Spyware, Viruses, & Security forum

Alert

NEWS - November 14, 2011

by Carol~ Moderator / November 13, 2011 9:43 PM PST
Mac OS X Sandbox Security Hole Uncovered

Researchers at Core Security Technologies have uncovered a security hole that could allow someone to circumvent the application sandbox restrictions of Mac OS X.

The report of the vulnerability, which affects Mac OS X 10.7x, 10.6x and 10.5x, follows Apple's announcement earlier this month that all applications submitted to the Mac App store must implement sandboxing as of March 1, 2012. Sandboxing, Apple has argued, limits the resources applications can access and makes it more difficult for malware to compromise systems.

Researchers at Core however revealed Nov. 10 that they had warned Apple in September about a vulnerability in their sandboxing approach. According to Core's advisory, several of the default predefined sandbox profiles fail to "properly limit all the available mechanisms." As a result, the sandboxing restrictions can be circumvented through the use of Apple events.

Continued : http://threatpost.com/en_us/blogs/mac-os-x-sandbox-security-hole-uncovered-111211

Related: Apple's OS X sandbox has a gaping hole - or not
Discussion is locked
You are posting a reply to: NEWS - November 14, 2011
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - November 14, 2011
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Title Firm Sues Bank Over $207k Cyberheist
by Carol~ Moderator / November 13, 2011 9:44 PM PST

A title insurance firm in Virginia is suing its bank after an eight-day cyber heist involving more than $2 million in thefts and more than $200,000 in losses last year. In an unusual twist, at least some of the Eastern European thieves involved in the attack have already been convicted and imprisoned for their roles in the crime.

Sometime before June 2010, crooks infected computers of Vienna, Va. based Global Title Services with the ZeuS Trojan, giving them direct access to the company's network and online banking passwords at then- Chevy Chase Bank (now Capital One). On June 1, 2010, the thieves made their move, and began sending a series of unauthorized wire transfers to money mules, individuals who were hired to help launder the funds and relay them to crooks overseas.

The first three wires totaled more than $200,000. When Global Title's owner Priya Aurora went to log in to her company's accounts 15 minutes after the first fraudulent transfers went out, she found the account was locked: The site said the account was overdue for security updates.

When Aurora visited the bank local Chase branch to get assistance, she was told she needed to deal with the bank's back office customer service. Between June 2 and June 8, the thieves would send out 15 more wires totaling nearly $1.8 million. The bank ultimately was able to reverse all but the first three fraudulent wires on June 1.

Continued : http://krebsonsecurity.com/2011/11/title-firm-sues-bank-over-207k-cyberheist/#more-11140

Collapse -
Free Android Anti-Virus Apps are Proved Useless
by Carol~ Moderator / November 13, 2011 11:45 PM PST

Of all the smartphone and tablet operating systems available at the moment, the one that I simply can't recommend to people is Google Android. Unlike Apple, Microsoft and some other companies Google don't properly screen programs that go into its app store and, as such, large amounts of malware keep getting through.

This is a real shame as it would be very easy for a company with Google's resources to manage their app store properly and bring security and peace of mind to their millions of customers.

Now though a test by AV Test.org has showed that the current batch of free anti-virus packages for Android are pretty useless. In their tests they found that the best overall virus and malware scan result from these packages found on 32% of malware when performing a manual scan with four out of the seven packages tested finding nothing at all. [Screenshot]

The "on installation" results were slightly better, but not by much with all but one of the packages finding only 10% of malware.

Continued : http://www.ghacks.net/2011/11/13/free-android-anti-virus-apps-are-proved-useless/

Also:
Android antivirus freeware 'near to useless'
Freebie Android anti-malware scanners flunk tests
Android antivirus apps are useless, here's what to do instead

Collapse -
Iran wrestles Duqu malware infestation
by Carol~ Moderator / November 13, 2011 11:45 PM PST

Iran admitted on Sunday that unspecified computer systems in the country had been infected with the Duqu worm, a strain of malware similar to the infamous Stuxnet worm that sabotaged key nuclear plant systems in the country last year.

The head of Iran's civil defence organization told the official IRNA news agency that the outbreak was under control. "The software to control the [Duqu] virus has been developed and made available to organisations and corporations," Brigadier General Gholamreza Jalali said, APF reports.

"The elimination [process] was carried out and the organisations penetrated by the virus are under control... The cyber-defence unit works day and night to combat cyber attacks and spy [computer] viruses," he added.

Duqu was discovered in early September by computer scientists at the Budapest University of Technology and Economics. Subsequent analysis by anti-virus analysts at Symantec, F-Secure and others revealed the malware was closely related to the earlier Stuxnet worm, albeit probably designed for a different purpose.

The worm, like Stuxnet, features a forged digital certificate and makes use of Windows zero-day exploits. But Stuxnet made use of three zero-day exploits, Duqu uses just one (a flaw involving the TrueType font parsing engine).

