Alert

NEWS - June 06, 2011

LulzSec hacks FBI affiliate, Infragard

"After hacks on PBS.org and SonyPictures.com, hacker group LulzSec has a new target: The FBI."

Hacker group Lulz Security (aka LulzSec) is on a war path. Following their highly public hacks of the PBS website and SonyPictures.com, LulzSec has now set its sights on the top law enforcement agency in the United State: The Federal Bureau of Investigations.

In a press release posted to anonymous message board PasteBin.com, the group announced that it hacked the website of the Atlanta chapter of Infragard, a non-profit that serves as a partnership between the FBI and private business, which the American Civil Liberties Union describes as "a corporate TIPS program, turning private-sector corporations?into surrogate eyes and ears for the FBI." LulzSec also uploaded Infragard Atlanta's user database to the Internet. The group says that the attack was launched in retaliation for NATO and the Pentagon officially declaring hacking an act of war.

"It has come to our unfortunate attention that NATO and our good friend Barrack Osama-Llama 24th-century Obama have recently upped the stakes with regard to hacking. They now treat hacking as an act of war. So, we just hacked an FBI affiliated website (Infragard, specifically the Atlanta chapter) and leaked its user base," wrote LulzSec. "?Most [Infragard members] reuse their passwords in other places, which is heavily frowned upon in the FBI/Infragard handbook and generally everywhere else too."

Continued : http://www.digitaltrends.com/computing/lulzsec-hacks-fbi-affiliate-infragard/

Also:
Infragard Atlanta, an FBI affiliate, hacked by LulzSec
LulzSec hacks FBI liaison and security firm
Discussion is locked
Follow
Reply to: NEWS - June 06, 2011
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - June 06, 2011
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Hackers Attack Nintendo

Nintendo Co. said Sunday that a server for its U.S. unit's website had been hacked but no company or customer information was compromised, marking the first time the Japanese gaming giant has been targeted in recent global hacking attacks.

The Nintendo breach is less severe than the hacker attacks on rival Sony Corp.'s PlayStation Network and its other online services since April that have led to a personal data breach involving more than 100 million user accounts.

The Nintendo incident involved no sensitive information and hasn't caused any damage to its operations or inconveniences for its customers, the company said.

Still, the breach raises a question over whether any online services can be fully protected from potential hacking attempts.

A hacker group called Lulzsec, which had earlier claimed that it had broken into some of Sony's websites and stolen customer information, posted data on the Internet it claims was Nintendo "server configuration file," or data for programming purposes.

Continued : http://online.wsj.com/article/SB10001424052702304474804576366802876217440.html

Also:
Nintendo hacked by LulzSec, no harm done

Lulzsec Hacks Nintendo: No User Information Released

- Collapse -
Adobe Ships Emergency Fix for Flash Bug

Adobe has released an out-of-cycle update for Flash that fixes a serious vulnerability in the application on all platforms. The bug is a cross-site scripting flaw that can be used in drive-by download attacks and Adobe said that is being used in some targeted attacks right now.

Adobe security officials said that they first found out about the Flash vulnerability on Friday, and the company was able to develop and release a fix for it on Sunday. The bug exists in Flash running on Windows, Mac OS X, Android, Linux and Solaris.

"An important vulnerability has been identified in Adobe Flash Player 10.3.181.16 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.22 and earlier versions for Android. This universal cross-site scripting vulnerability (CVE-2011-2107) could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website. There are reports that this vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message," Adobe said in its advisory.

The fix for Flash running on Android should be available sometime this week, Adobe said.

Continued : http://threatpost.com/en_us/blogs/adobe-ships-emergency-fix-flash-bug-060611

See: Security update available for Adobe Flash Player (APSB11-13)

- Collapse -
Beta of CCleaner for Mac OS X released

The Piriform developers have released a public beta of CCleaner for Mac. Previously only available on Windows, CCleaner is a popular cleaning and maintenance tool that allows users to easily delete, for example, the temporary internet files, cookies and history from a variety of web browsers, as well as from their system recycle bin and other temporary files.

The freeware Mac maintenance tool beta, labelled version 1.00.026, currently supports cleaning the Safari and Firefox web browsers, including deleting the cache, history, cookies, download history and saved form information - support for more browsers, such as Google Chrome, is expected to arrive in a future version. With the tool, users can also clean the system trash folder, recent files, applications and servers, as well as the temporary files folder, from within a single application. The developers note that, as this is beta software that may contain bugs, it is "recommended for advanced users only". The final version is expected to arrive "in a month or two".

