Spyware, Viruses, & Security forum

General discussion

NEWS - August 12, 2010

by Carol~ Moderator / August 12, 2010 1:41 AM PDT
Botnet attacks SSH servers

According to a number of reports (here and here), the dd_ssh bot is currently responsible for an increase in brute force attacks on SSH connections. Botnet herders are apparently injecting the script via a phpMyAdmin vulnerability and using the compromised computers for targeted SSH attacks. The vulnerability is a year old and only affects the outdated phpMyAdmin versions 2.11.x prior to and 3.x prior to

By using a large botnet and therefore a large number of IP addresses, and ensuring that each bot makes only a few login attempts, botnet herders can fly under the radar of filtering solutions, since each bot fails to reach the blocking threshold. The best means of protecting against this kind of attack is the use of a shared blacklist from the cloud which can be automatically imported by a script such as DenyHosts. A basic requirement still remains a secure ? even if inconvenient ? password.

As Posted Here: http://www.h-online.com/security/news/item/Botnet-attacks-SSH-servers-1057642.html
Discussion is locked
You are posting a reply to: NEWS - August 12, 2010
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - August 12, 2010
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Fake Malicious Software Removal Tool peddles fake AV
by Carol~ Moderator / August 12, 2010 2:00 AM PDT
In reply to: NEWS - August 12, 2010

A fake Malicious Software Removal Tool using the actual icon of the legitimate software has been spotted by Trend Micro researchers.

Even a first glimpse of the scanning alert looks pretty legitimate, but it's the "Software searching" screen which signals that something might be off: [ Screenshot ]

What? Well-known antivirus solutions are not able to remove the found malware, but Shield EC ANtivirus can? Quick to the purchase! A click on the Finish button takes the victim to a billing page where name, address and credit card number is required to buy the $99,90 priced offered anti-virus solution.

Continued here: http://www.net-security.org/malware_news.php?id=1428

Collapse -
Opera update fixes high severity vulnerability
by Carol~ Moderator / August 12, 2010 3:58 AM PDT
In reply to: NEWS - August 12, 2010
Opera Software has released version 10.61 of the Opera web browser to fix a high severity hole. The issue was a heap overflow in the HTML5 canvas when performing some painting operations, which could in some cases be used to execute code.

Two lower severity issues were also fixed; A moderate severity bug allowing unexpected changes in tab focus, which obscured download dialogues and could potentially execute downloaded files, and a low severity issue that allowed news feeds with embedded scripts to subscribe to the feed without the users consent.

Continued here: http://www.h-online.com/security/news/item/Opera-update-fixes-high-severity-vulnerability-1058063.html

More Details in Vulnerabilites & Fixes: Opera Multiple Vulnerabilities
Collapse -
Zeus botnet raid on UK bank accounts under the spotlight
by Carol~ Moderator / August 12, 2010 4:06 AM PDT
In reply to: NEWS - August 12, 2010

More details have emerged of how security researchers tracked down a Zeus-based botnet that raided more than $1m from 3,000 compromised UK online banking accounts.

Bradley Anstis, vice president of technical strategy for M86 Security which discovered the attack, said hackers began the assault by loading compromised third-party sites with a battery of exploits designed to infect visiting PCs with variants of the Zeus banking Trojan.

Phase one of the attack used the Eleonore Exploit Kit and the Phoenix Exploit Kit to load Zeus onto compromised machines through a battery of browser and application-based vulnerabilities and drive-by download attacks. The main attack revolved around the use of version 3 of Zeus to steal money from online bank accounts.

Version 3 of Zeus is focused on stealing the login credentials of online bank accounts. Older versions also snaffled user names and passwords for social networking sites and online services as well as online banking credentials.

Version 3 also differs from its predecessors in the use of encrypted tunnel (HTTPS) in communicating back to the command and control servers.

Continued here: http://www.theregister.co.uk/2010/08/11/zeus_cyberscam_analysis/

Prior Post : U.K. bank hit by massive fraud from ZeuS-based botnet

Related: Macs not vulnerable to Eleonore online banking trojan

Collapse -
Two Steps Away from a Free iPad
by Carol~ Moderator / August 12, 2010 5:02 AM PDT
In reply to: NEWS - August 12, 2010

From the F-Secure Blog:

Honestly, how many times have you won free stuff by clicking on links? And no? those spam, trojan, and spyware do not count as free stuff.

