HolidayBuyer's Guide

Spyware, Viruses, & Security forum

General discussion

NEWS - July 21, 2009

by Donna Buenaventura / July 20, 2009 7:36 PM PDT
Secunia: Adobe still serves vulnerable version of Adobe Reader

From Secunia blog:

There has recently existed some confusion amongst the users of the Secunia PSI as they are puzzled as to why the latest downloaded Adobe Reader version from is reported as insecure by Secunia PSI.

Is it a false positive? Due to the detection method (looking at the actual files available on the hard-drive of a PC) used in the Secunia PSI false positives are very unlikely.

A mistake in the Secunia PSI? Perhaps, but we are happy to learn that the Secunia PSI is correct, but surprised to discover that Adobe ships insecure software to their users!

Vulnerabilities and Timeline
On 1st of May 2009, version 9.1.1 of Adobe Reader was announced and according to Adobe fixed at least one critical vulnerability. However, despite this announcement Adobe continued to serve version 9.1.0 on

In the meantime, on 10th of June, another 9 critical vulnerabilities (SA34580) were fixed by Adobe in their very popular PDF viewer.

Yet, as of today, Adobe still serves version 9.1.0 on their official download location at, leaving the user with the task of understanding that their PC has been rendered vulnerable to attacks (from opening an innocent looking PDF attachment to surf-by-attacks when browsing websites).

More in
Discussion is locked
You are posting a reply to: NEWS - July 21, 2009
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - July 21, 2009
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Researcher raids browser history for webmail login tokens
by Donna Buenaventura / July 20, 2009 7:47 PM PDT
In reply to: NEWS - July 21, 2009
In a disclosure that has implications for the security of e-commerce and Web 2.0 sites everywhere, a researcher has perfected a technique for stealing unique identifiers used to prevent unauthorized access to email accounts and other private resources.

Websites typically append a random sequence of characters to URLs after a user has entered a correct password. The token is designed to prevent CSRF (cross-site request forgery) attacks, which trick websites into executing unauthorized commands by exploiting the trust they have for a given user's browser. The token is generally unique for each user, preventing an attacker from using CSRF attacks to rifle through a victim's account simply by sending a generic URL to a website.

Now, a researcher who goes by the name Inferno has come up with a way to guess CRSF tokens using brute forcing techniques by combining it with a much older attack.

More in
Collapse -
Digital Spy fights second malware attack
by Donna Buenaventura / July 20, 2009 7:51 PM PDT
In reply to: NEWS - July 21, 2009
Celebrity and TV gossip website Digital Spy is investigating reports that its subscribers outside the UK have been exposed to malware. The latest reported outbreak follows an earlier malware infestation, later traced to tainted banner ads, that hit the site only six weeks ago.

Digital Spy is a high-traffic website frequented by surfers gorging on information about celebrity shenanigans and reality TV programmes. As with the previous attack, news that the site might be serving up malware surfaced via posts on Digital Spy's forum.

Subscribers reported warnings from their anti-virus scanner and hijacked connections, re-routing them via dating sites, among other examples of weird behaviour.

Complete article in
Collapse -
McAfee updates managed cloud security service
by Donna Buenaventura / July 20, 2009 7:57 PM PDT
In reply to: NEWS - July 21, 2009
McAfee's latest version of its managed security service includes new features that let companies scan their Web sites for vulnerabilities as well as check for compliance with payment-card industry standards for handling financial data.

McAfee's Total Protection Service 5.0 has also been expanded to 18 languages, said Sal Viveros, a McAfee security analyst.

The vulnerability assessment service scans Web sites to see if they've been hacked and then can send reports to administrators as to what's wrong. The service can also check to see if a particular Web site complies with the Payment Card Industry Data Security Standard, which is a set of rules supported by card companies such as MasterCard and Visa.

McAfee has also integrated into the latest release technology that came from Secure Computing, which McAfee announced it would acquire in September 2008 for US$465 million.

