Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.


CNET Support


NEWS - January 20, 2012

Jan 19, 2012 8:17PM PST
'Anonymous' Back With A Vengeance: Downs DoJ, MPAA, RIAA, Universal Music Websites

"White House also being targeted as federal anti-piracy moves fuel widespread online attacks"

In apparent retaliation for the federal takedown of online storage and file transfer site Megaupload announced by the Department of Justice today, the Anonymous hacktivist collective went to work waging mass distributed denial-of-service (DDoS) attacks against websites of the DoJ, Motion Picture Association of America, the Recording Industry Association of America, and Universal Music that knocked those sites offline.

Also in the crosshairs of the hacktivists: the White House website, which as of this posting remained online, although Anonymous members were calling for targeting it as well. And security experts say this latest -- and possibly biggest -- DDoS campaign by Anonymous is far from over, with more targets to come. According to one tweet from AnonDaily, this is the largest attack by the hacktivist group, with more than 5,600 people using the Low Orbit Ion Cannon (LOIC) DDoS tool.

Barrett Brown, a former member of Anonymous who now an online activists entity called Project PM, tweeted today about another Anonymous campaign focused on Democratic members of Congress who remain in support anti-piracy bills before Congress, the House's Stop Online Piracy Act (SOPA), and the Senate's Protect Intellectual Property Act (PIPA).

Continued @ Dark Reading

Anonymous retaliates for Megaupload shutdown
Anonymous Retaliates for Megaupload Shutdown, Attacks DOJ, Others
Click on an Anonymous link, and you could be DDoS'ing the US government
Anonymous Takes Down FBI, RIAA, DOJ and White House Following Megaupload Closure

Discussion is locked

- Collapse -
Koobface Gang Shuts Down C&C Server, Drops Offline
Jan 19, 2012 8:22PM PST

The crew behind the Koobface worm, who have been quite open about their exploits and financial gains from their work in the past, now seem to be ducking underground as pressure is building on them in the wake of exposures of their operation and real identities. The command-and-control server used to run the Koobface botnet, known as the Mothership, is now offline and new infections seem to have dropped off, experts say.

Several reports this week have named the alleged operators of the Koobface botnet as a small group of Russian men living in and around St. Petersburg. The identities of the men have been known to security researchers tracking Koobface for some time now, and the researchers have had a good handle on how the group operates, makes its money and infects users, as well. Mostly, the group made money through click fraud and pay-per-click schemes that are predicated upon victims installing a piece of malware that masquerades as a new version of Adobe Flash that the user must install in order to watch a funny video that, of course, doesn't exist.

Security officials at Facebook have been tracking the activities of the Koobface gang, as the social networking site has been the main infection vector for the malware. This week the company, along with some other researchers, published the names of the people they believe to be responsible for the Koobface infections. Within a day or so of the disclosures, the alleged attackers had begun cleaning up their operation and covering the tracks they've been leaving all over the Internet for the last few years. Prior to that, the group had been rather careless about trying to throw researchers and investigators off the scent, and researchers were able to track them through social media profiles and posts and had access to their C&C server for some time, as well.

Continued :

Koobface gang turns off command servers, as Russian police explain lack of action
Koobface C&C goes silent after alleged controllers exposed
Koobface botnet goes down, suspects scurry to erase tracks

- Collapse -
US Federal Reserve contractor charged with source code theft
Jan 19, 2012 8:23PM PST

"Developer faces up to 10 years in prison for copying the source code of a sensitive financial program"

A US Federal Reserve contractor has been charged with copying the source code of software that keeps track of large exchanges of money between US government agencies.

Bo Zhang, who lives in Queens, New York, worked for the Reserve Bank of New York as a computer programmer on behalf of an unnamed third-party contracting firm. He was arrested on January 18 and released on $200,000 bail. He faces up to 10 years in prison and a $250,000 fine.

"Zhang took advantage of the access that came with his trusted position to steal highly sensitive proprietary software," said Janice Fedarcyk, Federal Bureau of Investigation assistant director-in-charge, in a statement.

Although Zhang is a Chinese national employed in the US through a work visa, the FBI gave no indication that the alleged theft was espionage. "His intentions with regard to that software are immaterial. Stealing it and copying it threatened the security of vitally important source code," Fedarcyk said.

The program he allegedly copied, the Government-wide Accounting and Reporting Program (GWA), keeps track of money that is transferred among different US government agencies. The US Treasury Department authored the program, which cost almost $10 million to develop.

Continued :

Also: Feds cuff coder accused of US bank source code swipe

- Collapse -
SOPA Getting a Face-Lift: How Evil Will It Be?
Jan 19, 2012 8:23PM PST

The House version of the Stop Online Piracy Act, the proposed anti-piracy legislation that drew a planned and widespread internet revolt Wednesday, is likely to undergo a radical overhaul to muster passage.

The measure, along with the Senate's proposed Protect IP Act, faces an uncertain future given newfound widespread legislative opposition to the proposals in their current form. On Wednesday, as thousands of websites blacked themselves out or altered their appearance in protest, Republican and Democratic lawmakers in both the Senate and House began distancing themselves from the non-partisan bills they had once supported.

