Spyware, Viruses, & Security forum


NEWS - May 02, 2012

by Carol~ Forum moderator / May 1, 2012 9:37 PM PDT
Skype IP Address Vulnerability May Not Be So New

A vulnerability in Skype that could expose members' IP addresses may have been known to Skype officials as far back as November 2010. A researcher who first discovered the flaw speculates it may have been left exposed perhaps because it was deeply embedded in the code and could cause other problems, according to a Wall Street Journal blog.

Last week someone posted a simple script on Pastebin to disclose Skype user locations in the patched version of Skype 5.5. After news media picked up the story, Microsoft issued an official statement.

"We are investigating reports of a new tool that captures a Skype user's last known IP address. This is an ongoing, industry-wide issue faced by all peer-to-peer software companies. We are committed to the safety and security of our customers and we are takings measures to help protect them," said Adrian Asher, director of product security for Skype.

Microsoft bought Skype for $8.5 billion in October 2011. But security researchers in France and New York said today they alerted Skype to the same vulnerability in November 2010. Their research on the flaw was published the same month Microsoft purchased the company.

Continued : http://threatpost.com/en_us/blogs/skype-ip-snooping-vulnerability-may-not-be-so-new-050112

Related : Skype divulges user IP addresses
Discussion is locked
You are posting a reply to: NEWS - May 02, 2012
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - May 02, 2012
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Global Payments Breach Window Expands
by Carol~ Forum moderator / May 1, 2012 10:15 PM PDT
In reply to: NEWS - May 02, 2012

A hacker break-in at credit and debit card processor Global Payments Inc. dates back to at least early June 2011, Visa and MasterCard warned in updated alerts sent to card-issuing banks in the past week. The disclosures offer the first additional details about the length of the breach since Global Payments acknowledged the incident on March 30, 2012.

Visa and MasterCard send periodic alerts to card-issuing banks about cards that may need to be re-issued following a security breach at a processor or merchant. Indeed, it was two such alerts — issued within a day of each other in the final week of March — which prompted my reporting that ultimately exposed the incident. Since those initial alerts, Visa and MasterCard have issued at least seven updates, warning of additional compromised cards and pushing the window of vulnerability at Global Payments back further each time.

Initially, MasterCard and Visa warned that hackers may have had access to card numbers handled by the processor between Jan. 21, 2012 and Feb. 25, 2012. Subsequent alerts sent to banks have pushed that exposure window back to January, December, and then August. In an alert sent in the last few days, the card associations warned issuers of even more compromised cards, saying the breach extended back at least eight months, to June 2011.

Continued : http://krebsonsecurity.com/2012/05/global-payments-breach-window-expands/

Collapse -
A "LNK" to the Past
by Carol~ Forum moderator / May 1, 2012 10:15 PM PDT
In reply to: NEWS - May 02, 2012

From the Symantec Security Response Blog:

Cybercriminals have continuously evolved their methods throughout the years to avoid detection and arousing the suspicion of the users they are targeting. In the case of targeted attacks, the lure is a critical piece of the puzzle, as cybercriminals need to be sure they can get the attention of their target so they can convince them to run malicious PDFs or DOC files.

We have been monitoring malicious emails which use Tibetan protests and self-immolations as its lure. The emails contain a RAR file with photographs supposedly taken from the protests.

Once the targeted user extracts the files onto their computer, they will notice only three files in the extracted directory. These are JPG files, or so they might think. In actuality, the files presented to users are .lnk files, which are shortcuts: [Screenshot]

The files have been carefully named in order to trick the user into believing they are JPG files. By default extensions are hidden, so the actual .lnk extensions are not observed by the user. [Screenshot]

In addition to the hidden extensions there are hidden files in the same folder. When we enable hidden files to be viewed, we see there are some legitimate JPG files present, as well as a thumbs.db file. Thumbs.db is a file normally used by Windows to store thumbnails of images in the directory. However, this thumbs.db was not generated by Windows—it is malicious—as it was purposely included in this archive by the attackers.

Continued : http://www.symantec.com/connect/blogs/lnk-past

Collapse -
64% of people think cloud storage is risky, but 45% ..
by Carol~ Forum moderator / May 1, 2012 10:15 PM PDT
In reply to: NEWS - May 02, 2012
.. but 45% still go right ahead and use it

Nearly half of those polled at Infosec Europe last week reported that they use cloud storage services such as Dropbox, but an even bigger number think such services potentially open up security holes.

The demand for cloud services in the workplace is growing. That's evidenced by the results of the poll, in which Sophos found that 45 percent of 214 conference attendees are using the services for work.

In the same survey, 64 percent reported that they thought this type of service is scary.

With that level of awareness, it's obvious that people - at least, those people who attend Infosec conferences - understand the risks of consumer cloud services. But in spite of that understanding, businesses are failing to keep a lid on their employees' use of the services.

Continued : http://nakedsecurity.sophos.com/2012/05/02/64-of-people-think-cloud-storage-is-risky-but-45-still-go-right-ahead-and-use-it/
Collapse -
Fake PayPal payment notification leads to malware
by Carol~ Forum moderator / May 1, 2012 10:58 PM PDT
In reply to: NEWS - May 02, 2012

PayPal might have passed the torch of the most phished brand to China's Taobao.com, but that doesn't mean that phishers and other scammers have stopped delivering emails supposedly sent by the e-commerce giant.

A new spam campaign misusing PayPal's name and bearing the panic-inducing subject line of "FW: You just sent a payment to [random name]" has been spotted yesterday: [Screenshot]

"The criminals believe (and from what we've seen, correctly) that when presented with the news that you just sent $100 to someone from your Paypal account, you will have a panic reaction and click on the link in the email. This is what they are counting on," says Gary Warner.

