Spyware, Viruses, & Security forum


NEWS - June 25, 2012

by Carol~ Moderator / June 25, 2012 12:04 AM PDT
Photo.zip - Stolen nude photos and police investigations. Malware attack spammed out

Cybercriminals are attempting to infect the computers of internet users, via a spammed-out email that has a malware-infected file attached.

Computer users are being warned to be wary of email messages which suggest they contain nude photographs of girlfriends, or claim that they have been reported to the police, as the attached file (Photo.zip) really contains a Trojan horse.

There are many different subject lines being used in the malware campaign, including:

• These pictures should be taken down immediately.
• You can't say I haven't warned you now enjoy the consequences.
• The police investigation is under way now. You'll be really sorry about what you have done.
• The criminal investigation agains you has started. Grave privacy violation is a serious thing.

Here are some examples of what the emails look like, each with a file called Photo.zip attached. [Screenshot]

Continued : http://nakedsecurity.sophos.com/2012/06/25/photo-zip-nudemalware/
Discussion is locked
You are posting a reply to: NEWS - June 25, 2012
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - June 25, 2012
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
How to Break Into Security, Ptacek Edition
by Carol~ Moderator / June 25, 2012 12:51 AM PDT
In reply to: NEWS - June 25, 2012

At least once a month, sometimes more, readers write in to ask how they can break into the field of computer security. Some of the emails are from people in jobs that have nothing to do with security, but who are fascinated enough by the field to contemplate a career change. Others are already in an information technology position but are itching to segue into security. I always respond with my own set of stock answers, but each time I do this, I can't help but feel my advice is incomplete, or at least not terribly well-rounded.

I decided to ask some of the brightest minds in the security industry today what advice they'd give. Almost everyone I asked said they, too, frequently get asked the very same question, but each had surprisingly different takes on the subject. Today is the first installment in a series of responses to this question. When the last of the advice columns have run, I'll create an archive of them all that will be anchored somewhere prominently on the home page. That way, the next time someone asks how they can break into security, I'll have more to offer than just my admittedly narrow perspectives on the matter.

Last month, I interviewed Thomas Ptacek, founder of Matasano Security, about how companies could beef up password security in the wake of a week full of news about password leaks at LinkedIn and other online businesses. Ptacek's provocative advice generated such a huge amount of reader interest and further discussion that I thought it made sense to begin this series with his thoughts:

Continued : http://krebsonsecurity.com/2012/06/how-to-break-into-security-ptacek-edition/

Collapse -
Fake Flash update with a twist
by Carol~ Moderator / June 25, 2012 12:52 AM PDT
In reply to: NEWS - June 25, 2012

From the Zscaler ThreatLab Blog:

We've seen Fake Flash updates for several years. A webpage claims that the user is running an outdated of version of Flash and they require an upgrade of the plugin to watch a video. The fake Flash update is actually a malicious executable.

This type of attack is still going on. Today, I was investigating such a malicious page. The page claims to be from xhamster.com, a free porn site. The fake video player shows a warning: "You need the latest version of Adobe Flash Player to play this video." [...]

However, instead of downloading a malicious executable, the user is actually asked to download a fake Flash extension. There are different variants for different browsers: .XPI for Firefox, .CRX for Google Chrome, and .EXE (BHO + installer) for Internet Explorer. [...] [...][...]

Browser extensions are open doors to infect users. Antivirus vendors do a very poor job at decting fake extensions, mostly because they are just plain text files (HTML, JavaScript), and cannot therefore contain binary malware. The VirusTotal reports for this particular attack illustrate the challenge:

• executable (Internet Explorer): detection by 21/42 AV
• XPI (Firefox): 0 detected]!
• CRX (Chrome): 0 detected!

Browser extensions

Continued : http://research.zscaler.com/2012/06/fake-flash-update-with-twist.html

Collapse -
Update for Windows Update has teething troubles
by Carol~ Moderator / June 25, 2012 12:52 AM PDT
In reply to: NEWS - June 25, 2012

Microsoft has released an unscheduled, non-patch day update for Windows to update the Windows Update function itself. However, according to reports from readers, the Windows Update Agent update does not always run smoothly; The H's associates at heise Security also ran into problems on their test systems.

A staggered dissemination of the update has been taking place over the past three to four days. Users who run Windows Update are confronted with a message which says that an update for Windows Update needs to be installed before the system can check for other updates. [Screenshot]

Before installing any other updates, users first need to install the Windows Update Agent update Zoom On some computers, clicking the "Install Updates" button results in a failed installation with error code 80070057 or 8007041B. On heise Security's test Windows 7 computer, repeatedly attempting the update (click on "Check for updates" on the left) did eventually result in the update being successfully applied. Microsoft has provided a "Fix it" tool (Direct download) for more stubborn cases in Knowledge Base Article 949104.

