NEWS - May 26, 2011

Use Safari on your Mac? Make sure you change the default settings

Mac malware is making big headlines, with numerous reports of users being affected.

The latest attacks don't even need you to enter a username or password to install their fake anti-virus attacks onto your Mac.

With more variants of the malware appearing all the time, we've clearly reached a tipping point - and it wouldn't be a surprise to see more cybercriminals trying to take advantage of the many Mac users who haven't properly protected themselves with anti-virus software.

Aside from anti-virus software (and, by the way, you can't claim money is a reason why you haven't protected your Macs, as we offer a free anti-virus for Mac home users, there are some other steps you can take which might reduce your exposure to attack.

One step, for instance, that every Mac users should consider is changing the default settings in Apple's Safari browser.

Apple made a poor decision when setting the defaults for Safari, allowing so-called "safe" files to be automatically opened after downloading. This can obviously be exploited by malware attacks, such as the fake anti-virus campaigns that we have been seeing recently. [Screenshot]

Continued :

Discussion is locked

Reply to: NEWS - May 26, 2011
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - May 26, 2011
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
- Collapse -
WordPress 3.1.3 and 3.2 Beta 2 released

The development team has released version 3.1.3 of its open source blogging and publishing platform; this is a maintenance and security update to WordPress 3.1 released in late February. According to the developers, the stable update features security hardening and taxonomy query hardening, and prevents the sniffing out of user names of non-authors by using canonical redirects.

WordPress 3.1.3 also introduces clickjacking protection in modern browsers on admin and login pages. In the event of an import not completing, the old import files will be cleaned up automatically. Other changes include media security fixes and improved file upload security.

At the same time, the developers also published a second beta of version 3.2 of WordPress. The latest beta adds support for Google's Chrome Frame in the admin area. The developers say that the admin area is now "less ugly" in Internet Explorer 7 (support for IE6 was dropped in the previous beta) and that the blue admin colour scheme is now ready for testing. jQuery 1.6.1 is now being bundled and users are advised to test any JavaScript that uses jQuery. Release candidate versions are planned for June, followed by a final version "by the end of the month".

Continued :

Also: WordPress 3.1.3 Contains Security Fixes and Clickjacking Protection

- Collapse -
About Microsoft's IE9 Malware Blocking Results

TrendLabs Malware Blog:

Yesterday, I read an article that reported how our counterparts at Sophos "slammed Microsoft" over its reported malware blocking stats for SmartScreen Application Reputation built-in Internet Explorer (IE) 7, 8, and 9.

This issue was much too interesting for me to not follow up with my own thoughts.

Having also read the Microsoft blog article as well as media reports, I was enticed to run a few checks.

I took a look at Trend Micro's own internal competitive benchmarking results. As you can see from the chart below, of those companies whose products we tested against, the security company closest to Trend Micro's own blocking rate was, in fact, Kaspersky.

In our test, IE9 achieved a less than 10 percent success rate for malicious URL blocking. So, while we cannot comment on the exact methodology used in Microsoft's own tests, we have to agree with Sophos' questioning of the rather surprising results Microsoft published. [Screenshot]

Continued :

Also: Trend Micro Joins Sophos in Criticizing Microsoft SmartScreen Stats

Related : Microsoft claims IE8 and 9 stop millions of malware attacks daily

- Collapse -
Insider data theft costs Bank of America $10 million

A Bank of America insider who sold customer data to criminals cost the bank at least US$10 million in losses.

Bank of America began notifying customers of the incident recently, but is not providing many details of the case which is still under investigation. The theft, "involved a now former associate who provided customer information to people outside the bank, who then used the information to commit fraud against our customers," said Bank of America spokeswoman Colleen Haggerty, in an email message.

The bank lost at least $10 million to the criminals, said James Kollar, a special agent with U.S. Secret Service in Los Angeles. "There was information that was coming from the bank to the outsiders," he said. "It was basically a check scam."

About 95 members of the loosely affiliated criminal gang behind the alleged fraud, including the bank employee, were swept up in a February 2011 law enforcement action, Kollar said. However, the names of the accused have not been released, and the court case is under seal as the investigation continues.

Continued :

See: Bank of America data leak destroys trust

- Collapse -
Internet Explorer: cookie theft made easy

Security researcher Rosario Valotta has discovered a zero-day hole in all versions of Internet Explorer that allows arbitrary cookies to be stolen on the net. Internet Explorer's security zone mechanism usually prevents sites in the internet zone from embedding local zone content, for instance from a user's hard disk, into iFrames; however, the researcher discovered that cookies appear to be exempt from this mechanism and can actually be loaded into iFrames. The cookies are then marked as invisible text and shifted from the iFrame to the main window by the user via drag&drop. To prevent users from noticing what was happening, Valotta packaged the whole thing in a game.