Continued : http://www.h-online.com/security/news/item/Beta-of-CCleaner-for-Mac-OS-X-released-1255693.html

- Collapse -
iPhone 5G spam spreads Windows malware

Still using a crummy old iPhone 4? Fancy an iPhone 5G instead?

You know, the one with the built-in physical keyboard that slides out and is "slimmer, faster and sleeker" than ever?

What's that? You haven't heard of the iPhone 5G? Well, that's perhaps not a surprise as it doesn't exist yet.

But maybe you think you missed the news - after all, Apple is making some product announcements later today at WWDC in 2011 and it's still possible Steve Jobs might reveal a new incarnation of the iPhone rather than the (much more likely) news around iOS 5, Mac OS X 10.7 ("Lion") and iCloud.

Nevertheless, you might have been one of the people who has received an email claiming to come from Apple with the subject line:

Finally. The amazing iPhone 5. Now available in black edition.

Part of the email, which claims to come from noreply@apple.com, reads:

Introducing the iPhone that lets you do more than ever. And do it amazingly faster.

Launch and switch between applications quickly. Bigger display, transparent mode, better cloud integration. Shoot, edit, and share video like never before. Slimmer, faster and sleeker. Discover many more features that make iPhone 5G S the best iPhone yet.


[Screenshot: Malicious Spam Message] Take care not to click on links contained inside the email, however, as they're directing to a malicious executable file called iphone5.gif.exe.

Of course, the images of the iPhone 5 with a built-in hardware keyboard are just some fanboy's dream.

Continued : http://nakedsecurity.sophos.com/2011/06/06/iphone-5g-spam-spreads-windows-malware/

- Collapse -
Criminal Classifieds: Malware Writers Wanted

The global economy may be struggling to create new jobs, but the employment outlook for criminally-inclined computer programmers has never been brighter. I've spent some time lurking on shadowy, online underground forums, and lately I've seen a proliferation of banner ads apparently placed by criminal gangs looking for talented programmers to help make existing malware stealthier and more feature-rich. [Screenshot]

Many of the ads highlight job openings for coders who are skilled in devising custom "crypters," programs designed to change the appearance of known malware so that it goes undetected by anti-virus software. Anti-virus signatures are based on snippets of code found within known malware samples, and crytpers can try to help hide or obfuscate the code. When anti-virus firms update their products with the ability to detect and flag files that are shrouded by this layer of obfuscation, malware writers tweak their creations in a bid to further evade the new detection mechanisms.

The composite banner ad pictured above is a solicitation from a crime gang that offers a base salary of $2,000 per month in exchange for a "long-term partnership" creating crypters that include customer support. The ads lead to a sign-up page (below) where interested coders can leave their r

- Collapse -
China paper warns Google may pay price for hacking claims

Google has become a "political tool" vilifying the Chinese government, an official Beijing newspaper said on Monday, warning that the U.S. Internet giant's statements about hacking attacks traced to China could hurt its business.

The tough warning appeared in the overseas edition of the People's Daily, the leading newspaper of China's ruling Communist Party, indicating that political tensions between the United States and China over Internet security could linger.

Last week, Google said it had broken up an effort to steal the passwords of hundreds of Google email account holders, including U.S. government officials, Chinese human rights advocates and journalists. It said the attacks appeared to come from China.

The Chinese Foreign Ministry rejected those accusations, and the party newspaper warned Google against playing a risky political game.

By saying that Chinese human rights activists were among the targets of the hacking, Google was "deliberately pandering to negative Western perceptions of China, and strongly hinting that the hacking attacks were the work of the Chinese government," the People's Daily overseas edition, a small offshoot of the main domestic paper, said in a front-page commentary.

