Spyware, Viruses, & Security forum

Alert

NEWS - November 01, 2011

by Carol~ Moderator / October 31, 2011 10:15 PM PDT
'Nitro' Attacks: China-Based Hacker Targeted Chemical Firms, Symantec Reports

At least 48 chemical and defense companies were victims of a coordinated cyber attack that has been traced to a man in China, according to a new report from security firm Symantec Corp.

Computers belonging to these companies were infected with malicious software known as "PoisonIvy," which was used to steal information such as design documents, formulas and details on manufacturing processes, Symantec said on Monday.

It did not identify the companies, but said they include multiple Fortune 100 corporations that develop compounds and advanced materials, along with businesses that help manufacture infrastructure for these industries.

The bulk of the infected machines were found in the United States, Bangladesh and United Kingdom, Symantec said, adding that the victims include 29 chemicals companies, of which some developed advanced materials used in military vehicles.

"The purpose of the attacks appears to be industrial espionage, collecting intellectual property for competitive advantage," Symantec said in a white paper on the campaign, which the company dubbed the "Nitro" attacks.

Continued : http://www.huffingtonpost.com/2011/10/31/nitro-attacks-china-hacker-chemical-firms-symantec_n_1067978.html

Also:
Symantec uncovers Nitro attacks targeting chemical industry
Hackers Hit Chemical Makers in 'Nitro' Attack, Symantec Says
'Nitro' hackers use stock malware to steal chemical, defense secrets
'Nitro' Hackers Reportedly Attack Dozens of Companies in Chemical, Defense Industries
Discussion is locked
You are posting a reply to: NEWS - November 01, 2011
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - November 01, 2011
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Researchers propose simple fix to thwart e-voting attack
by Carol~ Moderator / October 31, 2011 10:24 PM PDT

Researchers have devised a simple procedure that can be added to many electronic voting machine routines to reduce the success of insider attacks that attempt to alter results.

The approach, laid out in a short research paper (PDF), augments the effectiveness of end-to-end verifiable election systems, such as the Scantegrity and the MarkPledge. They're designed to generate results that can be checked by anyone, by giving each voter a receipt that contains a cryptographic hash of the ballot contents.

The researchers propose chaining the hash of each receipt to the contents of the previous receipt. By linking each hash to the ballot cast previously, the receipt serves not only as a verification that its votes haven't been altered, but also as confirmation that none of the votes previously cast on the same machine have been tampered with.

The procedure is intended to reduce the success of what's known as a trash attack, in which election personnel or other insiders comb through the contents of garbage cans near polling places for discarded receipts. The presence of the discarded receipts is often correlated with votes that can be altered with little chance of detection.

Continued : http://www.theregister.co.uk/2011/11/01/electronic_voting_fraud_mitigation/

Also: Microsoft Research Proposes E-Voting Attack Mitigation

Collapse -
Juniper ties up with Samsung for mobile security push
by Carol~ Moderator / October 31, 2011 10:24 PM PDT

Juniper Networks has integrated its Junos Pulse security platform with Samsung's Android handset line, adding a number of features not currently offered on other Android devices.

The integration provides SSL VPN connections so that smartphones and tablets can interact securely with enterprise networks, and allows administrators to remotely scan systems for malware as well as manage and remove software without the need for user interaction.

The features build on Junos Pulse, the mobile security and management platform offered for iOS, Windows Phone and BlackBerry devices as well as Android.

Stefano Landi, senior director of strategic alliances at Juniper, told V3 that the partnership with Samsung is part of an effort to extend the reach of Junos Pulse in the Android handset space.

"Its not just about securing or managing the device or securing the connection. It's about offering the full suite," he said.

Continued : http://www.v3.co.uk/v3-uk/news/2121431/juniper-ties-samsung-mobile-security-push

Also: Samsung devices to get Juniper SSL VPN security

Collapse -
A little too chatty?
by Carol~ Moderator / October 31, 2011 10:24 PM PDT

There's a program called ChatSend currently doing the rounds on Facebook, and at time of writing just over 114,000 people have hit the "Like" button which no doubt means a high proportion of that tally have downloaded and installed it. Including one in my stream - [Screenshot]

The link directs to the Facebook page of ChatSend where one can readily download the app. Upon execution, it shows a GUI containing its Terms of Service and Privacy Policy. The GUI, however, is narrow and the text is not wrapped within the width of the text box, which makes it difficult for users to read as they need to scroll from left to the farthest right. [Screenshot]

