Spyware, Viruses, & Security forum


NEWS - March 25, 2013

by Carol~ Moderator / March 25, 2013 12:47 AM PDT
Apple suspends password resets after critical account-hijack bug is found (Updated)

"Using DOB and a modified URL, attackers could reportedly take control of accounts."

Update: Apple restored the password resets on Friday night.

Apple suspended the password-reset functionality for its iCloud and iTunes services following a published report that hackers could exploit it to hijack other people's accounts.

The password reset page stopped loading a few hours after The Verge reported there was an online tutorial that provided detailed instructions for taking unauthorized control of Apple accounts. The report didn't identify the website or the precise technique, except to say it involved "pasting in a modified URL while answering the DOB security question on Apple's iForgot page."

"It's a process just about anyone could manage, and The Verge has confirmed the glaring security hole firsthand," reporter Chris Welch wrote. "Out of security concerns, we will not be linking to the website in question."

A few hours later, the news site published a separate post quoting Apple officials as saying they were "aware of the issue, and working on a fix."

Continued : http://arstechnica.com/security/2013/03/apple-suspends-password-resets-after-critical-account-hijack-bug-is-found/

Apple Takes Tool offline After New Security Hole Surfaces
Apple Suspends iForgot Password Reset Page to Patch Security Hole
Apple pulls iForgot password recovery system over security bug
Discussion is locked
You are posting a reply to: NEWS - March 25, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - March 25, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Lime Pop: The Next Android.Enesoluty App
by Carol~ Moderator / March 25, 2013 12:53 AM PDT
In reply to: NEWS - March 25, 2013

From the Symantec Security Response Blog:

The gang that maintains Android.Enesoluty has been busy since last summer registering over one hundred domains used to host app sites and sending spam from these domains. It is now apparent that the group is also still busy developing malware variants. Several days ago, Symantec discovered a new variant of Android.Enesoluty.

As is the case with its predecessors, spam with a link to the app page is sent to potential victims. [Screenshot]

The new malicious app hosted on the app page is called Lime Pop, which (not so?) coincidently is almost identical to the name of a very popular game app. Like previous variants, the page has a link at the very bottom to an end user license agreement (EULA) that states that the app may upload personal information from the device. We assume the agreement is there for legal purposes. [Screenshot]

Continued: http://www.symantec.com/connect/blogs/lime-pop-next-androidenesoluty-app

Collapse -
Maybe don't install that groovy pirated Android keyboard
by Carol~ Moderator / March 25, 2013 12:53 AM PDT
In reply to: NEWS - March 25, 2013

A mobile software developer has turned an popular third party Android mobile keyboard called SwiftKey into a counterfeit package loaded with a trojan as a warning about the perils of using pirated or cracked apps from back-street app stores.

Georgie Casey, who runs a popular Android app-development blog in Ireland, created a modified (backdoored) version of SwiftKey using a tool called apktool combined with basic knowledge of Java and Android. The end result was a backdoored app called Keylogger SwiftKey APK, which Casey made available from his website (along with explicit warnings that it was to be used by interested parties and only to validate the problem).

"Apktool isn't keylogging software, it's an Android app dissassembler," Casey told El Reg.

"You dissassemble a Swiftkey keyboard, code your keylogger code that sends keylogs to my server, re-assemble with Apktool and now you've a keylogger. You still have to convince people to install it though."

Casey added that using pirated Android apps, especially from third-party stories, is a serious security risk. He reckons the threat also extends to iPhone apps on a jailbroken phone, a theme he expands upon in a blog post on his development of Keylogger SwiftKey APK that also provides a detailed explanation of how he pulled off the trick.

Continued : http://www.theregister.co.uk/2013/03/25/android_security_omnishambles/

Collapse -
Five cuffed for stealing 2M euros via e-banking hacks
by Carol~ Moderator / March 25, 2013 2:59 AM PDT
In reply to: NEWS - March 25, 2013

Five people were arrested last week when the Slovenian police conducted a series of house searches following an investigation into an gang that was emptying business bank accounts with the help of malware.

According to the Slovenian national Computer Emergency Response Team (SI-CERT), it all started last year, when several small companies notified the CERT and the police about their unexplained losses.

The investigation revealed that the companies' accounting personnel were targeted with emails pretending to come from a bank or tax authority, warning about a late payment or a bogus change in laws that would affect the companies.

The investigation revealed that the companies' accounting personnel were targeted with emails pretending to come from a bank or tax authority, warning about a late payment or a bogus change in laws that would affect the companies.

