Spyware, Viruses, & Security forum


NEWS - February 23, 2015

SSL-busting code that threatened Lenovo users found in a dozen more apps

"What all these applications have in common is that they make people less secure."

The list of software known to use the same HTTPS-breaking technology recently found preinstalled on Lenovo laptops has risen dramatically with the discovery of at least 12 new titles, including one that's categorized as a malicious trojan by a major antivirus provider.

Trojan.Nurjax, a malicious program Symantec discovered in December, hijacks the Web browsers of compromised computers and may download additional threats. According to a blog post published Friday by a security researcher from Facebook, Nurjax is one such example of newly found software that incorporates HTTPS-defeating code from an Israeli company called Komodia. Combined with the Superfish ad-injecting software preinstalled on some Lenovo computers and three additional applications that came to light shortly after that revelation, there are now 14 known apps that use Komodia technology.

Continued : http://arstechnica.com/security/2015/02/ssl-busting-code-that-threatened-lenovo-users-found-in-a-dozen-more-apps/

Superfish SSL Interception Library Found in Several Applications: Researchers
Superfish not the only app using Komodia's SSL-busting code
Superfish spyware not limited to Lenovo laptops
Lenovo not alone in suffering from Superfish security flaw
Discussion is locked
You are posting a reply to: NEWS - February 23, 2015
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - February 23, 2015
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Komodia Website Under DDoS Attack

In reply to: NEWS - February 23, 2015

Komodia.com, home to the SSL interception module at the heart of the Superfish adware dustup, is currently under a distributed denial-of-service attack.

As of 2 p.m. Eastern time, its home page had been replaced with a notice that the site was offline because it was under attack.

"Some people say it's not DDOS but a high volume of visitors, at the logs it showed [thousands] of connections from repeating IPs," the notice said.

The attack may be an outcome of last week's disclosure that Superfish, pre-installed on new Lenovo laptops between September 2014 and this January, put users' sensitive transactions at risk to man-in-the-middle attacks.

Continued : http://threatpost.com/komodia-website-under-ddos-attack/111195

Collapse -
Norton Update Caused Internet Explorer to Crash

In reply to: NEWS - February 23, 2015

Symantec customers started flooding the company's Norton Community forum on Friday with posts about an update that caused the Internet Explorer web browser to crash.

After analyzing the complaints, the security firm determined that the problem was triggered by a corrupt file in the virus definition set. The buggy update was the Intrusion Prevention System (IPS) 20150220.001 definition package.

According to Symantec, the corrupt IPS definition package caused the 32-bit version of Internet Explorer to crash on computers running Norton Security, Norton Security with Backup, Norton 360, and Norton Internet Security. Other Web browsers don't appear to be affected.

Continued: http://www.securityweek.com/norton-update-caused-internet-explorer-crash

Collapse -
TurboTax's Anti-Fraud Efforts Under Scrutiny

In reply to: NEWS - February 23, 2015

Two former security employees at Intuit — the makers of the popular tax preparation software and service TurboTax - allege that the company has made millions of dollars knowingly processing state and federal tax refunds filed by cybercriminals. Intuit says it leads the industry in voluntarily reporting suspicious returns, and that ultimately it is up to the Internal Revenue Service to develop industry-wide requirements for tax preparation firms to follow in their fight against the multi-billion dollar problem of tax refund fraud.

Last week, KrebsOnSecurity published an exclusive interview with Indu Kodukula, Intuit's chief information security officer. Kodukula explained that customer password re-use was a major cause of a spike this tax season in fraudulent state tax refund requests. The increase in phony state refund requests prompted several state revenue departments to complain to their state attorneys general. In response, TurboTax temporarily halted all state filings while it investigated claims of a possible breach. The company resumed state filing shortly after that pause, saying it could find no evidence that customers' TurboTax credentials had been stolen from its network.

Continued : http://krebsonsecurity.com/2015/02/turbotaxs-anti-fraud-efforts-under-scrutiny/

Collapse -
Cell Phones Leak Location Information through Power Usage

In reply to: NEWS - February 23, 2015

Bruce Schneier @ his "Schneier on Security" blog:

New research on tracking the location of smart phone users by monitoring power consumption:

PowerSpy takes advantage of the fact that a phone's cellular transmissions use more power to reach a given cell tower the farther it travels from that tower, or when obstacles like buildings or mountains block its signal. That correlation between battery use and variables like environmental conditions and cell tower distance is strong enough that momentary power drains like a phone conversation or the use of another power-hungry app can be filtered out, Michalevsky says.