All the links offered in the email are designed to make the recipients land on a website hosting two javascripts that redirect them to another site hosting an exploit kit.

While the users are reassured by the "Please wait page is loading..." sign, the exploit kit drops a Java file that takes advantage of a vulnerability and drops and installs an executable on the targets' computer.

Continued : http://www.net-security.org/malware_news.php?id=2091

Collapse -
Scam Video Game Startup Yanked From Kickstarter After ..
by Carol~ Forum moderator / May 1, 2012 11:45 PM PDT
In reply to: NEWS - May 02, 2012
.. After Raising Thousands

A project soliciting funds for a new video game to compete with the likes of World of Warcraft and Skyrim has been pulled from the crowd funding website Kickstarter after it became clear that the proposal was a sham.

Mythic: The Story of Gods and Men raised $4,739 from 83 backers before it was cancelled, reportedly by the project creator, on April 28. The account of the project's creator, "Little Monster Productions" has also been removed from Kickstarter.

Mythic was pitched to the kickstarter crowd last week as an "action/strategy based RPG (role playing game)" from a team of seasoned game developers that would allow players to take the roles of heroes or villains in ancient biblical, Greek or Egyptian myths. It attracted a flurry of interest early on promising partnerships with animation giant Pixar studios and a soundtrack from Disney Studios. Backers were promised copies of the soundtrack, t-shirts and even replica artwork inspired by the game. [VIDEO]

Continued : http://threatpost.com/en_us/blogs/scam-video-game-startup-yanked-kickstarter-after-raising-thousands-050112

"Mythic: The Story of Gods and Men" Game Was a Scam, Project Terminated
Kickstarter game 'Mythic: The Story of Gods and Men' outed as scam
Collapse -
Institute for National Security Studies (Israel) falls prey
by Carol~ Forum moderator / May 2, 2012 12:20 AM PDT
In reply to: NEWS - May 02, 2012
.. to Poison Ivy infection

From Websense Security Labs Blog:

The Websense ThreatSeeker Network has detected that the Institute for National Security Studies (INSS) website in Israel was injected with malicious code. INSS is described in its website as an independent academic institute that studies key issues relating to Israel's national security and Middle East affairs.

While we can't determine that the infection of this website with exploit code is part of a targeted attack, one could deduce that visitors to this type of site are likely to have an interest in national security or are occupied in this field. The website appears to be injected with malicious code for over a week now. (Websense' ACE provided protection against the type of injected malicious code since early 2009)

One of the interesting facts about this infection is that it uses the same Java exploit vector (CVE-2012-0507) that managed to infect around 600,000 Mac users in a massive scatter attack dubbed Flashback a few weeks ago.

It's also worth noting that in the last few months, Israeli websites have been under continuous cyber-based threats and attacks. We don't think that this latest infection is part of an organized mass infection campaign but is probably just part of that trend. We continue to look for additional websites leading to the exploit website.

Continued : http://community.websense.com/blogs/securitylabs/archive/2012/05/02/the-israeli-institute-for-national-security-studies-lead-to-a-posionivy-infection-flow.aspx
Collapse -
Oxford Muses on Mac Flashback: Worst Outbreak Since Blaster
by Carol~ Forum moderator / May 2, 2012 3:05 AM PDT
In reply to: NEWS - May 02, 2012

From the F-Secure Antivirus Research Weblog:

So how bad was last month's Mac Flashback outbreak and who suffered the most? Our guess: it was bad, and university IT help desks. And it looks like our guess might not be far off the mark.

Oxford University Computing Services' network security team (aka OxCERT) has written that they dealt "with what is probably the biggest outbreak since Blaster struck the Windows world all the way back in the summer of 2003."

OxCERT dealt with around 1000 incidents for Blaster. They've seen several hundred Flashback incidents... "and they keep on coming." [Screenshot]

Other institutions, such as The University of Manchester, have detailed that the large number of infections exist mainly within halls of residence. [Screenshot]

Continued : http://www.f-secure.com/weblog/archives/00002355.html

Also: Oxford University IT staff 'somewhat overwhelmed by Mac malware'

Collapse -
Microsoft Detects New Malware Targeting Apple Computers
by Carol~ Forum moderator / May 2, 2012 5:07 AM PDT
In reply to: NEWS - May 02, 2012

Microsoft has detected a new piece of malware targeting Apple OS X computers that exploits a vulnerability in the Office productivity suite patched nearly three years ago.

The malware is not widespread, wrote Jeong Wook Oh of Microsoft's Malware Protection Center. But it does show that hackers pay attention if it's found people do not apply patches as those fixes are released, putting their computers at a higher risk of becoming infected.

"Exploiting Mac OS X is not much different from other operating systems," Oh wrote. "Even though Mac OS X has introduced many mitigation technologies to reduce risk, your protection against security vulnerabilities has a direct correlation with updating installed applications."

The security update that Microsoft released in June 2009, MS09-027, addressed two vulnerabilities that could be used by an attacker to gain remote control over a machine and run other code. Both vulnerabilities could be exploited with a specially-crafted Word document.

Continued : http://www.pcworld.com/businesscenter/article/254823/microsoft_detects_new_malware_targeting_apple_computers.html

Also: New Malware Found Exploiting Mac OS X Snow Leopard

@ the Microsoft Malware Protection Center: An interesting case of Mac OSX malware

Popular Forums
Computer Help 51,912 discussions
Computer Newbies 10,498 discussions
Laptops 20,411 discussions
Security 30,882 discussions
TVs & Home Theaters 21,253 discussions
Windows 10 1,672 discussions
Phones 16,494 discussions
Windows 7 7,855 discussions
Networking & Wireless 15,504 discussions


Want to see the future of car technology?

Brian Cooley found it for you at CES 2017 in Las Vegas and the North American International Auto Show in Detroit.