28 total posts
FAKEAV Gets First Dibs in Profits from Apple iPad
Even before the first user could buy the latest and upcoming Apple technology, the iPad, cybercriminals are already making profit from its popularity.
Trend Micro threat engineers today found some malicious search results while looking for information related to the announcement of the Apple tablet.
These poisoned search results turned out to be related to the never-ending blackhat search engine optimization (SEO) FAKEAV campaigns. When clicked, the search results lead to the download of a rogue antivirus software, which Trend Micro detects as TROJ_FAKEAV.EAM.
Since Apple announced when the iPad will be made available to consumers, it has been one of the hottest topics circulating the Web today. And cybercriminals are not just about to let this slide. With the growing user anticipation for this new product, it is most likely that many users will be victimized by the latest FAKEAV attack. Users are thus advised to be wary of malicious links and to instead go to reputable news sites to get the latest information about the iPad.
Trend Micro is continuously working to protect users from this threat and to provide more information about this latest FAKEAV SEO.
Apple Tablet Announcement Black SEO
Websense Security Labs ThreatSeeker Network has discovered that search terms related to the forthcoming Apple Tablet announcment have already become the latest target for Blackhat SEO poisoning attacks.
In the lead up to Apple's official announcment which is scheduled to happen today, there has been a great deal of anticipation and speculation over the Internet. As people become interested in finding more information on the product, related search terms are currently gaining momentum, and as they do so Blackhat SEO attacks are starting to climb up the search result listings. [...]
The file in the rogue AV site has 30% detection rate. If the file is installed it reports non-existent infections and disturbs the user with on going pop-ups. In order to "clean" the system the rogue program is offered for a price.
Apple security threats exaggerated, report reveals
But criminals probe the iPhone.
Apple's desktop computers experience little malware, a review of 2009 has found, but this is partly because attacks are starting to move to the company's other platforms such as the iPhone.
According to A Year in Mac Security from software security outfit Intego, threats to Apple devices ratcheted up a gear in terms of seriousness, with a clutch of software vulnerabilities, website exploits and, as ever, sophisticated Trojans. [...]
Intego goes on to document a number of vulnerabilities in OS X and May's massive 400MB update to patch 47 security issues to underline that the complacency of old about Apple security being good is sometimes misplaced.
Windows users will read the report with incredulity. An equivalent 2009 report for the world's dominant computer platform would run to hundreds if not thousands of pages - Intego's reaches seven including a one-page index of sources. Most of what passes for threats in the world of OS X would be laughed at by PC security researchers.
MoD staff leak military secrets on Facebook and Twitter
Ministry of Defence admits secret info leaked 16 times in 18 months
The Ministry of Defence has admitted that staff leaked secret information 16 times on social networking sites such as Facebook and Twitter over an 18-month period.
The admission comes in response to a Freedom of Information request by Lewis PR, which handles public relations for security firm F-Secure.
Lewis said the Ministry of Defence had disciplined 10 personnel, although was unable to specify individual cases.
Ministry of Defence staff aren't banned from using social networks, but Lewis pointed out that the department's code tells employees: "Remember you are a member of HM Forces/MOD civil servant. Observe the same high standard of conduct and behaviour online as would be expected of you in your professional or personal life."
Brits accused of illegal file-sharing forking out
Up to 50,000 penalty letters have already been issued
Hundreds of Brits are being forced to fork out
Is the lack of iPad Flash support for security?
From F-Secure Weblog:
We've received some questions regarding Apple's iPad, and whether or not the lack of Adobe Flash support is for security reasons.
Well, no, we don't think so.
True, Adobe Flash has been exploitable in the past, and it will undoubtedly be so again, but we think it's more a matter of practicality and not security.
Continue reading in http://www.f-secure.com/weblog/archives/00001869.html
Top US lawmakers demand hacker probe
Top US lawmakers late Thursday demanded a full investigation into how hackers were able to break into and "deface" the official Internet sites of 49 members of the US House of Representatives.
The unknown culprits posted a mocking, obscenity-laced screed against President Barack Obama after he delivered his prime-time State of the Union address on Wednesday.