One of the machine-learning tricks the researchers used to detect that "noise" is a focus on longer-term trends in the phone's power use rather than those than last just a few seconds or minutes. "A sufficiently long power measurement (several minutes) enables the learning algorithm to 'see' through the noise," the researchers write (pdf). "We show that measuring the phone's aggregate power consumption over time completely reveals the phone's location and movement."

Continued : https://www.schneier.com/blog/archives/2015/02/cell_phones_lea.html
Collapse -
This reminds me of Air Gap Malware.

In reply to: Cell Phones Leak Location Information through Power Usage

For those that didn't know, for years it was proposed that maintaining an "air gap" was sufficient for security.

No more. http://en.wikipedia.org/wiki/Air_gap_malware

In this case you see how an app with innocuous privileges can gain insight beyond it's priviledges.

Collapse -
Lavasoft's Ad-Aware Web Companion Relies on Superfish ..

In reply to: NEWS - February 23, 2015

.. Component

SSL Digestor, the flawed traffic interception engine from Komodia included by browser component Superfish, has also been employed in Ad-Aware Web Companion from antivirus provider Lavasoft.

The engine relies on the same root certificate and the same RSA private key to replace the digital certificates of any HTTPS website contacted by the user.

Lavasoft's product acted locally, no data collected

It acts as a transparent proxy between the client and the server, processing all SSL traffic exchanged between the two parties, thus being able to decode the encrypted stream.

Continued : http://news.softpedia.com/news/Lavasoft-s-Ad-Aware-Web-Companion-Relies-on-Superfish-Component-from-Komodia-473952.shtml
Collapse -
Security software found using Superfish-style code,

In reply to: Lavasoft's Ad-Aware Web Companion Relies on Superfish ..

... as attacks get simpler

"Titles from security firms Lavasoft and Comodo leave users open to easier attacks."

Two more software makers have been caught adding dangerous, Superfish-style man-in-the-middle code to the applications they publish. The development is significant because it involves AV company Lavasoft and Comodo, a company that issues roughly one-third of the Internet's Transport Layer Security certificates, making it the world's biggest certificate authority.

Lavasoft and Comodo were added just as researchers were discovering simpler, more potent ways to exploit the vulnerabilities.

Continued : http://arstechnica.com/security/2015/02/security-software-found-using-superfish-style-code-as-attacks-get-simpler/
Collapse -
Stolen SIM Card Keys Could be Powerful Spy Tool

In reply to: NEWS - February 23, 2015

It would be another powerful tool in the arsenal of US and British spy services: encryption keys for a large share of the SIM cards used for mobile phones.

A report by the investigative news website The Intercept, citing leaked documents from former National Security Agency contractor Edward Snowden, said the US and British agencies "hacked into" European manufacturer Gemalto to gain these keys.

The report, if accurate, could allow the NSA and its British counterpart GCHQ to secretly monitor a large portion of global communications over mobile devices without using a warrant or wiretap.

"This is a huge deal," said Bruce Schneier, a cryptographer who is chief technology officer at the security firm Resilient Systems, and a fellow at Harvard's Berkman Center.

Continued : http://www.securityweek.com/stolen-sim-card-keys-could-be-powerful-spy-tool

Related: How the "Great SIM Heist" could have been avoided

Collapse -
CTOs targeted with tax-themed phishing emails carrying ..

In reply to: NEWS - February 23, 2015


Tax-themed phishing emails targeting CTOs of tech companies have been spotted by researchers at Talos, Cisco's security intelligence and research group.

The initial emails, sent from a spoofed .gov email address, claimed that the recipient's federal tax payment was received, and that they could print out a receipt: a Word document attached to the email.

This first run obviously wasn't very successful, so they changed the text for the later attempts, saying that the payment was not received and that they should download and edit the attached "confirmation file" and send it back to the sender.

Continued : http://www.net-security.org/malware_news.php?id=2969

Popular Forums

Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.