Spyware, Viruses, & Security forum


NEWS - August 26, 2011

by Carol~ Moderator / August 26, 2011 4:31 AM PDT
Illegal Keygen for Reputed Antivirus Comes Bundled with Malware

From BitDefender's Malware City Blog:

Care to install a "virused" antivirus?

It is common practice for crooks to use pirated software as a means of disseminating malware. It's an approach that has been used for years and it still works as a charm. Any new software product launch is awaited and included into this malware distribution cycle. A much anticipated movie or software product becomes the perfect lure for users who are inclined towards piracy rather than legal product or service acquisition.

This is exactly the scenario we spotted last week, when crooks started using the latest Internet Security avtivirus product from Trustport as bait for malware dissemination. They tampered with an illegal keygen (identified by our labs as Application.Keygen.BW) in order to bind it with a piece of backdoor malware that is also deployed on the users' systems along with an illegal key for the AV product.

This keygen spreads via P2P sharing services, USB media, instant messaging services or e-mail clients and users may end up downloading serious trouble on their systems as this particular illicit tool does a lot more than it is supposed to do.

Continued : http://www.malwarecity.com/blog/illegal-keygen-for-reputed-antivirus-comes-bundled-with-malware-1121.html
Discussion is locked
You are posting a reply to: NEWS - August 26, 2011
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - August 26, 2011
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Threat presented by F-Secure ActiveX component
by Carol~ Moderator / August 26, 2011 4:32 AM PDT
In reply to: NEWS - August 26, 2011

F-Secure warns that a vulnerability in its Anti-Virus and Internet Security products allows systems to become infected with malicious code when users visit a specially crafted web site. Vulnerable versions include 2010 editions and the current version 2011 release. Version 9 of F-Secure Protection Service (Consumer and Business) is also affected.

The vulnerability is contained in the fsresh.dll ActiveX module, which means that it only affects those who use Internet Explorer and browsers that are based on it. The 'high-risk' hole potentially allows attackers to overwrite the troubleshooting routine and execute arbitrary code. It was discovered by security expert Anil Aphale, who has already published an exploit.

A patch that F-Secure has deployed via the affected programs' auto-update feature in the past few days fixes the problem. Those who use the programs in question should, therefore, ensure that their systems have received the latest updates.


Collapse -
Researchers Uncover RSA Phishing Attack, Hiding In Plain
by Carol~ Moderator / August 26, 2011 5:38 AM PDT
In reply to: NEWS - August 26, 2011


Ever since security giant RSA was hacked last March, anti-virus researchers have been trying to get a copy of the malware used for the attack to study its method of infection. But RSA wasn't cooperating, nor were the third-party forensic experts the company hired to investigate the breach.

This week Finnish security company F-Secure discovered that the file had been under their noses all along. Someone - the company assumes it was an employee of RSA or its parent firm, EMC - had uploaded the malware to an online virus scanning site back on March 19, a little over two weeks after RSA is believed to have been breached on March 3. The online scanner, VirusTotal, shares malware samples it receives with security vendors and malware researchers.

RSA had already revealed that it had been breached after attackers sent two different targeted phishing e-mails to four workers at its parent company EMC. The e-mails contained a malicious attachment that was identified in the subject line as "2011 Recruitment plan.xls."

None of the recipients were people who would normally be considered high-profile or high-value targets, such as an executive or an IT administrator with special network privileges. But that didn't matter. When one of the four recipients clicked on the attachment, the attachment used a zero-day exploit targeting a vulnerability in Adobe Flash to drop another malicious file — a backdoor — onto the recipient's desktop computer. This gave the attackers a foothold to burrow farther into the network and gain the access they needed.

Continued : http://www.wired.com/threatlevel/2011/08/how-rsa-got-hacked/

Researchers Discover File Used to Hack RSA
Was this the email that took down RSA?
F-Secure Analyzes Malicious Excel Spreadsheet That Penetrated RSA's Network
Collapse -
Coordinated ATM Heist Nets Thieves $13M
by Carol~ Moderator / August 26, 2011 6:14 AM PDT
In reply to: NEWS - August 26, 2011

An international cybercrime gang stole $13 million from a Florida-based financial institution earlier this year, by executing a highly-coordinated heist in which thieves used ATMs around the globe to cash out stolen prepaid debit cards, KrebsOnSecurity has learned.

