Spyware, Viruses, & Security forum

General discussion

NEWS - March 03, 2010

by Carol~ Moderator / March 3, 2010 12:46 AM PST
Authorities dismantle botnet with 13 million infected PCs

"Half of Fortune 1000 touched"

One of the world's biggest botnets has been taken down, cracking open a global platform that infiltrated more than half of the Fortune 1000 companies, according to the Associated Press.

The take down came as authorities in Spain arrested three of the ringleaders of the the botnet, dubbed Mariposa. The suspects haven't been identified by name, but they're described as Spanish citizens with no criminal records whose internet names and ages were "netkairo," 31; "jonyloleante," 30; and "ostiator," 25.

The Mariposa botnet, which infected 12.7 million PCs, appeared in late 2008 and spread to more than 190 countries, the AP reported, citing researchers. The researchers that dismantled it first started looking at it in the spring of 2009.

Microsoft Vice President of Trustworthy Computing Scott Charney on Tuesday told attendees of the RSA security conference the corporate and government organizations "can manage the botnet risk ... because they have professional IT staff." Botnets such as Mariposa and even the less potent Zeus suggest otherwise.

Continued here: http://www.theregister.co.uk/2010/03/02/mariposa_botnet_takedown/

Also: How FBI, police busted massive botnet
Discussion is locked
You are posting a reply to: NEWS - March 03, 2010
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - March 03, 2010
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
New Exploit Bypasses DEP
by Carol~ Moderator / March 3, 2010 1:24 AM PST
In reply to: NEWS - March 03, 2010

Another Proof-of-Concept (POC) Revealed

The changing threat landscape has brought about more sophisticated Web threats, and left the online population clamoring for better security features in the systems and applications that they use. This has pushed Microsoft to develop security mechanisms within its applications like Windows? Data Execution Protection (DEP) and Address Space Layout Randomization (ASLR).

Both DEP and ASLR are security mechanisms that Microsoft included in its latest Windows releases starting with XP SP2 and Vista, respectively, which should ideally protect systems from being attacked by exploit codes. DEP prevents the execution of code (including malicious shellcode) from certain regions of computer memory (nonexecutable). ASLR, on the other hand, randomizes the layout of regions (data areas) in memory to make guessing the exact location more difficult. But what if these security mechanisms are not so secure after all?

This is what Berend-Jan Wever, aka Skylined (the security researcher responsible for disclosing the heap-spraying technique), came to discover as he reported a new exploit technique that bypasses DEP if the ASLR feature is disabled. In Wever?s full disclosure of the exploit, he discusses the method on how to go around DEP and ASLR using return-to-libc attacks wherein an attacker uses existing code (of the applications being exploited or of the library functions) to carry out the attack rather than run his/her own code.

Continued here: http://blog.trendmicro.com/new-exploit-bypasses-aslr-and-dep/

Collapse -
Kaspersky introduces new "Pure" security package
by Carol~ Moderator / March 3, 2010 1:25 AM PST
In reply to: NEWS - March 03, 2010

Russian AV vendor Kaspersky has introduced Kaspersky PURE, a security package that is specifically designed to meet the needs of multi-PC households. In addition to the security features (virus protection, firewall, identity protection and tune-up), PURE offers a backup tool, hard disk encryption, a password manager and a central network manager for local PCs. The product's tune-up, parental control and identity protection features have been extended compared to those of the Kaspersky security suite.

For instance, PURE supports various instant messengers and can control which PC is allowed to execute which applications and access which websites at what time. The rules can be centrally configured via the network manager. The manager also allows users to check a PC's current update status or start a virus scan. PURE will be available at the end of March at an annual subscription fee of 80 euros for a three PC licence.

Continued here: http://www.h-online.com/security/news/item/Kaspersky-introduces-new-Pure-security-package-945081.html

Collapse -
Web Reputation Checks Gone Awry
by Carol~ Moderator / March 3, 2010 1:36 AM PST
In reply to: NEWS - March 03, 2010

From TrendLabs Malware Blog:

As the security industry evolves, underground cybercriminals are constantly looking for ways to counter the technology challenges presented to them. I recently found out that the bad guys have begun offering services to track the blacklisting of domain names through reputation checks. The number of ?businesses? offering this type of service is growing and the service itself has now become semi-automated.