This is not a trivial attack: apart from having to solicit a user's co-operation so that the data can be extracted via drag&drop - something Valotta solved using a simple puzzle game in his demo video - a potential attacker must also know the exact path of the cookie. As that path contains the victim's Windows user name, the attacker needs to find this out beforehand.

Continued :

Related : Unpatched IE bug exposes sensitive Facebook creds

- Collapse -
35m Google Profiles dumped into private database

Proving that information posted online is indelible and trivial to mine, an academic researcher has dumped names, email addresses and biographical information made available in 35 million Google Profiles into a massive database that took just one month to assemble.

University of Amsterdam Ph.D. student Matthijs R. Koot said he compiled the database as an experiment to see how easy it would be for private detectives, spear phishers and others to mine the vast amount of personal information stored in Google Profiles. The verdict: It wasn't hard at all. Unlike Facebook policies that strictly forbid the practice, the permissions file for the Google Profiles URL makes no prohibitions against indexing the list.

What's more, Google engineers didn't impose any technical limitations in accessing the data, which is made available in an extensible markup language file called profiles-sitemap.xml. The code he used for the data-mining proof of concept is available here.

Continued :

- Collapse -
New Facebook scam takes you to fake YouTube site

Facebook's no stranger to scams, and a new one hit the site a few days ago that's been spreading like wildfire - and bringing malware with it. This particularl scam, true to form, comes in the form of a wall post advertising a video that tries to tempt your weaker, sicker side.

The link reads "This woman has a [sic] orgasm on a roller coaster! LOL," and claims to show you the video in return for filling out a short survey. If you're even somewhat Internet savvy, you know that when a survey promises to show or give you something that means it's illegitimate. What makes this particular scam somewhat more convincing (more so for the particular gullible or web-illiterate) is that it first takes users to a faux YouTube page. If you take notice of the URL - which is not - it's obvious you're in some dangerous territory. [Screenshot: Scam Link]

You'll also be asked to verify that you aren't a spammer via a captcha on the page, something YouTube would never require. There's code in this that will then post the original video link as a comment to you friends' posts. Submit your text into the captcha and you're then asked to complete one of a variety of surveys.

This scam is only minimally more sophisticated than most that hit the site, but it's also a particularly embarrassing one to spam all your friends with.

- Collapse -
Mac OS X Malware is here for real

According to F-Secure Weblog:

In 1990s, we used to have a Mac product. It eventually got discontinued due to lack of threats.

Then, in October 2007, we saw something unusual: a DNS Changer Trojan for OS X.

We estimated the risk level of new Mac malware and as a result, we started developing F-Secure Anti-Virus for Mac.

While we have seen new Mac malware every now and then, many experts have been downplaying the malware risk on Mac OS X systems. But the fact is that we are seeing more and more activity.

Just during the last week, we've seen a significant rise on infections with the Mac rogue trojans. These are trojans distributed via poisoned Google Image Search links.

These trojans trick the user into believing their Mac is infected - when it's actually clean. Once the user is convinced he has a problem, he will download and purchase a fake security product called MacDefender, MacSecurity, MacProtector or MacGuard.

The trick is actually quite convincing. User is redirected to a web page which doesn't look like a web page at all. Instead it resembles Mac's Finder: [Screenshot]

Continued :

- Collapse -
Bill Giving Feds Power to Blacklist Piracy Sites Advances

Antipiracy legislation that would dramatically increase the government's legal power to disrupt and shutter websites "dedicated to infringing activities" cleared a major legislative hurdle Thursday.

Two weeks after being introduced, the Senate Judiciary Committee unanimously advanced the package to the Senate floor.

The Protect IP Act, (.pdf) introduced by 11 senators of all stripes, would grant the government the authority to bring lawsuits against these websites, and obtain court orders requiring search engines like Google to stop displaying links to them.

The proposal, whose main sponsor is Sen. Patrick Leahy (D-Vermont), is an offshoot to the Combating Online Infringement and Counterfeits Act introduced last year. It was scrapped by its authors in exchange for the Protect IP Act in a bid to win Senate passage.

Under the old COICA draft, the government was authorized to obtain court orders to seize so-called generic top-level domains ending in .com, .org and .net. The new legislation, with the same sponsors, narrows that somewhat.