Article is in
Collapse -
Hidden-cam video of US sports reporter lures web users to...
by Donna Buenaventura / July 21, 2009 12:16 AM PDT
In reply to: NEWS - July 21, 2009
malware infection

Links to Erin Andrews peephole video infect PC and Mac user

IT security and control firm Sophos is warning all internet users to be wary of websites claiming to host a controversial nude video of high-profile ESPN reporter Erin Andrews - hackers are using the hype surrounding the hidden camera tape to distribute malware that will infect both PC and Mac computer systems.

The internet has been abuzz with news that a voyeur had secretly filmed the glamorous US sports reporter through the peephole of her hotel room door. Lawyers working for Andrews said that they will take legal action against anyone distributing the footage, which was taken without her knowledge or consent. However, opportunists and hackers have been quick to set up websites claiming to contain the illicit content, in the hope of driving internet traffic to their websites or infecting innocent victims.

Computer users who visit many of these sites are running the risk of being infected by the OSX/Jahlav-C Trojan horse on Macs, or the Mal/FakeAV-AY Trojan if visiting from a Windows computer. Once a hacker has control of your computer they can steal sensitive information and con unsuspecting computer users into paying for bogus online protection.

Video clip and more info in
Collapse -
See also blog reports by Sunbelt and McAfee on this
Erin Andrews “peep hole” video malware booming

Researchers at Sunbelt Software have detected that the Trojan installers used in the scam are generating a large number of polymorphic variants. The installers change with sites each day and number around 10,000 unique hash's.

Malware From Celebrity Video - But I Thought I Just Installed A Video Player !

The malware downloaded from this site are currently detected as FakeAlert-DA and FakeAlert-EL. For MacOS users, the MediaPlayer.dmg malware will be detected as OSX/Puper.a trojan. In other related cases, we are currently detecting them as Generic FakeAlert.a and Generic FakeAlert.c.

Internet users are advised to refrain from installing programs that are linked from hot news and media sites.
Collapse -
Swine flu malware poses as pig plague update
by roddy32 / July 21, 2009 12:26 AM PDT
In reply to: NEWS - July 21, 2009

By John Leyden
Posted in Spam, 21st July 2009 10:03 GMT

Wrongdoers have created a new strain of swine flu-themed malware.

A Trojan, containing backdoor and keylogger functionality, poses as a Word document from the US Centre of Disease Control giving information about the disease.

The infectious file - Novel H1N1 Flu Situation Update.exe - appears with an icon that makes it look like a Word document file. Users tempted to open the booby-trapped file are presented with a document.

Meanwhile the malicious code does its mischief in the background, as explained in a write-up (containing screenshots) by net security firm F-Secure here. F-Secure classifies the Trojan as Agent-AVZQ.

More here

Collapse -
Spammers Running Wild In Latest MySpace Phishing Attack
by Donna Buenaventura / July 21, 2009 12:49 AM PDT
In reply to: NEWS - July 21, 2009
In the last 24 hours there has been a sudden surge in the amount of spam being sent and received by MySpace users, suggesting that the site has fallen prey to a security exploit that grants spammers access to accounts. Many users are logging in to find that they’ve commented on their friend’s status updates with spammy messages inviting them to “make $$ this summer”. We’ve reached out to MySpace to ensure that they are aware of the issue.

Some MySpacers are speculating on the site’s forums that the hack is tied to phishing links in status updates, which seems to be in line with the reports we’ve seen of literally hundreds of identical spam status updates to certain band profiles (see the screenshot below).

Update: We’ve learned that this is in fact the case — MySpace users are falling prey to a phishing attack through links in status updates that invite them to renter their login information, which is then used to spam their accounts. MySpace expects to have a fix for this out later today that will remove all of these links.

More in
Collapse -
RIM fights BlackBerry snoop gaffe
by Donna Buenaventura / July 21, 2009 1:43 AM PDT
In reply to: NEWS - July 21, 2009
RIM, maker of the BlackBerry mobile phone, has told the Reg that Etisalat is talking tosh and the BlackBerry remains a secure platform, after the United Arab Emirates operator "patched" the device with surveillance software.

