HolidayBuyer's Guide

Spyware, Viruses, & Security forum

Alert

NEWS - July 28, 2011

by Carol~ Forum moderator / July 28, 2011 2:16 AM PDT
Hack of South Korean sites affects up to 35 million users

According to a report from Reuters, hackers from China have attacked an internet portal and blogging site operated by South Korea's SK Communications, gaining access to the personal information of up to 35 million users. The news agency says that the cyber attack could be the largest the country has ever experienced.

In a statement, the Korea Communications Commission confirmed that the personal information targeted by the attackers included names, telephone numbers, email addresses and other data from the Nate portal and Cyworld blogging sites run by the SK Telecom subsidiary. An official at the commission told Reuters that the police have started an investigation, but have yet to ask for assistance from Chinese authorities.

Last month Google announced that it had discovered attacks on high-profile Gmail accounts originating from China that were targeting Chinese political activists, journalists and government officials in the US and South Korea. Other attacks on South Korea in recent months have focused on the country's financial firms.

http://www.h-online.com/security/news/item/Hack-of-South-Korean-sites-affects-up-to-35-million-users-1287591.html

Also:
Data stolen from 35 million South Korean social networking users
Massive Data Breach of South Korea Portal Affects 35 Million Users
Korea blames China for massive hack attack
Discussion is locked
You are posting a reply to: NEWS - July 28, 2011
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - July 28, 2011
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Cyber attack on RSA cost EMC $66 million
by Carol~ Forum moderator / July 28, 2011 4:08 AM PDT
In reply to: NEWS - July 28, 2011

In its earnings call Tuesday, EMC disclosed that it spent $66 million in its second quarter to deal with a cyber attack that compromised its RSA Security division.

"We incurred an accrued cost associated with investigating the attack, hardening our systems and working with customers to implement our remediation programs," said EMC's executive vice president David Goluden.

EMC spent the $66 million on transaction monitoring for its corporate customers who worried that their RSA security tokens — long considered the gold-standard for protecting sensitive data — had been compromised in the attack. EMC also offered replacements to any company that requested them.

EMC also revealed some more information about the attack itself, saying that it alerted customers within hours of the intrusion and suspects that the company was targeted for information on its defense and government agencies, not for financial information.

Continued : http://www.washingtonpost.com/blogs/post-tech/post/cyber-attack-on-rsa-cost-emc-66-million/2011/07/26/gIQA1ceKbI_blog.html

Related: What did the RSA breach end up costing EMC?

Collapse -
Amazon S3 exploiting through SpyEye
by Carol~ Forum moderator / July 28, 2011 4:08 AM PDT
In reply to: NEWS - July 28, 2011

From Kaspersky Lab Weblog:

Cloud Computing providers offer gigabytes of storage for free, and the cybercriminals use to maintain and spread malware of all the kind. At the same time, many legitimate services are not free, but are still very attractive to cybercrime gangs. In the case of Amazon, Amazon Simple Storage Service (Amazon S3) does the trick.

Despite being a paid service, the cost is not an obstacle for profitable attackers. In fact, my colleague Dmitry Bestuzhev recently told us about the spread of malware exploiting this service to "the cloud".

The truth is that these cases are not isolated. According to our research, cybercriminals have been running SpyEye activities and from Amazon for the past couple of weeks. [Screenshot]

One hurdle for these cybercriminals to abusing Amazon S3 is the creation of an Amazon Web Services (AWS) account. These accounts require a legitimate identity and method of payment, so it is evident that criminals are using stolen data to overcome this challenge.

Data shows that Amazon cloud services were abused heavily this month to spread malware. The following graph shows the domains used for this campaign from the second half of July 2011:

Continued : http://www.securelist.com/en/blog/208193064/Amazon_S3_exploiting_through_SpyEye

Collapse -
Trojan Tricks Victims Into Transfering Funds
by Carol~ Forum moderator / July 28, 2011 4:08 AM PDT
In reply to: NEWS - July 28, 2011

It's horrifying enough when a computer crook breaks into your PC, steals your passwords and empties your bank account. Now, a new malware variant uses a devilish scheme to trick people into voluntarily transferring money from their accounts to a cyber thief's account.

