Spyware, Viruses, & Security forum

Alert

NEWS - December 05, 2011

by Carol~ Moderator / December 4, 2011 11:23 PM PST
Carrier IQ Controversy Spawns Lawsuits

The ongoing controversy about Carrier IQ's software has now entered the courts.

Mobile phone users around the country have filed a number of lawsuits in response to allegations that Carrier IQ's software tracks consumers illegally. Among these suits is a class action filed in California against Samsung Electronics, HTC Corp. and HTC America. A separate lawsuit was filed against Carrier IQ and HTC in Missouri, and another suit filed (pdf) in Delaware added AT&T, Sprint Nextel, Apple and T-Mobile USA to the list of defendants.

"Given our dependence on smartphones, we rely on the assumption that our personal information is protected from third parties," said Steve W. Berman, the attorney representing the plaintiffs in the California suit, in a statement. "Yet, it appears that Carrier IQ (CIQ) has violated this trust. For example, Mr. Eckhart's video shows CIQ software intercepting incoming text messages, and it also shows that the software captures dialed numbers and sensitive information sent through protected websites."

The lawsuits are the latest twist in a controversy that began when security researcher Trevor Eckhart criticized the company, contending that the Carrier IQ software on his Android device recorded his keystrokes and logged SMS messages. Carrier IQ has countered that its software is only used to diagnose operational problems on networks and devices.

Continued : http://threatpost.com/en_us/blogs/carrier-iq-controversy-spawns-lawsuits-120311

Also:
Carrier IQ Controversy Results in Class-Action Suits
Carrier IQ facing legal action over privacy fears
Carrier IQ, HTC, Apple and more targeted in lawsuit
Discussion is locked
You are posting a reply to: NEWS - December 05, 2011
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - December 05, 2011
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Chats With Accused 'Mega-D' Botnet Owner?
by Carol~ Moderator / December 4, 2011 11:25 PM PST

Recently leaked online chat records may provide the closest look yet at a Russian man awaiting trial in Wisconsin on charges of running a cybercrime machine once responsible for sending between 30 to 40 percent of the world's junk email.

Oleg Y. Nikolaenko, a 24-year-old who's been dubbed "The King of Spam," was arrested by authorities in November 2010 as he visited a car show in Las Vegas. The U.S. Justice Department alleges that Nikolaenko, using the online nickname "Docent" earned hundreds of thousands of dollars using his "Mega-D" botnet, which authorities say infected more than half a million PCs and could send over 10 billion spam messages a day. Nikoalenko has pleaded not guilty to the charges, and is slated to appear in court this week for a status conference (PDF) on his case.

The Justice Department alleges that Nikolaenko spammed on behalf of Lance Atkinson and other members of Affking, an affiliate program that marketed fly-by-night online pharmacies and knockoff designer goods. Atkinson told prosecutors that one of his two largest Russian spamming affiliates used the online moniker Docent. He also said that Docent received payment via an ePassporte account under the name "Genbucks_dcent." FBI agents later learned that the account was registered in Nikolaenko's name and address in Russia, and that the email address attached to the account was 4docent@gmail.com.

Continued : http://krebsonsecurity.com/2011/12/chats-with-accused-mega-d-botnet-owner/#more-10106

Collapse -
Russian election 'cyber attack' brings down websites
by Carol~ Moderator / December 5, 2011 1:01 AM PST

Could elections in Russia have resulted in internet attacks on websites claiming that the vote was being fixed?

This weekend's vote, which saw a slump in support for the United Russia party of Prime Minister Vladimir Putin and President Dmitry Medvedev, has taken place against a backdrop of arrests, claims of election violations, and - now - website attacks.

Compromised computers around the world can be ordered to deluge a website with internet traffic, effectively clogging it up and bringing the site to its knees. The attack, known as a distributed denial-of-service (DDoS), exploits poorly-defended home PCs to bombard sites with requests.

DDoS attacks have been used to blackmail websites in the past, but of course, it's also a fairly simple way of shutting up a site if you don't like what it's saying too.

Continued : http://nakedsecurity.sophos.com/2011/12/05/russian-election-cyber-attack-brings-down-websites/

Also: Anti-Kremlin websites complain of DDoS attacks

Collapse -
Tool to detect Carrier IQ
by Carol~ Moderator / December 5, 2011 1:01 AM PST

Bitdefender announced the availability of a new tool that identifies the presence of the controversial mobile network diagnostic tool from Carrier IQ. [Screenshot]

Dubbed Carrier IQ Finder, the tool instantly determines if the user's Android device has been equipped with the Carrier IQ tracking package, and if the device is being monitored.

"Bitdefender values users' privacy and their right to take informed decisions when entering a deal with a mobile carrier," said Alexandru Balan, senior Product Manager of the Bitdefender Mobile Unit.

"Although the manufacturer claims that only some of the information provided through the Carrier IQ application is used by the carrier, the amount of personal data the app has access to raises serious privacy concerns," he added.

Because the Carrier IQ mobile network diagnostic tool is deeply integrated with the device's firmware, the Carrier IQ Finder cannot remove it.

