Spyware, Viruses, & Security forum

General discussion

NEWS - February 26, 2010

by Carol~ Moderator / February 25, 2010 9:59 PM PST
Britain all atweet over Twitter phishing attack

"A Twitter phishing attack has hit several prominent British Twitter users"

The latest phishing attack on Twitter users swept the U.K. overnight claiming several prominent users.

The result was evident on Friday morning when users woke up to find messages on compromised accounts that read, "hey, i've been having better sex and longer with this here," followed by a link to a Web site selling sexual-performance drugs.

Although the number of people affected is difficult to determine, it made top news on the country's TV networks and news sites perhaps in part because of those affected. They include at least one member of Parliament and several journalists.

Ed Miliband, a British Cabinet member and the country's secretary for energy and climate change, tweeted on Friday morning, "Oh dear it seems like I've fallen victim to twitter's latest 'phishing' scam." The tweet had been removed from his Twitter stream.

Continued here: http://www.networkworld.com/news/2010/022610-britain-all-atweet-over-twitter.html?hpg1=bn

Also From Sophos: UK Cabinet Minister Ed Miliband hacked on Twitter
Discussion is locked
You are posting a reply to: NEWS - February 26, 2010
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - February 26, 2010
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Searching For Joannie Rochette Leads To Rogue AV
by Carol~ Moderator / February 25, 2010 10:06 PM PST

Websense Security Labs? ThreatSeeker? Network has detected that the black hat Search Engine Optimization (SEO) techniques are abusing the name of an Olympic figure skater who is very popular in recent news.

Joannie Rochett is a Canadian figure skater and the 2009 world silver medallist. In the 2010 Winter Olympics in Vancouver, despite the loss of her mother just 48 hours before her competition, she delivered a sensational performance and qualified to compete for gold.

The bad guys still took advantage of this tragic incident and used it in the infamous Black SEO poisoning attacks. Searching for Joannie Rochette in reputable search engines leads to rogue AV.

This use of the Black SEO technique is even more pertinent now that the results have been announced, with Rochette receiving a bronze medal for her performance. [...]

Once the victim clicks on the poisoned search results, he/she is redirected to the rogue AV page, and a fake Anti-virus executable asks for the victim's confirmation before being downloaded.

Related topics are 4th and 7th on Google's Hot Trends USA list. Joannie Rochette is currently the most popular search term on Google Canada at the time of writing: [...]

Continued here: http://securitylabs.websense.com/content/Alerts/3561.aspx

Collapse -
Troj/IFrame-DY Old websites don?t die they just get infected
by Carol~ Moderator / February 25, 2010 10:06 PM PST

Earlier this week Sophos informed a UK Local Police Authority (Hertfordshire) that a website they owned was infected with Troj/IFrame-DY.

It turns out that the Police Authority has a new site and the infected site is an old one that just leads the user to the new site: [...]

Unfortunately, the old site also contains a malicious script, appended after the closing </HTML> tag. [...]

There are several ways of migrating users to a new website:

Deleting the old and let a search engine take the strain
Doing Server side redirects
Asking the ISP to point the old website to the new sites IP address.
and relying on client side redirects.
There are benefits and costs for all the above methods, however, from a security point of view having an old abandoned (not updated and secured) website is the worst.

There are benefits and costs for all the above methods, however, from a security point of view having an old abandoned (not updated and secured) website is the worst.

Continued here: http://www.sophos.com/blogs/sophoslabs/v/post/8854

Collapse -
Do I Know You?
by Carol~ Moderator / February 25, 2010 10:34 PM PST

(Symantec products detected the downloaded misleading application below as AntiVirus2010)

From the Semantic Security Response Blog:

Imagine that you?re sitting at home catching up on your email backlog. In comes an email from your ISP, FooBarBazCo (some creativity required here, I know). The email seems to be from Technical Support ? ?From: FooBarBazCo.com Team? ? and states that you need to update your email settings as a result of a recent security upgrade. Can you trust it?

Today we observed an increase in spam messages containing links to a particular malicious URL. The messages masquerade as having come from mail administrators, with the ?from? address spoofed so that they appear to have come from the same network domain as the address to which the mails are sent (the ?from? and ?to? addresses are actually identical, although this will not be visible in most email programs).

The received messages state that mailbox 'settings were changed' and urge users to 'apply the new set of settings' by clicking a link to an executable, which unsurprisingly turns out to be malicious: [...]

Clicking the link leads to a download of the following misleading application, which we see here with the usual UI misspellings and fake scan results: [...]

Continued here: http://www.symantec.com/connect/blogs/do-i-know-you

Collapse -
Insight into fake AV SEO
by Carol~ Moderator / February 25, 2010 10:40 PM PST

From the SophosLabs Blog:

Readers of the Sophos blogs will probably have seen the post Graham made about the ?killer whale video? SEO attacks. We have described SEO attacks before (for example here). In this post I want to highlight how these attacks are working, and how Sophos protects you against them.

1. Pages using server side kits to fool search engine bots into ranking them high in results are uploaded to legitimate web sites. If all goes to plan, when a user searches for a popular term, high up in the search engine results are links to these pages. In the example below, the malicious SEO page was the 2nd item in the search results (highlighted in blue).

2. When the user arrives on such a page (highlighted in green in the example below), the referrer is typically checked to ensure they came from a search engine. If so, there are redirected (302 redirect) to another site (orange below).

3. There are typically additional levels of redirection from this point. In the example shown below, the user is bounced from the .org to the .in site (purple).

