General discussion

NEWS - April 08, 2010

Bank insider charged over ATM malware scam

"BofA BOFH cuffed"

An IT worker at Bank of America has been charged with hacking ATM systems so that machines handed out cash without recording his transactions, IDG reports.

Rodney Reed Caverly, of Charlotte, North Carolina, was charged with a single count of computer fraud over the alleged creation of malware that infected bank computers and ATMs. The alleged miscreant used his inside knowledge as a member of staff responsible for designing and maintaining computer systems and cash machines to carry out the crime, prosecutors charge.

Fraudulent withdrawals took place between March 2009 and October 2009. Losses to the bank are unspecified at this stage of legal proceedings, but above the $5,000 minimum necessary to file computer fraud charges.

Continued here:

Discussion is locked

Reply to: NEWS - April 08, 2010
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - April 08, 2010
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
- Collapse -
Shortened URLs in IM Apps Lead to a Worm

From TrendLabs Malware Blog:

TrandLabs engineers recently discovered that cybercriminals now use shortened URLs to spam malware via instant-messaging (IM) applications like Yahoo! Instant Messenger and MSN. As we all know, URL-shortening services are used to compress long and unreadable URLs into short, bite-sized ones. Short URLs are more portable and are now preferred over the (normally long) actual URLs when one wishes to share news within networks using their own websites, blogs, Tweets, and other social media tools.

The bad guys seem to have changed their strategy. We have gotten used to seeing malicious URLs like http://{BLOCKED}, http://www.{BLOCKED}, and http://www.{BLOCKED} in instant messages. Now, we see a slew of instant messages containing shortened URLs like http://{BLOCKED}.com/pict04042010jpg and http://{BLOCKED}.com/va98d.

Shortening URLs may mean two things. First, this makes it harder for antivirus companies to block malicious URLs, as it would take them longer to get the landing link. Second, URL-shortening services can be used by cybercriminals to trick users into clicking suspicious links.

Malware that spread via IM applications based their messages on the OS a computer uses. Cybercriminals have also been known to use shortened URLs for spamming purposes as shown in the following screenshots. [...][...]

Continued here:

- Collapse -
1-in-10 Windows PCs still vulnerable to Conficker worm

"A year after doomsday reports, 10% of systems unpatched against worm's exploits"

More than a year after doomsday reports hinted that the Conficker worm would bring down the Internet, one-in-10 Windows PCs still have not been patched to plug the hole the worm wriggles through, new data shows.

And 25 of every 1,000 systems are currently infected with the worm.

According to Qualys, a security risk and compliance management provider, about 10% of the hundreds of thousands of Windows systems it monitors for customers have not yet applied Microsoft's MS08-067 security update. MS08-067, an out-of-band release that shipped in October 2008, patched a bug in the service Windows uses to connect to file and print servers.

Continued here:

- Collapse -
German group calls for Facebook boycott

"Hot under collar over privacy changes"

A German consumer group has warned users not to use Facebook if the social-networking company fails to withdraw the proposed changes to its privacy policy. Last month, Facebook announced that it was considering changing its privacy policy to allow information to passed on to third-parties without users giving their consent.

VZBV, an umbrella organisation representing consumer groups across Germany, has said that the American company has "repeatedly and deliberately crossed data protection boundaries" and that uses of the worldwide service should be looking to boycott it.
And the group has a high-level supporter, earlier this week German">,,5434409,00.html]German consumer minister Ilse Aigner wrote an open letter to Facebook founder Mark Zuckenberg complaining about the proposed changes and threatened to cancel her Facebook page. ""Private information must remain private," she said.

Continued here:

- Collapse -
Facebook privacy unrest rumbles on

From Graham Cluley's Blog:

Hot on the heels of a Sophos poll revealing that 95% of you disapprove of Facebook's proposed changes to its privacy policy, there appear to be signs of growing public grumpiness about Facebook's plans.

German Consumer Protection Minister Ilse Aigner has written an open letter to Mark Zuckerberg, CEO of Facebook, expressing her concern that the site is showing a lax attitude to data protection.

Facebook continues to try and defend itself by saying that it will give users the ability to "opt-out" of sharing their personal data with third-party sites, but that isn't cutting much mustard with Ilse Aigner (or me for that matter).

As you'll see in Ilse Aigner's letter which I've included below, she actually threatens to quit the social networking site unless Facebook sees the light.

Facebook should be asking users to make the conscious choice to share their personal information with others, rather than having to make a conscious decision to decline.

Continued (with letter) here:

- Collapse -
Gracenote, Civolution in UGC fingerprinting deal

Content watermarking firm Civolution has signed an expanded long-term agreement with online music database firm Gracenote to jointly market an audio and video content identification platform that lets content owners and service providers filter and monitor content.

The service, called MediaHedge, will be an online hosted offering for content providers. It marries Civolution's video fingerprinting technology with Gracenote?s music identification technology, hooking into Gracenote's Global Media Database. MediaHedge will enable content owners and service providers to identify content that is to be streamed or downloaded from their services, and will appeal particularly to service providers that allow user-generated content to be uploaded for consumption via their sites.