Continued : http://www.reuters.com/article/2011/06/06/us-google-china-idUSTRE7550CV20110606

- Collapse -
Financial data stealing Malware on Amazon Web Services Cloud

There were some recent comments about Amazon Cloud as a platform for successful attacks on Sony? Well, today I found that Amazon Web services (Cloud) now is being used to spread financial data stealers. [Screesnhot]

The evidence indicates that the criminals behind the attack are from Brazil and they used several previously registered accounts to launch the infection. Unfortunately after my formal complaints to Amazon, and waiting more than 12 hours, all malicious links are still on-line and active! It's worth mentioning that more and more criminals use legitimate cloud services for malicious purposes. In most cases, they successfully abuse them.
Now, just few words about malware hosted on Amazons WS Cloud:
It comes with a bunch of different malicious codes, all of them dropped to the victim's machines and acting in different ways:

• Acting as a Rootkit - looking for and denying a normal execution of 4 different Anti-Viruses and a special security application called GBPluggin and used for Brazilian on-line banking by many banks in that country:

Continued : http://www.securelist.com/en/blog/208188099/Financial_data_stealing_Malware_now_on_Amazon_Web_Services_Cloud

- Collapse -
Android app brings cookie stealing to unwashed masses

A developer has released an app for Android handsets that brings website credential stealing over smartphones into the script kiddie realm.

FaceNiff, as the Android app is called, can be used to steal unencrypted cookies on most Wi-Fi networks, giving users a point-and-click interface for stealing sensitive authentication tokens sent over Facebook, Twitter, and other popular websites when users don't bother to use encrypted SSL, or secure sockets layer, connections. The app works even on networks protected by WPA and WPA2 encryption schemes by using a technique known as ARP spoofing to redirect local traffic through the attacker's device. An attacker would have to know the security password, however.

To be sure, FaceNiff doesn't do anything that hasn't been done for decades, and based on a YouTube video and comments on an official support forum, the app seems to have its share of quirks. Programs such as SSLSniff, released years ago by Moxie Marlinspike, contain considerably more powerful capabilities even if they lack a smartphone GUI.

Continued : http://www.theregister.co.uk/2011/06/03/android_cookie_stealing_app/

- Collapse -
Prominent iPhone Hacker Blames Vendors' Buggy Code for..
Prominent iPhone Hacker Blames Vendors' Buggy Code for Security Breaches

"Master iPhone hacker Charlie Miller will be giving the keynote speech, which will be about why the bad guys are winning, at NATO's International Conference on Cyber Conflict."

Security researcher Charlie Miller will deliver the keynote speech June 9 at the International Conference on Cyber Conflict. The conference, in its third year, is sponsored by the NATO Cooperative Cyber Defence Center of Excellence and will take place in Estonia.

Miller's keynote, entitled "Why the Bad Guys are Winning the InfoSec War," will use the recent security breaches at PBS.org, RSA Security and HBGary Federal as examples, Miller told eWEEK. Miller analyzed recent events and determined that the common denominator across all the incidents was unknown vulnerabilities and zero-day exploits.

"You are doing everything right, but the bad guys are coming in because they know about vulnerabilities no one else does," Miller said.

Enterprises and governments for the most part have been doing security long enough that they know they have to keep their systems patched. But when most attacks involve a zero-day exploit, no patch is available. Organizations don't even know they are vulnerable, Miller said.

In the case of PBS.org, Lulz Security, a group of cyber-pranksters usually out for laughs (or lolz) did not like the way whistleblower site WikiLeaks was portrayed in the Frontline documentary WikiSecrets. They uncovered a zero-day vulnerability in Movable Type 4, the content-management system used by PBS, and broke in, defacing the site and posting a fake news story about Tupac Shakur supposedly being alive.

Miller blamed the software vendors for the situation. Companies are shipping products with bugs and issues they haven't fixed, and the ones suffering for it are the customers and end users, Miller said. The malicious Excel spreadsheet that attackers used to exploit a zero-day vulnerability in Flash did not affect Microsoft or Adobe, but instead, RSA Security, back in March, Miller said.

Continued : http://www.eweek.com/c/a/Security/Prominent-iPhone-Hacker-Blames-Vendors-Buggy-Code-for-Security-Breaches-668397/
- Collapse -
Monthly Malware Statistics, May 2011

Kaspersky Labs Weblog:

The following statistics were compiled in May using data from computers running Kaspersky Lab products:

• 242,663,383 network attacks blocked;
• 71,334,947 attempted web-borne infections prevented;
• 213,713,174 malicious programs detected and neutralized on users' computers;
• 84,287,491 heuristic verdicts registered.

Rogue antivirus for Mac OS X

In 2010, we saw an overall decrease in the number of rogue antivirus incidents: after peaking in February and March (about 200,000 incidents per month), the rate at which they spread fell about fourfold by the end of 2010. This may seem strange, since spreading fake antivirus solutions is a virtual goldmine for cybercriminals. It is true that the number of rogue antivirus offerings has gone down, but those blackhats who continued to be involved in this activity focused on specific countries (the US, France, Germany, Spain) instead of distributing rogue antivirus software globally.