Democratic House Speaker Nancy Pelosi and Republican House Minority Leader John Boehner wrote to the chief administrative officer of the House of Representatives, Daniel Beard, to request a full investigation.
"We request that you initiate an immediate and comprehensive assessment of how hackers were able to deface the websites of nearly fifty House Members and Committees last night," they said in the letter, which was made public.
Pelosi and Boehner praised Beard's past efforts to tighten cybersecurity to safeguard congressional sites from "unauthorized intrusions" but stressed the incident required "a further review of security procedures are needed."
In another news: Pelosi, Boehner Letter to CAO on Protecting House Web Sites From Being Hacked
The full text of the letter is below.
January 28, 2010
The Honorable Daniel P. Beard
Chief Administrative Officer
U.S. House of Representatives
Washington, DC 20515
Dear Mr. Beard:
We request that you initiate an immediate and comprehensive assessment of how hackers were able to deface the websites of nearly fifty House Members and Committees last night.
In the past, we jointly requested that your office review and tighten cybersecurity protections designed to ensure that congressional offices and committees are safeguarded from unauthorized intrusions. We appreciate the efforts you and your cybersecurity team have taken to tighten firewalls, as well as more recent efforts to ensure that official mobile communications devices are secure from hacking and other intrusions.
However, last night's actions indicate that further review of security procedures are needed. From initial reports, these intrusions appear to be related to one website vendor which has had previous security failures. While many Members have expressed satisfaction with the vendor in question, this is the second time in a year websites hosted and supported by this vendor have been compromised. We therefore request that your office work with the Committee on House Administration to review the security standards for House vendors and to assess whether this vendor, and others, have adhered to those standards. We also request that you take immediate action to protect against breaches of the House firewalls and to ensure website security of all House offices.
Thank you for your attention to this matter.
Most used spam categories in January
From Avira TechBlog:
Starting from January we will publish monthly reports about the spam categories which were most often used in the last month. These categories are currently detected by Avira's AntiSpam engine:#
1. OTHER Anything that doesn't fit the categories below
2. PHISHING Phishing emails
3. LOTTERY Lottery scams
4. NIGERIAN Nigerian Scams
5. JOBS Job related scams
6. MALWARE Malware files transmitted via Email
7. FASHION Replica shoes and clothes
8. WATCH Replica watches
9. SOFTWARE Software sales
10. UNIVERSITY Fake university degrees
11. PHARMACY Meds or online pharmacies
12. CASINO Casino spams
13. STOCK Pump and Dump stock spam
14. LOAN Loan scams
15. COMMERCIALS Commercial which looks like spam
16. OTHER_NON_LATIN Unknown texts written in exotic languages
Dear Snowflake: Happy 'Data Privacy Day'
From Brian Krebs:
Here in the States, today is "National Data Privacy Day." Declared as such on this day a year ago by the U.S. Congress, this unofficial holiday is meant to remind teens and young adults about the importance of protecting their personal information online, particularly in the context of social networking.
What's that? You didn't know about NDPD? Yeah, neither did I: A bloke I know from the U.K. clued me in over instant message with a link to this Wikipedia page. Oddly enough, his note interrupted my reading of a story about how at least 30 congressional Web sites were defaced in apparent response to President Obama's State of the Union address last night. Social networking, indeed.
Read more in http://www.krebsonsecurity.com/2010/01/dear-snowflake-happy-data-privacy-day/
Crooks and scammers avoid Windows 7 protection
Users are often the weak link in the chain
Experts agree that Windows 7 has enhanced security to ward off attacks on vulnerabilities in old software. But what if a money-minded online scammer can persuade you to download malware onto your PC?
"Windows 7 is more secure, and upgrading to it is a big improvement," says Chester Wisniewski, a senior security advisor with software-maker Sophos. "But it's not going to stop malware in its tracks."
Exploits take a hit
Digital crooks generally use two tactics to install malware on a PC. Exploits often take the form of a snippet of attack code hidden on a web page, often a hacked-but-otherwise-benign site. When you browse the page, the exploit hunts for software flaws in Windows or in third party programs such as Adobe Flash or QuickTime. If it finds one, the exploit may surreptitiously install malware without any hint of the attack.
