Spyware, Viruses, & Security forum

General discussion

NEWS - February 05, 2010

by Donna Buenaventura / February 4, 2010 7:52 PM PST

From Mozilla Add-ons Blog

Please read: Security Issue on AMO


Two experimental add-ons, Version 4.0 of Sothink Web Video Downloader and all versions of Master Filer were found to contain Trojan code aimed at Windows users. Version 4.0 of Sothink Web Video Downloader contained Win32.LdPinch.gen, and Master Filer contained Win32.Bifrose.32.Bifrose Trojan. Both add-ons have been disabled on AMO.

Impact to users

If a user installs one of these infected add-ons, the trojan would be executed when Firefox starts and the host computer would be infected by the trojan. Uninstalling these add-ons does not remove the trojan from a user's system. Users with either of these add-ons should uninstall them immediately. Since uninstalling these extensions does not remove the trojan from a user’s system, an antivirus program should be used to scan and remove any infections.


This vulnerability is known to affect Firefox on Windows only, if either Master Filer or Version 4.0 of Sothink Web Video Downloader are installed. Versions of Sothink Web Video Downloader greater than 4.0 are not infected. Master Filer was downloaded approximately 600 times between September 2009 and January 2010. Version 4.0 of Sothink Web Video Downloader was downloaded approximately 4,000 times between February 2008 and May 2008. Master Filer was removed from AMO on January 25, 2010 and Version 4.0 of Sothink Web Video Downloader was removed from AMO on February 2, 2010. AMO performs a malware check on all add-ons uploaded to the site, and blocks add-ons that are detected as such. This scanning tool failed to detect the Trojan in Master Filer. Two additional malware detection tools have been added to the validation chain and all add-ons were rescanned, which revealed the additional Trojan in Version 4.0 of Sothink Web Video Downloader. No other instances of malware have been discovered.

Here is a list of antivirus programs known to detect the trojans found in the affected add-ons.


Discussion is locked
You are posting a reply to: NEWS - February 05, 2010
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - February 05, 2010
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Can Gordon Brown's smile infect your computer with a virus?
by Donna Buenaventura / February 4, 2010 8:03 PM PST

Emails which claim that pictures of Gordon Brown smiling can infect your PC with a virus have been widely distributed via email.

Members of the public are unwittingly forwarding the hoax warning, believing it to be true, warning that the dangerous emails refer to "Gordon Brown smiling or even 'looking happy'", and that all computer users should be on their guard.

The warning, however, is bogus. It's just the latest in a series of email virus hoaxes that we have seen over the last 20 years or so - taking advantage of users' desire to help their friends, family and colleagues by passing on a warning without properly checking their facts.


Collapse -
Microsoft Plans Massive Patch Tuesday Security Update
by Donna Buenaventura / February 4, 2010 8:07 PM PST

Microsoft is planning to fix 26 vulnerabilities for February's Patch Tuesday. Most of the vulnerabilities are related to Windows.

Microsoft is planning to release 13 security bulletins Feb. 9 as part of this month's Patch Tuesday.

Five of the 13 bulletins are rated critical, seven are rated important and one is rated moderate. All but two of the bulletins address security issues in Windows, with the other two dealing with issues in Microsoft Office. All told, the updates address 26 vulnerabilities.

Exact details for most of the bugs were not made public. However, Microsoft said it plans to patch an escalation-of-privilege issue in the Windows kernel that it warned users about in January. Among the vulnerabilities not being addressed this month are an Internet Explorer bug the company issued an advisory about on Feb. 3 and a vulnerability in the SMB (Server Message Block) protocol Microsoft is still working to address.

Four of the bulletins were given the highest deployment priority rating of one.


Also see: Microsoft Security Advanced Notifications, February 2010

Collapse -
Maga No Need Pay: Nigeria Gets Creative to Fight Cyber...
by Donna Buenaventura / February 4, 2010 8:14 PM PST

This week, a new pop song hits the airwaves in West Africa with a highly unusual message: Don't be seduced by cybercrime.

