Spyware, Viruses, & Security forum


NEWS - April 19, 2013

by Carol~ Moderator / April 19, 2013 12:38 AM PDT
DDoS Attacks 700 Percent Stronger, Iran Joins Top Source Countries

Denial of Service attacks are experiencing a surge in power and duration in the first months of 2013, with Iran joining China and The United States as a top source of the crippling online attacks.

The power of distributed denial of service (or DDos) attacks - measured in packets per second - jumped 718 percent in the first three months of 2013, compared to the final three months of 2012, the security firm Prolexic reported on Wednesday. The average bandwidth used in DD0S attacks reached 32.4 million packets per second, overwhelming Internet service providers (ISPs), carriers and content delivery networks designed to mitigate the effects of sudden Internet traffic surges.

The data comes from Prolexic's DD0S Report for the first quarter of 2013. That firm, based in Hollywood, Florida, has become a go-to firm for companies that find their web sites on the receiving end of DDoS attacks. The average attack bandwidth totaled 48.25 Gbps in Q1 2013, a 718 percent increase over last quarter, and the average packet-per-second rate reached 32.4 million, the company said.

Continued: http://securityledger.com/juiced-ddos-attacks-700-percent-stronger-as-iran-joins-top-source-countries/

Prolexic's Q1 2013 DDoS Report: Average Attack Bandwidth Up 718 Percent
Fueled by super botnets, DDoS attacks grow meaner and ever-more powerful
DDoS Attacks Targeting ISPs on the Rise: Prolexic Q1 2013 Report
Average DDoS attack bandwidth up 718 percent
Discussion is locked
You are posting a reply to: NEWS - April 19, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - April 19, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Malwarebytes declares Windows 'malicious', nukes 1,000s ..
by Carol~ Moderator / April 19, 2013 12:50 AM PDT
In reply to: NEWS - April 19, 2013
.. of PCs

A dodgy software update for virus-killer Malwarebytes disabled thousands of PCs before a fix was issued this week.

Malwarebytes' database version v2013.04.15.12 erroneously flagged core Windows system files as malicious, resulting in unstable - and in some cases unbootable - machines. Windows system files were wrongly identified as Trojan-Downloader-ED.

The antivirus firm quickly pulled Monday's update and issued instructions on how to nurse crippled machines back to health. Despite its prompt response within minutes of the problem flaring up, thousands were still affected. Both consumer and enterprise users of Malwarebytes' technology were affected.

Marcin Kleczynski, Malwarebytes' chief exec, apologised for the botched update before later promising improvements in its update process.

Continued : http://www.theregister.co.uk/2013/04/19/malwarebytes_false_positive/
Collapse -
'Magic' Espionage Malware hits Thousands of UK Computers
by Carol~ Moderator / April 19, 2013 12:50 AM PDT
In reply to: NEWS - April 19, 2013

Thousands of U.K. business computers have been infected by espionage malware using a custom protocol to communicate with its command and control servers. Researchers at Israeli security company Seculert added that the malware is still percolating with a number of capabilities yet to be deployed.

The custom protocol has another unique element to it, in that it always initiates communication with a command that includes the string "some_magic_code1" as an authenticator. After an initial connection over HTTP, the interaction changes to the custom protocol and additional instructions are fed to infected machines.

Seculert CTO Aviv Raff said the malware, in one example, was instructed to add a new user to the infected system with a user name of WINDOWS and a password of MyPass1234 which would be used to give the attacker remote access to the compromised machine.

"This 'magic malware' — as we've dubbed it — is active, persistent and had remained undetected on the targeted machines for the past 11 months," Raff wrote on the company's blog.

Continued: http://threatpost.com/magic-espionage-malware-hits-thousands-of-uk-computers/

Related to: 'Magic' Malware Using Custom Communication Protocol Discovered

Thousands Of UK Users Cursed By 'Magic Malware'
Magic Malware infects thousands of UK firms with network infiltration tricks
Magic mystery malware menaces many UK machines - new claim

Collapse -
Former LulzSec member jailed for Sony Pictures hack
by Carol~ Moderator / April 19, 2013 12:50 AM PDT
In reply to: NEWS - April 19, 2013

"Twenty five year-old hacker sentenced to one year in prison and one year of home detention"

Cody Andrew Kretsinger, a 25-year-old man from Decatur, Illinois, was sentenced Thursday to one year in federal prison for his role in a May 2011 breach of a Sony Pictures website and database.