This semi-automation can trace the list of requested domain names against the different Web reputation databases. The most recent service I studied is found on www.{BLOCKED}ervice.net, which offers customers solutions wherein the list of the domain names are regularly checked for blacklisting against Google BlackList (Firefox), ZeuS Tracker, MalwareDomainList.com, SpamHaus, and others. The monthly fee for such a service is currently around US$30 for 100 domains. [...]

The message above translates to:

Added cheking on ZEUS TRACKER
Join now!
Now clients of our service can use jabber bot, which can help in code crypting and check if the domain is in black list, check your domains in a real time for the black listing.
Join! It?s easy!
Added API!
Now clients of our service can use our algorithms via API.
This means you can now integrate the algorithms into your software products.

Continued here: http://blog.trendmicro.com/web-reputation-checks-gone-awry/

Collapse -
Patching human vulnerabilities
by Carol~ Moderator / March 3, 2010 2:03 AM PST
In reply to: NEWS - March 03, 2010

From the Viruslist Blog:

Today?s complex threats

Today?s threat landscape is very complex. Cybercriminals use a wide range of threats to hijack people?s computers and to make money illegally. These threats include Trojans of many different kinds, worms, viruses and exploit code which is designed to enable malware to make use of vulnerabilities in the operating system or applications. Cybercriminals also employ a range of sophisticated techniques to hide malware activity or to make it difficult for anti-virus researchers to find, analyse and detect malicious code.

So it?s easy to see the problem of cybercrime, and solutions to it, purely in technical terms. But I believe it?s also essential to deal with the human aspects of cybercrime.

Humans: the weakest link in the security chain

Notwithstanding the technical sophistication of today?s malware, cybercriminals often try to exploit human weaknesses as a way of spreading their programs. This should come as no surprise. Humans are typically the weakest link in any security system. Securing a house is one example: you can have the finest burglar alarm in the world, but if you don?t set it, then it offers no protection at all. The same is true for online security. Cybercriminals continue to make extensive use of social engineering, i.e. they try and trick people into doing something that undermines their online security.

Continued here: http://www.viruslist.com/en/analysis?pubid=204792106

Collapse -
Patching redefined - Free & Automatic Updating for every...
by Donna Buenaventura / March 3, 2010 2:06 AM PST
In reply to: NEWS - March 03, 2010
single PC user

Unpatched programs are a primary source of IT insecurity. But due to the complex and immeasurable scope of patching, it is neglected by the majority of private users. Not a viable approach to ensure online safety - Secunia has set out aggressively to change this!

Our latest whitepaper "Security Exposure of Software Portfolios" (PDF format), reveals that in order for the typical home user to stay fully patched, an average of 75 patches from 22 different vendors need to be installed, requiring the user to engage in a patch action every 4.8 days.

These findings are based on data from the more than two million users of the Secunia Personal Software Inspector (PSI), and supports that the complexity and frequency of actions required to keep a typical home user's system fully patched and secure, most likely exceeds what users are willing and able to invest. In fact, it is highly unlikely that even skilled enthusiasts will patch their systems as frequently as the whitepaper's findings indicate.

The core of this patching issue is that the software industry has, so far, failed to come up with a unified patching solution that can help home users on a large scale; that is, encompassing all software programs. To exemplify the consequence of this, referring to the data above, this means that in order for the user to install the 75 patches from the 22 different vendors, he or she has to master more than 22 different updating mechanisms, which is outside the bounds of what you can expect from a typical home user.


Secunia To Offer Free Application Updater Service To Consumers

RSA Conference 2010 -- Secunia here today announced a new free service for consumers that automatically checks for and patches their third-party applications when they boot up their Windows machines.

The goal is to pull all third-party application updates into one simple step, rather than piecemeal, so the end user doesn't have to decide whether to install an update or to handle them manually, according to Secunia. The free service is based on technology in its recently announced simplified patch management tool for enterprises that combines its Corporate Software Inspector with Microsoft's Windows Server Update Services (WSUS). The enterprise offering is currently in beta in more than 1,000 enterprises, says Niels Henrik Rasmussen, CEO of Secunia.

Collapse -
Reports about large number of fake Amazon order confirmation
by Carol~ Moderator / March 3, 2010 2:17 AM PST
In reply to: NEWS - March 03, 2010

A couple of readers wrote about a flood of fake Amazon.com order confirmations they are receiving. The e-mail claims to originate from Amazon.com, and attempts to trick the user into clicking on a link which will then lead to obfuscated JavaScript and malware.

