorrect filtering of metadata in server response fields. By using crafted host names, and depending on the operating system and what further processing is performed by dhclient-script, it can allow commands to be passed to the shell and executed. A successful attack does, however, require there to be an unauthorised or compromised DHCP server on the local network.

Dhclient versions 3.0.x to 4.2.x are affected. The ISC has released an update. Alternatively, users can deactivate host name evaluation or add an additional line to dhclient-script. Instructions for doing so can be found in the ISC's advisory.

Continued : http://www.h-online.com/security/news/item/DHCP-client-allows-shell-command-injection-1222805.html

See Vulnerabilities & Fixes: ISC DHCP "dhclient" Response Processing Input Sanitation

Collapse -
Fake AV served up by phony NACHA emails
by Carol~ Moderator / April 6, 2011 4:31 AM PDT
In reply to: NEWS - April 06, 2011

A little while ago, phishing mails claiming to be from NACHA were in circulation - it seems the phishers have had enough of that, deciding to send out malicious files instead.

The mail claims an attempted bank transfer has gone horribly wrong, and you should open up the file listed as .pdf.exe - whoops - to see what all the commotion is about. [Screenshot]

Hitting the link takes you through a couple of URLs - freenacha-s(dot)info and fasdfq(dot)co(dot)cc/forum(dot)php?tp=27f57d3dcb81f8c0, with a fake 404 error page which serves up a rogue anyway (a member of the FakeSysDef family). [Screenshot]

reportAB8839.exe will give you an unwanted vistor, in the shape of Trojan.Win32.FakeAv.awrp (v). VirusTotal report currently gives a total of 7/40 detections. At time of writing, both Freenacha and fasdfq URls actually do appear to be offline, but the download location for the executable (nacha-report-download(dot)com) is still alive and kicking. No doubt it'll appear in a few more emails before the site goes offline for good.


Collapse -
Israel mulls creation of elite counter-cyberterrorist unit
by Carol~ Moderator / April 6, 2011 4:31 AM PDT
In reply to: NEWS - April 06, 2011

Israel is mulling the creation of a counter-cyberterrorism unit designed to safeguard both government agencies and core private sector firms against hacking attacks.

The proposed unit would supplement the efforts of Mossad and other agencies in fighting cyberespionage and denial of service attacks. Israel is, of course, a prime target for hackers from the Muslim world.

The country's hi-tech industries also make it an interesting target for cyberespionage from government-sponsored hackers from China and elsewhere. Spear-phishing attacks featuring targeted emails, custom malware and subsequent hacking action have been in the news over recent weeks, in the wake of cyberattacks against EU agencies and oil-prospecting multinationals, to quote just two recent threats.

Major General Isaac Ben-Israel, former head of the Defence Ministry's administration for the development of weapons and technological infrastructure, the main candidate to lead Israel's cyber-defenders, reportedly met with local and international experts for a brainstorming strategy development session late last year.

Continued : http://www.theregister.co.uk/2011/04/06/isreal_mulls_elite_counter_hacker_unit/

Collapse -
Fired Employee Indicted For Hacking Gucci Network
by Carol~ Moderator / April 6, 2011 4:31 AM PDT
In reply to: NEWS - April 06, 2011

"Former network engineer accused of using stolen VPN token to delete corporate data and email boxes. "

Authorities on Monday indicted a former IT employee at Gucci for hacking into the company's computer network, deleting files and emails, and causing an estimated $200,000 in damage.

"Computer hacking is not a game. It is a serious threat to corporate security that can have a devastating effect on personal privacy, jobs, and the ability of a business to function at all," said Manhattan district attorney Cyrus R. Vance Jr., in a statement.

In a 50-count indictment, authorities charged the former Gucci network engineer -- named as Sam Chihlung Yin, 34, who had been fired in May 2010 for unrelated reasons -- with accessing the Gucci corporate network via VPN on November 12, 2010, and over a two-hour period deleting virtual servers, taking a storage area network offline, and deleting mailboxes from the corporate email server.

"As a result, Gucci staff [were] unable to access any documents, files, or other materials saved anywhere on its network," said authorities.

According to the district attorney's indictment, "Yin's destruction of data from the email server cut off the email access not only of corporate staff, but also of store managers across the country and the e-commerce sales team -- resulting in thousands of dollars in lost sales." While email access was restored by the end of the day, authorities said that a full clean-up took weeks or months of effort.