Nowhere was that more apparent than in the House Judiciary Committee, which is headed by Rep. Lamar Smith (R-Texas), the chief SOPA sponsor.

Committee spokesman Brett Bettesworth said in a telephone interview Thursday that, when Smith brings SOPA up for a vote next month, he will have removed the most controversial provision that prompted the backlash. And Smith will be open for even more amendments, he said.

"He realizes there is going to have to be a lot of changes because of the opposition there has been to it," Bettesworth said.

Continued :

- Collapse -
Mozilla pushes browser-based alternative to passwords
Jan 19, 2012 10:50PM PST

Mozilla is promoting a browser-based alternative to usernames and passwords for website logins.

Browser ID offers a decentralized system for user identification and authentication along the same lines as OpenID. To use BrowserID users first have to create an account with Mozilla. After this users would be able to use the technology to enter websites that support BrowserID simply by entering their email address.

Developers can add support to the technology by adding links to a JavaScript library and hooks into a JavaScript API and verification service, as explained in a blog post by Mozilla here.

The technology competes with OpenID, which is already used by prominent sites such as Twitter and Facebook. Mozilla is pushing BrowserID as a more secure and privacy-sensitive method than its competitors.

BrowserID was first released by Mozilla back in July 2011 as a prototype. Mozilla only finished deploying the technology across its own sites earlier this month.

Continued :

- Collapse -
Windows Phone App Analyser 1.0 released
Jan 19, 2012 10:50PM PST

David Rook, the author of the acclaimed security code review tool Agnitio, today released version 1.0 of Windows Phone App Analyser, an application that can be used to decompile and analyze Windows Phone apps specifically focusing on finding security issues. [Screenshot]

With Windows Phone App Analyser you can:

• Analyze application source code and have keywords highlighted/explained which might need further investigation from a security point of view.
• Automatically decompile Windows Phone .xap application to easily analyze the original source code
• Launch and review results from third party scanning tools (CAT.NET, FxCop and the capabilities detection tool in v1.0).

For more technical details, visit this page.

- Collapse -
Brazilian cybercriminals' daily earnings - more than you'll
Jan 19, 2012 10:50PM PST
Brazilian cybercriminals' daily earnings - more than you'll ever earn in a year!

From the Kaspersky Lab Weblog:

How much do you earn per day? If we look at how much a cybercriminal from Brazil earns every day, we'll understand why Brazil is one of the main sources of malware in the world.

Brazilian cybercriminals really like to use short URLs to track infections and have their own stats. Here is the profile of one criminal using Bitly as a URL shortening service. [Screenshot]

As you can see, in just one day, he was able to gain more than 33,000 clicks or potential infections! Let's presume that just 10% of all the victim machines end up getting infected. That means approximately 3300 people are affected. In Brazil malware is usually spread in order to steal only credit card and online banking account information, and this was the case with this particular campaign. Account information for other Internet resources like Facebook, IM, email etc. was not stolen.

So, how much did the criminal make on that particular day? Let's see: a unit price on the black market for stolen Brazilian credit cards is about $8 USD. Now let's suppose that the average savings in a bank account amount to about $500 USD. Cybercriminals from Brazil don't sell access to the stolen bank accounts; they use the accounts themselves, cleaning them out completely. After some simple math (3305 * 8 * 500) we get a daily earnings figure of $13220000 USD! Of course it will take some time to cash this money in, but the sum is enough motivation to get the work done.

Continued :
- Collapse -
SOPA, PIPA Votes Indefinitely Delayed
Jan 20, 2012 2:20AM PST

Senate Majority leader Harry Reid, D-Nev., is delaying Tuesday's scheduled Senate vote on the controversial Protect IP Act.

The move, as well as a similar delay on a vote of a companion bill before the House of Representatives, appears to be the clearest indication yet that Wednesday's Wikipedia blackout and Web protest swayed lawmakers. On Thursday, several lawmakers dropped their support of the controversial measure and all four Republican presidential candidates took stands against it.

In a series of tweets Friday morning, Reid said "in light of recent events" he would postpone the vote. The decision did not, however, appear to change Reid's overall support for anti-piracy legislation.

"There's no reason that legitimate issues raised about PROTECT IP can't be resolved. Counterfeiting & piracy cost 1000s of #jobs yearly#pipa," he tweeted.

Meanwhile, House Judiciary Committee Chairman Lamar Smith, R-Texas, also said he would "indefinitely" delay a vote on the Stop Online Piracy Act pending before the house.

"I have heard from the critics and I take seriously their concerns regarding proposed legislation to address the problem of online piracy," Smith said in a statement Friday. "It is clear that we need to revisit the approach on how best to address the problem of foreign thieves that steal and sell American inventions and products."

Continued :

Senate Postpones Vote on Internet Piracy Bill
Reid Calls Off Protect IP Act Vote

- Collapse -
Qualys expands its FreeScan service
Jan 20, 2012 2:20AM PST

Qualys announced its new and improved FreeScan service to help SMBs audit and protect their web sites from security vulnerabilities and malware infections.

