NEWS - June 14, 2011

Avira Criticized for Recommending Controversial Product

Avira has stirred up some controversy among users after deciding to display ads for a third-party registry cleaner within the free version of its antivirus product.

Avira AntiVir Personal, the free solution offered by the German security vendor, is one of the most popular anti-malware products on the market today and has over 100 million users.

It seems that Avira recently partnered up with Uniblue, the owners of, a database of information about Windows processes, and creators of several software products.

The partnership between the two companies requires Avira to display ads for Uniblue RegistryBooster within AntiVir Personal.

These ads have taken users by surprise and have even upset the more knowledgeable ones as Uniblue RegistryBooster doesn't have a good reputation in the security community. [Screenshot]

In fact, some security enthusiasts consider the product to be scareware, not necessarily due to its functionality, but because of the aggressive advertising tactics employed by Uniblue.

Continued :

Also: Avira AntiVir Adds Ask Toolbar and Scareware PopUp
Discussion is locked
Reply to: NEWS - June 14, 2011
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - June 14, 2011
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
- Collapse -
UPDATE 2-Hackers break into U.S. Senate computers

The U.S. Senate's website was hacked over the weekend, leading to a review of all of its websites, in the latest embarrassing breach of security to hit a major U.S.-based institution.

The loosely organized hacker group Lulz Security broke into a public portion of the Senate website but did not reach behind a firewall into a more sensitive portion of the network, Martina Bradford, the deputy Senate sergeant at arms, said on Monday.

Despite the breach, the Sergeant at Arms Office, which provides security for the Senate, said that the breach had not compromised any individual senator's information.

Lulz announced the hack on Monday.

"We were responding to their allegations. Basically what we're saying that the server they got into is for public access and is in the public side," said Bradford.

Lulz Security, who have hacked into Sony's website and the U.S. Public Broadcasting System, posted online a list of files that appear not to be sensitive but indicate the hackers had been into the Senate's computer network.

Continued :

LulzSec hacks US Senate
LulzSec attacks US Senate and Bethesda Softworks

- Collapse -
Anonymous vows to attack Federal Reserve

Infamous hacktivist collective Anonymous has served notice that it intends to attack the websites of the Federal Reserve.

The campaign - likely to take the form of denial of service attacks and possibly sit-ins - is in protest at the Federal Reserve's role in the global financial crisis, misuse of US taxpayer funds and supposed role in driving millions worldwide into poverty. The planned cyber-assault is timed to coincide with Flag Day, 14 June.

Hacktivists have christened the campaign Operation Empire State Rebellion. Anonymous is calling for the cyber-protests to continue until Federal Reserve Chairman Ben Bernanke steps down, as explained in a video-manifesto (below).

Anonymous began life in the anarchic message boards of 4chan as a protest against the Church of Scientology back in 2008. Its targets since then have included the entertainment industry (and in particular Sony), organisations that withdrew payment facilities from WikiLeaks (Mastercard, PayPal) and HBGary, a security firm that threatened to out Anonymous members.

Continued :

- Collapse -
Researcher: ChronoPay Tried to Reverse-Engineer Malwarebytes

Security researcher and security journalist Brian Krebs claims that Russian payment processor ChronoPay hired programmers to reverse-engineer the free version of Malwarebytes' Anti-Malware in order to create an antivirus solution of its own.

In a new ChronoPay-related post on his blog, Krebs reveals new findings about the organization, who he claims is involved in all sorts of cyber criminal activities.

The researcher published screenshots from a ChronoPay internal system used to manage its "dark divisions" that deal with clients distributing scareware, running illegal online pharmacies, operating extreme adult websites and selling pirated music.

"When I visited Vrublevsky [the ChronoPay CEO] in Moscow in February, he told me of plans to launch a ChronoPay-branded anti-virus solution, and many of the documents included in this section of ChronoPay's MegaPlan [the internal system] installation are technical papers referencing the development of different anti-virus software modules," Krebs writes.

"The documents suggest that the company has hired programmers to reverse-engineer the free version of the commercial anti-malware product Malwarebytes," he reveals.

Malwarebytes' Anti-Malware is a product often used as a companion for full-fledged antivirus programs, which specializes in the detection and removal of scareware, the exact type of business ChronoPay is said to be involved in.