The German Federal Criminal Police (the "Bundeskriminalamt" or BKA for short) recently warned consumers about a new Windows malware strain that waits until the victim logs in to his bank account. The malware then presents the customer with a message stating that a credit has been made to his account by mistake, and that the account has been frozen until the errant payment is transferred back.

When the unwitting user views his account balance, the malware modifies the amounts displayed in his browser; it appears that he has recently received a large transfer into his account. The victim is told to immediately make a transfer to return the funds and unlock his account. The malicious software presents an already filled-in online transfer form - with the account and routing numbers for a bank account the attacker controls.

The BKA's advisory isn't specific about the responsible strain of malware, but it is becoming increasingly common for banking Trojans to incorporate "Web injects," custom designed plug-ins that manipulate what victims see in their Web browsers.

Continued : http://krebsonsecurity.com/2011/07/trojan-tricks-victims-into-transfering-funds/#more-10881

Collapse -
Naughty JavaScript can be planted in IM status messages
by Carol~ Forum moderator / July 28, 2011 4:08 AM PDT
In reply to: NEWS - July 28, 2011

Security shortcomings in both ICQ instant messenger for Windows and the ICQ website create a possible mechanism for account hijacking, a security researcher warns.

Levent Kayan warns that the software fails to screen against the inclusion of JavaScript code in user-supplied status messages. The shortcoming means that this JavaScript code might be run on a victim's machine providing they are tricked into opening the booby-trapped status message using a vulnerable ICQ client.

The technique might be used to steal session cookies, enabling the hijacker to impersonate victims, or (with greater difficulty) to gain access to local files on a compromised PC. Kayan found a similar cross-site scripting flaw involving Skype earlier this month.

Heise Security was able to reproduce the flaw discovered by Kayan using the current 7.5 version of ICQ. ICQ told the security news site that it was in the process of developing and testing a security fix.

http://www.theregister.co.uk/2011/07/28/icq_scripting_bug/

Collapse -
Automated stock trading poses fraud risk, researcher says
by Carol~ Forum moderator / July 28, 2011 4:08 AM PDT
In reply to: NEWS - July 28, 2011

An emphasis on speed and a lack of security makes automated trading in financial markets ripe for exploitation and fraud, a security researcher warned today.

Most stock trades in the U.S. and many around the world in general are now made by data-crunching computers that buy and sell stocks in microseconds--something that used to take human traders minutes to do. With these algorithm-based, high-frequency trades a fraction of second can be worth millions of dollars for an investor. (See CBS 60 Minutes report on this.)

In the push for greater speed and thus higher profits, security is sacrificed, James Arlen, principal at Push the Stack Consulting, told CNET in a preview of a presentation he will give at the Black Hat security conference in Las Vegas next week titled "Security When Nano Seconds Count."

Continued : http://news.cnet.com/8301-27080_3-20084531-245/automated-stock-trading-poses-fraud-risk-researcher-says/

Collapse -
Stolen USB stick contained police investigation details
by Carol~ Forum moderator / July 28, 2011 5:40 AM PDT
In reply to: NEWS - July 28, 2011

Greater Manchester Police have warned that sensitive information about an ongoing criminal investigation was contained on a USB memory stick stolen from an officer's home in Oldham, UK.

The officer has been suspended, pending an investigation, and the matter has been referred to the Independent Police Complaints Commission and the Information Commissioner.

One big question which has to be answered is - was the personal data contained on the USB stick encrypted?

According to the BBC News report, it may not have been password-protected suggesting that encryption was not being used.

Aside from the issue of whether such sensitive data about an investigation should be left at an officer's home in the first place, why isn't encryption being used as a matter of course to ensure that - even if the information does fall into the wrong hands - it can't be deciphered?