This particular attack appears to be a new version of similar e-mails we have seen over the last week or so. The new version uses larger e-mail messages, which appear to be composed with Microsoft Word.

The text is still pretty concise. As a sample:

Dear Customer,

Your order has been sucessfully confirmed. For your reference, here's a summary of your order:

You just confirmed order #2341-23483720-38123



At the end of the e-mail follows a link to a malware site, labeled "ORDER INFORMATION".

Continued here: http://isc.sans.org/diary.html?storyid=8344

Collapse -
Google?s China Exit Strategy: Watch This Space
by Carol~ Moderator / March 3, 2010 2:40 AM PST
In reply to: NEWS - March 03, 2010

A top Google lawyer told Congress Tuesday that the company still has no idea when or if it will make good on its public ultimatum in January to pull out of China unless it is allowed to stop censoring search results.

?We are still weighing our options,? Google Vice President and Deputy General Counsel Nicole Wong told the Senate Judiciary committee in a hearing on internet freedom.

Google made its stunning promise seven weeks ago, when it publicly disclosed that its Gmail service had been attacked by hackers targeting Chinese human rights activists. That attack, which targeted some other 20 tech companies including Adobe, Yahoo and Intel, also sought source code, and resulted in Google losing some intellectual property.

That was enough to make the search company to radically rethink its 2006 deal with China, which allowed the creation of Google.cn. Under the controversial bargain, Google agreed to censor search results upon request from authorities but would tell users at the bottom of censored pages that results were withheld at the request of the Chinese government. At the time, Google thought that its deal would eventually lead to more internet freedom in China, but that?s not how things have worked out, according to Google.

Continued here: http://www.wired.com/epicenter/2010/03/google-china-update

Also see: Google: 'no timetable' on China talks

Collapse -
Regulators Revisit E-Banking Security Guidelines
by Carol~ Moderator / March 3, 2010 6:54 AM PST
In reply to: NEWS - March 03, 2010

Prodded by incessant reports of small- to mid-sized business losing millions of dollars at the hands of organized cyber criminals, federal regulators may soon outline more stringent steps that commercial banks need to take to protect business customers from online banking fraud and educate users about the risks of banking online.

At issue are the guidelines jointly issued in 2005 by five federal banking regulators under the umbrella of the Federal Financial Institutions Examination Council (FFIEC). The guidance was meant to prod banks to implement so-called ?multifactor authentication? ? essentially, to require customers to provide something else in addition to a user name and password when logging into their bank accounts online, such as the output from a security token.

The FFIEC didn?t specify exactly how the banks had to do this, and indeed it left it up to financial institutions to work out the most appropriate approach. However, many banks appear to have gravitated toward approaches that are relatively inexpensive, easy to defeat, and that may not strictly adhere to the guidance, such as forcing customers to periodically provide the answer to ?challenge questions? as a prerequisite to logging in to their accounts online.

Continued here: http://www.krebsonsecurity.com/2010/03/regulators-revisit-e-banking-security-guidelines/

Collapse -
Microsoft's Charney Suggests 'Net Tax to Clean Computers
by Carol~ Moderator / March 3, 2010 6:54 AM PST
In reply to: NEWS - March 03, 2010

How will we ever get a leg up on hackers who are infecting computers worldwide? Microsoft's security chief laid out several suggestions Tuesday, including a possible Internet usage tax to pay for the inspection and quarantine of machines.

Today most hacked PCs run Microsoft's Windows operating system, and the company has invested millions in trying to fight the problem.

Microsoft recently used the U.S. court system to shut down the Waledac botnet, introducing a new tactic in the battle against hackers. Speaking at the RSA security conference in San Francisco, Microsoft Corporate Vice President for Trustworthy Computing Scott Charney said that the technology industry needs to think about more "social solutions."

That means fighting the bad guys at several levels, he said. "Just like we do defense in depth in IT, we have to do defense in depth in [hacking] response."

"I actually think the health care model ... might be an interesting way to think about the problem," Charney said. With medical diseases, there are education programs, but there are also social programs to inspect people and quarantine the sick.