The "patch" which Etisalat sent out last week was actually a surveillance application, designed to make copies of received e-mails, despite the operator's claims that the software was designed to ease 2G to 3G handoffs. RIM has sent The Register a statement making it clear that such an operator-issued application simply could not interact with low-level radio functionality, and that there aren't any problems on Etisalat's network that needed fixing anyway.

RIM's statement is restrained: so restrained that one can hear the sound of gritted teeth between the words: "Etisalat also issued a press release that referred to the software as a BlackBerry Software Upgrade... RIM confirms that this software is not a patch and it is not a RIM authorized upgrade. RIM did not develop this software application and RIM was not involved in any way in the testing, promotion or distribution of this software application."

Complete article in
Collapse -
Researcher: BlackBerry Spyware Wasn’t Ready for Prime Time
by Donna Buenaventura / July 21, 2009 5:30 AM PDT
A BlackBerry software upgrade in the Middle East that turned out to be an e-mail interception program was likely a buggy beta version of a U.S.-made surveillance product, according to an analyst who dissected the malicious code.

Sheran Gunasekera, who works as a security consultant in Asia, released a white paper examining the spyware. (.pdf) Gunasekera said the software had no protective measures to obfuscate it, making it easy to decompile and examine — an unusual flaw for a program designed for surreptitious interception.

Another researcher named Nigel Gourlay was the first to examine the code and report that it was spyware, designed to intercept a user’s e-mail messages. The program appeared to be written by a U.S.-based company named SS8, which markets surveillance tools to law-enforcement and intelligence agencies. The company hasn’t responded to repeated inquiries from Threat Level.

Full story in
Collapse -
Why Twitter Hack is Not a Cloud Security Wake-up Call
by Donna Buenaventura / July 21, 2009 2:10 AM PDT
In reply to: NEWS - July 21, 2009
The recent Twitter hack illustrates a problem with weak passwords, not cloud security, writes Pete Soderling, founder of Web development shop Mechanikal and API management company Stratus Security Technologies.

My Google Alerts for cloud security have been going off with an increased vengeance.

In the current Web buzz about the recently stolen Twitter documents sent out by a hacker to TechCrunch, people have been pointing to the attack and citing it as a cloud computing security wake-up call.

In fact, the Twitter hack is an older and more common type of attack that any computing system is vulnerable to: weak password security.

Continue reading in
Collapse -
Michael Jackson malware is not dead
by Donna Buenaventura / July 21, 2009 2:26 AM PDT
In reply to: NEWS - July 21, 2009
Collapse -
LA officials question Google Apps plan
by Donna Buenaventura / July 21, 2009 5:26 AM PDT
In reply to: NEWS - July 21, 2009
A Los Angeles councilman and the head of a police group are questioning the city's plan to move government e-mail and other records onto Google's hosted Web service Google Apps.

"Anytime you go to a Web-based system, that puts you just a little further out than you were before," LA City Councilman Tony Cardenas told The Associated Press. "Drug cartels would pay any sum of money to be aware of our progress on investigations."

Paul Weber, president of the LA Police Protective League, also said he is worried about the safety of sensitive police investigation records if they are moved to Google Apps.

The concerns come after sensitive Twitter documents were stolen by a hacker who gained access to a Twitter employee's Yahoo e-mail account and from there got information that allowed access to the company's data on Google Apps. Although the breach occurred in May, the severity of the situation wasn't clear until last week when the hacker fed the data to TechCrunch for public posting.

While Twitter executives noted that there was no security vulnerability in Google Apps, the linking of personal and work e-mail by the employee, re-use of passwords on multiple accounts, and easy to guess security questions allowed an outsider to steal confidential information and expose it to the world.

Collapse -
The great WiFi robbery: police to patrol down your street
by Donna Buenaventura / July 21, 2009 5:42 AM PDT
In reply to: NEWS - July 21, 2009
The Queensland Police fraud squad says it will be the first police force in the world to go on "wardriving" missions to warn homes and businesses if their wireless networks are not secure.