Continued : http://www.informationweek.com/news/security/NAC/229400909

Also: Fired Gucci Network Engineer Charged for Taking Revenge on Company

Collapse -
Rogue number crunching
by Carol~ Moderator / April 6, 2011 4:31 AM PDT
In reply to: NEWS - April 06, 2011

Researcher Patrick Jordan put together some statistics on the various Rogues he sees on a daily basis, and I thought it made for some interesting reading.

How are the rogue AV products shaping up in terms of monthly / yearly numbers? Let's take a look at what Patrick has pulled out of a fiery lake of evil through the years: [Screenshot]

No surprises that the new finds keep coming, with the foot really hitting the gas pedal in 2008 and never really letting up. In terms of rogues from various families doing the rounds in 2011 (from the 1st of January to the 31st of March), we have a clear winner: [Screenshot]

The PrivacyCenter rogue sweeps all aside, and probably accepts some sort of award for services to scamming people out of their money (Patrick tells me that "MSE stands for Microsoft Security Essentials which is the fake alert used with the MSE extension"). While I'm not a huge fan of long lists, the following long list gives you an idea of the overwhelming nature of so many fake products hitting the net every other day:

1/4/2011 Palladium.FakeRean
1/4/2011 HDDFix.FakeSysDef
1/5/2011 MemoryFixer.FakeSysDef
1/9/2011 DiskOK.FakeSysDef
1/12/2011 GoodMemory.FakeSysDef
1/12/2011 FastDisk.FakSysDef
1/12/2011 WindowsSystemOptimizator
1/15/2011 DiskOptimizer.FakeSysDef
1/17/2011 WindowsOptimization&Security
1/18/2011 MemoryOptimizer.FakeSysDef

Continued (with remainder of list) here: http://sunbeltblog.blogspot.com/2011/04/rogue-number-crunching.html

Collapse -
Wrap Firefox in a Cocoon of privacy
by Carol~ Moderator / April 6, 2011 4:31 AM PDT
In reply to: NEWS - April 06, 2011

Web browsers are ground zero for Internet security threats, and the debate over responsibility for preventing those threats has resulted in a Gordian knot. The people behind the new add-on for Firefox called Cocoon (download) want to cut through debate by serving the entire Web to you via proxy. (Cocoon is also available at GetCocoon.com.) [Screenshot]

Made by Santa Barbara, Calif., start-up Virtual World Computing, Cocoon's goal is to put the Internet on a server to prevent individual users from having to touch it, Cocoon Chief Executive Officer and co-founder Jeff Bermant said in an interview today at CNET's San Francisco offices. The add-on, which has about 4,000 users since it entered into private beta 18 months ago, creates a safe state in which the user can browse the Internet by forcing all interactions between the computer in front of you and the Internet to occur over protected SSL connections to Cocoon's servers. Those servers, in turn, are guarded by Security-Enhanced Linux, which was developed by the United States' National Security Agency.

Cocoon opened its beta to the public in January of this year.

Cocoon installs as a toolbar just below the location bar in Firefox 4, although the add-on supports the browser back to Firefox 3.6. You can turn it on or off using the universal power button icon on the left of the toolbar, or "pause" Cocoon lock/unlock button that's next to it. Settings are available from a hard-to-see drop-down arrow just next to the lock button.

Continued : http://download.cnet.com/8301-2007_4-20051064-12.html

Collapse -
LiveJournal under attack
by Carol~ Moderator / April 6, 2011 5:30 AM PDT
In reply to: NEWS - April 06, 2011

From Kaspersky Labs Weblog:

I don't have a LiveJournal account, but sometimes I'll have a quick read of the blogs during breaks. On 4 April, however, an official announcement by LiveJournal Russia stated that the service had been subjected to a DDoS and was unavailable.

This massive DDoS attack is the second to target LiveJournal over the last few days. Russia's online mass media is currently awash with rumors and speculation about the reasons and aims of the attacks.

We don't know exactly how many botnets took part in the latest attack but we definitely know of one botnet that was involved. It is based on the Optima/Darkness DDoS bot that is currently popular on the Russian-speaking cybercrime black market. Not only are the Trojan programs (bots) themselves on sale, but also infected computer networks that are built with the help of such programs and services offering to carry out DDoS attacks on any given Internet resource.

We have been monitoring one of these Optima botnets for some time now.