The update in question upgrades the Windows Update Agent from version 7.4.7600.226 to 7.6.7600.256; it is not, as some readers have feared, a virus. After upgrading, the Windows Update Agent is automatically restarted; users do not need to reboot Windows.


Collapse -
LulzSec's Ryan Cleary and Jake Davis plead guilty to hacking
by Carol~ Moderator / June 25, 2012 1:48 AM PDT
In reply to: NEWS - June 25, 2012

"British pair admit targeting institutions including CIA, Soca and News International"

LulzSec hacker Ryan Cleary has admitted hacking into the websites of the CIA and the UK's Serious Organised Crime Agency.

Cleary, 20, confessed to launching a string of attacks on major institutions in Britain and the US with fellow hacker Jake Davis, 19.

The two targeted sites including the National Health Service, News International, Sony, Nintendo, Arizona State police, film studio 20th Century Fox and other sites in a series of so-called distributed denial of service (DDoS) attacks, where websites are flooded with traffic to make them crash.

Cleary, of Wickford, Essex, and Davis, of Lerwick, Shetland, plotted to carry out the attacks with other unknown members of the internet groups Anonymous, Internet Feds and LulzSec.

Other websites targeted by the pair were Westboro Baptist Church, Bethesda, Eve Online, HBGary, HBGary Federal, PBS Inc and Infragard.

Continued : http://www.guardian.co.uk/technology/2012/jun/25/lulzsecs-ryan-cleary-guilty-hacking

Two Lulzsec members plead guilty over hacking charges as trial date is set for April 2013
LulzSec hacking duo plead guilty to string of attacks against US and UK websites
2 UK suspects linked to LulzSec plead guilty of attacks on CIA, PBS, News International

Collapse -
Ecardgrabber: Android App Sniffing Contactless Credit Card
by Carol~ Moderator / June 25, 2012 1:48 AM PDT
In reply to: NEWS - June 25, 2012
Ecardgrabber: Android App Sniffing Contactless Credit Card Details over the Air

From the Symantec Security Response Blog:

A security researcher from Germany released an Android application on Google Play that can obtain contactless credit card data over the air for a limited set of cards. Contactless credit cards can typically be used without a pin for transactions under €10 by simply holding the card near a point of sale terminal.

The Android application, which Symantec detects as Android.Ecardgrabber, attempts to read this data by using a communication protocol called Near Field Communication (NFC)— a technology present on the latest smartphones. The app was posted on Google Play on June 13 and was downloaded 100-500 times before removal.

[Screenshot] - [Screenshot]

What is Near Field Communication?

Near Field Communication enables contactless data exchange at short distances.

Continued : http://www.symantec.com/connect/fr/blogs/ecardgrabber-android-app-sniffing-contactless-credit-card-details-over-air
Collapse -
Key Stuxnet LNK Spreading Mechanism Stops Working
by Carol~ Moderator / June 25, 2012 4:56 AM PDT
In reply to: NEWS - June 25, 2012

One of the key infection methods for the Stuxnet worm was hard-coded to stop working on June 24, removing one of its techniques for propagation. Researchers say that the date, which is found in coded form in the worm's instructions, is nearly three years to the day from the date that the first version of Stuxnet was seeded.

Stuxnet contains several different methods for spreading and infecting new machines. One of those infection methods is through the use of LNK files that are copied to a USB storage device. This was among the first sections of Stuxnet to be identified and dissected by researchers.

"There are currently three known variants of Stuxnet - which were all seeded in waves, on different dates. The first known variant was seeded on June 23rd, 2009 at 4:40am GMT. The next wave took place on June 28th and then on July 7th.

So, on June 24th, 2012, we were roughly three years since the initial deployment of the worm that squirmed through carefully selected Iranian organizations," Costin Raiu of Kaspersky Lab wrote in an analysis of the drop-dead date for the LNK mechanism.

Continued : http://threatpost.com/en_us/blogs/key-stuxnet-lnk-spreading-mechanism-stops-working-062512

Collapse -
Qualys Helps Organizations Comply With EU Cookie Directive
by Carol~ Moderator / June 25, 2012 5:01 AM PDT
In reply to: NEWS - June 25, 2012

Qualys, the soon-to-go-public provider of cloud security and compliance solutions, today said that its flagship QualysGuard Web Application Scanning (WAS) service will be able to help customers identify Web application cookies in order to help organizations comply with the European Union (EU) Cookie Directive that will be enforced in the United Kingdom (UK) effective on May 26, 2012.