Continued : http://nakedsecurity.sophos.com/2011/07/28/stolen-usb-stick-contained-police-investigation-details/

Also: Greater Manchester Police Sensitive Information Stolen on USB Stick

Collapse -
Windows XP's popularity is rootkit risk, new analysis finds
by Carol~ Forum moderator / July 28, 2011 5:41 AM PDT
In reply to: NEWS - July 28, 2011

"OS more vulnerable than Vista and Windows 7"

The stubborn popularity of Windows XP is offering an easy target for the creators of rootkit malware, according to antivirus company Avast. Three quarters of all rootkits it found in a new study were on XP machines.

Forty-nine percent of Avast's considerable user base still runs Windows XP, itself an interesting statistic nearly two years after Windows 7 was launched, but it is its obvious vulnerability in the face of advanced rootkits such as TDL-3/4 (aka 'Alureon') that offers the clearest reminder of its obsolescence.

In the company's six-month study of 630,000 infections, not only were a disproportionate 74 percent of all rootkits found on XP PCs, 74 percent of these infections were connected to TDL. Overwhelmingly, this malware sits on the master boot record of a PC, which makes it hard to spot and get rid of using conventional tools once it has bypassed security.

Continued : http://news.techworld.com/security/3294191/windows-xps-popularity-is-rootkit-risk-new-analysis-finds/

Also:
XP remains fertile breeding ground for cyber infection
XP Remains Main Target of Rootkits

Collapse -
Google Enables Gmail Two-Factor Security in 150 Countries
by Carol~ Forum moderator / July 28, 2011 5:41 AM PDT
In reply to: NEWS - July 28, 2011

Nearly six months after first introducing two-step verification for its Gmail service, Google has expanded the security feature to users outside the English-speaking world, opening it up to people in more than 150 countries.

The company said on Thursday that it has enabled the two-step verification process for users around the world in more than 40 languages. The enhanced Gmail authentication method involves users entering a username and password and then going through a short process to set up a system so that they can receive one-time verification codes via SMS from Google. Users also can use an app for their smartphones that will generate the codes for them.

"Once you enable 2-step verification, you'll see an extra page that prompts you for a code when you sign in to your account. After entering your password, Google will call you with the code, send you an SMS message or give you the choice to generate the code for yourself using a mobile application on your Android, BlackBerry or iPhone device. The choice is up to you. When you enter this code after correctly submitting your password we'll have a pretty good idea that the person signing in is actually you," the company said in its initial announcement of the process back in February.

Continued : http://threatpost.com/en_us/blogs/google-enables-gmail-two-factor-security-150-countries-072811

Collapse -
LiveJournal Targeted in Massive DDoS Attack
by Carol~ Forum moderator / July 28, 2011 5:41 AM PDT
In reply to: NEWS - July 28, 2011

LiveJournal has experienced downtime during the past couple of days because of a massive distributed denial-of-service attack that overwhelmed the company's servers.

The outages began on Tuesday, but the company didn't release a statement until yesterday when it confirmed it was the target of an attack.

"We can now publicly disclose that we have been experiencing a large-scale DDoS attack the last two days, which has been the reason for the site issues most users have been experiencing," the company said.

"The traffic load has been immense, at many times our normal load level, and the attack is still on-going. We are in constant contact with our providers to mitigate the attack as best as possible," it added.

LiveJournal is one of the oldest blogging platforms, dating back to 1999, and has over 30 million registered accounts. The service remains hugely popular in Russia which accounts for nearly half of its audience.

Continued : http://news.softpedia.com/news/LiveJournal-Targeted-in-Massive-DDoS-Attack-213909.shtml

Also: LiveJournal groans under 'immense' DDos attack

Collapse -
LICAT Variant Distributed Via IRS-Related Spam
by Carol~ Forum moderator / July 28, 2011 5:41 AM PDT
In reply to: NEWS - July 28, 2011

From TrendLabs Malware Blog:

We have encountered another LICAT variant that is being spread via fake IRS spam to people under specific organizations, including Trend Micro. As you may recall, LICAT is known for its use of dynamic domain generation algorithm (DGA) technique.

