Spyware, Viruses, & Security forum


NEWS - May 11, 2012

by Carol~ Moderator / May 10, 2012 11:15 PM PDT
Police arrest alleged 'TeamPoison' hacker in Newcastle

Another alleged teenage member of the 'TeaMp0isoN' hacking group accused of carrying out a jamming attack on Scotland Yard's counter-terrorism hotline last month has been arrested by police.

Identified as using the online name 'MLT', the unnamed 17 year-old from Newcastle was arrested by local police on 9 May on suspicion of offences under the Computer Misuse Act.

Last month, two other alleged members of the same group aged 17 and 16 were arrested in connection with the same offence during which the phone number was bombarded with automated Skype calls over a 24-hour period.

Part of that incident was a claimed recording of a phone conversation between counter-terror officials, later posted on public websites.

Continued : http://news.techworld.com/security/3356961/police-arrest-alleged-teampoison-hacker-in-newcastle/

MLT - Suspected member of TeamPoison hacking gang arrested
Another alleged TeamPoison hacker arrested
Team Poison hacking inquiry: UK teenager arrested
TeaMp0isoN Member MLT Arrested in Newcastle
Discussion is locked
You are posting a reply to: NEWS - May 11, 2012
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - May 11, 2012
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
The Amnesty International UK website was compromised to..
by Carol~ Moderator / May 11, 2012 12:02 AM PDT
In reply to: NEWS - May 11, 2012
The Amnesty International UK website was compromised to serve Gh0st RAT

From the Websense Security Labs Blog:

Between May 8 and 9, 2012, the Websense ThreatSeeker Network detected that the Amnesty International United Kingdom website was compromised. The website was apparently injected with malicious code for these 2 days. During that time, website users risked having sensitive data stolen and perhaps infecting other users in their network. However, the website owners rectified this issue after we advised them about the injection. In early 2009, we discovered this same site was compromised, and in 2010, we reported another injection of an Amnesty International website, this time the Hong Kong site.

In the most recent case, we noticed that the exploit vector used was the same Java exploit (detailed in CVE-2012-0507) that has been used worldwide, and which has become somewhat infamous as the cause of the recent massive Mac OS X infection with Flashback.

The following is a screen shot of the detected code injection: [Screenshot]

In the screen shot, we can see the similarities between this injection and the INSS injection we reported last week. This clearly shows the use of the Metasploit framework and the precise name of the Java class used. In addition, the associated JAR file is a well-known vector exploit for the CVE-2012-0507, as shown below:

Continued : http://community.websense.com/blogs/securitylabs/archive/2012/05/11/amnesty-international-uk-compromised.aspx

Amnesty International's UK website served up Gh0st RAT for two days
Amnesty International UK Site Hijacked, Serves Ghost RAT
Amnesty UK website hacked to serve lethal Gh0st RAT Trojan
Collapse -
UNC-Charlotte Data Breaches Expose 350,000 SSN's & Much More
by Carol~ Moderator / May 11, 2012 12:02 AM PDT
In reply to: NEWS - May 11, 2012

Confidential data, including bank account and Social Security numbers for some 350,000 University of North Carolina-Charlotte students, staff and faculty, were accidentally exposed -- some for almost 15 years -- due to a system misconfiguration and incorrect access settings that made electronic data publicly available.

The school on Wednesday released a statement on an investigation it launched in February after staff discovered the data breach. The investigation revealed two separate incidents exposed data such as names, addresses, Social Security numbers and financial account information provided during university transactions.

One incident involved misconfigurations and incorrect access settings made during a general university system upgrade that left data stored on the university's H: drive exposed on the Internet from Nov. 9, 2011 to Jan. 31, 2012.

The second involved improperly stored sensitive data belonging to the school's College of Engineering that allowed for unauthorized access from 1997 until February 2012.