The new FreeScan service allows SMBs to scan their web sites for of malware, network and web application vulnerabilities, as well as SSL certificate validation, helping web site owners identify risk before hackers do in order to prevent data beaches and protect online visitors from infections.

As web sites grow ever more complex and users spend ever more time online, cybercriminals are stepping up their game to focus on exploiting legitimate sites - and the trust placed in those sites by users.

Techniques such as cross-site scripting (XSS) and SQL injection attacks enable hackers to take control of web sites "behind the scenes," redirecting users without their knowledge in order to steal data or spread malware.

Continued :

- Collapse -
The Rise of the Ransomware
Jan 20, 2012 6:58AM PST

From the PandaLabs Blog:

In the last months we have seen an increase of ransomware attacks. While the first ones we saw were posing as Microsoft to threaten the user because it had been detected a pirated version of Windows, and in case you didn't pay the fine they would contact the local law enforcement agencies, the new ones are posing as the very same law enforcement agencies.

While we are use to see this kind of fake messages in English, in this case the attacks are localized, we have seen English, German, Spanish or Dutch language (among others), depending on the targeted country. All of the attacks are targeting some European country, so it looks like that all of them are related and the same cibercriminal gang could be behind them.

The last one has appeared a couple of days ago, this time it is targeting Spain. The file is using as icon the following Internet meme: [Screenshot: meme]

Once infected, this is what you will see in your desktop: [Screenshot]

In the message it says that it has been detected access to illegal material (such as child pornography and spam about terrorism) from that computer, and that the computer will be locked to prevent such a use. To solve that you have to pay a fine of €100:

Continued :

- Collapse -
McAfee customers used to spread spam
Jan 20, 2012 7:37AM PST

McAfee is warning of a vulnerability in its Security-as-a-Service (SaaS) for Total Protection product which can be exploited to make affected machines relay spam. In a post on its blog, the company says that the problem in its hosted anti-malware service has now been fixed, noting that affected systems were updated on Thursday 19 January.

The vulnerability allowed attackers to use Total Protection users' computers as open email relays and to use this capability to send out spam messages. However, it did not apparently allow access to any customer data. The problem was discovered as a result of complaints from customers who found that their emails were being blocked and their IP addresses were being added to anti-spam blacklists.

ZDI recently disclosed details of a further vulnerability which apparently enabled attackers to execute embedded code. In response to an enquiry by The H's associates at heise Security, McAfee confirmed that this vulnerability no longer poses any risk. According to McAfee, they discovered a similar problem in August and fixed it by setting the kill bit for the relevant ActiveX control. The company says that this means that it is no longer possible to exploit the vulnerability reported by ZDI, adding that it was planning to remove the code giving rise to the vulnerability shortly.

Continued :

- Collapse -
Fake Seattle traffic ticket notification leads to malware
Jan 20, 2012 7:38AM PST

From the Microsoft Malware Protection Center:

Our partners at the City of Seattle sent us a warning today about a phishing campaign which targets users very close to home -- specifically, Seattle Washington. They're seeing spam mail circulating that claims to be from Seattle Department of Motor Vehicles, stating that the victim is charged with a traffic offense, and requesting that they fill out a linked form: [Screenshot]

Variations of this email are turning up; all of them have similar content and a "check sum" tag line. Only the hyperlink and the time and date of the "offense" changes among iterations of the spam. It's interesting to note that the "Date of Offense" is in European format (DD/MM/YYYY), which is a strange deviation from the date format used in most of the U.S. (MM/DD/YYYY). So far, we've seen the hyperlink point to several recently registered domains.

If the link is visited, the browser requests the page and loads an IFrame from yet another site, which was registered on January 16, 2012 and is hosted in the Ukraine at IP This Ukrainian site contains an obfuscated JavaScript that attempts to exploit an issue in MDAC (Microsoft Security Bulletin MS06-014) that was mitigated by a Windows security update in 2006.

Continued :

- Collapse - server allows anyone to unlock computer
Jan 20, 2012 7:38AM PST

The French blogger "Gu1" has discovered that versions 1.11 and above of's X Server contain an interesting vulnerability that enables users to gain access to a locked computer. Simultaneously pressing the Ctrl key, the Alt key and the * key on the numeric keyboard disables a user's screensaver and unlocks the computer; we were able to reproduce the problem on a Fedora 16 system that hadn't been updated to include Fedora's recent patch.

According to Gu1, the problem is caused by the "AllowClosedownGrabs" debug option: if it is active, pressing the key combination causes any processes that grab mouse or keyboard inputs to shut down - in this case, the screensaver that usually prevents a locked computer from being accessed.

Gu1 says that the function had existed up to 2008, but at that time it was disabled by default and well-documented. Apparently, the developers even explicitly pointed out the potential security issues that may exist when used in combination with screensavers. Developers were also able to use an API to disallow the function for their processes.

Continued :

See Vulnerabilities & Fixes: X.Org Grab-Breaking Keybinding Security Bypass Weakness