Spyware, Viruses, & Security forum


NEWS - June 10, 2013

by Carol~ Forum moderator / June 10, 2013 7:25 AM PDT
PRISM - not as bad as you thought? (And don't call it PRISM!)

You've almost certainly heard about PRISM, an abbreviation that has come to mean "US surveillance of everything."

Since Naked Security first wrote about this unfolding drama last week, a raft of new information has come to light.

The whistleblower who leaked the information has come forward; his employer has responded; and the US Department of National Intelligence itself has spoken on the record.

The conspiracy theories probably haven't been shaken, but they've certainly been stirred.

Whistleblower comes forward

A chap by the name of Edward Snowden, who's 29 years old and works for a defence contractor, has outed himself as the source of the PRISM leak.

According to The Guardian, he slipped out of the US, flew to Hong Kong and holed up in a hotel.

Apparently, he's been out of his room only three times in the past three weeks.

From Hong Kong, he blew the whistle, purportedly claiming that:

Continued : http://nakedsecurity.sophos.com/2013/06/10/prism-not-as-bad-as-you-thought-and-dont-call-it-prism/

Related :
Whistleblower who exposed NSA mass-surveillance revealed by The Guardian

NSA Whistleblower: The Ultimate Insider Attack
What's in the Rest of the Top-Secret NSA PowerPoint Deck?

NSA whistleblower reveals himself, world reacts
Video with NSA whistleblower Edward Snowden

Bruce Schneier at his Schneier on Security blog: Government Secrets and the Need for Whistle-blowers
Discussion is locked
You are posting a reply to: NEWS - June 10, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - June 10, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
NSA Whistleblower Article Redirects to Malware
by Carol~ Forum moderator / June 10, 2013 7:28 AM PDT
In reply to: NEWS - June 10, 2013

Hackers have latched on to the NSA surveillance story—literally.

A news story on the outing of whistleblower Edward Snowden posted to the Washington Free Beacon is serving malware redirecting visitors to a malicious site where more malware awaits. The Free Beacon site remains infected, according to Invincea researchers, who said they have contacted the news organization about the attack. The story is being linked to by the popular Drudge Report and it's likely to have snared a pretty good number of victims so far.

The attack on the Free Beacon is similar to a previous watering hole attack carried out against a number of other Washington, D.C.-based media outlets, including radio station WTOP, Federal News Radio and the site of technology blogger John Dvorak. Invincea researcher Eddie Mitchell wrote on the company's blog that several other Free Beacon pages are also serving javascript, including the site's main index page. The javascript drops an iframe that sends traffic offsite to a page hosting the Fiesta Exploit Kit.

"This exploit appears to be the same as used against other media sites to infect readers of these websites and part of a concerted campaign against media sites to infect their visitors by exploiting vulnerabilities in Java," Mitchell wrote. "

Mitchell cautions that this attack isn't being detected yet by security companies because signatures associated with the attack are different from previous campaigns.

Continued : http://threatpost.com/nsa-whistleblower-article-redirects-to-malware/

Collapse -
The Value of a Hacked Email Account
by Carol~ Forum moderator / June 10, 2013 7:35 AM PDT
In reply to: NEWS - June 10, 2013

One of the most-viewed stories on this site is a blog post+graphic that I put together last year to illustrate the ways that bad guys can monetize hacked computers. But just as folks who don't bank online or store sensitive data on their PCs often have trouble understanding why someone would want to hack into their systems, many people do not fully realize how much they have invested in their email accounts until those accounts are in the hands of cyber thieves.

This post aims to raise awareness about the street value of a hacked email account, as well as all of the people, personal data, and resources that are put at risk when users neglect to properly safeguard their inboxes.

Sign up with any service online, and it will almost certainly require you to supply an email address. In nearly all cases, the person who is in control of that address can reset the password of any associated services or accounts -merely by requesting a password reset email. [Screenshot]

How much are these associated accounts worth? There isn't exactly a central exchange for hacked accounts in the cybercrime underground, but recent price lists posted by several miscreants who traffic in non-financial compromised accounts offer some insights.

Continued : http://krebsonsecurity.com/2013/06/the-value-of-a-hacked-email-account/

Collapse -
Bugat Joins The Mobile Revolution: BitMo
by Carol~ Forum moderator / June 10, 2013 9:20 AM PDT
In reply to: NEWS - June 10, 2013
Bugat Joins The Mobile Revolution: BitMo Hijacking SMS-Born OTP's #INTH3WILD

RSA researchers analyzing Bugat Trojan attacks have recently learned that Bugat's developers managed to develop and deploy mobile malware designed to hijack out-of-band authentication codes sent to bank customers via text messages.

Bugat (aka: Cridex) was discovered and sampled in the wild as early as August 2010. This privately-owned crimeware's earlier targets were business and corporate accounts, its operators attempting high-value transactions ($100K-$200K USD per day) in both automated and manual fraud schemes.