Analysis of the data acquired showed that the first DDoS attack on LiveJournal occurred on 24 March. The botnet's owners gave the command to launch an attack on the blog address of the renowned anti-corruption figure Alexey Navalny: http://navalny.livejournal.com. On 26 March, the bots received commands to attack another resource belonging to Navalny: http://rospil.info, and on 1 April, http://www.rutoplivo.ru, another site with a political slant, was targeted.

Continued : http://www.securelist.com/en/blog/442/LiveJournal_under_attack

Collapse -
WordPress 3.1.1 closes security holes
by Carol~ Moderator / April 6, 2011 6:26 AM PDT
In reply to: NEWS - April 06, 2011

The WordPress.org development team has issued version 3.1.1 of its open source blogging and publishing platform, a maintenance and security update to WordPress 3.1 from late February. According to the developers, the update addresses nearly 30 issues in WordPress, including three security vulnerabilities.

WordPress 3.1.1 corrects a cross-site request forgery (CSRF) vulnerability in the media uploader, as well as a PHP related crash caused when handling specially crafted links in comments. A cross-site scripting (XSS) issue has also been fixed.

Other changes in the release include various performance improvements, and fixes for IIS6 support, taxonomy and PATHINFO (/index.php/) permalinks, and plugin compatibility problems. All users are encouraged to upgrade to the latest release as soon as possible.

Continued : http://www.h-online.com/security/news/item/WordPress-3-1-1-closes-security-holes-1222572.html

Also: Several Vulnerabilities Patched in WordPress 3.1.1

See Vulnerabilities & Fixes: WordPress Cross Site Scripting and Request Forgery Vulnerabilities

Collapse -
After Epsilon: Avoiding Phishing Scams & Malware
by Carol~ Moderator / April 6, 2011 6:26 AM PDT
In reply to: NEWS - April 06, 2011

The recent massive data leak from email services provider Epsilon means that it is likely that many consumers will be exposed to an unusually high number of email-based scams in the coming weeks and months. So this is an excellent time to point out some useful resources and tips that can help readers defend against phishing attacks and other nastygrams.

Don't take the bait: Many people are familiar with the traditional phishing attack, which arrives in an email that appears to have been sent from your bank or ISP, warning that your account will be suspended unless you take some action immediately, usually clicking a link and "verifying" your account information, user name, password, etc. at a fake site. Commercial emails that emphasize urgency should be always considered extremely suspect, and under no circumstances should you do anything suggested in the email. Phishers count on spooking people into acting rashly because they know their scam sites have a finite lifetime; they may be shuttered at any moment (most phishing scams are hosted on hacked, legitimate Web sites). If you're really concerned, pick up the phone (gasp!) and call the company to find out if there really is anything for you to be concerned about.

Links Lie: You're a sucker if you take links at face value. For example, this might look like a link to Bank of America, but I assure you it is not. To get an idea of where a link goes, hover over it with your mouse and then look in the bottom left corner of the browser window. Yet, even this information often tells only part of the story, and some links can be trickier to decipher. For instance, many banks like to send links that include ridiculously long URLs which stretch far beyond the browser's ability to show the entire thing when you hover over the link. The most important part of a link is the "root" domain. To find that, look for the first slash (/) after the "http://" part, and then work backwards through the link until you reach the second dot; the part immediately to the right is the real domain to which that link will take you. Want to learn more cool stuff about links? Check out this guy's site and you'll be a link ninja in no time.

Continued : http://krebsonsecurity.com/2011/04/after-epsilon-avoiding-phishing-scams-malware/

Collapse -
Sony's 'in for a hell of a wake-up call,' Anonymous says
by Carol~ Moderator / April 6, 2011 6:38 AM PDT
In reply to: NEWS - April 06, 2011

"Hacker group digs in to avenge PlayStation3 jailbreakers with layers of attacking botnets"

Anonymous is at it again, this time attacking Sony and its playstation.com site for gamers, promising to publish personal details about Sony executives online and to unleash a triple wave of botnets against company sites.

The playstation.com site was unavailable at 11:30 a.m. Eastern as promised by Anonymous and despite Sony hiring distributed denial-of-service mitigation firm Prolexis to protect its sites. Half an hour later it was up but painfully slow.

In an IRC interview with playstationlifestyle.net blogger Sebastian Moss, an Anonymous member identified as Takai said yesterday that the group was aware of Prolexis being hired and that it would expand its attack beyond use of the Anonymous distirbuted DoS tool of choice, Low Orbit Ion Cannon (LOIC).