At the time of the intrusion Kretsinger, who used the online alias "recursion," was a member of a hacker group called Lulz Security, or LulzSec, that went on a hacking spree during the first half of 2011. The group was affiliated with the international Anonymous hacktivist collective.

LulzSec took credit for hacking into the Sony Pictures website and leaking customer data stolen from its database on the Internet. The leaked information included names, addresses, phone numbers and email addresses.

Contiued : http://news.techworld.com/security/3443095/former-lulzsec-member-jailed-for-sony-pictures-hack/

Former LulzSec member gets prison sentence for Sony Pictures hack
Ex-LulzSec bloke to spend a YEAR in the cooler for Sony hack
LulzSec hacker sentenced to a year in federal prison

Collapse -
Blackhole Spam Campaigns Disguised as Top Service Brands
by Carol~ Moderator / April 19, 2013 12:50 AM PDT
In reply to: NEWS - April 19, 2013
Blackhole Exploit Kit Spam Campaigns Disguised as Top Service Brands

From McAfee Labs Blog Central:

Spam campaigns based on the Blackhole Exploit Kit send messages that contain links to compromised legitimate websites, which serve hidden iframes and redirections that exploit vulnerabilities across operating systems-from Android to Windows. Spam themes we have seen vary rapidly and are disguised to appear as legitimate messages from familiar services.

Campaigns spoofing Facebook, LinkedIn, American Airlines, and various banking services carry embedded links to malware. Spammers abuse email templates from familiar service providers by capturing automated emails, replacing links in the template with links to malware, and rebroadcasting those messages to harvested or predicted recipients.

This tactic has proven effective for spammers. Recipients are likely to click links in familiar-looking emails and often create custom whitelist entries for common sending domains without enforcing Sender Policy Framework or DomainKeys Identified Mail validation.

The Messaging Security Team at McAfee Labs has closely monitored this trend and would like to share a few common traits from recent campaigns to aid in identification:

Continued : http://blogs.mcafee.com/mcafee-labs/blackhole-exploit-kit-spam-campaigns-disguised-as-top-service-brands

Related: Facebook and LinkedIn used in Blackhole exploit kit spam campaigns
Collapse -
Shock Waves from Texas & Boston Blasts Hit Internet in ..
by Carol~ Moderator / April 19, 2013 12:50 AM PDT
In reply to: NEWS - April 19, 2013
.. Form of Spam Waves

The blasts that killed 15 people and injured 160 at a Texas fertilizer plant yesterday triggered a global wave of malicious spam today, even as the internet is still infested with spam messages that exploit the Boston Marathon bombings to spread password-stealing malware.

Only hours after the blasts in Texas, spammers injected keywords and subject headers related to the explosion into about 5 per cent of all spam that hit the internet, according to the Bitdefender anti-spam labs. The Texas-related spam, which is expected to intensify in coming hours, comes as 20 percent of spam hitting the internet exploits the Boston bombings.

The Bitdefender research, based on a sample pool of 2 million unsolicited e-mails, turned up hundreds of thousands of spam messages that had been altered at the last minute to promise breaking news, graphic videos and more related to the Boston Marathon attacks.

In the spam wave, Bitdefender found spam harboring a component of the infamous Red Kit exploit pack. Threats downloaded by RedKit include Trojan.GenericKDZ.14575, a password stealer that grabs users' account passwords. It also watches the network traffic of the infected machine by dropping three legitimate WinPcap components, some of which were reported to also steal bitcoin wallets and send e-mails.

Continued : http://www.hotforsecurity.com/blog/shock-waves-from-texas-and-boston-blasts-hit-internet-in-form-of-spam-waves-5973.html

Related: Cybercriminals Leverage Boston Marathon Bombing, Texas Explosion in Malware Attacks
Collapse -
Bank Sues Cyberheist Victim to Recover Funds
by Carol~ Moderator / April 19, 2013 12:51 AM PDT
In reply to: NEWS - April 19, 2013

A bank that gave a business customer a short term loan to cover $336,000 stolen in a 2012 cyberheist is now suing that customer to recover the fronted funds, after the victim company refused to repay or even acknowledge the loan.

