Spyware, Viruses, & Security forum

General discussion

NEWS - November 11, 2010

by Carol~ Moderator / November 11, 2010 12:08 AM PST
Veterans Day spurs poisoned search

Today is Veterans Day and like any other holidays, black hat SEO and spam emails have been visible since Monday this week. Websense customers are protected against this attack through our Advanced Classification Engine.

Search terms like veterans day, veteran's day 2010, veterans day events, veterans day california and veteran's day honolulu return poisoned Web results. [Screenshot]

The code found on the infected site earlier this week is reminiscent of last week's Midterm Elections attack. In fact, the Web sites used in the the Midterm elections black hat SEO are also the ones used for the Veterans Day black hat SEO. At the time the code was found, the redirection was not working although the URL specified is an active rogue AV site. As you can see below, the election term is replaced by Veterans Day-related search terms. [Screenshot]

Today, the poisoned results' redirection pages are up and running. If the user is using Firefox, they will be redirected to a fake Firefox update page, prompting them to download a file called firefox-update.exe, detected by 13/40 VT engines. For Internet Explorer, the ever-so-familiar Rogue AV page is where users are redirected. The only thing noticeable is that the rogue AV installer is not available for download; clicking on the "Remove all" button only prompts a warning box.

Discussion is locked
You are posting a reply to: NEWS - November 11, 2010
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - November 11, 2010
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Facebook account-protection push opts for scare tactics
by Carol~ Moderator / November 11, 2010 12:18 AM PST

Facebook has quietly begun testing new account-protection features but the scary wording of prompts to try out the technology might easily be mistaken for a sophisticated phishing attack.

Users of the social network might be offered the protection via an ad in the side panel which reads: "Your account protection is very low - increase protection". Clicking through the ad leads to a page on Facebook that encourages users to submit a second email address and a phone number. In some cases it also asks users to change their security question.

The phone number is requested even if users have previously deleted this information from their profile, making it appear like a push to get users to add their phone numbers on the basis that this will speed account recovery if something goes wrong.

Gmail recently introduced a similar procedure for webmail account recovery, and the basic approach is fair enough, though some will be understandably wary of handing over their phone number to either Gmail or Facebook.

It's far easier to fault Facebook for the vague and scaremongery warning that comes with the account protection push. Saying to users "Your account protection is very low - increase protection" mimics the approach of phishing scams, which are certainly not unknown on Facebook. Trend Micro warned of one such phishing scam only earlier this week.


Also :
Google, Facebook duke it out over user data
Google alerts users to Facebook contacts 'trap'

Collapse -
All--In-One Skimmers
by Carol~ Moderator / November 11, 2010 12:24 AM PST

ATM skimmers come in all shapes and sizes, and most include several components - such as a tiny spy cam hidden in a brochure rack, or fraudulent PIN pad overlay. The problem from the thief's perspective is that the more components included in the skimmer kit, the greater the chance that he will get busted attaching or removing the devices from ATMs.

Thus, the appeal of the all-in-one ATM skimmer: It stores card data using an integrated magnetic stripe reader, and it has a built-in hidden camera designed to record the PIN sequence after an unsuspecting customer slides his bank card into the compromised machine.

The model displayed here is designed to work on specific Diebold ATMs, and can hold a battery charge for two to four days, depending on ambient temperature and the number of customers who pull money out of the hacked ATM.

Functionally, it is quite similar to the all-in-one model pictured in the very first skimmer post in this ATM skimmer series, although its design indicates it may be identical to the one pictured here, which was found on a Wachovia ATM just a couple of miles from my home earlier this year.


Collapse -
Apple smashes patch record with gigantic update
by Carol~ Moderator / November 11, 2010 12:44 AM PST

"Fixes 134 flaws with Mac OS X update, 55 in Flash alone"

Apple on Wednesday patched more than 130 vulnerabilities in Mac OS X, smashing a record the company set last March when it fixed over 90 flaws.

The update for OS X 10.6, aka Snow Leopard, and OS X 10.5, better known as Leopard, was Apple's first since September and the seventh for the year.

Calling the update "huge," Mac vulnerability expert Charlie Miller pointed out that even with a staggering 134 patches, there were plenty of flaws still around.

"Apple releases huge patch, still miss all my bugs," said Miller in a tweet late Wednesday . "Makes you realize how many bugs are in their code, or they're very unlucky."

Security Update 2010-007, offered on its own to Leopard users but combined with non-security changes in version 10.6.5 of Snow Leopard, boasted 46% more patches than the biggest to date .

But Apple's patch numbers were inflated by the fixes for a whopping 55 vulnerabilities in Adobe's Flash Player. Unlike other operating system vendors, Apple bundles Flash with its OS and maintains the popular -- and frequently flaw-filled -- media player using its own update mechanism.


Collapse -
PGP Disk Encryption Bricks Upgraded Macs
by Carol~ Moderator / November 11, 2010 1:25 AM PST

Some Apple Mac users who rushed to upgrade their systems with the company's latest security patch were left to scramble for help after a conflict with disk encryption software from PGP rendered the upgraded Macs un-bootable.