Continued : http://www.net-security.org/secworld.php?id=12045

Collapse -
Lookout releases free Carrier IQ detection app
by Carol~ Moderator / December 5, 2011 2:14 AM PST

"Sniffs out controversial software on Android smartphones, but doesn't delete it"

A mobile security software company last Friday released a tool that detects Carrier IQ, the software embedded in numerous smartphones that has raised questions from users, privacy advocates and even Congress.

Lookout, best known for the Android security software by the same name, launched the free Carrier IQ Detector last week. It can be downloaded from the Android Market.

The tool only detects the presence of Carrier IQ on Android handsets: It does not scrub the software from the smartphone.

Lookout said that Carrier IQ was "deeply integrated with handset firmware [and] users would be required to attain special device privileges in order to remove it," then warned that doing so incorrectly could "put users at further risk of malware infection" and possibly make them unable to receive future phone updates.

The release of Carrier IQ Detector followed comments from Lookout last week that it would not classify the software as malware, and questioned the label "rootkit" for the tracking and network diagnostic program.

Continued : http://www.computerworld.com/s/article/9222413/Lookout_releases_free_Carrier_IQ_detection_app

Collapse -
Kaspersky Dumps Anti-Piracy Group in SOPA Protest
by Carol~ Moderator / December 5, 2011 1:02 AM PST

Security vendor Kaspersky has announced it will withdraw its membership of the Business Software Alliance (BSA) over the group's support of SOPA. The Russian company, which is famous for its anti-virus products, says the pending legislation will hurt both innovation and consumers. In protest, Kaspersky will end its association with the BSA on January 1st 2012.

While the opinions of outright SOPA opponents are well documented, it came as a surprise last month when the Business Software Alliance (BSA), a former staunch supporter, published a blog post indicating it had some reservations on the pending legislation.

The BSA - which counts giants such as Microsoft, Apple, Adobe and Intel among its ranks - declared in their headline that SOPA Needs Work to Address Innovation Considerations.

Nevertheless, for BSA member and security vendor Kaspersky, it's too little, too late.

In a clear protest against SOPA, Kaspersky has announced that on January 1st 2012 it will withdraw its membership of the BSA.

"Kaspersky has not participated in drafting the bill, nor participated in the debate on SOPA, and does not support this initiative," the company said in a statement.

Continued : http://torrentfreak.com/kaspersky-dumps-anti-piracy-group-in-sopa-protest-111205/

Collapse -
Lawmakers Propose Alternative to Stop Online Piracy Act
by Carol~ Moderator / December 5, 2011 2:14 AM PST

A group of U.S. lawmakers has proposed an alternative to the controversial copyright enforcement legislation, the Stop Online Piracy Act, with the draft proposal giving the U.S. International Trade Commission (ITC) the authority to investigate complaints about copyright infringement on foreign websites.

The draft proposal (pdf), unveiled Friday, would allow the ITC to issue cease-and-desist orders to foreign websites that willfully engage in copyright infringement, supporters said. The ITC already investigates patent infringement complaints and can bar infringing products from being imported into the U.S.

Under the proposal, the ITC could also investigate complaints of copyright infringement by foreign websites. Owners of the websites would be invited to present their side to the ITC, and the public would be notified of investigations, as the ITC does in patent investigations. ITC rulings against websites could be appealed to a U.S. appeals court.

The Stop Online Piracy Act, or SOPA, would allow the U.S. Department of Justice and copyright holders to seek court orders blocking payment processors and online advertising networks from doing business with foreign sites accused of infringing copyright. Opponents of SOPA say the legislation lacks strong due-process protections for website owners and is broad enough to allow copyright holders to target U.S. websites with user-generated content, such as YouTube and Twitter.

Continued : http://www.pcworld.com/businesscenter/article/245419/lawmakers_propose_alternative_to_stop_online_piracy_act.html

Collapse -
Security holes caused by pre-installed Android apps
by Carol~ Moderator / December 5, 2011 2:14 AM PST

Researchers at North Carolina State University have discovered a number of security holes in various popular Android smartphones which can enable attackers to access or delete data, send SMS text messages, tap communication or determine a user's location. The vulnerability exists because some smartphone vendors' pre-installed apps fail to enforce Android's security model.

The researchers created a system called Woodpecker to analyse the flow of applications and used it to examine eight smartphones by four manufacturers: HTC's Wildfire S, Legend and EVO 4G, Motorola's Droid and Droid X, Samsung's Epic 4G and Google's Nexus One and Nexus S models.

In their study, entitled "Systematic Detection of Capability Leaks in Stock Android Smartphones" (PDF), the scientists said that they could find little fault in Google's reference implementations on the Nexus models, but that they were surprised to discover that some vendors' custom implementations fail to properly enforce Android's privilege-based security model. The researchers also show a proof of concept application which requests no capabilities yet is able to record audio and send text messages. [Video]

Continued : http://www.h-online.com/security/news/item/Security-holes-caused-by-pre-installed-Android-apps-1389747.html

Collapse -
Facebook chat worm continues to spread
by Carol~ Moderator / December 5, 2011 2:15 AM PST

Last week Naked Security warned of a Facebook worm that was spreading on the social network, tricking users into believing that they were clicking on a link to an image.