Note the pre-ticked boxes that will install the toolbar in all browsers, set web search as default and change the homepage. [Screenshot]

After installing, a window pops up to inform users that there has been an error in installing the program; however, it installs just fine. [Screenshot]

Not only does the program send the message seen in the first screenshot without notification, it also sends the same message via Facebook chat (if enabled) to all, too. [Screenshot]

Continued : http://sunbeltblog.blogspot.com/2011/10/little-too-chatty.html

Collapse -
Socialbot Network finds it easy to harvest data from ..
by Carol~ Moderator / October 31, 2011 11:34 PM PDT
.. Facebook users

Researchers have claimed that Facebook's inbuilt security systems are "not effective enough" at stopping automated identity theft, after running a large-scale infiltration of the network using Socialbots.

In their paper, "The Socialbot Network: When Bots Socialise for Fame and Money", researchers from the University of British Columbia describe how they managed to collect private data from thousands of complete strangers on Facebook, and infiltrate their friend networks, using "socialbots".

The researchers - Yazan Boshmaf, Ildar Muslukhov, Konstantin, Beznosov and Matei Ripeanu - explain that a socialbot is automated software that can control a social networking account, and can perform basic functions such as posting messages and friend requests.

Importantly, socialbots attempt to pass themselves off as being a real, living human being rather than computer code.

Although Facebook puts steps in place to try to avoid the automated creation of accounts, the researchers relate how it would be possible to use online services to break CAPTCHAs, and populated their bogus accounts' profile images with attractive photos from HotOrNot.

Continued : http://nakedsecurity.sophos.com/2011/11/01/socialbot-network-harvest-data-facebook/
Collapse -
Secure replacement for the Certificate Authority System
by Carol~ Moderator / October 31, 2011 11:34 PM PDT
Convergence is a secure replacement for the Certificate Authority System.

Rather than employing a traditionally hard-coded list of immutable CAs, Convergence allows you to configure a dynamic set of Notaries which use network perspective to validate your communication.

Convergence allows you to choose who you want to trust, rather than having someone else's decision forced on you. You can revise your trust decisions at any time, so that you're not locked in to trusting anyone for longer than you want.

Convergence makes it easy for anyone to run their own trust notary. Each notary can only make security decisions for the clients that have chosen to trust it -- so the security, integrity, or accuracy of a notary does not effect those who haven't selected it.

Continued : http://www.net-security.org/secworld.php?id=11866
Collapse -
Android Reverse Engineering Toolset Debuts
by Carol~ Moderator / October 31, 2011 11:35 PM PDT

The Android platform has become one of the go-to choices for developers and device manufacturers in the last year or so, and that popularity has of course attracted the attention of attackers who have been busily coding up as much malware as they can for the platform. They've been quite successful, with hits such as DroidDream and its sequels popping up in dozens of compromised apps in the Android Market this year. Now, defenders are getting some tools of their own to help address the problem, with the release of the Android Reverse Engineering suite.

The ARE toolset is implemented as a virtual machine, and it gives users a slew of individual tools that they can use to analyze and take apart pieces of Android malware on a desktop PC in a safe environment. The system, which was developed by the French contingent of the Honeynet Project, comprises 10 separate tools, including Androguard and the Android SDK. The full list of tools includes:

• Androguard
• Android sdk/ndk
• APKInspector
• Apktool
• Axmlprinter
• Ded
• Dex2•jar
• DroidBox
• Jad
• Smali/Baksmali

The Android platform has quickly emerged as the favorite mobile platform for malware writers in 2011. The various waves of DroidDream malware that have washed up in the Android Market are the most prominent example, but there have been a number of other, smaller attacks, as well....

Continued : http://threatpost.com/en_us/blogs/android-reverse-engineering-toolset-debuts-110111

Collapse -
Guilty Verdict in Record-Breaking Swedish File-Sharing Case
by Carol~ Moderator / October 31, 2011 11:35 PM PDT

A guilty verdict has been handed down in Sweden's largest-ever personal file-sharing trial. The 58-year-old female defendant avoided a jail sentence for sharing more than 45,000 songs online but now faces probation, a fine equivalent to 50 days pay, plus the costs of her defense. Pirate Part leader Anna Troberg described the verdict as "tragic".

Last month, a Swedish court heard the case against a woman accused of sharing 45,000 music tracks online. No other personal file-sharing case in the country had ever considered so many alleged infringements.