Continued : http://threatpost.com/en_us/blogs/unc-charlotte-data-breaches-expose-350000-social-security-numbers-and-much-more-051012

Also: UNC Charlotte: 350,000 SSNs Exposed in Decade-long Data Breach

Collapse -
Opera 11.64 closes critical code execution hole
by Carol~ Moderator / May 11, 2012 12:03 AM PDT
In reply to: NEWS - May 11, 2012

Version 11.64 of the Opera web browser has been released, closing a critical hole that could have been exploited by attackers to inject malicious code into a victim's system. According to the company, some undisclosed formulations of URLs caused the browser to allocate the incorrect amount of memory for storing the address. When the program attempted to store the address, unrelated memory could have been overwritten with an attacker's data, resulting in a crash and the execution of arbitrary code.

Non-security-related fixes include correcting an issue that prevented some secure pages, such as PayPal and eBay, from loading, and problems when using the AMD loader from the Dojo Toolkit. A full list of the fixes and improvements in the update can be found in the Windows, Mac and UNIX change logs. Version 11.64 of Opera is available to download for Windows, Mac OS X, Linux, FreeBSD and Solaris.

Continued : http://www.h-online.com/security/news/item/Opera-11-64-closes-critical-code-execution-hole-1573877.html

Collapse -
Malware Masquerades as Flash Player for Android
by Carol~ Moderator / May 11, 2012 12:03 AM PDT
In reply to: NEWS - May 11, 2012

From TrendLabs Malware Blog:

Last month, we have seen cybercriminals use the popularity of apps like Instagram and Angry Birds Space to deliver malware on Android phones. This time, we spotted the same social engineering tactic using Adobe's name.

[Screenshot: Website Hosting Fake Adobe Flash Player]

This webpage is also found to be hosted on Russian domains, similar to the fake Instagram and Angry Birds Space apps that we previously reported. To further entice users into downloading the fake Adobe Flash Player app, the text on the webpage claims that it is fully compatible with any Android OS version: [Screenshot]

When users opt to download and install the said fake app, the site connects to another URL to download malicious .APK file, which Trend Micro detects as ANDROIDOS_BOXER.A. ANDROIDOS_BOXER.A is a premium service abuser, which means it sends messages to premium numbers without the user's permission, thus leading to unwanted charges. This type of Android malware is just one of the types we were able to identify in our infographic, A Snapshot of Android Threats.

Continued : http://blog.trendmicro.com/malware-masquerades-as-flash-player-for-android/

Collapse -
FBI: Updates Over Public 'Net Access = Bad Idea
by Carol~ Moderator / May 11, 2012 12:03 AM PDT
In reply to: NEWS - May 11, 2012

The Federal Bureau of Investigation is advising travelers to avoid updating software while using hotel or other public Internet connections, warning that malicious actors are targeting travelers abroad through pop-up windows while they are establishing an Internet connection in their hotel rooms.

From the FBI's advisory:

"Recently, there have been instances of travelers' laptops being infected with malicious software while using hotel Internet connections. In these instances, the traveler was attempting to set up the hotel room Internet connection and was presented with a pop-up window notifying the user to update a widely used software product. If the user clicked to accept and install the update, malicious software was installed on the laptop. The pop-up window appeared to be offering a routine update to a legitimate software product for which updates are frequently available."

The warning is a good opportunity to revisit some wireless safety tips I've doled out over the years. Avoid updating software while you're using networks that are untrusted and public, whether they are wired or wireless. This generally means Wi-Fi networks like those available in hotels and coffee shops, and even wired connections at hotels. The only exception I make to this rule is when I have a device that is tethered to the 3G connection on a mobile phone. But even this can be dicey, because many laptops and mobile devices will switch over to available Wi-Fi networks in the event that the 3G signal dies.

Continued : http://krebsonsecurity.com/2012/05/fbi-updates-over-public-net-access-bad-idea/

Related to: FBI issues warning on hotel Internet connections

Collapse -
FixMeStick: USB device for removing malware
by Carol~ Moderator / May 11, 2012 12:41 AM PDT
In reply to: NEWS - May 11, 2012
FixMeStick has launched the first ever, consumer-ready USB device for removing viruses from infected PCs.