Continued here: http://www.pcworld.com/businesscenter/article/190581/

Collapse -
Security Seal company sued by FTC
by Carol~ Moderator / March 3, 2010 6:55 AM PST
In reply to: NEWS - March 03, 2010

From the SecuriTeam Blog:

Lets start with the proper disclosure; we provide a Web Site Security Seal service which competes with ControlScan?s. That said, I?m not about to bash ControlScan but rather the poor practices of security seal companies giving out seals to whoever pays them without the proper security checks.

Some background: The FTC sued ControlScan for $750,000 for giving out security seals while not really checking the security of the web sites. This lawsuit and its verdict are good news: It means that services that give out seals need to be responsible for their actions; no more ?scanless PCI? badges: if you give out a seal (and I?m looking at all you large domain resellers) that needs to stand for something - when customers see a seal that says ?secure site? they need to know the site is secure.

Before you take out the pitchforks, sure - there is no way to verify with 100% certainty that the web site is ?secure?. But vulnerability scanning is at a stage today where you can run automated scans and make sure the web site is ?secure enough? - meaning it does not have any known vulnerabilities, doesn?t suffer from SQL injections or cross site scripting. If there is a zero day vulnerability in apache, I doubt it will be used against an e-commerce site - it is more likely to be used against a bank or the government.

Continued here: http://blogs.securiteam.com/index.php/archives/1349

Collapse -
Grading Rogue ISP Takedowns in Botnet Fight
by Carol~ Moderator / March 3, 2010 6:55 AM PST
In reply to: NEWS - March 03, 2010

Fighting botnets can't just mean updating antivirus. After all, the amount of malware on the scene is not shrinking. In the past 18 months, security researchers have repeatedly set their eyes on rogue ISPs such as McColo and 3FN/Pricewert.

However, the drop off in spam levels after the takedowns was short-lived, as botnet operators shifted tactics and other botnets stepped up their spamming efforts to take over for those that had been disrupted.

It has become a familiar pattern, one that Matt Sergeant, senior anti-spam technologist at Symantec's MessageLabs, knows all too well. Sergeant was planning to examine the subject Wednesday in a talk at the RSA Conference in San Francisco, but instead Symantec colleague Alex Shipp, senior Anti-Virus Technologist and Imagineer for Symantec Hosted Services, will be taking his place.

The goal of the talk, however, remains the same: to figure out what we should learn from these incidents, and how to use this knowledge to better defeat the botnets spamming our inboxes.

Continued here: http://securitywatch.eweek.com/botnets/grading_rogue_isp_takedowns_in_botnet_fight.html

Collapse -
Battlefield Keygens are Bad Company
by Carol~ Moderator / March 3, 2010 7:46 AM PST
In reply to: NEWS - March 03, 2010

From the Sunbelt Blog:

In the same way that media event X guarantees Rogue Antispyware Y, a new and highly anticipated videogame that?s about ready to launch will similarly bring out the scams and fakes. [...]

If you have any family members that like their PC games but perhaps aren?t clued up on their Internet fakeouts, you might want to warn them that no matter how cool the so-called ?Battlefield: Bad Company 2? keygens look, they should steer clear: [...]

There are a lot of these files being promoted on sites such as Youtube at the moment, and without fail all of them will give your PC a very bad hair day. It?s just not worth the risk... [...]

Continued here: http://sunbeltblog.blogspot.com/2010/03/battlefield-keygens-are-bad-company.html

Collapse -
Ticket Hackers Get Front-Row Seats -- in Court
by Donna Buenaventura / March 3, 2010 1:54 PM PST
In reply to: NEWS - March 03, 2010

Four California men allegedly hatched a scheme to bypass safeguards meant to restrict the number of event tickets customers can buy. They devised software that impersonated individual ticket buyers to bombard online ticket services. The ticket hackers face charges of conspiracy, wire fraud and unauthorized computer access.

Four California men were charged on Monday with using sophisticated computer programs to fraudulently obtain more than a million tickets to concerts and sporting events and reselling them for a profit estimated at $29 million.

Although the tickets they bought and resold were authentic, prosecutors say the group used the programs to bypass safeguards meant to restrict the number of tickets that each customer can buy. According to a 43-count indictment, the four men and their company, Wiseguy Tickets Inc., devised software that impersonated individual ticket buyers to bombard online ticket services such as Ticketmaster and Major League Baseball.

"This drove more tickets into the hands of ticket brokers instead of individuals," U.S. Attorney Paul Fishman said.


Popular Forums

Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!