The case dated back to the 58-year-old's alleged actions in 2007, although it took a full year after IFPI's investigation for her house to be visited by authorities. During the search a Direct Connect client was found installed on a computer, complete with logs which were later shown to contain entries backing up IFPI's investigation.

Prosecutor Fredrik Ingblad said that the defendant was guilty of sharing the tracks either deliberately or through criminal negligence.

The main point in the case from the defense, that the 58-year-old did not have the technical knowledge to understand that uploading as well as downloading was being carried out, failed to convince the court of the woman's innocence, not least because she holds down the job of a systems administrator.

Continued : http://torrentfreak.com/guilty-verdict-in-record-breaking-swedish-file-sharing-case-111101/

Collapse -
Half of all spam is relayed via Asian computers
by Carol~ Moderator / October 31, 2011 11:35 PM PDT

Do you take enough care over your personal computer? Have you kept it up-to-date with the latest anti-virus software and security patches?

Those are the kinds of questions you have to ask yourself if you want to avoid contributing to the "Dirty Dozen", Sophos's regular research into the countries which are relaying the most spam messages.

Sophos's latest report reveals that, although the USA remains the single worst offender, Asian nations contributed a significantly higher proportion of global spam than for the same period in Q3 2010.

Jumping up the table five places, South Korea is second to the USA, contributing 9.6% of all global spam emails. Several Asian nations - Indonesia, Pakistan, Taiwan and Vietnam - have joined the Dirty Dozen since Q3 2010, with India dropping to third place behind South Korea and being responsible for relaying 8.8% of the world's spam.

Continued : http://nakedsecurity.sophos.com/2011/11/01/half-of-all-spam-is-relayed-via-asian-computers/

Collapse -
UK Cops Using Fake Mobile Phone Tower to Intercept Calls,
by Carol~ Moderator / November 1, 2011 2:52 AM PDT
.. Shut Off Phones

Britain's largest police force has been using covert surveillance technology that can masquerade as a mobile phone network to intercept communications and unique IDs from phones or even transmit a signal to shut off phones remotely, according to the Guardian.

The system, made by Datong in the United Kingdom, was purchased by the London Metropolitan police, which paid $230,000 to Datong for "ICT hardware" in 2008 and 2009.

The portable device, which is the size of a suitcase, pretends to be a legitimate cell phone tower that emits a signal to dupe thousands of mobile phones in a targeted area. Authorities can then intercept SMS messages, phone calls and phone data, such as unique IMSI and IMEI identity codes that allow authorities to track phone users' movements in real-time, without having to request location data from a mobile phone carrier.

In the case of intercepted communications, it is not clear whether the network works as a blackhole where intercepted messages go to die, or whether it works as a proper man-in-the-middle attack, by which the fake tower forwards the data to a real tower to provide uninterrupted service for the user.

Continued : http://www.wired.com/threatlevel/2011/10/datong-surveillance/

Also:
Privacy fears as Met's mobile phone monitoring technology revealed
Cell Phone Surveillance System
Collapse -
Malicious Gadhafi Death Spam Continues
by Carol~ Moderator / November 1, 2011 2:53 AM PDT

From the Symantec Security Response Blog:

Recently, the death of Libyan leader Muammar Gadhafi triggered a malware attack which Symantec previously blogged about. We have observed spammers' continued delight with this news event through the sending of malicious attack and 419 spam messages.

In the spam targeting residents of Brazil, a video showing Gadhafi asking for mercy and containing disturbing images also carries malware. By clicking the link provided in the email, users actually download a malicious executable file. Symantec has identifed this threat as Trojan.Ransomlock!gen4. [Screenshot]

The email's download links use the following URL patterns:

hxxp://noticias.removed.co.kr/folha/cotidiano/ult95u735971/videos/ult95u735937.php?0.71507
hxxp://noticias.removed.co.kr/folha/cotidiano/ult95u735971/videos/ult95u735937.php?0.01323
hxxp://noticias.removed.co.kr/folha/cotidiano/ult95u735971/videos/ult95u735937.php?0.06826

The following email subject line was observed in the spam attack:

Subject: Novo video nao divulgado por ter imagens fortes mostra Kadhafi pedindo misericordia de joelhos e seus guardas sendo executados

This subject line is translated into English as:

Subject: New video, not released due to disturbing images, shows Gadhafi executed on his knees while asking for mercy from guards

Another spam email taking advantage of the Gadhafi death event is a type of 419 spam. This classical 419 message requests the victim to transfer huge sums of money toward a fund.