It's not clear if these reverse engineering efforts directed at Malwarebytes' product are meant to find ways of evading its detection or preventing it from running properly, or if the company is interested in the code for use in its own product.

Continued :

Related: Organization Chart Reveals ChronoPay's Links to Shady Internet Projects

- Collapse -
Trend Micro Unveils Hacker Traps

Trend Micro says it can catch hackers in action breaking into networks and trying to steal secrets with a new line of network-analysis tools and security services.

Branded Real-Time Threat Management Solutions, Trend Micro's approach includes network appliances monitor network traffic for telltale signs of hacker entry or malware, such as outbound botnet traffic calling back to its master control point.

One appliance, called the Threat Management System, provides visibility and monitoring to detect real-time evidence and alert of hacker break-ins or malware infections. This appliance can be set up to work with another one called the Threat Discovery Appliance, to automatically launch a mitigation and cleanup effort. Trend Micro acknowledges it's out to compete with products such as the NetWitness NextGen visibility monitoring system, recently acquired by RSA.

Continued :

Also: Trend Micro expands risk management portfolio

- Collapse -
The top 10 passcodes you should never use on your iPhone

Are you one of the many people who is using a dangerously easy-to-guess passcode on your iPhone?

Maybe you should do something about it - sooner rather than later.

The warning comes after new research suggested that 15% of all iPhone owners use one of just ten passwords on their lock screen: [Screenshot]

Apple iPhone app developer Daniel Amitay published the interesting research, looking at the four digit passcodes that users choose to secure their systems with.

Fortunately, he didn't snoop on the actual passcodes used by iPhone users to lock their devices - but instead anonymously collected the codes chosen by users to secure the "Big Brother Camera Security" app he develops. In all, Amitay collected over 204,000 passcodes.

Amitay postulated that as Big Brother's password setup and lock screen are nearly identical to the actual iPhone lock screen, the likelihood is that the passcodes used would most likely correlate with the codes used to lock iPhones.

Continued :

- Collapse -
Spear phishers sharpen skills, craft 'incredible' attacks,

"Spear phishers sharpen skills, craft 'incredible' attacks, say experts"

Recent break-ins at high-profile targets like the International Monetary Fund (IMF) demonstrate just how proficient hackers have become at "spear phishing," researchers said today.

"Today's spear phishing is not only more prevalent but also much more technically proficient," said Dave Jevans, chairman of the Anti-Phishing Working Group (APWG), an industry association dedicated to fighting online identity theft. Jevans is also the founder and chairman of IronKey, a Sunnyvale, Calif. security company.

"They're not going for a password, anymore, they're getting people to install crimeware on their computers," said Jevans.

Like the more common phishing, spear phishing attacks are launched as emails that try to con the recipient into clicking a link that leads to a malicious Web site. Those sites can take almost infinite forms, from fake account log-in screens to ones that tout a software upgrade to widely-used software, such as Adobe Flash.

In the second scenario, the file is not as advertised, but instead is attack code that infects the computer, giving criminals access to that machine -- and through it, others -- or to confidential information, like account passwords obtained by secretly monitoring the PC's keystrokes.

Continued :

I.M.F. Reports Cyberattack Led to 'Very Major Breach'
MF State-Backed Cyber-Attack Follows Hacks of Lab, G-20

- Collapse -
Plankton malware drifts into Android Market

The rate at which we discover new malware samples for the Android platform is increasing. At the beginning of the year we got a few samples every month and today it is not uncommon to get a few every week.

While most of the newly discovered samples are released outside of the official Android Market, some aren't, and it is unfortunate that users cannot rely on Google to prevent malicious users from submitting malicious applications to the Android Market.

Because apps are self-signed, there is no good way to verify that an application is coming from a trusted source. Theft of intellectual property is common, as rogue developers are repackaging versions of legitimate applications and selling them under their own names.

Rants aside, the latest potential attack on the market comes in the form of Plankton malware. Plankton has been included in at least ten applications on the Android Market that have now been removed by Google. The malware was initially discovered by Xuxian Jiang, Assistant Professor at North Carolina State University.