In contrast, social engineering attacks try to trick you into downloading and installing bot malware that poses as a useful program or video. Some attacks combine tactics, as when a scammer sends an email message encouraging you to open an attached PDF file, only to trigger an exploit buried in the file that then hunts for a flaw in Adobe Reader.
Security upgrades in Windows 7 could help prevent many attacks that target software flaws. ActiveX attacks, once the bane of Internet Explorer users, may "pretty much disappear" due to IE 8's Protected Mode, says HD Moore, chief security officer at Rapid7 and creator of the Metasploit testing tool.
The arcane sounding Address Space Layer Randomisation makes it harder for crooks to find a vulnerability for a running program in your computer's memory. The related Data Execution Prevention feature attempts to prohibit an attack from taking advantage of any flaw that it may discover.
"These two, in particular, could have a very large impact," says Wisniewski. Still, though ASLR and DEP were expanded to protect more programs in Windows 7 than in Vista, they don't cover all applications.
Vista safer than XP?
Hacking people, not programs
Read more in http://www.computerworlduk.com/management/security/cybercrime/in-depth/index.cfm?articleid=2951
PayPal email scam still claiming victims
A email scam using images of WA Police logos, PayPal and overseas law enforcement agencies to threaten recipients with legal action unless they send money offshore is still rife in WA.
The scam - which targets people selling high-value goods such as vehicles online - first surfaced about two months ago, but WA Police say despite publicity, some people are still falling prey.
Victims receive an email claiming the sender cannot collect the item trying to be sold with excuses including that they are out of the country or working offshore.
The scammers ask the victim for a fee of between $650 and $1200 so a "delivery agent" can collect the goods, as they cannot pay the delivery agent directly themselves. [...]
The email contains WA Police logos, badges and banners, as well as a "link" to the WA Police website. However, clicking on the link takes victims to the London Metropolitan Police website.
Symantec generating a False Positive on Flash Player install
If you are running Symantec antivirus, and trying to install Flash, and the Installer is being flagged as a Trojan Horse, now you know why. Seems there might be a false positive in Symantec's host based detection, flagging the Adobe Flash Installer as a Trojan Horse.
This isn't a big slight, this happens from time to time, with the thousands and thousands of different types of detection that is done with an antivirus tool, it's actually fairly impressive that this type of thing doesn't happen more often. But it's happened before, and it will happen again. (Remember the Excel file fiasco that McAfee's AV caused?)
Symantec is encouraging people that are affected to call Symantec support.
Symantec slaps Trojan alert against Spotify
Scanner turns song software slayer
Symantec has apologised over a ****-up that resulted in the incorrect classification of streaming music service Spotify as a Trojan on Thursday.
A misfiring anti-virus definition update caused Symantec's Norton security software to wrongly classified Spotify program files as malign and shuffled them off into quarantine. Symantec responded quickly to the problem by issuing a fix that quashed the false alarm. Even after they update their security software, Symantec users may still have to reinstall Spotify in order to listen to the service again.
Spotify's take on the mix-up can be found here. Symantec's mea culpa is here.
Critical infrastructures under attack
Large-scale threats common, warns McAfee report
Cyber attacks on critical infrastructures such as electrical grids and oil and gas production are widespread and increasing and cost up to $6.3m a day, warns McAfee.
More than half of the IT security execs from 600 global critical infrastructure firms surveyed by McAfee said they'd already suffered large-scale attacks from organised gangs, terrorists or nation-states.
More than third (37%) believed their sector had become more vulnerable to attack over the last year, and many anticipated a major incident over the next 12 months.
Although built for reliability and availability, most of the world's critical infrastructures were not built with cyber protection in mind. But the interconnectedness of today's IT world means that these areas are now vulnerable.
"They are subject to attack and don't always have the best security. These systems are in the bowels of organisations and the biggest thing is impacting availability, so companies don't want to touch it because they are worried if they touch it, they will lose the grid," said George Kurtz, chief technology officer at McAfee.