In the spammed message, recipients are informed of an issue regarding their tax payment. The message contains a link that supposedly leads to the recipient's tax review. Once the user clicks on the link, they will be prompted to download an executable file, which when executed installs the malware — now detected as TSPY_ZBOT.WHZ — into their system. [Screenshot]

Like any LICAT variant, TSPY_ZBOT.WHZ generates URLs using a computation based on the current date. TSPY_ZBOT.WHZ connects to the dynamically generated URLs in order to download its configuration file, which contains information on the websites it will monitor, as well as the site where it will send any stolen information. This malware also appears to concentrate on the typical ZBOT routines that involve information theft, and uses the DGA technique to evade blocking by antivirus products.

Continued: http://blog.trendmicro.com/licat-variant-distributed-via-irs-related-spam/#more-35606

Collapse -
Google's indexing capabilities to identify vulnerabilities
by Carol~ Forum moderator / July 28, 2011 5:41 AM PDT
In reply to: NEWS - July 28, 2011

"Use Google's indexing capabilities to identify vulnerabilities"

Next week at Black Hat, Stach & Liu researchers Francis Brown and Rob Ragan will show how the power of Google's indexing capabilities can be harnessed to identify vulnerabilities - particularly SQL injection flaws - that can be used to take over millions of websites that are at risk.

By searching for the right string of information, an attacker can find massive amounts of sensitive data and extract it with a few simple exploits.

Over the past year, Stach & Liu has built what may be the world's single largest repository of live vulnerabilities on the web - in fact, over 3,000 new vulnerable websites are added per day to this database via real-time RSS feed updates from both Google and Bing.

After a year of collecting this research, Brown and Ragan are returning to Black Hat to give the security community the defensive tools they've been asking for to help solve this problem.

Brown and Ragan will also show how Google hacking was used in several other recent, high profile attacks:

Continued : http://www.net-security.org/secworld.php?id=11362

Collapse -
UK Cops 'duped' into arresting wrong LulzSec suspect
by Carol~ Forum moderator / July 28, 2011 7:03 AM PDT
In reply to: NEWS - July 28, 2011

The 19-year-old Scotsman fingered Wednesday as a central figure of the LulzSec hacking crew is a fall guy who was framed to take the heat off the real culprit, according to unconfirmed claims from a rival group.

"We believe MET Police got the wrong guy and it happens because of lot of disinformation floating on the web," a Thursday post on the LulzSec Exposed blog said. "LulzSec and Anonymous members are Master trolls and they are good at this."

According to the post, penned by members of a group calling itself the Web Ninjas, the real LulzSec figure known as Topiary is a 23-year-old Swede, who stole the handle from a low-level member after he ran afoul of its parent group Anonymous. The mistaken identity was part of an elaborate ruse to confuse authorities about Topiary's true identity, the speculation claims.

The post comes a day after the Metropolitan Police said a "pre-planned intelligence-led operation" led them to a residential address in the Shetland Islands, off the North Coast of Scotland. That's where they apprehended an unnamed 19-year-old man and transported him to London for questioning. Police said they also questioned a 17-year-old from Lincolnshire and searched his home.

Continued : http://www.theregister.co.uk/2011/07/28/topiary_arrest_rumor/

Also: Topiary: did police arrest the wrong man in LulzSec investigation?

Related: Scotland Yard Arrests Accused LulzSec Spokesman 'Topiary'

Collapse -
ShareMeNot
by Carol~ Forum moderator / July 28, 2011 7:03 AM PDT
In reply to: NEWS - July 28, 2011

From Bruce Schneier @ his "Schneier on Security" Blog:

ShareMeNot is a Firefox add-on for preventing tracking from third-party buttons (like the Facebook "Like" button or the Google "+1" button) until the user actually chooses to interact with them. That is, ShareMeNot doesn't disable/remove these buttons completely. Rather, it allows them to render on the page, but prevents the cookies from being sent until the user actually clicks on them, at which point ShareMeNot releases the cookies and the user gets the desired behavior (i.e., they can Like or +1 the page).

http://www.schneier.com/blog/archives/2011/07/sharemenot.html

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

The Samsung RF23M8090SG

One of the best French door fridges we've tested

A good-looking fridge with useful features like an auto-filling water pitcher and a temperature-adjustable "FlexZone" drawer. It was a near-flawless performer in our cooling tests.