The applications that included the Plankton framework were published on the market for more than two months before anybody noticed anything unusual about them. Some of the applications became very popular and were downloaded over 100,000 times.

Continued :

- Collapse -
Autorun-abusing malware (Where are they now?)

From the Microsoft Malware Protection Center:

On Feb. 8, Microsoft started releasing updates for the Windows XP and Vista platforms to make the Autorun feature more locked-down on those older platforms by preventing AutoPlay from being enabled automatically (except when it comes to "shiny media" such as CDs and DVDs). We knew we would want to come back sometime later to measure how the update changed the rate of infection for these families. That time is now. Let's have a look.

As reported in volume 10 of the Microsoft Security Intelligence Report and in a previous post, malware using a technique to abuse a feature of Windows called Autorun grew in prevalence in 2010. If you examine the top families, you'll spot the top offenders: Taterf, Rimecud, Conficker, and Autorun (a "family" that we detect with generic signatures based on Autorun propagation behaviors). The following chart, based on the data in the SIRv10 report, shows their changes quarter over quarter in 2010. This chart shows the total number of detections reported by computers running any MMPC product, so it includes malware that was detected and blocked (no infection) and also those found by the Microsoft Malicious Software Removal Tool (MSRT) for removal. (In other words, these are counts for computers reporting detections, not infections.)

[Chart: Detections reported by computers running MMPC products of threats using "autorun.inf"]

Then something expected happened. The infection rates for Windows XP and Vista went down -- pretty significantly, in fact. By May of 2011, the number of infections found by the MSRT per scanned computer was reduced by 59% on XP and by 74% on Vista in comparison to the 2010 infection rates. Specific service packs show even greater declines between the month prior to the update (Jan. 2011) and last month (May 2011).

Continued :

- Collapse -
LulzSec Begins DDoSing Websites at Random

Hacking outfit LulzSec is hitting websites at random in a distributed denial-of-service spree dubbed Titanic Takeover Tuesday by its members.

The notorious hackers that attacked numerous companies and leaked tons of personal data during the past several weeks, began targeting the website because gamers expressed their disapproval of the Bethesda hack there.

"Tango down: *munches popcorn* wonder where the gamers are gonna run now," LulzSec wrote.

"We're firing at Escapist Magazine with around 0.4% of our total ammunition. Let's see what their admins are made of - game is on, folks," they added.

And since they weren't using their entire firepower, the hackers decided to take DDoS target suggestions from users.

"Call into 614-LULZSEC and pick a target and we'll obliterate it. Nobody wants to mess with The Lulz Cannon - take aim for us, twitter. #FIRE," the group posted on its Twitter feed.

The first target was EVE Online, a popular massive multiplayer online roleplaying space game. LulzSec took down the game's login server and website within seconds.

The company responsible for EVE Online confirmed the issue and announced that it has taken its entire network offline. "EVE Online and related services experienced an Internet attack. We have taken them down as a security precaution," it said.

LulzSec then pointed its virtual guns at another popular game - Minecraft. Similarly, the login server and website both went offline. The site of a company called FinFishers which apparently sells monitoring and IT intrusion solutions to government customers was also attacked.

Continued :

Also: Titanic Takeover Tuesday: LulzSec's busy day of hacking escapades

- Collapse -
Thieves Found Citigroup Site an Easy Entry

Think of it as a mansion with a high-tech security system - but the front door wasn't locked tight.

Using the Citigroup customer Web site as a gateway to bypass traditional safeguards and impersonate actual credit card holders, a team of sophisticated thieves cracked into the bank's vast reservoir of personal financial data, until they were detected in a routine check in early May.

That allowed them to capture the names, account numbers, e-mail addresses and transaction histories of more than 200,000 Citi customers, security experts said, revealing for the first time details of one of the most brazen bank hacking attacks in recent years.

The case illustrates the threat posed by the rising demand for private financial information from the world of foreign hackers.

In the Citi breach, the data thieves were able to penetrate the bank's defenses by first logging on to the site reserved for its credit card customers.

Once inside, they leapfrogged between the accounts of different Citi customers by inserting vari-ous account numbers into a string of text located in the browser's address bar. The hackers' code systems automatically repeated this exercise tens of thousands of times - allowing them to capture the confidential private data.

Continued :

CNET Forums