Also see: McAfee: Attacks on critical infrastructure are common
StopBadware: Public web chat about auto-update mechanisms
In the past couple of years, auto-update mechanisms that allow software applications to check for and install patches or new versions have become far more prevalent. Some software vendors have looked to push auto-updaters beyond the traditional "an update is available, do you want to install it?" format. Last year, Apple began using its updater to push additional software applications. Google's Chrome browser silently installs updates, including new major versions, with no user interaction or notice. A new updater for Adobe Reader appears to be a hybrid of Chrome's silent installer and more tradiitonal updaters.
On Wednesday, Feburary, 10, at 1pm EST, we will be hosting a public web chat to discuss auto-update mechanisms from the standpoint of balancing their security benefits with questions about appropriate disclosure and user control. Brad Arkin of Adobe will be participating, and the Google Chrome team has been invited to join, as well. The chat will incorporate VoIP audio (requires headset or microphone/speaker on your computer) as well as text, using dimdim's Flash-based web conference system. Pre-registration is free and recommended. Just enter your e-mail address in the widget below. Feel free, as well, to help publicize this chat by clicking the "Share Widget" link.
Startpage launches anonymous Web search service
Search-engine company Startpage launched a service allowing users concerned about privacy to carry out Web searches and click on linked pages without being identified, tracked or recorded.
Unlike mainstream search engines that gather commercially valuable information about user behavior, privately held Startpage (www.startpage.com) has focused on privacy since 2005.
Startpage -- also known as Ixquick outside the United States and Britain -- had already offered private searching, but users would leave the company's protection when they clicked on a search result and entered a third-party website.
The new service offers use of a Startpage proxy that means the user is invisible to all websites, though pages load more slowly since Startpage must first retrieve the contents and then redisplay them.
"My wake-up call came last year," says Katherine Albrecht, who runs U.S. media relations and marketing for Startpage and who says she noticed Google Inc had installed a program monitoring users who typed in terms indicating they had influenza -- and was sharing the information with the U.S. Center for Disease Control.
"I had been a privacy advocate for 10 years, but even so I was using Google just like everybody else," she said.
DRM: Is the Apple iPad 'iBad for freedom'?
Defective by Design.org has slammed the iPad just hours after its release, saying its "iBad for freedom".
In an online petition and an open letter to Steve Jobs, the open source organisation says: "The iPad's unprecedented use of DRM to control all capabilities of a general purpose computer is a dangerous step backward for computing and for media distribution. We demand that Apple remove all DRM from its devices."
Related news: Adobe responds to lack of flash on the iPad
Adobe has responded to the lack of Flash support and is blaming it all on Apple as it was their choice to not include the technology. Adobe, via Gizmodo, is stating that:
"It looks like Apple is continuing to impose restrictions on their devices that limit both content publishers and consumers. Unlike many other ebook readers using the ePub file format, consumers will not be able to access ePub content with Apple's DRM technology on devices made by other manufacturers. And without Flash support, iPad users will not be able to access the full range of web content, including over 70% of games and 75% of video on the web.
Wyoming campaign cuts volunteer behind Web trick
A Wyoming gubernatorial candidate has cut ties with a volunteer who used a bit of online trickery to misdirect people trying to visit her opponent's Web site.
Republican candidate Rita Meyer said she had been unaware of Paul Montoya's decision to register a Web address very similar to rival Republican candidate Matt Mead's Web site.
The trick, which followed a similar campaign prank in California, temporarily resulted in visitors to mattmeadforgovernor.com being directed to Meyer's Web site. As of Wednesday, the address had been switched to link to Mead's site, meadforgovernor.com.
"Technology's good, but (Montoya) absolutely used it for the wrong means and ends, and I don't support that," Meyer said. "I was very saddened because it reflects on the campaign."
Montoya did not return an Associated Press phone message left at his office Wednesday; [...]
Montoya told Cheyenne TV station KGWN on Tuesday that the ruse wasn't a prank but was meant to demonstrate the importance of securing pertinent domain names.
"I'm an emerging technology advocate, and one of the things I'd really like people to watch out for is to protect themselves about what they have," Montoya said.
"It wasn't meant to be malicious by any means," he added. "It was basically to punctuate how important it is to own the domain you have."