The principles of the FixMeStick are not new to security IT professionals: multiple anti-virus engines increase the number of detectable viruses, and clean external scanning devices prevent viruses from hiding or from interfering with their removal. But, for the first time, FixMeStick has built these principles into a ready-to-go USB device.

"This is about enabling everyone to rid their machines of malware," says co-founder Marty Algire. "And it will help people continue to enjoy their computers and the Internet."

The FixMeStick costs $49.99 for an unlimited number of uses on three PCs per year. Renewals can be purchased for $24.99 annually.

The FixMeStick is powered by three of the biggest names in anti-virus software: Kaspersky Lab, Sophos, and GFI.

Continued : http://www.net-security.org/malware_news.php?id=2104

FixMeStick Launches USB Device For Removing Computer Viruses
FixMeStick, Malware-Remover USB Stick (Video)

From the FixMeStick Blog: Why We Built the FixMeStick
Collapse -
New .secure Internet Domain On Tap
by Carol~ Moderator / May 11, 2012 12:41 AM PDT
In reply to: NEWS - May 11, 2012

" 'Safe neighborhood' top-level domain will require SSL, DNSSEC, and other security measures for websites"

A new top-level domain (TLD) in the works for the Internet will bake security in from the outset: The .secure domain will require fully encrypted HTTPS sessions and a comprehensive vetting process for websites and their operators. If the new domain takes off, it could shift the way Web domains are secured.

It's basically a "safe neighborhood" on the Net, its creators say, and is one of the first next-generation TLDs to emerge from the new Internet Corporation for Assigned Names and Numbers (ICANN) program that opens up the TLDs beyond the 21 existing global domains that include .com, .org, .net, and .edu. Artemis Internet Inc., a wholly owned subsidiary of NCC Group plc, has applied with ICANN for the new .secure domain in the competition for thousands of new TLDs aimed at better classifying companies and people by industry, interest, or location.

"'Effortless security' is our tagline," says Alex Stamos, CTO at Artemis. "Right now, when you go to .com, you have to look for five different visual clues to figure out what's going on" security-wise, Stamos says. "If you type .secure, you're telling the server or organization that you want to communicate with that you want to be safe and expect them to be as safe as possible. All of that security stuff is taken care of for you."

Continued : http://www.darkreading.com/authentication/167901072/security/security-management/240000187/new-i-secure-i-internet-domain-on-tap.html

Collapse -
CERT Warns On Critical Hole In SCADA Software By Italian..
by Carol~ Moderator / May 11, 2012 3:43 AM PDT
In reply to: NEWS - May 11, 2012
.. Firm Progea

The U.S. Department of Homeland Security issued a bulletin on Thursday warning readers about a previously undisclosed, critical vulnerability in Movicon 11, a product used to manage critical infrastructure including the manufacturing, energy and water sectors.

DHS's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) posted an advisory on May 10 that warned customers of Progea Srl that a memory corruption vulnerability in the Movicon Human Machine Interface (HMI) software could allow a remote attacker to knock Movicon devices offline using a specially crafted HTTP POST request sent to the Movicon OPC server component. Progea has issued a fix for the problem, which affects Movicon devices running Versions of the Movicon software up to and including version 11.3, ICS-CERT said in its advisory.

The vulnerability was discovered and reported by Dillon Beresford, a SCADA and ICS researcher who works for IXIA. If left unpatched, the vulnerability would allow a remote attacker to force the Movicon server to read in invalid memory address, crashing the device. However, the vulnerability of actual devices deployed in the field will depend on environmental factors at each customer site. ICS-CERT urged Progea customers to assess their vulnerability to attack.