4. Finally, the user will be redirected to the fake AV distribution site (red). This is where the user receives the usual visual trickery, in order to fool them into installing the rogue application.

Continued here: http://www.sophos.com/blogs/sophoslabs/v/post/8867

Collapse -
Thunderbird 3.0.2 released
by Carol~ Moderator / February 25, 2010 10:52 PM PST

One week after releasing security updates for its Firefox browser, the Mozilla Foundation has also updated Thunderbird. In version 3.0.2, the developers have closed several critical holes that can be exploited to compromise a system.

Reportedly, disabling the DNS pre-fetching feature is now easier. When activated, DNS pre-fetching in Thunderbird allows spammers to check whether an email has been read via links incorporated in the email message. Unlike other known web bugs that retrieve further content, Thunderbird's default pre-fetching setting resolves the included domains in advance. Special sub-domains and a dedicated name server then allow spammers to establish whether a certain query has been resolved.

Continued here: http://www.h-online.com/security/news/item/Thunderbird-3-0-2-released-941372.html

Collapse -
Cloud based Web application security assessment
by Carol~ Moderator / February 26, 2010 12:05 AM PST

Cenzic released ClickToSecure Cloud, a self-service, completely cloud based Web application security assessment solution. With this new cloud platform, Cenzic has created open APIs to allow deeper integration with other vendors.

The solution allows the user to test their Websites for vulnerabilities and conduct quick assessments entirely in the cloud. The solution will have various levels of assessments from a basic health check to a support for compliance for PCI 6.6, and other regulations.

ClickToSecure Cloud is the latest product in Cenzic?s Web vulnerability scanning solution portfolio, which also includes Cenzic Hailstorm (enterprise software), and Cenzic ClickToSecure Managed (a remote assessment service conducted by Cenzic security experts on behalf of customers).

Pricing starts at $399 allowing SMBs who in the past couldn?t afford Web application security solutions, to now jump start their security posture at very affordable price-points. Furthermore, the flexibility of Cenzic?s solutions allows customers to scale to deeper testing while doing so at their own pace.


Collapse -
The future doesn't look bright for Google in China
by Carol~ Moderator / February 26, 2010 12:05 AM PST

Google's announcement that it will leave China if the censoring of their search results continues seems not to have affected the Chinese government much.

They have not showed any intention of complying to the request, and what's more, they actually announced new restriction as regards to Internet use. Anyone who wishes to have a personal website will have to ask for permission for the government to do so. They will also be required to supply a photo and some form of identification.

The government says all this will be employed as a measure to deal with pornography on the Internet, but there are many who see it just as another measure to silence the political opposition.

According to Wired, last year the Chinese government made it mandatory for every newly manufactured PC to be equipped with censorship software. Also last year, YouTube was blocked because of of videos of anti-Tibetan violence, and Google was often criticized by the government, who is of the opinion that the search giant makes pornography readily available.


Collapse -
Hotbar has a whale of a time
by Carol~ Moderator / February 26, 2010 12:05 AM PST

With news of the rather horrible whale incident buzzing around in the news right now, two things were guaranted:

1) Rogue SEO would step up to bat and

2) A bunch of crumbum "videos" would pop up on Youtube, promising glimpses of the final moments of the dead whale trainer.

Sure enough: [...]

Hit the link, and you're dumped on the familiar site of a Hotbar gateway prompt: [...]

In addition to the Hotbar install, you get ShopperReports (preticked) and BrowserQuest (also preticked).

Place your bets. Do you think our curious ghoul is going to see some horrible footage, or an empty spamblog? [...]

Continued here: http://www.vitalsecurity.org/2010/02/hotbar-has-whale-of-time.html

Collapse -
Microsoft warns over rogue Security Essentials
by Carol~ Moderator / February 26, 2010 10:13 AM PST

Microsoft has warned Windows users to be on their guard against a piece of rogue antivirus software passing itself off as Microsoft Security Essentials.

Security essentials 2010 is a piece of software Microsoft said installs a fake virus scanner on your machine and monitors and blocks processes it doesn't like.

The software will also block access to websites of antivirus and malware companies and flag up a warning message. You can see the list of blocked sites here.

Security essentials 2010 blocks access by downloading a Win32/Alureon component and another Layered Service Provider component, Microsoft's David Wood wrote on the company's Malware Protection Center blog.

Continued here: http://www.theregister.co.uk/2010/02/26/microsoft_security_essentials_rogue/

From the Microsoft Malware Protection Center: If it calls itself ?Security Essentials 2010?, then it?s possibly fake, innit?

Collapse -
NOT the real VirusTotal.com
by Carol~ Moderator / February 26, 2010 10:13 AM PST

VirusTotal.com [http://en.wikipedia.org/wiki/VirusTotal.com ] is a brilliant site that helps both public and researchers alike determine if an executable file they have is potentially malicious or not.

Julio Canto (of VirusTotal fame) has noticed that somebody decided to cash in on the good name of the site with the following domain:


Go there, and you?ll see a message claiming the site is a ?free online antivirus scanning service, click SCAN to begin scanning:? [...]

Hit ?Scan?, and it isn?t long before this happens: [...]

Yes, we have some Rogue Antivirus advertising in the house, to the tune of ?Your computer is infected by viruses? complete with the now familiar fake image of your drives and folders: [...]

Continued here: http://sunbeltblog.blogspot.com/2010/02/not-real-virustotalcom.html

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?