Mead said he first learned about the phony Web address Sunday from supporters. He discussed it with Meyer that evening at a chamber of commerce meeting in Buffalo, he said.
Expert sees security issues with the iPad
Apple's new iPad device looks like it will have some of the same security issues that affect the iPhone, such as weak encryption, a mobile security expert said on Thursday.
For one, if the iPad employs encryption the same way the iPhone does, sensitive personal data, including phone numbers and e-mail addresses, could be retrieved and viewed, says Daniel Hoffman, chief technology officer at SMobile Systems, which sells mobile security software.
"The problem with the iPhone security encryption is it is fundamentally worthless," he said. "It can be easily bypassed."
Hoffman not alone in making that assessment.
Secondly, if iPad users get their apps from the Apps Store, they are at risk of getting the occasional bad apple, Hoffman said, noting that there have been malicious apps found in the store.
In addition, the device is subject to man-in-the-middle attacks like any other device that uses unsecured Wi-Fi networks, he said. SMobile is developing a tool to protect against such attacks, in which someone is able to intercept Internet traffic mobile devices send over Wi-Fi networks and inject new messages while masquerading as a legitimate party in the communication.
Is Security the Next Cloud Computing Play?
There are many ways to skin a cat. Symantec is getting its kicks from consumer sales while the enterprise market takes a breather. Next up: cloud computing solutions for security and storage. [...]
The consumer segment was both the biggest and the best-performing division for Symantec. Whether this is a general industry trend or a situation unique to Symantec will remain a mystery until McAfee reports earnings on Feb. 11, but you could look at recent reports from enterprise IT providers like Oracle (Nasdaq: ORCL) and IBM (NYSE: IBM) and infer that business-class software buyers may taking a longer lunch break than consumers. [...]
While waiting for that rebound to happen, Symantec is keeping busy with cloud computing projects. The company sells hosted services to more than 1,800 customers today, including several multimillion-dollar deals. Symantec offers data protection services for the Amazon.com EC2 cloud service, and 11 million regular consumers are using 45 petabytes (that’s … a lot) of Symantec's online backup storage.
Symantec is taking an early walk in the clouds, which is simply a smart strategy for future-proofing the business.
Phishing scam targets users of Adobe PDF Reader
A new phishing scam is trying to fool people into thinking it comes from Adobe, announcing a new version of PDF Reader/Writer. The message is making its way into e-mail boxes today, and the real Adobe urged any recipients to simply delete it.
The phishing scam has a subject line "download and upgrade Adobe PDF Reader – Writer for Windows," includes a fake version of Adobe's logo and provides links that would lead to malicious code or other trouble if a victim clicked on them. The e-mail appears to come from Adobe firstname.lastname@example.org, which is part of the scam.
"It has come to Adobe's attention that e-mail messages purporting to offer a download of the Adobe Reader have been sent by entities claiming to be Adobe," the company said in a statement warning about it. "Many of these e-mails are signed as 'Adobe PDF' (or similar), and in some instances require recipients to register and/or provide personal information. Please be aware that these e-mails are phishing scams and have not been sent by Adobe or on Adobe's behalf."
Last-minute objections filed to Google book settlement
Critics of the revised legal settlement with US authors and publishers that would allow Google to scan and sell millions of books online filed a flurry of last-minute objections on Thursday.
Judge Denny Chin is to hold a hearing on February 18 on Google's vast digital book project and the deadline for filing briefs in the case was Thursday.
Among those submitting objections were online retail giant Amazon, Consumer Watchdog, half-a-dozen French publishing houses, fantasy fiction author Ursula K. Le Guin, the Open Book Alliance and others.
Amazon, which makes the popular Kindle electronic book reader and runs a digital bookstore of its own, said the revised agreement violates anti-trust and copyright law and urged the judge to reject it.
Authors sue Google
Two umbrella bodies of authors and publishers have taken Google to court for copyright violation and demanded that the digital database service of the Internet search giant delete all works of Indians.
The Indian Reprographic Rights Organisation (IRRO) and the Federation of Indian Publishers (FIP) today told a US court that Google Books had been scanning works free of charge and reaping revenues from advertisements but not compensating the creators and original publishers.