Continued : http://www.net-security.org/secworld.php?id=14647

Also: 5 Slovenian Hackers Arrested for Stealing €2M / $2.6 M from Companies

Collapse -
Modern Malware Increasingly Using Real-Time Web to Evade...
by Carol~ Moderator / March 25, 2013 3:00 AM PDT
In reply to: NEWS - March 25, 2013
Modern Malware Increasingly Using Real-Time Web to Evade Detection: Report

"Study Showed Over 30% of Unknown Malware Connected to New or Unknown Internet Destinations. FTP Exceptionally High-risk, Rarely Detected."

Attackers are increasingly relying on real-time Web-enabled applications to deliver malware that is not easily detected by security defenses, according to a new study from Palo Alto Networks.

While email continues to be a major source of malware, attackers are increasingly pushing an "overwhelming volume of unknown malware" via Web-based sources, Palo Alto Networks found in its Modern Malware Review report released Monday.

Nearly 90 percent of "unknown malware" users encountered came from browsing the Web, compared to just 2 percent coming from email, Palo Alto Networks found in its report. Web browsing was also the leading source of malware, accounting for 68 percent of total malware, compared to 25 percent from email.

Continued : http://www.securityweek.com/modern-malware-increasingly-using-real-time-web-evade-detection-report

Related: Antivirus Better at Detecting Email Malware Than Web Threats
Collapse -
IT Pros Admit to Plugging In Found USB Drives
by Carol~ Moderator / March 25, 2013 3:01 AM PDT
In reply to: NEWS - March 25, 2013

"The survey revealed that data which was discovered on the found USB drives often included viruses, rootkits and bot executables. "

The temptation to find out what exactly is on an unknown USB drive is apparently too great for a vast majority of IT workers, with 78 percent of IT security professionals admitting to picking up and plugging in USB flash drives found abandoned or lying around, according to a survey conducted by South Korean security vendor AhnLab.

The study also uncovered that more than 68 percent of those surveyed had been involved in a security breach, either at home, work or personally-with many relating back to the infected USB drives. The study warned inserting a found flash drive into a network could lead to infecting files and networks, and ultimately, the loss of valuable data.

"I am utterly shocked at these figures, in particular, the 78 percent number," Brian Laing, vice president of marketing and business development at AhnLab's Santa Clara office, said in a statement. "For example, Stuxnet, one of the world's most sophisticated cyber-attacks, gained access to its target system through a 'found' USB drive. The creators of the malware left infected USB drives near a uranium enrichment facility and someone picked it up and inserted into their PC. Stuxnet derailed the efforts of that nation to purify nuclear materials at its facility."

Continued : http://www.eweek.com/security/it-pros-admit-to-plugging-in-found-usb-drives/

* * * * * * * * * *
A study (unrelated to the above) in 2011 by Sophos: Lost USB keys have 66% chance of malware

Collapse -
Ad industry threatens Firefox users with more ads if ..
by Carol~ Moderator / March 25, 2013 4:46 AM PDT
In reply to: NEWS - March 25, 2013
.. Mozilla moves on tracking plans

"Attacks Mozilla over third-party cookie blocking decision"

The online ad industry has attacked Mozilla over its decision to block third-party cookies in a future release of Firefox, calling the move "dangerous and highly disturbing," and claiming that it will result in more ads shown to users.

The fierce reaction came from the Interactive Advertising Bureau (IAB) and Association of National Advertisers (ANA), both of which laid out positions in blog posts on March 14.

Dan Jaffe, the ANA's vice president of government relations, denied that it was a coordinated campaign, even though both the ANA and IAB blasted Mozilla on the same day and used many of the same arguments -- notably the threat to small businesses and a resulting curtailment of user choice on the Internet.

Continued : http://www.computerworld.com/s/article/9237847/Ad_industry_threatens_Firefox_users_with_more_ads_if_Mozilla_moves_on_tracking_plans
Collapse -
South Korean Wipers and Spear Phishing E-mails
by Carol~ Moderator / March 25, 2013 4:51 AM PDT
In reply to: NEWS - March 25, 2013

From the F-Secure Antivirus Research Weblog:

News broke last week of a "wiper" malware that affected South Korean banks and broadcasting companies. NSHC Red Alert Team has published a detailed analysis of the malware here (pdf). There were several hashes mentioned for the same component, which suggest multiple operations under the same campaign.

So how did the affected companies get infected? No one knows for sure. However we came across the following archive: [Screenshot]

The filename of the archive roughly translate to "The customer's account history". As a side note, Shinhan bank was one of the affected companies according to reports.

Those with keen eye would notice that the malware inside the archive is using double extensions combined with a very long filename to hide the real extension. This is a common social engineering tactic that started during the era of mass mailing worms almost a decade ago. Therefore we believe the archive is most likely sent as attachment in spear phishing e-mails.

Continued: http://www.f-secure.com/weblog/archives/00002531.html

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?