Cybercrime is a global issue, but perhaps no form of cybercrime has been more associated with a region than the advance fee fraud collectively known as "Nigeria" or "419" scams (419 is the section of the Nigerian Criminal Code dealing with fraud). Through schemes such as fake lotteries, bogus inheritances, romantic relationships, investment opportunities or - infamously - requests for assistance from "officials," scammers promise an elusive fortune in exchange for advance payments.

West Africa is by no means the only source of these scams, but the region is stepping up to address their impact in a variety of creative ways.

419 scams have taken root in Nigeria's popular culture. Scammers enjoy a rebellious, "cool" mystique, even producing songs and music videos that celebrate their own audacity. At the same time, 419 scam victims around the world are often stigmatized as na
Collapse -
Social networks are a danger zone
by Donna Buenaventura / February 5, 2010 3:21 AM PST

It seems that everybody is on some kind of social network these days. Checking out what our friends are doing has become part of daily routine. In today's world, they are the ideal tool for keeping in touch, but they also represent one of the biggest sources of danger.

A new IBM X-Force report shows there are some very interesting insights about the cybercriminal's use of social networks as a springboard into you computer and various accounts.[...]

The author of the article in the report regarding social networks has concluded with a great piece of advice that everybody should take to heart: Trust, but verify.[...]

To get more in-depth information about the various schemes that take advantage of social networks, download the report here.


Collapse -
New Facebook Home Page, Important New Privacy Setting
by Donna Buenaventura / February 5, 2010 3:30 AM PST

Facebook started rolling out a new home page and navigation menus earlier today.

And whenever Facebook adds new features, in this case the Applications and Games dashboards, there's usually a new privacy setting as well.

All Facebook has raised some privacy concerns regarding the dashboard's output.

Do you really want all of your "friends" to know what applications you've been running?

You don't?

Then you'll want to take a look at the new control provided by Facebook.


Collapse -
Using Google Images to Investigate Fraud
by Donna Buenaventura / February 5, 2010 3:34 AM PST
From F-Secure Weblog:

Sami, one of our test engineers, was recently seeking a Play Station 3.
He found this offer at Huuto.net, a Finnish auction site.
Sami wanted to confirm that the seller was legit, so he requested a picture, and received this.

When he examined the image properties, he discovered that the picture was taken in 2008. Next, he performed a Google Image search using the size option. Smart.

He managed to find the image online, located within a Finnish forum thread from 2008.

That seemed kind of suspicious, so he suggested that the seller provide another picture, with the PS3 alongside a current newspaper.

The deal fell through, of course, when the seller refused. Not such a clever fraudster, eh?

Complete details with screenshots in http://www.f-secure.com/weblog/archives/00001873.html
Collapse -
An In-Depth Exploit Analysis on Multilayer Obfuscations
by Donna Buenaventura / February 5, 2010 4:06 AM PST

Websense Security Labs ThreatSeeker Network discovered a kind of obfuscated injection code within the homepage of a Web site with an Alexa ranking within the top 10,000. The malicious code is appended to the end of the source code with deep obfuscated functions. The complexity of this attack is assessed.

Upon de-obfuscating the homepage of this popular Web site, we found a hidden iframe link[...]

There was a random number generated in part of this link. There was also an IP checker on the server side permitting only one-time access by an IP address via each dynamic link.

More details in http://securitylabs.websense.com/content/Blogs/3545.aspx

Collapse -
Websense Security Labs Report - State of Internet Security,
by Donna Buenaventura / February 5, 2010 4:10 AM PST
Q3-Q4 2009

The second half of 2009 saw malware authors focus their efforts to ensure they drove victims straight to them. In contrast to the first half of the year where mass injection attacks like Gumblar, Beladen and Nine Ball promoted a sharp rise in the number of malicious Web sites, Websense Security Labs observed a slight (3.3 percent) decline in the growth of the number of Web sites compromised. Instead, attackers replaced their traditional scattergun approach with focused efforts on Web 2.0 properties with higher traffic and multiple pages.

Over the six month period, Search Engine Optimization (SEO) poisoning attacks featured heavily, and Websense Security Labs research identified that 13.7 percent of searches for trending news/buzz words lead to malware. In addition, attackers continued to capitalize on Web site reputation and exploiting user trust, with 71 percent of Web sites with malicious code revealed to be legitimate sites that had been compromised.