On May 9, 2012, cyber crooks hit Wallace & Pittman PLLC, a Charlotte, N.C. based law firm that specializes in handling escrow and other real-estate legal services. The firm had just finished a real estate closing that morning, initiating a wire of $386,600.61 to a bank in Virginia Beach, Virginia. Hours later, the thieves put through their own fraudulent wire transfer, for exactly $50,000 less.

At around 3 p.m. that day, the firm's bank — Charlotte, N.C. based Park Sterling Bank (PSB)- received a wire transfer order from the law firm for $336,600.61. According to the bank, the request was sent using the firm's legitimate user name, password, PIN code, and challenge/response questions. PSB processed the wire transfer, which was sent to an intermediary bank — JP Morgan Chase in New York City — before being forwarded on to a bank in Moscow.

Continued: http://krebsonsecurity.com/2013/04/bank-sues-cyberheist-victim-to-recover-funds/

Collapse -
Facebook closes cross-site scripting holes
by Carol~ Moderator / April 19, 2013 2:37 AM PDT
In reply to: NEWS - April 19, 2013

Facebook has closed various cross-site scripting (XSS) holes that were discovered by security firm Break Security and which have now been described in greater detail. Break Security's CEO, Nir Goldshlager, explains that the social network was vulnerable to attacks through its Chat feature as well as its "Check in" and Messenger for Windows components. [Screenshot]

In the Chat window, for example, attackers were able to share links that weren't adequately checked by Facebook. This enabled attackers to add disguised JavaScript commands to links that were then automatically inserted into href parameters by the Chat client. When users clicked on these specially crafted messages, the injected code was executed on their systems.

The "Check in" service could be manipulated by creating custom locations into which attackers were then able to inject JavaScript code through their settings. That client-side XSS code was executed when users checked in at such a location.

Continued : http://www.h-online.com/security/news/item/Facebook-closes-cross-site-scripting-holes-1845850.html

Collapse -
Mobile Scam: Winning Without Playing
by Carol~ Moderator / April 19, 2013 2:37 AM PDT
In reply to: NEWS - April 19, 2013

From the Symantec Security Response Blog:

We have blogged before about mobile spam messages, and while email spam declined in the past year to around 66%, mobile spam—although not yet that prevalent—is now gaining ground.

Currently the "winning ticket" theme is making its rounds through central Europe. Eight friends of mine received it over the space of a few days and I am proud that none of them fell for it, even though some were sorely tempted. The message states that you have won two million pounds sterling with some numbers that you never selected, in a non-specified lottery that you have certainly never played. There are a lot of variations of this particular scam that we have observed over the years, with a range of different prizes including cars and holidays. Unfortunately, there is no money behind it—at least not for you—as of course if you never play the lottery, you will definitely never win it. It is just another advance fee scam, where the scammer will eventually try to trick the victim into paying some release fee or expenses in order to get the alleged prize.

Continued : http://www.symantec.com/connect/blogs/mobile-scam-winning-without-playing

Collapse -
An ambush for peculiar Koreans
by Carol~ Moderator / April 19, 2013 2:38 AM PDT
In reply to: NEWS - April 19, 2013

The Kaspersky Labs Weblog:

While researching PlugX propagation with the use of Java exploits we stumbled upon one compromised site that hosted and pushed a malicious Java applet exploiting the CVE 2013-0422 vulnerability. The very malicious Java application was detected heuristically with generic verdict for that vulnerability and it would have been hardly possible to spot that particular site between tons of other places where various malicious Java applications were detected with that generic verdict. But it was a very specific search conducted back then and this site appeared in statistics among not so many search results. Well, to be honest it was a false positive in terms of search criteria, but in this case it was a lucky mistake.

The infectious website was an Internet resource named - minjok.com and it turned out to be a news site in Korean and English languages covering mostly political events around the Korean peninsula. We notified an editor of this site about the compromise and although he has not responded, the site got closed after a while.