Continued : http://www.symantec.com/connect/blogs/malicious-gadhafi-death-spam-continues

Collapse -
How websites use your browser to sell you for cash
by Carol~ Moderator / November 1, 2011 2:53 AM PDT
Part 1 It has been a year since I have talked about securing browsers against privacy invasion. In that time, things have got worse, not better. In addition to the threat of malware and malicious scripts, we have the frightening new evercookie.

Leaving the criminal misuse of tracking for a later date, there is plenty to worry about from the use - and misuse - of our personal data by legitimate organisations. Advertisers are getting aggressive, and the techniques in use require a stalwart defence if we hope to retain our privacy.

Hello Mr Yakamoto and welcome back to the GAP! How'd those assorted tank tops work out for you?

The most pervasive breach of personal privacy - and threat to online anonymity - is the omnipresent tracking of our every digital move by advertisers and the companies that sell ad space to them. Targeted advertising has already gone so far that it is entirely possible that Google, Amazon and Facebook know more about you than your own mother.

Last night I spent four hours discussing a piece of media distribution software with one of the company's founders. We went off the rails a little, engaged in some blue sky thinking and came to the conclusion that with some minor tweaking, that firm is sitting on software nearly capable of delivering a Minority Report level of personalised advertising........

But how do they track us, and what can we do about it?

You best defence here is your browser. Since advertising tracking can come in many forms, you need a multitude of configuration changes or plug-ins to keep you safe.

Be wary however, even an up-to-date browser with a full suite of plug-ins - if improperly configured - can still reveal a remarkable amount of information about you. Take the time to run a test if you are concerned. If you use flash, you should go here and review your security settings.

Continued : http://www.theregister.co.uk/2011/11/01/how_to_stay_anonymous/
Collapse -
Jailed ChronoPay Co-Founder Denied Bail
by Carol~ Moderator / November 1, 2011 3:07 AM PDT

A Moscow court on Monday denied bail for Pavel Vrublevsky, a Russian businessman who was charged earlier this year with hiring hackers to launch costly online attacks against his rivals. The denial came even after Vrublevsky apparently admitted his role in the attacks, according to Russian news outlets.

Vrublevsky, 32, is probably best known as the co-founder of ChronoPay, a large online payment processor in Russia. He was arrested in June after Russian investigators secured the confession of a man who said he was hired by Vrublevsky to launch a debilitating cyber attack against Assist, a top ChronoPay competitor. The former ChronoPay executive reportedly wanted to sideline rival payment processing firms who were competing for a lucrative contract to process payments for Aeroflot, Russia's largest airline. Aeroflot's processing systems faltered for several days in the face of the attack, an outage that Aeroflot says cost the company about a million dollars a day.

Vrublevsky's lawyers asked the court to release him pending a trial in December - offering to pay 30 million rubles (~ USD $1 million) - but the court denied the request.

Vrublevsky co-founded ChronoPay in 2003 along with Igor Gusev, another Russian businessman who is facing criminal charges in Russia stemming from his alleged leadership role at GlavMed and SpamIt, sister programs that until recently were the world's largest rogue online pharmacy affiliate networks. Huge volumes of internal documents leaked from ChronoPay last year indicate Vrublevsky co-ran a competing rogue Internet pharmacy - Rx-Promotion - although Vrublevsky publicly denies this.

Continued: http://krebsonsecurity.com/2011/11/jailed-chronopay-founder-denied-bail/

Collapse -
Cameron calls for internet openness
by Carol~ Moderator / November 1, 2011 4:29 AM PDT

Governments should not crack down on internet freedoms in the name of security, according to prime minister David Cameron.

Cameron, who considered turning off social networks during the recent London riots, cautioned governments about using repressive measures to limit the flow of online information.

"Governments must not use cybersecurity as an excuse for censorship," said Cameron at a government cybersecurity conference in London on Tuesday. "The balance we've got to strike is between freedom and free-for-all."

Internet security is paramount to economic growth, said Cameron, who called on governments to cooperate to combat the international problem of e-crime.

"We have to come together to combat cybercrime," said Cameron. "A cross border problem needs a cross border solution."

Cameron said that online criminals have their own black economy, giving the example of websites selling stolen credit card details "pretty much as you would shop on Amazon".

Earlier at the conference, foreign secretary William Hague had called for openness on the internet.

Continued : http://www.zdnet.co.uk/blogs/security-bullet-in-10000166/cameron-calls-for-internet-openness-10024697/

Also:
Cameron warns on internet crackdown
Cameron loves net freedom - as long as no one's rioting
Internet must remain open, says UK government

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?