Instead of allowing for the seizure of domains, it allows the Justice Department to obtain court orders demanding American ISPs stop rendering the DNS for a particular website - meaning the sites would still be accessible outside the United States.

Continued :

- Collapse -
Fake Lotto for Indian Premier League

There has been yet another spam attack on the widely followed game of cricket. Earlier this year, Symantec reported about a spam attack that targeted the Cricket World Cup. It is now time for the Indian Premier League (IPL). With the playoffs in progress and the grand finale just two matches away, it is not surprising to see spammers trying to make the best of it.

We have observed IPL scam, in the wild, promoting an IPL lottery. Were the IPL honchos promoting a sweepstake of this sort? We did our research and the answer is no. So, where did this offer come from? We investigated further and found that it was from a compromised machine from the suburbs of Mumbai, India.

Below is the spam sample: [Screenshot]

So what is this scam all about? Our analysis found out that it comes from a fake "IndianPremier League Fiduciary Agent- claim department" and speaks about a whooping amount of "(Rs/-56,80,708.00) Fifty Six Lacs Eighty Thousand Seven Hundred and Eight India Rupees". What does a user have to do to get this coveted cheque/demand draft? As is customary with such scams, there is a list of information that needs to be provided along with personal details such as:

Continued :

- Collapse -
Honda Canada warns customers of data breach

"Automaker cites 'unauthorized access' of customers' personal data; few details disclosed"

Honda Canada has issued a warning that a data breach exposed the personal data of an unspecified number of customers.

The company hasn't yet disclosed details on how the company's systems were breached, or when the data was accessed.

A Honda spokesman in Canada did not immediately respond to a request for information about the breach.

An undated alert posted on the company's Web site warned users of "unauthorized access of some customer data," including customer names, addresses, Vehicle Identification Numbers, and in the case of a small number of customers, Honda Financial Services account numbers.

The breach involved data that was on a mailing list used by Honda in 2009 for a marketing program.

"The mailings all took place in 2009, however; the unauthorized access took place recently," the company claimed in its alert. "Upon detection, immediate action was taken to prevent further unauthorized access."

The data that was exposed is unlikely to result in identity theft because it did not include details such as Social Security numbers, driver's license information, birth dates, phone numbers and credit card numbers, Honda claimed in its notice.

Continued :

- Collapse -
Is Google Wallet Secure? What You Need to Know

Google announced its long-awaited mobile payments platform, Google Wallet, in New York City on Thursday. The company claims it will revolutionize commerce. But with stories about massive data breaches and hacks an almost daily occurance, consumers are most concerned about whether Google Wallet is secure. Here's what you need to know.

The article addresses the following:

• Google Wallet -- sounds cool! What is it?
• So I can hook all my credit cards up to it? Cool!
• How will Google Wallet be secured?
• What, a couple PINs to protect all my credit cards? That sounds scarily insecure!
• OK, So you mentioned that thing about a hacker stealing all my credit card information. Google's going to make sure that won't happen, right?
• Uh huh... So you mentioned that thing about a hacker stealing all my credit card information...
• OK. That's all scary and depressing. Tell me something else cool that you can do with Google Wallet!
• Are there any other ways that Google's Wallet kicks my wallet's butt?

Continued :

Google Wallet Related: Google Wallet teams with Citi, MasterCard

- Collapse -
Sony Begins Providing ID Theft Protection for PlayStation

Sony has begun sending out formal emails advising users of its PlayStation Network how to sign up for the identity theft protection services it said it would offer customers.

Sony also said Tuesday that the PlayStation online store would remain down until the end of the month.

"Sony Computer Entertainment and Sony Network Entertainment have made arrangements with Debix to offer AllClear ID PLUS to eligible PlayStation Network and Qriocity account holders in the United States who are concerned about identity theft," Sony said in an email sent Wednesday afternoon.

The service will provide 12 months of alerts to help protect users from identity theft, as well as provide ID theft insurance coverage (up to $1 million, Sony has said previously) as well as hands-on help from fraud investigators.

To qualify, users must have held active PlayStation accounts as of April 20, and be residents of the U.S. If a user qualifies, he or she needs to submit an email address to Sony's identity-theft protection site by June 28.

"Please note, you must enter the same email address used to register your PlayStation Network or Qriocity account," Sony said. Once your email address is validated, you will be sent your AllClear ID PLUS activation code."

Continued :,2817,2385909,00.asp

Also: Playstation Network Down Still as Sony Rolls Out New Identity Theft Protection Measures

CNET Forums

Forum Info