This is how minjok.com is described at http://www.northkoreatech.org/the-north-korean-website-list/minjok-tongshin/: [Screenshot]

Continued : http://www.securelist.com/en/blog/208194231/An_ambush_for_peculiar_Koreans

Collapse -
Antivirus Fails 1 in 500 PCs
by Carol~ Moderator / April 19, 2013 2:38 AM PDT
In reply to: NEWS - April 19, 2013

[Screenshot: Infection rate (CCM) by operating system and service pack in 4Q12]

The latest Microsoft Security Intelligence Report reveals that PC users who lack up-to-date antivirus protection are 5.5 times more likely to get hit with a malware infection than those who correctly install and update such protection. Looked at from a different angle, though, the figures reveal a surprising conclusion: one in 500 PCs that do have up-to-date protection will get hit by malware regardless. It's a sobering thought.

Patch Tuesday Protection
Every month on Patch Tuesday, Microsoft releases patches for any new security vulnerabilities via Windows Update. For quite some time now, each Windows Update session has also launched the latest Microsoft Malicious Software Removal Tool (MSRT). The MSRT notifies Microsoft about any malware it removed, and about the security status of your computer—anonymously, of course, and only with your permission.

Continued :http://securitywatch.pcmag.com/security-software/310501-antivirus-fails-1-in-500-pcs

Also: Microsoft: You're 5.5 Times More Likely to Be Infected Without AV

Collapse -
How do you know if an anti-virus test is any good?
by Carol~ Moderator / April 19, 2013 2:38 AM PDT
In reply to: NEWS - April 19, 2013

Anti-virus or, as we say now in the industry, anti-malware testing has been around for years.

These tests and comparatives are the consumer reports of the IT security industry, aimed at educating both the anti-malware developer and the consumer on how a product performs.

There's been a fair bit of activity in the anti-malware testing world lately - both AV-Test and AV-Comparatives released major reports last week, and at Virus Bulletin we're putting the finishing touches to our latest comparative on Windows XP, due out in the next week or so.

As usual at this time of year I've been getting a lot of people asking me, why are they all different? How do I know who to believe? What makes one test better than another, or are they all equally brilliant/useless/biased/random?

They're never easy questions to answer.

Continued : http://nakedsecurity.sophos.com/2013/04/19/how-do-you-know-if-an-anti-virus-test-is-any-good/

Collapse -
US House Passes Controversial CISPA Bill
by Carol~ Moderator / April 19, 2013 2:38 AM PDT
In reply to: NEWS - April 19, 2013

The US House of Representatives yesterday gave its backing to a controversial bill in the US, which some claim is an attack on citizens' privacy.

The Cyber Intelligence Sharing and Protection Act (CISPA) was passed with a vote of 288 to 127.

CISPA is designed to improve American defences against online threats, but opponents claim it will let US authorities spy on communications and pass sensitive personal data between different government departments.

The Act would allow companies to share data "with any other entity, including the federal government", as long as they do not breach any other law in doing so. Opponents are fearful of such language, believing it opens the way for excessive personal data exchange without the right checks and balances.

CISPA was passed by the House last year, but came unstuck in the Senate and privacy advocates are hoping the same will happen again. President Obama's aides have previously indicated he would veto the Act anyway.

Continued : http://www.techweekeurope.co.uk/news/us-house-cispa-vote-113729?ModPagespeed=noscript

CISPA Passes House But Still May Die
CISPA passes U.S. House: Death of the Fourth Amendment?

Collapse -
Oracle takes a leaf from Microsoft's book, Java prioritized
by Carol~ Moderator / April 19, 2013 3:46 AM PDT
In reply to: NEWS - April 19, 2013
Oracle takes a leaf out of Microsoft's book, prioritizes Java security

"Java 8 being delayed into the first quarter of 2014"

The release of Java 8, originally due in September this year, has been pushed back. The new version's headline feature—Project Lambda, which brings anonymous functions to Java—isn't yet finished.

The reason for this delay is, in part, security. Over the past eight months, a large number of critical security flaws have been found and patched. This has damaged Java's reputation, with Apple, for example, reacting by removing the Java plugin from its Safari browser.

In response, Mark Reinhold, chief architect of the Java Platform Group at Oracle, has announced a "renewed focus on security" that will tie up engineering efforts. As a result, Java 8 has now been pushed back until the first quarter of 2014.