The bad news is that the attack appears to still appears to be spreading via Facebook's chat system, exploiting compromised users' accounts.

An analysis by SophosLabs has identified that malware designed to install the Dorkbot worm onto users' computers is being spread via Facebook chat. And, for now at least, Facebook's built-in security systems are not preventing it. [Screenshot]

It wasn't the Facebook friend you are chatting with who sent that message, it was the Dorkbot malware instead. The link may appear - on casual observation - to point to Facebook.com, but in reality it goes to a third-party website.

Although an unsuspecting user may believe that they are clicking on a link to a JPG image, the truth is that they are downloading an executable file that attempts to download further code (another piece of malware) from the net and drops a .BAT batch file onto infected computers.

The ultimate aim of all this malicious activity is to install the Dorkbot malware onto your Windows computer.

Continued : http://nakedsecurity.sophos.com/2011/12/05/facebook-chat-worm-continues-spread/

Collapse -
2012 Predictions: Looking ahead at the threat landscape
by Carol~ Moderator / December 5, 2011 2:15 AM PST

Continuing our series on threat predictions for 2012, The Tech Herald presents a list of nine things to consider in the coming years. The list was compiled by Joseph Steinberg, the CEO of Green Armor Solutions.

There will be an uptick in sophisticated, targeted cybersecurity attacks. The success of the Stuxnet virus and other targeted forms of cyberattack have shown hackers the value of such an approach.

Improved social engineering attacks. As people share an increasingly large volume of data about themselves online, and as social networking sites regularly change both their feature-sets and their privacy policies thereby causing information leaks due to resulting user errors, we will see increased targeted social engineering attacks.

In addition, criminals will leverage social information to assist them with crimes. So think twice about posting onto Facebook those photos of your family at Disneyworld until you are back home, burglars know that if you are at Disney, your home is likely empty.

Psychology will play a greater role in both attacks and defenses. Security technologies improve far more rapidly than the human mind, and people are increasingly often the weak link in the security chain. Criminals will increase their use of psychological subterfuge in launching attacks, such as through targeted phishing and it will be more important than ever to leverage psychology in defenses.

Continued : http://www.thetechherald.com/articles/2012-Predictions-Looking-ahead-at-the-threat-landscape

Collapse -
Carberp + BlackHole = growing fraud incidents
by Carol~ Moderator / December 5, 2011 6:08 AM PST

From the ESET Threat Blog:

In recent years there has been a tremendous increase in the Russian region in the number of sites redirecting users to the Black Hole exploit kit. In most cases, successful exploitation of a vulnerability in client software leads to the installation onto the victim's machine of either the trojan Win32/TrojanDownloader.Carberp or of Win32/Carberp (the version updated to incorporate bootkit functionality).

One of its most intriguing aspects is that distribution of the malware has been restricted to the most popular web sites for people managing finances in companies: these sites are visited several hundred thousand times a day. The statistics presented below clearly reflect an increase in Carberp detections in the Russian region during November. This trojan takes fifth place in the list of the most widely spread malware: Win32/TrojanDownloader.Carberp.AF - 1.73 %.

The number of detections of the Carberp family in general has more than tripled in November: [Screenshot: Figure 1]

The distribution model is essentially a standard approach, but what makes it interesting is the number of legitimate web resources used to deliver Carberp onto the victim's computers. The distribution scheme is shown in Figure 2. [Screenshot: Figure 2]

Based on the statistics obtained from one of the nodes hosting an active Black Hole exploit pack, the most frequently exploited vulnerabilities leading to system infection with malware are found in Java software.

Continued : http://blog.eset.com/2011/12/04/carberp-blackhole-growing-fraud-incidents

Collapse -
GCHQ spooks' code-breaking puzzle solved
by Carol~ Moderator / December 5, 2011 6:09 AM PST

The GCHQ-set code-breaking puzzle was solved over the weekend.

The signals intelligence agency last week set a puzzle at canyoucrackit.co.uk in its attempt to unearth potential recruits beyond its traditional graduate programme. Late last week it emerged that the successful completion page for the puzzle was available by a simple Google search.

Many people have since cracked the code properly including Dr Gareth Owen, a computer scientist and senior lecturer at the University of Greenwich in England. Owen has posted a full video explanation of how to solve the three-part puzzle here.

Would-be code-breakers were presented with a 16x10 grid of paired hexadecimal numbers. The first stage involves recognising executable code as well as unpicking some steganography.

Stage two involves developing a virtual machine to execute code.

The final stage involves constructing a file with 'gchqcyberwinAAAABBBBCCCC' where A, B, C are the codes from earlier in the challenge. This code, when run, generates a web address which has the keyword (the web address is wrong if you put the wrong a,b,c in).

Continued : http://www.theregister.co.uk/2011/12/05/gchq_code_breaking_puzzle_solved/

Also: Would-be spies who crack GCHQ code directed to £25,000 job vacancy

Related: British intelligence uses code puzzles for recruitment

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!