Continued : http://threatpost.com/en_us/blogs/cert-warns-critical-hole-scada-software-italian-firm-progea-051112

See Vulnerabilities & Fixes: Movicon OPC Server HTTP Post Denial of Service Vulnerability
Collapse -
Mother's Day a Lure for Fake Gift Offers
by Carol~ Moderator / May 11, 2012 3:43 AM PDT
In reply to: NEWS - May 11, 2012

From the McAfee Labs Blog:

Mother's Day is normally celebrated by people to express their love for their mothers. We sometimes buy them special gifts such as watches, antiques, greeting cards, or flowers. Spammers also celebrate Mother's Day, but with a different goal in mind.

As always, spammers like to take advantage of special occasions and festivals. Currently we see a trend in spam mails offering fake Rolex watches as the perfect gift on Mother's Day. Should you buy one of these fake watches for your mother, or for anyone? Not from these people. Watch out for these emails and don't click on the links in them.

Here are several common subject lines for Mother's Day spam:

• Make your mother happy
• Mother's day stock
• Mother's Day inventory
• All about MOM

Continued : http://blogs.mcafee.com/mcafee-labs/mothers-day-a-lure-for-fake-gift-offers

Collapse -
Anonymous takes on Putin's Russian Kremlin
by Carol~ Moderator / May 11, 2012 3:44 AM PDT
In reply to: NEWS - May 11, 2012

Cyber activists associated with the Anonymous collective temporarily downed President Vladimir Putin's web site on Wednesday.??

The activists said they were protesting the controversial renewal of Putin's presidential term for yet another six years, which has sparked a wave of demonstrations in Moscow's city streets.?

The Kremlin's Internet security division responded to the above-mentioned pwnage by telling Reuters: "All the relevant departments are taking the necessary measures to counteract (such) attacks.?

"This is routine work. There is always some external influence. Today we are witnessing a splash of activity (by the attackers) ... (But) they failed to achieve their goal."

In other Anonymous related news, the Pirate Bay has gone on record as criticizing Anonymous for taking down the Virgin Media website over its blocking of the Pirate Bay file sharing site, as per a recent order from the U.K. High Court .

"We do NOT encourage these actions. We believe in the open and free Internets, where anyone can express their views. Even if we strongly disagree with them and even if they hate us," The Pirate Bay wrote on its Facebook page.??

Continued : http://www.tgdaily.com/security-features/63303-anonymous-takes-on-putins-russian-kremlin

Also: Anonymous takes the Kremlin offline in Putin protest

Collapse -
IC3 2011 Internet Crime Report Released
by Carol~ Moderator / May 11, 2012 5:25 AM PDT
In reply to: NEWS - May 11, 2012

FBI Press Release:

"More Than 300,000 Complaints of Online Criminal Activity Reported in 2011"

The Internet Crime Complaint Center (IC3) today released the 2011 Internet Crime Report—an overview of the latest data and trends of online criminal activity. According to the report, 2011 marked the third year in a row that the IC3 received more than 300,000 complaints. The 314,246 complaints represent a 3.4 percent increase over 2010. The reported dollar loss was $485.3 million. As more Internet crimes are reported, IC3 can better assist law enforcement in the apprehension and prosecution of those responsible for perpetrating Internet crime.

In 2011, IC3 received and processed, on average, more than 26,000 complaints per month. The most common complaints received in 2011 included FBI-related scams—schemes in which a criminal poses as the FBI to defraud victims—identity theft, and advance-fee fraud. The report also lists states with the top complaints, and provides loss and complaint statistics organized by state. It describes complaints by type, demographics, and state.

"This report is a testament to the work we do every day at IC3, which is ensuring our system is used to alert authorities of suspected criminal and civil violations," said National White Collar Crime (NW3C) Center Director Don Brackman. "Each year we work to provide information that can link individuals and groups to these crimes for better outcomes and prosecution of cases."

Continued : http://www.fbi.gov/news/pressrel/press-releases/ic3-2011-internet-crime-report-released

Report: 2011 Internet Crime Report (pdf)

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?