Continued : http://arstechnica.com/security/2013/04/oracle-takes-a-leaf-out-of-microsofts-book-prioritizes-java-security/
Collapse -
Google Play apps used to hide 'BadNews' mobile botnet,
by Carol~ Moderator / April 19, 2013 3:46 AM PDT
In reply to: NEWS - April 19, 2013
.. security firm discovers

Google's Play store security has once again been embarrassed by the discovery of an ambitious botnet that sneaked past its app vetting systems to infect possibly huge numbers of Android users.

Lookout Mobile Security, which spotted the ruse, said it had tracked down 32 apps that seemed to be tied into what at first looked like just another advertising network with its own SDK, now dubbed 'BadNews'.

The dastardly part is that the apps themselves appear innocent but come with the ability to contact a command and control server in order to push a range of genuinely malicious apps, including the AlphaSMS toll fraud app widely circulated by East European gangs.

In an attempt to remain unnoticed for as long as possible, the designers of BadNews designed the apps to behave legitimately for a period of time before hitting the user with bogus update requests at which point trouble begins.

Continued : http://news.techworld.com/security/3443185/google-play-apps-used-hide-badnews-mobile-botnet-security-firm-discovers/
Collapse -
New Android Trojan downloaded from Google Play by millions
by Carol~ Moderator / April 19, 2013 3:55 AM PDT

Millions of Android users have been tricked into downloading a new Trojan masquerading a slew or legitimate apps directly from Google Play, warns Lookout researcher Marc Rogers.

The newly discovered malware family has been dubbed BadNews, and it's capable of harvesting and sending information about the device to its C&C server, send out fake news messages, and prompt users to install additional malicious applications such as the AlphaSMS premium rate SMS Trojan.

BadNews was packaged with games, wallpaper apps, dictionary and dieting apps, and many others, the majority of which were obviously aimed at Russian-speaking users. [Screenshot]

"It is not clear whether some or all of these apps were launched with the explicit intent of hosting BadNews or whether legitimate developers were duped into installing a malicious advertising network," says Rogers. "However, based on our analysis of the backend code behind a number of these purported ad networks there is little doubt that BadNews is a fraudulent monetization software development kit."

Continued : http://www.net-security.org/malware_news.php?id=2473

Collapse -
New version of Gozi financial malware bundles MBR rootkit
by Carol~ Moderator / April 19, 2013 3:46 AM PDT
In reply to: NEWS - April 19, 2013

"The malware installs code into the computer's master boot record in order to achieve persistence, Trusteer researchers say"

Researchers from security firm Trusteer have found a new variant of the Gozi banking Trojan program that infects a computer's Master Boot Record (MBR) in order to achieve persistence.

The Master Boot Record (MBR) is a boot sector that resides at the beginning of a storage drive and contains information about how that drive is partitioned. It also includes boot code that runs before the operating system starts.

Some malware authors have leveraged the MBR in order to give their malicious programs a head start over antivirus programs installed on the computer.

Sophisticated malware that uses MBR rootkit components, like TDL4, also known as Alureon or TDSS, are part of the reason why Microsoft built the Secure Boot feature into Windows 8. This malware is hard to detect and remove and can even survive operating system reinstallation procedures.

Continued : http://www.networkworld.com/news/2013/041913-new-version-of-gozi-financial-268921.html

Collapse -
You won't believe how crazy this password infomercial is..
by Carol~ Moderator / April 19, 2013 3:56 AM PDT
In reply to: NEWS - April 19, 2013
.. (and neither did Ellen DeGeneres)

Oh, the joys of late night television in the United States!

When there's nothing funny on American TV, you can always rely upon an infomerical selling some crazy product to have you chuckling or simply agog in disbelief that anyone would ever buy such a thing.

Ellen DeGeneres clearly feels the same, and she recently focused some attention on a product that claimed to solve a computer security problem experienced by many internet users - how to remember your passwords.

Take a look at the video below about the "Internet Password Minder":

As one of the customers featured in the infomerical breathlessly explains:

"I don't have to worry anymore about security or identity theft... I now have all my passwords in one place. It's great"

At first I thought perhaps the people behind the "Ellen" show had made the infomercial as a spoof, but now I'm not so sure. After all, I find it hard to believe that *any* infomericals are real.

Continued : http://nakedsecurity.sophos.com/2013/04/19/ellen-password-security-infomercial/

Popular Forums

Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!