"In our objections, we have stated that Google should immediately delete all material they have of Indian authors from their database in Google Books which have been acquired without permission. There might be millions of authors all over the country who might not even know their rights are being violated," said Siddharth Arya, counsel for the IRRO, which represents many authors and publishers in the country.
The IRRO and the FIP together represent around 500 Indian publishing houses with 16,000 authors.
Apple iPhone App Security in Spotlight at Black Hat
At the Black Hat DC security conference next week, software engineer Nicolas Seriot is putting the spotlight on security and privacy issues involving third-party applications developed for the iPhone.
A software engineer is highlighting the challenges facing mobile app stores in an upcoming presentation at Black Hat DC.
In his presentation Feb. 3, software engineer Nicolas Seriot will train his eyes on applications for the Apple iPhone, and how Apple's guarantees of privacy and applications can fall short of their App store's virtual door.
"In late 2009, I was involved in discussions with the Swiss private banking industry regarding the confidentiality of iPhone personal data," he explained. "Bankers wanted to know how safe their information were, which ones are exactly at risk and which ones are not. In brief, I showed that (an) application downloaded from the App Store to a standard iPhone could technically harvest a significant quantity of personal data...(including) the full name, the email addresses, the phone number, the keyboard cache entries, the Wi-Fi connection logs and the most recent GPS location."
Seriot said he wrote a proof-of-concept application and published it under an open-source license to illustrate the situation. Several other applications, such as Aurora Feint and MogoRoad, have been pulled from the App Store for privacy violations.
Report: Flawed Apps Increasingly Under the DDoS Gun
A report shows an upward trend where attack tools exploit layer 7 to maximize the impact of DDoS assaults.
A report from the CYBER SECURITY Forum Initiative (CSFI) offers further evidence that botnet herders are getting a bigger bang out of distributed denial-of-service (DDoS) attacks by targeting security holes at layer 7, more commonly known as the application layer.
A paper on the findings, L7DA (Layer 7 DOS Attack) Report v1.0, was passed along to CSOonline by Paul de Souza, a Chicago-based security analyst and founder of CSFI, a group of IT security practitioners who volunteer their guidance and support to companies that have suffered cyber attacks.
The findings stem from an investigation conducted by 11 volunteers from the IT security community. According to the paper, CWFI/CSFI was contacted by a company that claimed to be experiencing a new layer 7 DDoS. CSOonline.com has left out the specific names of companies and agencies involved as much of the information is confidential.
"The attack has been found in the wild and [was] possibly created by Chinese hackers," the paper states. "It is said to have been deployed to Chinese-owned botnets at this time. According to our source, this new L7DA targets IIS and Apache servers."
Hackers Kick Off Tax Season With Oklahoma Web Site Attack
You might not be preparing your taxes yet, but hackers are thinking ahead with new tax-time scams. The Oklahoma Tax Commission was victimized by an attack that defaced the organization's Web site and downloaded malware onto visitors' computers, security researchers say.
Visitors to the Oklahoma Tax Commission Web site were told they needed to accept an Adobe license agreement and then download software. While the prompt appears "normal," researchers said that the application contained malicious code designed to infect users if they click "Accept." Once infected, hackers were able to take control of a user's PC, and gain access to victim's personal information stored on their system.
Researchers at AVG Technologies, who discovered the attack Thursday, said that the hackers were capitalizing on the uptick of visitors to tax sites at the beginning of tax season.
"With tax time upon us, this is a timely hack of a site that's getting above normal traffic," said Roger Thompson, AVG chief technology researcher, in an AVG blog post, adding "These things happen to lots of people, but it's a bit unfortunate to happen to any tax site at this time of year."
Thompson said that the site's IT personnel will remove the malicious code and restore the hacked Oklahoma tax site quickly. But how the hackers were able infiltrate the site still remains to be determined, he said, noting that the Oklahoma Tax site hackers seemed to be able to manipulate the site with relative ease.
Details with screenshots in http://thompson.blog.avg.com/2010/01/ok-so-that-sucks-a-bit-especially-given-the-time-of-year.html