We recently found a scam that promises a free iPad to application testers. Apparently, the site lures the person into joining an iPad application testing program while the site owner makes profit from SMS fee charges and affiliation programs. To enroll in the program, "testers" are required to complete two steps. [Secreenshot]

Step one: Twitter connect, where "testers" are required to log into their Twitter account, and allow an application called "Keep it to hend" to access their information. [Screenshot]

Soon after, friends of the testers will receive a tweet containing a link to the iPadAppsTesting website, and a new follower known as Jennt0kvqt will be following them. [Screenshot] [Screenshot]

So, who's Jenn? Nothing much can be found on her page, except for a link to her photos (it directs to an adult site that rewards those who refer somebody to join the website) and some trivial tweets.

Step two: Complete the registration by clicking a button, in which the testers will be directed to another site.

Continued here: http://www.f-secure.com/weblog/archives/00002008.html

Collapse -
iPhone Exploit Code Goes Public After Apple Patches Released
by Carol~ Moderator / August 12, 2010 7:15 AM PDT
In reply to: NEWS - August 12, 2010

The developer of a jailbreak for iPhones has posted source code attackers could use to compromise devices.

The developer, who goes by the name "Comex," posted code for JailbreakMe 2.0 on the Web Aug. 11 after Apple released a pair of fixes for the iOS bugs the jailbreak leverages. The patches also address the problems on the iPad and iPod touch.

?The first issue exploited is a FreeType CFF (Compact Font Format) handling issue, exploitable via Mobile Safari to gain access to affected devices,? explained Michael Price, senior operations manager for McAfee Labs for Latin America. ?The second issue exploited is an IOSurface framework issue that allows for administrative privileges to be obtained?This update should prevent both malicious attackers from exploiting these issues, as well as prevent the jailbreak technique from continuing to work?for updated devices.?

If the bugs are exploited successfully, they could allow an attacker to remotely compromise a device and take full control.

On Aug, 11, security researchers said they have not observed any attacks leveraging the bugs, but all that could change now that the source code has been posted. Users who have already jailbroken their devices will of course have to make the choice between installing the update and maintaining the freedom to install applications not approved by Apple, noted Mikko Hypponen, chief research officer at F-Secure.

Continued here: http://www.eweek.com/c/a/Security/iPhone-Exploit-Code-Goes-Public-After-Apple-Patches-Released-359961/

Related: Jailbreak community develops its own iPhone patch

Collapse -
Facebook, Germany still at an impasse over data collection
by Carol~ Moderator / August 12, 2010 7:15 AM PDT
In reply to: NEWS - August 12, 2010
Facebook officials met with Hamburg's Data Protection Authority on Thursday, but the two entities are still at loggerheads over how the social-networking site collects the information of unregistered users.

Another meeting is scheduled for Aug. 24, said Johannes Caspar, who heads the agency. The DPA is concerned about Facebook's address-book synchronization feature, which will upload the e-mail addresses of people who are not Facebook users from a registered user's existing e-mail address contact lists.

Facebook asks users if they want to send an invite to their friends to join the site, but even if the e-mail isn't sent, the e-mail addresses are still retained. The agency is also concerned that e-mail invites that are sent may violate laws prohibiting certain kinds of direct mail.

The DPA contends that many citizens of the German state of Hamburg have complained in recent months that Facebook passed their contact information to third parties and stores information about their relationships in this way.

"We will have another meeting and discuss the things they [Facebook officials] told us today," Caspar said. "Maybe they will offer us a solution but it's too early to say something in this case."

Continued here: http://www.networkworld.com/news/2010/081210-facebook-germany-still-at-an.html
Collapse -
Alleged International ID Theft Ringleader Arrested
by Carol~ Moderator / August 12, 2010 11:09 AM PDT
In reply to: NEWS - August 12, 2010

"Russian "BadB" considered one of the most "prolific" brokers of stolen credit card information "

French authorities operating with the U.S. Secret Service have arrested a Russian man allegedly behind one of the world's largest online credit-card trafficking operations.

Vladislav Anatolievich Horohorin, 27, was apprehended over the weekend as he was about to board a flight from Nice, France. to Moscow. Horohorin, a.k.a "BadB," had been indicted by a federal grand jury in November 2009 on charges of access device fraud and aggravated identity theft. The U.S. Department of Justice unsealed the indictment yesterday, referring to Horohorin as potentially one of the most prolific sellers of pilfered card information in the world.

Horohorin allegedly helped create CarderPlanet and other sites as part of an online financial crime organization that has been linked to most financial information breaches reported around the world, according to federal officials. "This network has been repeatedly linked to nearly every major intrusion of financial information reported to the international law enforcement community," said Michael Merritt, assistant director for investigations for the U.S. Secret Service.

"This arrest is an illustration of the success that comes from international law enforcement and private sector partnerships and confirms the Secret Service commitment to traversing the globe in pursuit of online criminals."

Continued here: http://www.darkreading.com/database_security/security/attacks/showArticle.jhtml?articleID=226700153

Also :Credit card trafficker cuffed after nine-month manhunt

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?