"We do however have ways for dealing with the 'Prolexic' factor," Takai is quoted as saying. "[T]he last thing we want, is Sony thinking we were in any way discouraged."

Continued : http://www.networkworld.com/news/2011/040611-sony-anonymous.html

Related : Anonymous hacks Sony PS3 sites

Collapse -
Announcing the Microsoft Security Update Guide, 2nd Edition
by Carol~ Moderator / April 6, 2011 6:39 AM PDT
In reply to: NEWS - April 06, 2011

From the Microsoft Security Response Center (MSRC):

Hi all --

We're pleased to announce the release of the new Microsoft Security Update Guide, Second Edition. Fully revised and updated from the first edition, which was released in 2009, this edition focuses on best practices for prioritizing and testing security updates before deployment within your organization's IT environment.

Feedback from our enterprise customers tells us that more and more IT professionals are deploying Microsoft security updates quickly based on their assurance in in the quality and thoroughness of testing performed. For the latest version of the Guide, we have detailed the extensive testing processes and procedures that we follow before releasing those updates, and we've pulled together our best guidance for assisting IT professionals with all aspects of deployment.

The latest edition of the Guide includes:

• Insight into how Microsoft tests security updates (including application-compatibility testing, rootkit detection, internal testing including live pre-release deployment on over 24,000 devices inside Microsoft);
• A guide to which update approach - Microsoft Update and Automatic Updates, Windows Server Update Service (WSUS), or Microsoft System Center Configuration Manager 2007 - is right for your enterprise;
• Information on our Security Update Validation Program, which allows selected partners and customers to test update functionality before release;
• Fully revised customer pre-deployment testing guidance, including guidance for Windows 7;
• Greater insight into our Severity Rating System and Exploitability Index;
• Refreshed and revised resources appendices.

The Microsoft Security Update Guide, Second Edition can be downloaded free from www.microsoft.com/securityupdateguide.

Thank you,
Angela Gunn
Trustworthy Computing.


Collapse -
Odd FakeAv Marketing
by Carol~ Moderator / April 6, 2011 6:39 AM PDT
In reply to: NEWS - April 06, 2011

The .co.cc domains, littered with malicious sub domains hosting exploit pages and malicious java applets for the past several months, are now hosting FakeAv pages and "BestAntivirus2011.exe". [Screenshot]

While the FakeAv rotation through .co.cc is not a shocker to security researchers at this point, one interesting domain popped out from the tens of thousands of .co.cc sub domain fakeav hits over the past day..."antispyware-macbook(dot)co(dot)cc". This marketing quirk is odd, even for these guys. Does this domain suggest that another Apple based malware is in the works? Possibly. For now, I doubt it, because the Windows platform continues to be the dominant player, and this malware distributor seems to be very persistent at targeting the Windows platform. But it is very odd that this group is marketing "Fast Windows Antivirus 2011" from "macbook" domains.

Whatever group is using these domains, they have been very successful at conning large advertising networks into hosting their banner ads that redirect to these .co.cc sites. What they develop next is anyone's guess. Here is a non-exhaustive list of the terms used in sub domains currently peddling the "Bestantivirus2011.exe" from these free and incredibly cheap .co.cc hosting domains over the past day or so. When users visit pages at these sites, they are presented with the usual "Your computer is infected!" scareware and "Windows Security has found on your system and will perform fast scan of system files" scam:

antispyware-trends ..

Continued : http://www.securelist.com/en/blog/6178/Odd_FakeAv_Marketing#readmore

Collapse -
Sgt. Scammer's Lonely Hearts Club
by Carol~ Moderator / April 6, 2011 6:39 AM PDT
In reply to: NEWS - April 06, 2011

From Symantec Security Response Blog:

Internet advertising has the potential to be a very worthwhile method for generating income. However, advertising on the Internet typically produces a higher return of payment if the ads themselves are clicked. Therefore, there is a high incentive for scammers to devise ways to ensure that the ads hosted on sites under their control are clicked - be it through malware, automated scripts, email spam links, or any other method. After all, potential profit drives innovation - for legitimate and illegitimate business alike.

