Spyware, Viruses, & Security forum

General discussion

NEWS - December 31, 2010

by Carol~ Moderator / December 31, 2010 12:52 AM PST
Criminals Host Trojans on Cloud Storage Service Rapidshare

"A number of spam campaigns containing Rapidshare links point to Trojans and other malware stored on the cloud-based storage site."

Spammers are using cloud-based storage services to store malware, allowing them to circumvent e-mail spam filters, according to security experts at Kaspersky Lab and MX Lab.

Kaspersky Lab detected the click-fraud Trojan, a variant of the Trojan-Dropper.Wind32.Drooptroop family, which has been in circulation since the beginning of December, said Vicente Diaz, a Kaspersky Lab expert. There are over 7,000 variants of this particular family, according to Kaspersky. As with other types of malware that took advantage of the holiday season the executable file for this Trojan was named gift.exe, Diaz said.

The security firm detected more than 1,000 infections using this technique to distribute this variant, according to Diaz.

The Trojan is stored on Rapidshare, a cloud-based file-sharing and storage service. The spam messages that users receive in their Inbox have no text, just a single link pointing to a valid Rapidshare URL. These messages get past spam filters because there are no malicious files attached, the domain name is not considered a "bad" one, and executables hosted on Rapidshare aren't automatically classified as a threat, said Diaz.

Continued : http://www.eweek.com/c/a/Security/Criminals-Host-Trojans-on-Cloud-Storage-Service-Rapidshare-339725/
Discussion is locked
You are posting a reply to: NEWS - December 31, 2010
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - December 31, 2010
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Pro-WikiLeaks hackers attack Zimbabwe government websites
by Carol~ Moderator / December 31, 2010 1:38 AM PST

Hacktivists have struck a blow against the regime in Zimbabwe by attacking a number of government websites in what appears to be a move in support of newspapers who published secret cables in the ongoing WikiLeaks saga.

Grace Mugabe, wife of Zimbabwe president Robert Mugabe, was recently reported to be suing a newspaper for $15 million after it published a WikiLeaks cable that claimed she has benefited from illegal diamond trading.

As news spread amongst the loosely-knit group of Anonymous hackers who support WikiLeaks, websites belonging to the Zimbabwe government and Robert Mugabe's ZANU-PF party were hit by distributed denial-of-service (DDoS) attacks and, in the case of the Finance Ministry, defacements.

Continued : http://nakedsecurity.sophos.com/2010/12/31/pro-wikileaks-hackers-attack-zimbabwe-government-websites/

Collapse -
Skype could be designated illegal in China
by Carol~ Moderator / December 31, 2010 1:38 AM PST

China will crack down on what it called illegal Internet telephone providers, according to a circular from the Chinese government seen on Friday that could potentially affect Internet calling service Skype.

The statement, from the powerful Ministry of Information and Industry Technology, did not mention any carriers by name.

It called for a crackdown "on illegal VoIP (voice over Internet protocol) telephone services" and said it was collecting evidence for legal cases against them.

Skype, partly owned by web retailer eBay Inc, has been growing in popularity among Chinese individuals and businesses to make cheap or free international phone calls.

The circular, dated December 10, did not say what amounted to illegal services and did not name any VoIP providers it considered to be breaking the law.

Spokespeople for the ministry and the ministry's office gathering information for the campaign did not answer telephone calls on Friday. Skype could not immediately be reached for comment.

Continued : http://www.reuters.com/article/idUSTRE6BU0XN20101231

Also : China makes Skype illegal

Collapse -
27C3: danger lurks in PDF documents
by Carol~ Moderator / December 31, 2010 1:38 AM PST

At the 27th Chaos Communication Congress (27C3) in Berlin, security researcher Julia Wolf of US company FireEye pointed out numerous, previously hardly known, security problems in connection with Adobe's PDF standard. For instance, a PDF can reportedly contain a database scanner that becomes active and scans a network when the document is printed on a network printer. Wolf said that the document format is also full of other surprises. For example, it is reportedly possible to write PDFs which display different content in different operating systems, browsers or PDF readers - or even depending on a computer's language settings.

Many businesses and authorities use PDF as their standard file format for maintaining presentation consistency across heterogeneous computer environments. According to Wolf, however, the PDF standard has long had too many functions that can be exploited to launch attacks and wreak other havoc. These functions range from database connections without security features to options that can blindly trigger the execution of arbitrary programs in Acrobat Reader. The researcher said that other risks are generated through the support of inherently insecure script languages such as JavaScript, formats such as XML, RFID tags and digital rights management (DRM) technologies.

Continued : http://www.h-online.com/security/news/item/27C3-danger-lurks-in-PDF-documents-1162166.html

Collapse -
What you missed: URL-shortening services gave hackers a new
by Carol~ Moderator / December 31, 2010 2:22 AM PST
.. entry point

"The No. 3 top sleeper tech story of 2010"

For most of us, April 30 was just another day. But if you're a security expert, you may recall that it was the day that nearly 20 percent of the hundreds of millions of spam emails clogging the Web contained a URL from a link-shortening service.

And don't think users aren't tempted by those poisoned links. A single Bit.ly URL generated 352 million spam emails over three days last September, which resulted in more than 18,000 responses, according to an analysis by MessageLabs PDF, now part of Symantec. While that may seem like a poor response, by direct mail standards it's actually not too bad. And when you consider it cost the spammers almost nothing to generate that spam wave, it looks even better, says Paul Smith, a senior analyst for Symantec's Hosted Services division.

Those bogus emails generally send users to sites advertising services, particularly pharmaceuticals and watches. But they can also contain links to sites loaded with malware, so they represent more than just an annoyance, Smith says. In addition, they can redirect users to phishing sites that capture sensitive personal information.

With the explosion of social networking and microblogging services, URL-shortening sites have became more very popular, and many do not require users to register or complete a CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) graphical challenge-response test.

Continued : http://www.networkworld.com/news/2010/123110-what-you-missed-url-shortening-services.html
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?