NEWS - August 17, 2012

Syrian activists, journalists and opposition group members are reportedly under attack by malware claiming to be a security tool that will help protect them against hackers. The fake "AntiHacker" tool is being spread through targeted phishing emails and via sites such as Facebook, and claims to provide "Auto-Protect & Auto-Detect & Security & Quick scan and analysing" functionality.

However, according to the Electronic Frontier Foundation (EFF), the fraudulent tool actually installs a program called DarkComet RAT (remote access tool). The US digital rights advocacy organisation says that the new malware is being spread and controlled by pro-government hackers. With DarkComet, these hackers can remotely access users' systems to steal private data, record keystrokes, disable certain antivirus programs' notification systems and even obtain images from a computer's built-in webcam.

Continued : http://www.h-online.com/security/news/item/Bogus-anti-hacking-tool-targets-Syrian-activists-1669262.html

Also:
DarkComet RAT Used in New Attack on Syrian Activists
Malicious "AntiHacker" Tool Installs DarkComet RAT to Spy on Syrian Activists

The iPhone SMS app contains a quirky bug that could allow someone to send a user a text message that appears to come from any number that the sender specifies. The researcher who discovered the bug said that it could be used by attackers to spoof messages from a bank or credit card company and send the victim to a target site controlled by the attacker.

The issue lies in the way that Apple iOS implements a section of the SMS message called User Data Header (UDH), which has a number of options, one of which allows the user to change the phone number that the text message appears to come from.

"If the destination mobile is compatible with it, and if the receiver tries to answer to the text, he will not respond to the original number, but to the specified one," the researcher who uses the name Pod2g wrote in a blog post.

"Most carriers don't check this part of the message, which means one can write whatever he wants in this section : a special number like 911, or the number of somebody else."

Continued : https://threatpost.com/en_us/blogs/researcher-finds-iphone-bug-allows-sms-spoofing-081712

Symantec has plugged a hole in its Norton Online Backup service that inadvertently allowed some users to view and access data of other Norton Online backup customers.

"On July 30, as part of our ongoing server maintenance, Symantec made a change in the way that they cached certain HTML files and other static assets that, through a temporary misconfiguration, may have resulted in certain users incorrectly receiving other users' session cookies," said Symantec in a statement today. "These cookies impact the data that is displayed when a user logs into their Norton Online Backup account."

The issue was brought to the attention of Symantec by at least one Norton Online Backup user, Bill Howland, who also contacted Network World on Aug. 7 about what he thought to be a strange phenomenon that suggested a data breach because he was getting access to other people's files. He wrote via email that he had just purchased the Norton Online Backup product and it didn't seem to be working right.

Continued : http://news.techworld.com/security/3376521/symantec-plugs-norton-online-backup-hole/

Following the announcement that it will be upping the monetary rewards given to security researchers that responsibly disclose Chromium vulnerabilities, Google has announced that it will also increase the prizes given out to successful participants of its Pwnium competition.

The first Pwnium was held earlier this year at the CanSecWest conference in Vancouver, and has ended with researchers Sergey Glazunov and 17-year-old "PinkiePie" earning $60,000 each for exploits that that allowed them to break out of Chrome's sandbox and execute code on the targeted computer.

The next edition - named Pwnium 2 - is set to be held in October at the Hack In The Box 10 year anniversary conference in Malaysia, and this time Google will be sponsoring up to $2 million worth of rewards.

Researchers coming up with "full Chrome exploits" (using only bugs in Chrome) will be awarded $60,000, and "partial Chrome exploits" (at least one bug in Chrome + other bugs) will be worth $50,000. "Non-Chrome exploits" using bugs in software such as Flash, Windows or drivers are priced at $40,000.

Continued : http://www.net-security.org/secworld.php?id=13442

Also:
Google to Hold Pwnium 2 Contest, Offers $2M in Rewards
Chrome hacking bounty increased to $2 million at Pwnium

I work in SophosLabs, and one of my jobs is to write detections for new malware. What makes this piece of malware stand apart is that it is targeted.

On the afternoon of 15 August, SophosLabs received a file called str.exe that claimed to be a Microsoft file: [Screenshot]

At first glance, the file didn't look to be legitimate, so I launched the program. It copied itself to:

c:\windows\system32\trksvr.exe

The file contained some interesting strings:

trksvr.exe
trksrv.exe
testdomain.com
\System32\cmd.exe /c "ping -n 30 127.0.0.1 >nul && sc config TrkSvr binpath= system32\trksrv.exe && ping -n 10 127.0.0.1 >nul && sc start TrkSvr"

Immediately, I became suspicious. There is the apparent misspelling of trksvr (it is also called trksrv in the file - spot the difference?), the use of testdomain.com, and the hackerish way that the code started itself as a service.

Continued : http://nakedsecurity.sophos.com/2012/08/17/targeted-destructive-malware-explained-trojmdrop-eld/

There never seems to be any shortage of Android malware reports circulating in the news, and today one came out that sounds alarming indeed.

"Android Under Attack: Malware Levels for Google's OS Rise Threefold in Q2 2012" was the title of the press release from antivirus vendor Kaspersky announcing it, in fact, and right on cue headlines are popping up across the tech media echoing that dire warning.

But is it really as bad as all that? Probably not. In fact, as pointed out by security-focused publication The H on Thursday, data from competing firm F-Secure paint a very different picture for the very same time period. In fact, rather than a tripling of Android malware in the second quarter, F-Secure found only a modest rise.

How to explain the difference? It's all a matter of methodology, according to The H, which calls F-Secure's approach "more sophisticated."

Bottom line? Don't start panicking just yet.

'Over 14,900 New Malicious Programs'

Continued : http://www.pcworld.com/businesscenter/article/260967/has_android_malware_tripled_in_recent_months_not_so_fast.html

It looks like the whole Facebook-not-deleting-your-photos-when-it-said-it-had saga might be coming to an end.

Back in February, we reported that the "Delete this photo" button wasn't actually deleting the photo from Facebook's content delivery networks, at least not for a long while anyway.

So despite the photo disappearing from your profile, if you plugged the image url straight into your browser you could still see it.

It's less shutting the door on the photo and more masking it with a beaded curtain.

Now the problem has been fixed, as Frederic Wolens from Facebook told Ars Technica:

Continued : http://nakedsecurity.sophos.com/2012/08/17/facebook-is-finally-deleting-your-deleted-photos/