However, advertisement networks are capable of identifying illegitimate activity on their networks, which increases the need for scammers to hide illegitimate activity for as long as possible, thereby allowing them to reap the largest possible profit. In the past, we have observed various Trojans that connect to websites and click on the ads. Recently, however, we have discovered a more elaborate scam that establishes a network of fake dating/social network/blog websites and then uses a number of Trojans to connect to these websites and click on the residing advertisements. This entire process is presumably controlled by the very same creators who initially developed the fake dating/social network/blog website.

This is how the scam is executed:

The scammers construct a set of legitimate looking dating/social network/blog websites. In the case of the dating and social network sites, they are developed with real pictures and some rudimentary profile information. The sites themselves look professional and genuine.

Continued : http://www.symantec.com/connect/blogs/sgt-scammer-s-lonely-hearts-club

Collapse -
75% Of SMB Banking Fraud Occurs Online
by Carol~ Moderator / April 6, 2011 6:39 AM PDT
In reply to: NEWS - April 06, 2011

"Most scams involved online account takeover or theft, according to a study commissioned by security vendor Guardian Analytics and conducted by Ponemon Institute. "

Three out of four small and midsize businesses that encountered banking fraud during the past year were victimized online, according to a new study.

Well over half -- 56% -- of those companies experienced some form of banking-related scam during the previous 12 months, according to the report. About 75% of those cases involved online account takeover or other Web-based fraud. Some 61% of SMBs that fell prey to bank fraud were victimized more than once.

The 2011 Business Banking Trust Study, commissioned by security vendor Guardian Analytics and conducted by Ponemon Institute, included 533 businesses with fewer than 200 employees and average annual revenue of $21.6 million. All respondents were owners or senior executives with access to their company's corporate bank accounts. Guardian Analytics CEO Terry Austin noted that the current fraud numbers -- particularly in the online security arena -- showed remarkably little change from the 2010 version, the first year that Guardian sponsored the study. Last year's study found the same rate of Web-based fraud -- 75% of all cases occurred online.

Continued : http://www.informationweek.com/news/smb/security/showArticle.jhtml?articleID=229400827

Collapse -
Hackers hijack top Russian football club's website
by Carol~ Moderator / April 6, 2011 6:40 AM PDT
In reply to: NEWS - April 06, 2011

Fans of FC Zenit Saint Petersburg, one of Russia's top football clubs, got a surprise this morning if they visited the team's website.

Instead of seeing stories and images of their favourite soccer players in action, they were presented with a page of insults directed at the city's political leaders.

Images of Saint Petersburg governor Valentina Matviyenko and Vadim Tyulpanov, speaker of the city parliament, were shown alongside a message that translated is part as:

"To hell with the party of thieves and pickpockets. They have already destroyed more buildings than the Nazis during the attack on Leningrad between '41 and '44"

The rant went on to criticise political leaders for poorly clearing up icicles and winter snow, leading to the tragic death of five people, including two children.

Interestingly, a message on FC Zenit's Facebook page denied that their website had been hacked, and put the blame on a problem with their DNS records. [Screenshot]

If that's right then it means that the club's own web servers weren't necessarily breached by the hackers.

DNS records work like a telephone book, converting human-readable website names like example.com into a sequence of numbers understandable by the internet. What seems to have happened is that someone changed the lookup at the DNS registrar, so when you entered FC Zenit's website address into your browser you were instead taken to a website that wasn't under the club's control.

Continued : http://nakedsecurity.sophos.com/2011/04/06/hackers-mess-with-top-russian-football-clubs-website/

Collapse -
Free Coins for Online FIFA Players
by Carol~ Moderator / April 6, 2011 6:40 AM PDT
In reply to: NEWS - April 06, 2011

In the past couple of months, Symantec observed phishing sites that spoofed online FIFA games. The legitimate game is played by forming a team of footballers purchased with coins. The more games you win with your team, the more coins you gain. The popular and more skilled footballers demand a higher number of coins.

The phishing campaign was launched with fake offers of free coins to lure online FIFA players. One of the phishing sites was purportedly from a player who sympathized with end users who struggle with the game. The phishing site contained a message from this fictitious player which expressed the embarrassment one goes through for having a team of low profile footballers. The message explained that the site would help players generate free coins so that they could form a more expensive team of footballers. The phishing site prompted users to login with their email address and password to gain up to 10,000 free coins per day. The phishing pages featured popular footballers such as Wayne Rooney, Ronaldinho, Frank Lampard, and Xavi, giving the impression that one could buy these players upon generating the free coins. If end users fell victim to the phishing site, phishers would have successfully stolen their information for identity theft. [Screenshot]

Continued : http://www.symantec.com/connect/blogs/free-coins-online-fifa-players

Collapse -
Is Hacker TV sitcom a true reflection of computer security..
by Carol~ Moderator / April 6, 2011 6:40 AM PDT
In reply to: NEWS - April 06, 2011
.. industry?