It is very likely that Bugat's operators started seeing a diminished ability to target high-value accounts due to added authentication challenges, forcing them to resort to developing a malware component that is already used by many mainstream banking Trojans in the wild.

BitMo A Little Late in the Game?

In somewhat tardy fashion, Bugat joins the lineup of banking malware that makes use of SMS capturing mobiles apps. The first occurrences of such malware were observed in use by Zeus and SpyEye Trojan variants, which were respectively dubbed ZitMo and SPitMo (Zeus-in-the-Mobile, SpyEye-in-the-Mobile). In mid-2012, RSA coined the name CitMo to denote the Citadel breed of in-the-Mobile activity. The fourth Trojan for which malicious apps were discovered was Carberp in early 2013, and with this case, Bugat is the most recent banking Trojan to have its own SMS-forwarding app, in which RSA coined: BitMo.

Continued : http://blogs.rsa.com/bugat-joins-the-mobile-revolution-bitmo-hijacking-sms-born-otps-inth3wild/
Collapse -
Malware-Serving "Who's Viewed Your Facebook Profile" ..
by Carol~ Forum moderator / June 10, 2013 9:20 AM PDT
In reply to: NEWS - June 10, 2013
... Campaign Spreading Across Facebook


A currently ongoing Facebook spreading malware-serving campaign, entices users into downloading and executing a malicious executable, pretending to be a "Who's Viewed Your Facebook Profile" extension. In reality though, the executable, part of a campaign that's been ongoing for several months, will steal private information from local browsers, will auto-start on Windows starup, and will attempt to infect all of the victim's friends across Facebook.

The executable, including several other related executables part of the campaign, are currently hosted on Google Code, and according to Google Code's statistics, one of the malicious files has already been downloaded 1,870,788 times. Surprisingly, the Coode Project is called "Project Don't Download". Very interesting self-contradicting social engineering attempt.

Continued : http://ddanchev.blogspot.com/2013/06/malware-serving-whos-viewed-your.html
Collapse -
New backdoor malware 'KeyBoy' used in targeted attacks ..
by Carol~ Forum moderator / June 10, 2013 9:21 AM PDT
In reply to: NEWS - June 10, 2013
... in Asia, researchers say

Users from Vietnam, India, China, Taiwan and possibly other countries, were targeted as part of an attack campaign that uses Microsoft Word documents rigged with exploits in order to install a backdoor program that allows attackers to steal information, according to researchers from security firm Rapid7.

The targeted attacks used specifically crafted Word documents as bait in spear-phishing emails sent to the intended victims. These documents were rigged to exploit known vulnerabilities that affect unpatched installations of Microsoft Office.

One of the malicious documents found by Rapid7 researchers is written in Vietnamese and is about best practices for teaching and researching scientific topics. This suggests that the targets of attacks where this document was used are part of the Vietnamese academic community, Rapid7 researchers Claudio Guarnieri and Mark Schloesser said Friday in a blog post.

Continued : http://www.pcworld.com/article/2041219/new-backdoor-malware-keyboy-used-in-targeted-attacks-in-asia-researchers-say.html

Also: 'KeyBoy' Malware Used in Targeted Attacks in Asia
Collapse -
Microsoft borks botnet takedown in Citadel snafu
by Carol~ Forum moderator / June 10, 2013 9:22 AM PDT
In reply to: NEWS - June 10, 2013

"Stupid Redmond kicked over our honeypots, wail white hats"

Security researchers are complaining about collateral damage from the latest botnet take-down efforts by Microsoft and its partners.

The Windows 8 giant worked with financial service organisations, other technology firms and the Federal Bureau of Investigation to disrupt more than a thousand botnets.

The botnets in question were using Citadel malware to run cybercrime scams blamed for more than $500m in fraud. The action, authorised by a federal court ruling and carried out last week, involved raids at server-hosting facilities in the US to seize evidence related to the malware.

The takedown - codenamed Operation b54 - is the latest in an ongoing campaign against various zombie networks spearheaded by Microsoft.

In a blog post, Microsoft described its seventh zombie network takedown as its "most aggressive botnet operation to date".

Continued : http://www.theregister.co.uk/2013/06/10/citadel_botnet_takedown_own_goal_by_microsoft/

Also: Microsoft Citadel takedown ultimately counterproductive

Popular Forums
Computer Help 51,912 discussions
Computer Newbies 10,498 discussions
Laptops 20,411 discussions
Security 30,882 discussions
TVs & Home Theaters 21,253 discussions
Windows 10 1,672 discussions
Phones 16,494 discussions
Windows 7 7,855 discussions
Networking & Wireless 15,504 discussions


iPhone 8: Everything we know so far

This is all the iPhone 8 reports and rumors in one place. From a 5.8-inch OLED display, reports of wireless charging and even a 3D scanner for facial recognition, it's all here.