Web security intelligence remains a critical component of any email and data security strategy as illustrated by the continued popularity of blended threats (spam emails with embedded URLs). During the second half of 2009 Websense Security Labs discovered:

- 13.7 percent of searches for trending news/buzz words (as defined by Yahoo Buzz & Google Trends) lead to malware
- 95 percent of user-generated comments to blogs, chat rooms and message boards are spam or malicious
- 35 percent of malicious Web attacks included data-stealing code
- 58 percent of data-stealing attacks are conducted over the Web
- 85.8 percent of all emails were spam
- an average growth of 225 percent in malicious Web sites

The full report is available here.

Collapse -
Mozilla ends Firefox support for Mac OS Tiger
by Donna Buenaventura / February 5, 2010 4:44 AM PST

Calls Mac OS X 10.4 'hindrance' to development; Apple's already dumped Tiger

Baring any last-minute change of mind, Mozilla will permanently drop support for Mac OS X 10.4 from future editions of Firefox.

Mozilla stopped supporting Mac OS X 10.4, aka Tiger, in September 2009, but left a large amount of Tiger bits in the development code. Now, said Josh Aas, a platform engineer for Mozilla who works on Mac OS X integration, it's time to either restore support for the five-year-old operating system or remove the code from the development tree.

"We would like to take advantage of more modern technologies on Mac OS X and 10.4 support has been a hindrance," said Aas in a message yesterday on the mozilla.dev.planning forum. "Where we can work around supporting 10.4, doing so consumes valuable time and effort. Neither Chrome nor Safari has to deal with this."

According to Mozilla's metrics, 24% of those running the Mac version of Firefox 3.5 rely on Tiger, while 12% of those running the just-released Firefox 3.6 do. Half of all users run Firefox 3.5 on Mac OS X 10.5, aka Leopard, while 59% run Firefox 3.6 on OS X 10.6, or Snow Leopard.

Aas noted that Tiger users can continue to run Firefox 3.6, which supports the older operating system, until that version is retired from support.

More in http://www.computerworld.com/s/article/9152920/Mozilla_ends_Firefox_support_for_Mac_OS_Tiger?taxonomyId=89

Collapse -
ISPs Look To Bundled Music Services To Keep You Around
by Donna Buenaventura / February 5, 2010 5:05 AM PST
Collapse -
Cisco's handholds hackers to backdoor
by Donna Buenaventura / February 5, 2010 5:06 AM PST

An internet security expert at IBM reported to the Black Hat conference that he discovered Cisco routers are vulnerable to a potential surveillance backdoor.

According to Arstechnica, Tom Cross, security systems researcher at IBM, gave a presentation exposing the backdoor to demonstrate how the 'lawful intercept' function in Cisco's system can be targeted by hackers to gain access to data flowing through the routers.

Hackers aren't blocked after failed attempts to access a Cisco router and notification alerts aren't sent to the administrator. Making matters even worse, ISPs can't detect and track who the culprits might be because their employees aren't allowed to detect and intercept.

It is not entirely Cisco's fault.

Continue reading in http://www.theinquirer.net/inquirer/news/1590674/cisco-handholds-hackers-backdoor

Collapse -
Fake Microsoft Outlook Update Installs Trojan
by Donna Buenaventura / February 5, 2010 5:07 AM PST

A malicious spam campaign caught by Panda Labs is using a fake Microsoft Update notice to trick victims into installing a Trojan. While well crafted, the attack still provides dead giveaways.

The e-mail, which Panda posts with a screen shot, is spoofed to look as if it comes from Microsoft Support. With a realistic-looking subject and e-mail body that attempts to piggy-back on the constant (and correct) advice to keep your computer up-to-date with patches, it's a great example of a social engineering attack.


Collapse -
ZeuS tracker shrinks takedowns from days to minutes
by Donna Buenaventura / February 5, 2010 5:08 AM PST

A site dedicated to tracking the infamous ZeuS botnet is celebrating its first birthday.

In the twelve months since the ZeuS Tracker was born, on 2 February 2009, the site has tracked more then 2,800 malicious botnet command and control servers associated with ZeuS. The site has logged around 360MB ZeuS config files and 330MB in binaries.