Continued : http://www.securelist.com/en/blog/508/Monthly_Malware_Statistics_May_2011

- Collapse -
VLC Media Player 1.1.10 fixes vulnerabilities

The VideoLAN project has announced the release of version 1.1.10 of its VLC media player, the free open source cross-platform multimedia player which supports a variety of audio and video formats. According to the developers, the eleventh release of the 1.1.x branch of VLC is a maintenance and security update that addresses several issues found in the previous update from mid-April.

VLC 1.1.10 fixes several previously reported vulnerabilities in libmodplug, also known as the ModPlug XMMS Plugin, and addresses an integer overflow in the XSPF playlist demultiplexer. Other changes include the removal of FontCache building in the Freetype module, a rewrite of PulseAudio output on Linux/BSD, and various codec and translation updates. A number of Mac OS X interface and hotkey fixes have also been implemented.

Looking ahead, the developers have detailed some of the new features coming in version 1.2.0 of VLC, the project's next major update. VLC 1.2.0 will be "faster and have better display quality" thanks to the Video Output rework which includes rewrites of most of the existing Video Outputs, the addition of new Video Outputs for Direct2D, iOS and Android, new filters for branding videos, sharper rendering of subtitles and support for STL (EBU) subtitles. More information about the upcoming release be found in a post by VideoLAN chairman Jean-Baptiste Kempf.

Continued : http://www.h-online.com/security/news/item/VLC-Media-Player-1-1-10-fixes-vulnerabilities-1255756.html

- Collapse -
Spear Phishing in Google?s Pond

Earlier this week, Google posted a blog stating that the personal Gmail accounts of numerous users, including senior US government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel, and journalists had been attacked. Google said a campaign to obtain passwords appears to have originated in Jinan, China and was aimed at monitoring the contents of these users' emails, with the perpetrators apparently using stolen passwords to change people's forwarding and delegation settings. Google confirmed that it detected and disrupted this campaign and has notified victims and secured their accounts. They have also notified the relevant government authorities.

These attacks appear to be an example of "spear phishing." Spear phishing is an email that appears to be from an individual or business that a user knows, but it isn't. It's from the same criminal hackers who want your credit card and bank account numbers, passwords, and the financial information on users' PCs. At its heart, spear phishing is simply a targeted attack.

Symantec has noted a continuous increase in targeted attacks, including spear phishing. In fact, the April 2011 MessageLabs Intelligence Report, published by Symantec, revealed that the number of targeted attacks intercepted by Symantec.cloud each day rose to 85-the highest since March 2009, when the figure was 107 in the run-up to the G20 Summit held in London that year. While some high-profile targeted attacks in 2010 attempted to steal intellectual property or cause physical damage, many of these targeted attacks preyed on individuals for their personal information.

Continued : http://www.symantec.com/connect/blogs/spear-phishing-google-s-pond

- Collapse -
Phishers exploit Google Docs with Gmail de-activation alert

The Gmail database is not congested, and Google is not asking users to confirm that their accounts are still active.

But, it seems that scammers are hoping that you might believe that's true, according to one of the latest phishing attacks that has been spammed across the net.

Here's what a typical email looks like: [Screenshot: Google Docs Phishing Message]

Subject: De-Activation Alert!

Message body:
Dear Gmail Account User,

Due to the congestion in our Gmail database, We will be shutting down all unused accounts before on the 30th of June. You will have to re-confirm your account as soon as possible to enable us upgrade your account before the deadline date.
To confirm your account kindly fill the account verification form.

After Following the instructions in the sheet, your account will not be interrupted and will continue as normal. Thanks for your attention to this request.


We apologize for any inconvenience.
Thanks & Regards,
Engineer.J.Williams
Upgrade Team Controller


As the link does point to a webpage hosted somewhere on Google.com, some computer users may believe that the form they are being directed to must be genuine. However, it is actually pointing to a spreadsheet on Google Docs - pages which can be created by any Tom, Dick or Harry.

Continued : http://nakedsecurity.sophos.com/2011/06/06/phishers-exploit-google-docs-gmail-deactivation-alert/

- Collapse -
Fake AV distributed via user profiles on popular sites

An investigation into the methods of distibution of the FakeRean familiy of fake AVs has revealed some interesting facts, says GFI.