Detective Superintendent Brian Hay said criminals were piggy-backing on the WiFi connections of ordinary computer users and using them to anonymously commit crimes such as fraud and identity theft.

The process of searching for open wireless networks using a laptop or handheld in a moving vehicle is known in the geek community as "wardriving".

Detective Superintendent Hay said it was important for police to get "ahead of the game" as crooks were now sharing information on satellite maps showing vulnerable areas with large numbers of unsecured networks.

He blamed computer equipment sellers for not doing enough to educate customers on the importance of security.

Continue reading in via Sunbelt Blog
Collapse -
Hey Mr. DJ, Don't Put That Record On
by Donna Buenaventura / July 21, 2009 5:49 AM PDT
In reply to: NEWS - July 21, 2009

Symantec Security Response Blogs today:

Hopefully the readers of the Security Response Blogs are well aware of advance-fee fraud, which is also known as a 419 scam. A 419 scam typically pops up disguised as an email from some member of a royal family from a country far away, trying to transfer large amounts of money to you. The story used in the fraud schemes doesn’t vary much these days. However, these advance-fee scams have evolved and adapted to all of the new information sources that are available, including social networks. Such as with the following example, which was seen a couple of times at the beginning of June this year.

The scammer searched in Facebook for people who have highlighted the fact that they are disc jockeys. Since it is likely that such people usually want to be found and are proud to be DJs, it is quite easy for an attacker to create a very targeted user list for his scam. Simply browsing and comparing dedicated user interest groups can reveal all of the necessary information.

Armed with this information, the attacker rolled out some adequate bait for the DJ user group. The attacker pretended to be an event organizer from Miami, searching for new talent to be a stand-in for another artist who cancelled a booking on short notice. Following the contact message on Facebook was a list of documents boosting the seriousness of this offer: flight confirmation, five-star hotel reservations, and a signed contract offering 3,000 Euros for playing six nights in Miami’s finest clubs—a dream for any newcomer DJ. According to people who were contacted by the scammer, his appearance was very convincing and he acted in a professional manner, even calling the victims on the phone to discuss details. Social engineering at its best.

The catch?

Continue readig this at

Collapse -
National Pharmaceutical Control Bureau of Malaysia Web site
by Donna Buenaventura / July 21, 2009 2:09 PM PDT
In reply to: NEWS - July 21, 2009
Websense Security Labs ThreatSeeker Network has detected that the the Web site of the National Pharmaceutical Control Bureau of Malaysia has been compromised and injected with malicious code. The Web host has been injected with an iframe that leads to a site laden with exploits.

More details in
Collapse -
Emsi Software fired "Rogue" Employee
by Donna Buenaventura / July 21, 2009 2:38 PM PDT
In reply to: NEWS - July 21, 2009
Collapse -
Microsoft Malware Protection Center v2 website launched
by Donna Buenaventura / July 21, 2009 3:03 PM PDT
In reply to: NEWS - July 21, 2009

From MS MPC Blog:

We've been working hard, have heard your feedback, and are excited to announce V2 of the MMPC Portal! This new portal contains several new features including stream-lined sample submission and tracking, which is made possible by creating an MMPC profile. When you log in, the information saved in your MMPC profile auto-populates the sample submission form, thereby expediting the submission process. You can then monitor the status of your submission online – if you are logged in (using your MMPC profile) while submitting a sample, we will allow you to view details for all samples you have submitted in the past. In effect we now have ‘one stop shopping’ for sample submission and tracking.

MMPC Portal V2 includes a change log which allows you to see new and updated detections in the most recent definition versions. We have also implemented RSS feeds for encyclopedia entries, active malware lists, and the change log to allow you to stay up to date. We have stream-lined our UI to improve accessibility to content, extended existing content, and created new content. The new content includes a ‘guidance and advice’ section, improved encyclopedia content/organization, expanded glossary, a list of recent research papers, updates on news and events, highlights around awards and certifications, as well as an introduction to our team.

More in

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Cameras that make great holiday gifts

Let them start the new year with a step up in photo and video quality from a phone.