Thanks to the work of the volunteers and security consultancies, such as Team Cymru, that have contributed to the project, a ZeuS control hub can sometimes be taken down in minutes. Local CERTs, registrars and ISPs subscribe to the list compiled by ZeuS tracker to identify and take-down suspect domains.

More recently, ZeuS Tracker data has been integrated into the suspect blocklist of commercial products, as explained in a post celebrating the anniversary of the ZeuS tracker on abuse.ch here.


Collapse -
Microsoft banner ads vanish from Facebook
by Carol~ Moderator / February 5, 2010 9:00 AM PST
Search only for social network sugardaddy

Microsoft will no longer handle display ads on Facebook, as the companies rejiggered the advertising pact they announced in 2007 when Redmond stuffed $240m into the social-networking site.

"We made the mutual decision that Facebook would take over responsibility for selling display advertisements on its own site," reads a blog post from Microsoft Bing general manager Jon Tinter.

"Given the kinds of advertisements that make sense within a product as unique as Facebook, it just made more sense for them to take the lead on this part of their advertising strategy."

Continued here: http://www.theregister.co.uk/2010/02/05/microsoft_no_longer_doing_display_ads_on_facebook/

The blog post from Bing: Enhanced Cooperation with Facebook on Search

Facebook has been a close and valued partner of Microsoft for a number of years. We have worked together on several fronts all designed to create great experiences and services for our users. As we begin 2010, we are stepping up that collaboration yet again.

Here is a sense for what we are up to:

First, we have deepened our joint work together on web search to provide even more compelling experiences to Facebook users with Bing. As part of this expanded cooperation in search, our two companies will soon provide Facebook users with a more complete search experience by providing full access to great Bing features beyond a set of links, including richer answers combined with tools that help customers make faster, smarter decisions.

Second, we are extending our cooperation outside the US, bringing the Bing-Facebook search integration to the more than 400 million people using Facebook around the world.

Continued: http://www.bing.com/community/blogs/search/archive/2010/02/05/enhanced-cooperation-with-facebook-on-search.aspx
Collapse -
You?d think a company pursuing an IPO in this economy ...
by Carol~ Moderator / February 5, 2010 9:00 AM PST
You?d think a company pursuing an IPO in this economy would clean up its act

From the Sunbelt Blog:

You?d think that a company trying to raise several hundred million with an initial public offering of stock would tell their affiliates to be on their best behavior for a while.

For example, maybe they?d discourage them from hacking government web sites to attract search engine hits on the word ?bestiality,? then redirect browsers to the company?s site.

The sites: [...]

The code: [...]

Remember Adult Friend Finder? Penthouse Media Group (which also owns Penthouse magazine) purchased the online adult? ah? dating service in 2007 for $500 million. Well now they?re called FriendFinder Networks, Inc. In December, 2008 they filed with the U.S. Security and Exchange Commission for permission to make an initial public offering $460 million of stock.

Continued here: http://sunbeltblog.blogspot.com/2010/02/youd-think-company-pursuing-ipo-in-this.html
Collapse -
Major U.S. crackdown on work-at-home fraud coming?
by Carol~ Moderator / February 5, 2010 3:55 PM PST

From the Sunbelt Blog:

The U.S. Federal Trade Commission today announced that next Tuesday they will hold a news conference to make public details of ?a law enforcement sweep cracking down on job and work-at-home fraud fueled by the economic downturn.?

The media advisory said that the news conference would feature the director of the FTC?s bureau of Consumer Protection David C. Vladeck, an assistant attorney general and the Ohio Attorney General. The advisory listed as ?also attending? representatives of the U.S. Postal Inspection Service, Monster.com and Microsoft.

People who sign on as work-at-home employees from Internet ads (also called ?money mules?) often are used as conduits for stolen funds that are transferred from the bank accounts of victim individuals or companies who have been scammed by phishing or spear-phishing. The money mules set up bank accounts into which stolen funds are transferred. They are instructed to keep a portion of the funds and wire the remainder to the scammers, who are generally outside the U.S.

Continued here: http://sunbeltblog.blogspot.com/2010/02/major-us-crackdown-on-work-at-home.html

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?