They will be able to apply pre-defined rules for managing that content based on how it matches against the audio-visual database. Content can be blocked before publication, for example, or users can be redirected to specific websites that display targeted advertisements before copyrighted content can be listened to or viewed.

Continued here:

- Collapse -
Upcoming Adobe/Acrobat Reader to be Delivered by New Updater
Upcoming Adobe Reader and Acrobat 9.3.2 and 8.2.2 to be Delivered by New Updater

From the Adobe Reader Blog:

On Tuesday, April 13, 2010, we are planning to release Adobe Reader and Acrobat 9.3.2 and 8.2.2 as part of our regularly scheduled quarterly updates.

As mentioned in a previous blog post titled Adobe Reader and Acrobat Updates Include New Security Improvements, we have been testing a new updater technology with select beta customers since our October 13, 2009 quarterly update. The purpose of the new updater is to keep end-users up-to-date in a much more streamlined and automated way.

During our quarterly update on January 12, 2010, and then again for an out-of-cycle update on February 16, 2010, we exercised the new updater with our beta testers. This allowed us to test a variety of network configurations encountered on the Internet in order to ensure a robust update experience. That beta process has been a successful one, and we've incorporated several positive changes to the end-user experience and system operation. Now, we're ready for the next phase of deployment.

On Tuesday, April 13, 2010, as part of our quarterly update, we will activate the new updater for all users needing Adobe Reader and Acrobat 9.3.2 and 8.2.2 for Windows and Macintosh. As of yesterday, April 7, 2010, we have been activating our new updater for those users who are not yet up-to-date with our latest versions. During this phase of the process, we are utilizing users' current update setting found in the Adobe Reader and Acrobat Preferences, under the "Updater" panel, as shown in the screen captures below. [...]

More (with screenshots) here:
- Collapse -
Lawsuit Says McAfee Plays Loose With Customer Data

McAfee, a household name for computer virus-protection, is facing accusations it dupes customers into purchasing third-party services, and hands over consumer banking information to enable those transactions.

A proposed federal class action in San Francisco claims that, once McAfee customers purchase McAfee software online, a pop-up appears even before the McAfee download begins.

?The pop-up, mimicking the look of the other pages on the McAfee site, thanks the customer for purchasing McAfee software, and prompts McAfee?s customers to click a red button to ?Try it Now,?? the lawsuit alleges. ?The pop-up contains no obvious visual cues or conspicuous text indicating that it is an advertisement for another product, or that clicking on ?Try it Now? will lead not to the delivery of the McAfee product but rather to the purchase of a completely different product? (.pdf).

The unfair-business practices lawsuit comes as McAfee and rival Symantec are accused in a New York federal court of automatically renewing antivirus software subscriptions absent customer consent.

The San Francisco federal lawsuit points out that McAfee?s recent Form 10K filing says McAfee delivers ?proactive and proven solutions and services that help secure systems and networks around the world, allowing users to safely connect to the internet, browse and shop the web more securely.?

Continued here:

- Collapse -
The mobile game with a Trojan thrown in for free

From the Kaspersky Lab Weblog:

Since 27 March a new game called 3D Antiterrorist has been cropping up on quite a few international freeware sites offering downloads for Windows Mobile smartphones. As well as the game itself, the 1.5 MB archive contains the file reg.exe which is actually a Trojan that calls premium rate international numbers and leaves smartphone owners significantly out of pocket. As of 8 April this malicious program has been detected by Kaspersky Lab as Trojan.WinCE.Terdial.a. Let?s take a closer look at what happens.

After the installation file is launched, the game is installed in Program Files, while the malicious file reg.exe (5632 bytes) is copied to the system directory under the name smart32.exe.

A closer inspection of the malicious program?s code revealed that:

* it was created by Russian-speaking virus writers;
* calls are made to 6 different premium-rate numbers every 50 seconds;
* it uses the CeRunAppAtTime function to self-launch, and it launches at night when the smartphone owner is most likely to be asleep.

Here is the list of numbers where the calls are made:

Continued here:

- Collapse -
Fake Java Application websites target XBox Gamers

From the Sunbelt Blog:

If you like downloading or installing programs on your PC related to XBox gaming, you might want to take note of this writeup. There?s a DIY kit in circulation that allows an attacker to create a website claiming to be an XBox Live application for your computer. We've grabbed the kit and had a poke around inside to see how this operates - all it takes is two pages of HTML, a fake graphic and a Java archive to set this one in motion. This is the kit in question: [...]

Upon visiting any site related to this scam, the end-user will see a blank webpage with nothing other than a Java notice and a fake Softpedia award at the bottom of the screen: [...]

At this stage, the end-user will be presented with the following Java Application Digital Signature Permission Screen: [...]

Note that they list the publisher as ?Microsoft?, which is always going to make potential victims a little bit easier to trick into hitting the Run button. As a counterbalance, notice also the message in large text that reads "The application's digital signature cannot be verified. Do you want to run the application?"

Continued here:

CNET Forums

Forum Info