Tonight, TV network FOX will be launching an ethical hacker comedy called 'Breaking In'. From everything I see online about it, it sounds like, FINALLY, we have a show that gives you true insight into the world of cyber security and penetrative testing.

1. They are all good-looking in that 'can-you-tell-I-live-in-Hollywood' way.
2. They are armed to their perfectly straight pearly whites with witty one liners.
3. They have really high-tech swanky work digs (why have one screen when nine will do?)
4. They don't just stick to cyber hacking, but they also pick locks, steal cars, etc.

This is *exactly* what it is like in my industry. Really. In fact, if you meet all the above criteria, why not apply for a job at Sophos?

They have launched a few trailers as well as dipped their toe into the social media swamp to generate some excitement about tonight's debut.

After I checked out this little interactive nugget, one does hope that Breaking In, which stars the middle-aged Christian Slater, is a little more original than a sexed-up game of hangman.

I am probably being too harsh. Perhaps comedic fluff is exactly what we need after a great number of TV tech dramas that take themselves really seriously. They have done this for almost all professions, so why not computer security?

Continued : http://nakedsecurity.sophos.com/2011/04/06/warning-tv-show-breaking-in-debuts-tonight/
Collapse -
Online 'do not track' bill introduced in California Senate
by Carol~ Moderator / April 6, 2011 6:50 AM PDT
In reply to: NEWS - April 06, 2011

"Bill could put California in the forefront of the fight for more Internet privacy. It would create a mechanism to let users tell website operators they don't want their online habits monitored."

Reporting from Sacramento and San Francisco -

California is putting itself in position to lead the fight for increased online privacy by trying to pass the country's first so-called do-not-track law to keep personal data from being grabbed off the Internet.

Legislation by state Sen. Alan Lowenthal (D-Long Beach) would create a mechanism to allow users of smartphones, tablets, computers and any other device that accesses the Internet to tell website operators they don't want their online habits monitored.

As California did with do-not-call efforts to block telemarketers, he said, the state should be out front in blocking online tracking. "We will lead and provide stimulus to the rest of the nation," Lowenthal said. "It's much more difficult to get something like this through Washington."

Momentum is growing for do-not-track legislation, either as a stand-alone protection for consumers or part of more comprehensive privacy reform, privacy experts say. California's bill signals that the final push might come from the states, not the federal government.

"The states have been quiet in this area for a couple of years," said Mike Zaneis, general counsel of the Interactive Advertising Bureau, a trade group for the $23-billion online industry. "Leave it to California to jump in."

Continued : http://www.latimes.com/business/la-fi-do-not-track-20110406,0,590866.story

Also: Do-Not-Track Bill Introduced in California

Collapse -
Forget June:Microsoft already pushing IE9 via Windows Update
by Carol~ Moderator / April 6, 2011 11:04 AM PDT
In reply to: NEWS - April 06, 2011

Microsoft officials said recently that the company was not going to push Internet Explorer (IE) 9 to users who hadn't tested its latest browser until late June.

On April 6, however, I began receiving reports from users who had not installed the Release Candidate (RC) or the beta of IE9 that they were seeing IE 9 show up via Windows Update - something that wasn't supposed to be happening yet.

Some users were none too happy about this, given they had been expecting Microsoft to push the update to them - and their users (if they are administrators for larger networks) - for a couple more months. (One less disgruntled user did quip: "Better early than never. Now where's my NoDo update?")

Microsoft has marked the update as "important," said users who began seeing it today. It is being pushed to Windows 7, Vista, Windows Server 2008, and Windows Server 2008 R2 users, according to reports I'm getting. [Screenshot]

The Microsoft Knowledge Base Support site does not mention that Microsoft changed plans and decided to start pushing it two months earlier than expected.

I've asked Microsoft what gives. Why is the company pushing IE 9 now instead of late June? No word back yet, other than a spokesperson noting "as is standard, IE9 is available on DLC (Microsoft Download Center) for users to download it manually."

Continued : http://www.zdnet.com/blog/microsoft/forget-june-microsoft-already-pushing-ie9-via-windows-update/9118

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?