Jacksonville based Fidelity National Information Services Inc. (FIS) bills itself as the world's largest processor of prepaid debit cards; FIS claims to process more than 775 million transactions annually. The company disclosed the breach in its first quarter earnings statement issued May 3, 2011. But details of the attack remained shrouded in secrecy as the FBI and forensic investigators probed one of the biggest and most complex banking heists of its kind.

FIS said it had incurred a loss of approximately $13 million related to unauthorized activities involving one client and 22 prepaid cards on its Sunrise, Fla. based Funds Prepaid Solutions, formerly WildCard Systems Inc., which was acquired by FIS in 2007.

FIS stated: "The Company has identified that 7,170 prepaid accounts may have been at risk and that three individual cardholders' non-public information may have been disclosed as a result of the unauthorized activities. FIS worked with the impacted clients to take appropriate action, including blocking and reissuing cards for the affected accounts. The Company has taken steps to further enhance security and continues to work with Federal law enforcement officials on this matter." The disclosure was scarcely noted by news media.

Continued : http://krebsonsecurity.com/2011/08/coordinated-atm-heist-nets-thieves-13m/#more-11039

Collapse -
Implications of Google's Pharmacy Debacle
by Carol~ Moderator / August 26, 2011 6:14 AM PDT
In reply to: NEWS - August 26, 2011

From Ben Edelman:

This week the Department of Justice announced the conclusion of its investigation of Google permitting online Canadian pharmacies to place advertisements through AdWords, facilitating the unlawful importation of controlled pharmaceuticals into the United States. Google's large forfeiture -- fully $500 million -- reveals the gravity of the offense, and as part of the settlement, Google affirmatively admits liability. These admissions and the associated documents confirm what I had long suspected: Not only does Google often ignore its stated "policies," but in fact Google staff affirmatively assist supposed "rule-breakers" when Google finds it profitable to do so.

Google's Role in Unlawful and Deceptive Advertisements

The DOJ's non-prosecution agreement (pdf) has not been widely circulated but is well worth reading because it reveals the depth of Google's misbehavior. As a condition of the non-prosecution agreement, Google specifically admits its knowledge of, and participation in, unlawful advertising.

Continued : http://www.benedelman.org/news/082611-1.html

Related: Real Canadian pharmacies cost Google $500 million dollars

Collapse -
An interesting read
by MarkFlax Forum moderator / August 26, 2011 6:34 AM PDT

I read that PDF Carol. Very interesting.

It seems Google were fully aware of what they were allowing to be advertised and in fact actively participated in helping these fraudulent sites in the advertising.

Good one.


Collapse -
Ben Edelman ..
by Carol~ Moderator / August 26, 2011 8:04 AM PDT
In reply to: An interesting read

Ben Edelman is a personal favorite of mine. If not, "THE" favorite.

You can usually take what he writes .. "to the bank".


Collapse -
Not heard of him until now
by MarkFlax Forum moderator / August 26, 2011 9:19 PM PDT
In reply to: Ben Edelman ..

but I'm impressed and have bookmarked him! Happy


Collapse -
Ben was one of the FIRST computer security experts.
by roddy32 / August 26, 2011 11:04 PM PDT

As Carol says, he knows what he is talking about.

Collapse -
Targeting the Source: FAKEAV Affiliate Networks
by Carol~ Moderator / August 26, 2011 6:14 AM PDT
In reply to: NEWS - August 26, 2011

From TrendLabs Malware Blog:

The operators of malicious networks are continuously monetizing their activities by propagating rogue security software that use scare tactics to trick unsuspecting users into installing and purchasing fake antivirus software, aka FAKEAV.

Although there has been a decline in the FAKEAV volume as a result of the increasing pressure on payment processors that handle credit card transactions for FAKEAV providers, FAKEAV distribution is likely to increase once new connections are made to cooperative payment processors. The money generated through this malicious activity is enormous and those behind the distribution of FAKEAV are continually trying to stay one step ahead of law enforcers and of the security community.

Today, Trend Micro released a research paper that focuses on how FAKEAV affiliate networks operate, what propagation strategies they use, and how much they earn from their malicious activities.

Continued : http://blog.trendmicro.com/targeting-the-source-fakeav-affiliate-networks/

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?