In order to lure people into downloading the PDF exploit that drops and installs FakeRean, these malware peddlers seemingly offer links to sites with adult content.

And to make sure that the links to the malicious sites are online at any given time, they have set them up as posts on forums of a variety of online services such as SourceForge, Twitter, Flickr, Stumbleupon, last.fm, Yahoo Answers, and many, many more - or by adding it as profile information.

According to the GFI researchers, the SourceForge domain is particularly plagued by these "portal" pages posing as user profiles: [Screenshot]

The "portal" pages include a drawing of a scantily clad girl and apparently asks the user to click on the button appropriate to his age ("I am not 18+" or "I am 18+"), but it really doesn't matter which button is pressed - both redirect him to a page hosted on seoholding.com, serving the malicious PDF exploit.

http://www.net-security.org/malware_news.php?id=1741

- Collapse -
Apple WWDC 2011 announcements:Mac OS X Lion, iOS 5, & iCloud

Apple has kicked off its 2011 World Wide Developer Conference (WWDC) with CEO Steve Jobs (still on indefinite medical leave) introducing Mac OS X 10.7 Lion (due in July), iOS 5.0 (due "this fall"), and iCloud-a series of transparent synchronization, backup, and cloud-based storage services designed to be transparent to users. Finally, Jobs, also introduced iTunes in the Cloud, which will enable iTunes music purchases to be synched between devices without fussing with cables or repurchasing-and while iCloud will be free, a $25/year "iTunes Match" service will enable users to put their whole music library in iCloud-purchased or not-as well as upgrade their existing matched tracks.

Mac OS X 10.7 "Lion"

As usual for his keynote presentations, Jobs opened proceedings with an overview of Apple's market success, noting there are now over 54 million Macintosh users around the world with the Mac's market share up 28 percent for the last quarter-whilte the entire PC market actually shrank. Jobs attributed the Mac's success to products like the MacBook Air, noting that 73 percent of Mac sales are currently notebooks.

Continued : http://www.digitaltrends.com/computing/apple-wwdc-2011-announcements/

Related:
Apple introduces iCloud
Apple's PC-Free iOS 5 Coming This Fall
'Lion' brings iPad gestures to Mac OS for only $30

- Collapse -
VMware Patches Bugs in Player, Fusion

VMware has issued an update for a number of its more popular products, fixing several vulnerabilities. Some of the flaws could lead to arbitrary code execution.

The patches resolve security issues in the following VMware products: VMware Workstation 7.1.3 and earlier, VMware Player 3.1.3 and earlier, VMware Fusion 3.1.2 and earlier, and various versions of their ESXi product.

The United States Computer Emergency Readiness Team (US-CERT) posted the bulletin to their current activities Web page, warning that the exploitation of these vulnerabilities could lead to the execution of arbitrary code, cause denials-of-service, bypass security mechanisms, allow an attacker to operate with elevated privileges, or obtain sensitive data.

US-CERT advises that users and administrators read the entire advisory, VMSA-2011-0009, and apply any necessary updates.

http://threatpost.com/en_us/blogs/vmware-patches-bugs-player-fusion-060611

For Further Details See: Vulnerabilities / Fixes - June 03, 2011

- Collapse -
Who's Responsible For Security In Cloud Services?

For companies worried about the security of their data in cloud services, a recent survey could be disheartening.

Almost two-thirds of cloud service providers placed responsibility for the customer data hosted on their infrastructure with the customer, according to a survey of providers (PDF) conducted by the Ponemon Institute and funded by CA Technologies. Cloud providers typically see the availability of their services, cost optimization, and ease-of-use as their top concerns, not security, says Larry Ponemon, chairman and founder of the Ponemon Institute.

Only a quarter of the providers surveyed said the security of their services was a competitive advantage.

"On average, our research shows that cloud providers are less secure than on-premises IT infrastructure," Ponemon says. "And the reason that they are less secure is because they don't see security as their mission."

IT executives need to pay more attention to the fine print in their cloud services contracts, especially because providers and customers are not on the same page when it comes to security, Ponemon says. While 69 percent of providers place security responsibility with their customers, only 35 percent of customers believe they need to worry about the security of their data in the cloud.

Continued : http://www.darkreading.com/cloud-security/167901092/security/security-management/229900142/who-s-responsible-for-security-in-cloud-services.html

CNET Forums