Spyware, Viruses, & Security forum


NEWS - April 18, 2012

by Carol~ Moderator / April 18, 2012 3:42 AM PDT
Rogue Instagram and Angry Birds Space for Android Spotted

From TrendLabs Malware Blog:

Recently, Facebook announced its acquisition of Instagram — a popular photo-sharing smartphone app, which also released an Android version almost a week ago. It was reported that Facebook paid approximately $1 billion (£629m) in cash and stock for the said takeover.

Cybercriminals, soon enough, started to take advantage of Instagram's popularity. We discovered a spoofed webpage containing a rogue version of Instagram. The said webpage mimics Instagram's legitimate download page. The red squares indicate clickable links that lead to the download: [Screenshot] - [Screenshot]

For your reference, below is a screenshot of the site hosting the legitimate app: [Screenshot]

My colleague Jonathan Beltran also uncovered a rogue version of Angry Birds Space. Similar to the fake Instagram app, the webpage hosting this rogue app is hosted on a Russian site. [Screenshot]

Continued : http://blog.trendmicro.com/rogue-instagram-and-angry-birds-space-for-android-spotted/

From Sophos: Fake Instagram app infects Android devices with malware

Related: Malware disguised as new Instagram Android app
Discussion is locked
You are posting a reply to: NEWS - April 18, 2012
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - April 18, 2012
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Oracle patch day addresses 88 vulnerabilities
by Carol~ Moderator / April 18, 2012 4:32 AM PDT
In reply to: NEWS - April 18, 2012

Oracle has released 88 security patches as part of its scheduled April Critical Patch Update (CPU), ten more than on its last patch day in January. One of the patches affects a series of vulnerabilities in the Java JRockit VM with a CVSS Base Score of 10.0 - this is the highest possible level of vulnerability in the Common Vulnerability Scoring System. Oracle also closed holes with a CVSS score of 9.0 in Grid Engine and the Windows version of the database component Spatial (in non-Windows versions the vulnerability score of this flaw is 6.5). All other vulnerabilities have scores of 7.5 or lower.

Of the 88 released updates, 6 patch holes directly in Oracle's Database Server and 6 others might affect it indirectly via Enterprise Manager Grid Control. Of the Grid Control vulnerabilities, 4 can be exploited remotely without authentication. The Oracle Fusion middleware software received 11 advisories, some of which affect Java and therefore also JRockit. Additionally, 17 patches have been released for Oracle FLEXCUBE, 11 affect PeopleSoft Enterprise and 6 relate to MySQL. Oracle has released several patches for Solaris as well.

Details about the patched vulnerabilities are still sparse as the company is trying to prevent attackers from reverse engineering the fixes before its customers have had a chance to deploy them. In an earlier out-of-band update to MySQL, this strategy failed when Oracle accidentally released a proof of concept for exploiting a vulnerability along with a security patch.

Continued : http://www.h-online.com/security/news/item/Oracle-patch-day-addresses-88-vulnerabilities-1541933.html

Oracle fixes 88 security vulnerabilities
Oracle Fixes 88 Bugs with April 2012 Critical Patch Update

See : Vulnerabilities / Fixes - April 18, 2012

Collapse -
No Reservations - Remote Access Trojan Pilfers Credit Cards
by Carol~ Moderator / April 18, 2012 4:32 AM PDT
In reply to: NEWS - April 18, 2012

From the Trusteer Blog:

Our intelligence center researchers recently uncovered attack code being sold in underground forums that uses a remote access Trojan to steal credit card information from a hotel point of sale (PoS) application. This scheme, which is focused on the hospitality industry, illustrates how criminals are using malware on enterprise machines to collect financial information from enterprises instead of targeting end users machines.

In this particular scenario, a remote access Trojan program is used to infect hotel front desk computers. It then installs spyware that is able to steal credit card and other customer information by capturing screenshots from the PoS application. The spyware is not detected by anti-virus programs. [Screenshot]

This attack code is being offered for $280. It can steal credit card numbers and expiration dates, but not CVV2 numbers in the sample we inspected. The purchase price includes instructions on how to set-up the Trojan. The sellers even offer advice on how to use telephone social engineering techniques via VoIP software to trick front desk managers into installing the Trojan.

Continued : http://www.trusteer.com/blog/no-reservations-%E2%80%93-remote-access-trojan-pilfers-credit-cards-hotels

Collapse -
Tim Berners-Lee urges government to stop the snooping bill
by Carol~ Moderator / April 18, 2012 4:32 AM PDT
In reply to: NEWS - April 18, 2012

The government's controversial plans to allow intelligence agencies to monitor the internet use and digital communications of every person in the UK suffered a fresh blow on Tuesday when the inventor of the world wide web warned that the measures were dangerous and should be dropped.