Reports of users who were unable to boot their Macs after upgrading their Mac OS X systems to the 10.6.5 version began appearing in PGP support forums on Wednesday.

"Do NOT apply 10.6.5 if you are running PGP FDE on Mac. Myself and at least one other person I know of directly can no longer boot," wrote a PGP Forum member using the name GeorgeStarcher on Wednesday afternoon.

That message was followed by those from other users, also reporting "bricked" unbootable Macs following the upgrade.

"I can also verify that 10.6.5 bricked my WDE Macbook Pro. It's frozen at the boot screen. Looks like a wipe and reinstall is necessary," posted a user with the handle Static416.

By Wednesday evening, PGP - now a division of Symantec Corp. - had posted an alert warning customers using its Mac Whole Disk Encryption (WDE) product not to upgrade.

"MAC WDE customers should not apply the recent Mac OS X 10.6.5 update. Compatibility issues may prevent the system from successfully booting. We will provide a detailed update as soon as a solution has been identified," the post, signed PGP Technical Support, read.

PGP WDE customers who need to upgrade were advised to first decrypt their drive, apply the 10.6.5 update and then re-encrypt it, PGP said. Symantec has not yet responded to a request for comment from Threatpost.


Collapse -
FCC Investigating Google Data Collection
by Carol~ Moderator / November 11, 2010 1:25 AM PST

The Federal Communications Commission is investigating whether Google Inc. broke federal laws when its street-mapping service collected consumers' personal information, joining a lengthy list of regulators and lawmakers probing what Google says was the inadvertent harvesting of private data sent over wireless networks.

Key Republicans and Democrats in Congress have indicated that the privacy issues raised by Google's Street View data collection could be a factor when lawmakers consider new Internet privacy legislation next year.

Rep. Joe Barton of Texas, a senior Republican lawmaker, suggested last week on C-SPAN that Google's data collection wasn't accidental and that it was "something to look at."

The FCC opened its investigation earlier this year. "As the agency charged with overseeing the public airwaves, we are committed to ensuring that the consumers affected by this breach of privacy receive a full and fair accounting," said Michele Ellison, the chief of the FCC's enforcement bureau, in a statement confirming the investigation.

The FCC doesn't generally disclose details of its investigations publicly.

In May, the FCC received a complaint from Electronic Privacy Information Center, a privacy advocacy group, asking it to investigate whether Google violated federal communications law designed to prevent electronic eavesdropping. Intentional violations of the law could result in fines of up to $50,000 for each violation.


Collapse -
Get hacked and spill the beans, anonymously
by Carol~ Moderator / November 11, 2010 2:25 AM PST

A new Web site could help turn security breach guesswork into science.

Database breaches, social engineering attacks, and hacking incidents happen at companies every day, but very few end up being reported publicly. That's because organizations fear - and rightly so - damage to their reputation, public humiliation, and loss of customer confidence.

But this silent victim syndrome means that others can't learn from the missteps of victims and that the industry as a whole doesn't have a good grasp on the scope of the problem.

In a first-of-its-kind effort, Verizon Business is launching a public Web site for reporting security incidents that could crack open the self-defeating secrecy of data breaches.

"This will benefit the overall community," Alexander Hutton, a principal of research and intelligence at Verizon Business, told CNET in an interview. "The valid data helps us all learn from mistakes."

Verizon is officially launching today its Veris information-sharing site where network or security professionals can provide detailed information about an incident and get back a report that illustrates via charts, graphs, and other information how the reported incident compares with others.


Collapse -
Fake AV scams via Skype Chat
by Carol~ Moderator / November 11, 2010 7:04 AM PST

The Fake Anti-Virus guys are currently peddling their "goods" via alarming messages posted on Skype chat. Messages look like this:

'Thursday, November 11, 2010

hxxp://www. updatevr. com/

For the link to become active, please click on 'Add to contacts' skype button or type it in manually into your web browser !

I added the spaces to the URL to keep you from clicking - visit at your own risk. The site redirects a couple times, and then offers the "usual" fake AV for only 19.95. Thanks to ISC reader John for the sample.


Collapse -
Making Web Users Botnet-Resistant
by Carol~ Moderator / November 11, 2010 7:04 AM PST

"HackMiami researchers create 'botnet-resistant code' to thwart botnets from stealing valuable data "

What if you could outfit visitors to your website with a coat of anti-botnet armor? A pair of researchers has come up with coding techniques that they say ultimately renders infected user machines useless to botnet operators harvesting data.

Peter Greko and Fabian Rothschild, both members of the HackMiami hackerspace, here today showed how they studied samples of the Zeus and SpyEye Trojans as well as just how the cybercrime underground uses this code for botnets. They then used that intelligence to write code for Web servers that mitigates these botnets. Their premise is that most client machines are infected, anyway. "What we've done is make it really hard for botmasters to use any information they collect from client machines," Rothschild said.

Their hope is to convert these methods into software modules for the OWASP Enterprise Security API (ESAPI), an open source Web app security control library aimed at making secure code simpler to write. "We want to talk to the ESAPI project and see if we can come up with modules for them," Greko said.