Last May, the UK adopted regulations to implement the 2009 EU E-Privacy Directive, which requires web sites to get permission from visitors before they can store cookies or other information used to track their online actions.

The UK Cookie Directive is privacy legislation that requires web sites to gain consent from visitors before they can store cookies or other information used to track a user's actions -- fundamentally changing how web application owners interact with users. One of the challenges with the new regulations for many organizations is identifying if a particular site or web application is using cookies that require the user's consent. While customers may not be aware that companies are tracking their activity, companies that utilize such tracking techniques by utilizing third party services may not even be aware that their activities may be in violation of the Cookie Law, Qualys explained.

According to the results of a study on the behavioral tracking on 269 different sites, Keynote Systems discovered that 86 percent of the sites analyzed included third-party tracking of site visitors and, as a result, violated one or more common tracking-related U.S. privacy standards.

Continued : http://www.securityweek.com/qualys-helps-organizations-comply-eu-cookie-directive

Collapse -
70% of teens hide their online behavior
by Carol~ Moderator / June 25, 2012 5:18 AM PDT
In reply to: NEWS - June 25, 2012

When it comes to using the Internet, teens are not only engaging in risky behaviors, but how they are hiding it from their parents, many of whom don't realize they are being fooled, according to McAfee.

Despite their awareness of online dangers, teens continue to take risks by posting personal information and risky photos online, unbeknownst to parents.

Many teens are accessing inappropriate online content, despite 73.5% of parents whom trust their teens to not access age-inappropriate content online. Specifically 43% of teens have accessed simulated violence online, 36% have access sexual topics online, and 32% have accessed nude content or pornography online.

Nearly half of parents believe their teens tell them everything they do online and insist they are in control when it comes to monitoring their teen's online behaviors. However, the study reveals that teens deceiving their parents are on the rise, as over 70% of teens have found ways to avoid parental monitoring, compared to 2010, where 45% of teens have hidden their online behavior from a parent.

The top 10 ways teens are fooling their parents include:

Continued : http://www.net-security.org/secworld.php?id=13157

Collapse -
How many husbands ...
by Kees_B Forum moderator / June 25, 2012 5:41 AM PDT

will hide (part of) their online behaviour from their wife? And the other way around?

I can't find this 70% for teens amazing. After all, it's a age they become their independent selves.

How about their offline behaviour (meaning: things they do when not at home)? I think more than 70% don't tell everything 100% thruthfully.


Collapse -
I agree..
by Carol~ Moderator / June 25, 2012 8:15 AM PDT
In reply to: How many husbands ...

I don't find 70% so surprising. But what I do find surprising is how "nearly half of parents believe their teens tell them everything they do online and insist they are in control when it comes to monitoring their teen's online behaviors".

It could be the nature of the beast, but half the parents feel they're In control?? Or conversely as a McAfee online safety "expert" put it, "... it is surprising how disconnected their parents are,"


Collapse -
Menshn opens up to UK users and runs into security storm
by Carol~ Moderator / June 25, 2012 5:28 AM PDT
In reply to: NEWS - June 25, 2012

"Tory MP Louise Mensch's Twitter wannabe network opens for business to UK users, but developers find security flaws in first hours"

Louise Mensch's Menshn social network opened in the UK on Sunday - and quickly ran into arguments about how secure it was, and questions about whether its use of cookies is compliant with European law.

Created by Mensch and the UK internet entrepreneur Luke Bozier, the social network was intended to address Mensch's complaint about Twitter - principally, that there's no control of what topics are discussed.

British users joining on Sunday were instructed to pick from a selection of five topics: Euro 2012, the US election, UK politics, "tech" and "women".

Early indications were that the network seems to have attracted around a thousand British users. But the discussion quickly turned to "tech" - and specifically the apparent lack of security in the site. One Twitter user, James Coglan, was quick to investigate it - and reckoned that it was seriously lacking in security.

Continued : http://www.guardian.co.uk/technology/2012/jun/25/menshn-opens-uk-security-storm

Massive botnet shut down after botmaster's arrest
Russian Authorities Arrest Owner of Botnet Made of 4.5 Million Computers
Mensch pal Bozier defends Menshn security, dubs critics 'snippy geeks'

Popular Forums

Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!