Sir Tim Berners-Lee, who serves as an adviser to the government on how to make public data more accessible, says the extension of the state's surveillance powers would be a "destruction of human rights" and would make a huge amount of highly intimate information vulnerable to theft or release by corrupt officials. In an interview with the Guardian, Berners-Lee said: "The amount of control you have over somebody if you can monitor internet activity is amazing.

"You get to know every detail, you get to know, in a way, more intimate details about their life than any person that they talk to because often people will confide in the internet as they find their way through medical websites ... or as an adolescent finds their way through a website about homosexuality, wondering what they are and whether they should talk to people about it."

Continued : http://www.guardian.co.uk/technology/2012/apr/17/tim-berners-lee-monitoring-internet

Related :
Google's Sergey Brin: state filtering of dissent threatens web freedom
Internet freedom under threat, says Google co-founder

Collapse -
Two-thirds of UK web cookies owned by third parties
by Carol~ Moderator / April 18, 2012 4:32 AM PDT
In reply to: NEWS - April 18, 2012

UK websites contain an average of 14 cookies per page, the majority of which belong to third parties, according to a new report.

Cookies are small sections of code that websites put on a user's computer so that they can remember something. They are used to enable websites to remember users' preferences, but can also be used to track consumers' browsing behaviour for targeted advertising purposes.

A typical user will encounter anywhere between 112 and 140 cookies during their average session on a British website, according to privacy solutions provider TRUSTe, and over two-thirds will be used by third parties (ie. not the website owner) to deliver targeted advertising.

The news comes just over a month before the EU e-Privacy Directive is enforced in the UK, requiring anyone running a website to get explicit opt-in consent from their visitors before deploying cookies on their machines. The law is designed to give people greater choice about whether or not they want their online behaviour to be tracked.

However, research by KPMG earlier this month revealed that 95 percent of businesses were not in compliance with the cookie-related requirements of the e-Privacy Directive, and are therefore risking fines of up to £500,000.

Continued : http://news.techworld.com/security/3352045/two-thirds-of-uk-web-cookies-owned-by-third-parties/

Related: Tracking the trackers: first progress report

Collapse -
Flashback lingers - despite Apple's fix, the Mac malware ..
by Carol~ Moderator / April 18, 2012 8:25 AM PDT
In reply to: NEWS - April 18, 2012
.. the Mac malware remains on 140k machines

According to computer security firm Symantec, the recently discovered Flashback malware, which was estimated to be on approximately 600,000 Mac computers around the world, still hasn't been removed from some 140,000 of them. Time to perform a software update, perhaps?

Even though Apple recently released a removal tool together with a patch to prevent future infection, the Flashback malware is reported to still be on a large number of Mac computers.

Computer security firm Symantec said in a blog post on Tuesday that some 140,000 Mac machines remain infected, a significant drop from the 600,000 reported earlier this month but more than expected considering the publicity given to the malware, as well as the release of removal tools and patches from Apple, Symantec and other security firms.

"We had originally believed that we would have seen a greater decline in infections at this point in time, but this has proven not to be the case," Symantec's post said. The number of infected Macs is declining daily, but the rate of removal is slowing, as the table below shows. [Screensht]

Continued : http://www.digitaltrends.com/computing/flashback-lingers-despite-apples-fix-the-malware-remains-on-140k-machines/
Collapse -
New Spam campaign on Twitter Leads to Rogue AV
by Carol~ Moderator / April 18, 2012 8:25 AM PDT
In reply to: NEWS - April 18, 2012

From the Kaspersky Lab Weblog:

Early today, Kaspersky Lab discovered a new ongoing spam campaign on Twitter. hundreds of compromised accounts are currently spamming malicious links, hosted on .TK and .tw1.su domains, leading to Rogue Anti Virus softwares. [Screenshot]

Here is an analysis of the infection at a given time. Keep in mind that it is just a snapshot of the infection, and that the numbers are actually lower than reality.

The compromised accounts spammed up to 8 messages per second, with links redirecting users to the infamous BlackHole exploit kit. [Screenshot]

Upon following such a link, users received an alert about malicious activities on their computer and the need to do a fast scan of their system files. [Screenshot]

Here is the above mentioned fast system scan:

Continued : http://www.securelist.com/en/blog/208193477/New_Spam_campaign_on_Twitter_Leads_to_Rogue_AV

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.