The techniques they developed don't prevent a bot infection, but rather stymie the botmaster from ultimately gathering any useful information from the victim. Zeus, for instance, collects logins, passwords, cookies, VIEWSTATE parameters, and any other information passed via a POST request in HTTP. There are four different options, which range from obfuscating data to encrypting it. "What we've done is come up with ways to make it really hard for botmasters to use any information they collect from client machines," Rothschild says.


Collapse -
Microsoft rejects security bundling complaints
by Carol~ Moderator / November 11, 2010 7:09 AM PST

Microsoft has dismissed allegations that it's unfairly bundling free security software with Windows.

The software giant recently added Microsoft Security Essentials to the optional Microsoft Update programme, sparking fury from antivirus firms who accused Microsoft of anti-competitive behaviour.

In an exclusive interview with PC Pro, PandaLab's technical director Luis Corrons even called for a Windows security software ballot, in a similar fashion to the browser ballot.

However, in a statement sent to PC Pro, Microsoft denies any wrongdoing. "Microsoft Security Essentials has been available for more than a year as an option for Windows users, who for whatever reason, have not installed an antivirus program from the large and robust ecosystem of security products available on the market," the company stated.

"Customers can download it themselves or choose to install it as an optional update through Microsoft Update. This option is not available if they already have an antivirus solution installed on their PC. It also is not available to customers who only receive operating system updates through Windows Update."


Also :
Antitrust case against Microsoft over AV would be 'longshot,' says expert
MS freebie anti-virus scanner auto-downloads provoke more anger
Rival calls foul over Microsoft's delivering MSE via Windows

Collapse -
Facebook App Links to Malware
by Carol~ Moderator / November 11, 2010 7:23 AM PST

McAfee Labs learned today that a malicious Java applet was being linked through a Facebook application.

Users don't have to install the Facebook app on their profiles to be be exposed to this threat. On browsing to a specific Facebook application page displayed in an Eastern European language, the page connects to a malicious site that hosts a signed Java applet that claims to be "Sun_Microsystems_Java_Security_Update_6" and is published by "Sun Java MicroSystems." [Screenshot]

The only indication of suspicious activity is the fact that the digital signature cannot be verified by a trusted source. The warning also requests permission from the user to run the applet. [Screenshot]

This social engineering technique is becoming common on malicious sites, as the warning allows the publisher to be spoofed when unverified, and it does not highlight the risk implications by allowing the applet to run. Only when the user clicks on "More Information" can we read the fine print that explains that "security restrictions normally provided by Java" will not be applied.

Continued @ McAfee Blog Central

Collapse -
Malware spam soars as crooks club together
by Carol~ Moderator / November 11, 2010 8:26 AM PST

Spam is increasingly being used to distribute malware, according to figures from security firm Kaspersky.

The security firm said email distribution of malware threats had soared in the third quarter of the year, and that 4.6% of all spam messages now contained some sort of threat, up from 1.9% in the second quarter.

According to the report, the worrying trend shows that spammers are now linking more closely in "partner programs" that specialise in malware and cybercrime.

"The increase in the volume and quality of mass malicious mailings confirms that spammers and cyber criminals have started acting in unison to create complex infection strategies," said Darya Gudkova, head of content analysis and research at Kaspersky Lab.

"These include connecting a victim computer to a botnet, sending out spam, stealing personal information and so on."

Kaspersky's research showed the most common threats came from fake notifications from resources such as Twitter, Facebook, Windows Live Messenger, MySpace, and a number of popular online stores.


Report From Kaspersky: Spam in the Third Quarter of 2010

Collapse -
UPDATE: Facebook API flaw discovered
by Carol~ Moderator / November 11, 2010 9:27 AM PST

Social-networking services provider Sendible says it's uncovered a major flaw in how Facebook works and is cooperating with Facebook to fix the issue.

Sendible said in a blog post late Tuesday night that it noticed the problem when "one of our users sent an update to a few popular Facebook pages, assuming they would appear to come from his profile. Instead, they posted as if they had come from the page itself." Sendible adds, "Usually these posts appear as the Facebook user and not as the Facebook page itself."

When Sendible contacted the user, he replied: "I wanted to post only a few facebook walls as a fan ? and for some reason, posted as the page Owner. Weird."

TechCrunch yesterday got wind of the problem after the news site received "about a half dozen tips" about Facebook pages "including Google, Coca-Cola, YouTube, South Park, the Daily Show, Team Coco and others are now sending out a malicious link to all of their following that reads 'Change Your Facebook Background Here!', adding it would be advised not to click on it." TechCrunch said those that clicked on the link were directed "to a page outside of Facebook that asks you for information about you," and reported that the bottom of the page read "Powered by AWeber Email Marketing."

Yesterday, TechCrunch surmised that the Facebook app Sendible , which has a service that lets fans of Facebook pages update multiple pages at once, was "compromised in a major way."

However, Sendible refuted that, saying it has actually "helped discover a security flaw in Facebook's API." Sendible said no user accounts were compromised and that it was not hacked.


Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?