Continued : http://www.theregister.co.uk/2011/11/14/duqu_malware_infestation/

Also: Iran battling Duqu malware, official admits

Collapse -
Chat Spy Extension gives you a Bad Face(book) Lift
by Carol~ Moderator / November 13, 2011 11:45 PM PST

From Bitdefender's Malware City Blog:

Fake extension promising illicit insights into other people's conversations apparently offers access to new, puzzling Facebook features

This is a Facebook chat scam that's got quite a personality. The spy-me-do trend in scam bait will wane and wax but, apparently, never go away. So here's its latest creativity peak: in a message disseminated via the social network chat, users are told that someone's spying on their chat conversations and that they can do the same by accessing the provided link. [Screenshot]

A similar message, helping spread the word about variants of the same scam, appears on various pages created with the precise purpose of gathering impressive like counts under various pretexts (winning a Guinness prize or just proving that studying is a bore, though passing exams is great...just two of countless examples). [Screenshot]

Considering the impressive persistence and mutations of the "See who viewed your profile" scam, this is quite an unimaginative, but quite ambitious, way of setting the fake spying business on a well trodden and safe track. Due to platform limitations, chat-based scams cannot be detected by social network security solutions, so the only things that keep them from spreading even faster and further are users' ability to detect fishy situations and power to resist temptation.

Continued : http://www.malwarecity.com/blog/chat-spy-extension-gives-you-a-bad-facebook-lift-1216.html

Collapse -
Malware Signed With a Governmental Signing Key
by Carol~ Moderator / November 14, 2011 1:32 AM PST

F-Secure Antivirus Research Weblog:

Certificates and CAs continue to be a hot topic (think Stuxnet, Duqu, Comodogate, Diginotar, et cetera).

Every now and then we run into malware that has been signed with a code signing certificate. This is problematic, as an unsigned Windows application will produce a warning to the end user if he downloads it from the web — signed applications won't do this. Also some security systems might trust signed code more than unsigned code.

In some of these cases, the certificate has been created by the criminals just for the purpose for signing malware. In other cases they steal code signing certificates (and their passphrases) so they can sign code as someone else.

We recently found a sample signed with a stolen certificate. The file properties looked like this:

Publisher: Adobe Systems Incorporated
Copyright: Copyright (C) 2010
Product: Adobe Systems Apps
File version: 8, 0, 12, 78
Comments: Product of Adobe Systems

And the signing info was:

Signer: anjungnet.mardi.gov.my
Digisign Server ID (Enrich)
GTE CyberTrust Global Root
Signing date: 5:36 24/08/2011

Turns out mardi.gov.my is part of the Government of Malaysia: Malaysian Agricultural Research and Development Institute. According the information we received from the Malaysian authorities, this certificate has been stolen "quite some time ago". [Screenshot]

The malware itself has been spread via malicious PDF files that drop it after exploiting Adobe Reader 8. The malware downloads additional malicious components from a server called worldnewsmagazines.org. Some of those components are also signed, although this time by an entity called www.esupplychain.com.tw.

Continued : http://www.f-secure.com/weblog/archives/00002269.html

Collapse -
Mystery 'virus' disrupts New Zealand ambulance service
by Carol~ Moderator / November 14, 2011 4:05 AM PST

Staff at New Zealand's St John's Ambulance service were forced to coordinate emergency call-outs using manual radio systems last week after computers systems were hit by a mystery 'virus'.

The disruption reportedly began on Wednesday when an unidentified piece of malware started affecting the systems used across the country for paging and radio communications with ambulances in the field, sending staff back to manual radio contact.

By Friday morning, engineers at what is the country's main ambulance service had finally managed to restore these systems without identifying how the malware got inside the organisation's security controls.

"Anti-virus software protected the systems but as a result of the virus it impacted on some of the system's services, mainly those related to paging and radio. Back-up systems immediately took over when it was detected and the workload was managed manually," said ambulance communications chief, Alan Goudge to a New Zealand news source.

Continued : http://news.techworld.com/security/3318106/mystery-virus-disrupts-new-zealand-ambulance-service/

Also:
Ambulance service disrupted by computer virus infection
Malware disables ambulance response systems

Collapse -
Hacked Sky News Twitter acct falsely reports Murdoch arrest
by Carol~ Moderator / November 14, 2011 4:06 AM PST

Hacking Twitter feeds of popular mainstream media outlets is a perfect way of getting your message across to or create panic among a great number of people. It has also lately been used by hacker groups to simply raise their profile and make the public aware of their existence.

The latest media house targeted this way has been Sky News, when a tweet saying "BREAKING: James Murdoch arrested over phone-hacking claims. Questioned at Paddington Green police station at 10pm" appeared on its Twitter feed on Sunday.

Soon re-twitted by many followers, the fake news created quite a stir. But, Sky News took the message down pretty fast and notified its followers that it's investigating the matter, saying that the Tweet feed was possibly hacked: [Screnshot]

Attacks such as these are very successful at creating a splash, since Twitter users are very likely to believe anything that pops up on a feed belonging to established news outlets.

Continued : http://www.net-security.org/secworld.php?id=11936

Also: Hacked Sky News Twitter account claims James Murdoch arrested

Collapse -
Cerf calls Internet governance critical issue in high tech
by Carol~ Moderator / November 14, 2011 7:11 AM PST

Vint Cerf, widely considered one of the fathers of the Internet, said Monday that Internet governance is one of the most critical issues in the high-tech world.

Cerf, speaking at the Google Atmosphere event in Palo Alto, Calif., said the Internet is a disruptive influence in most areas of people's lives and that it is making a lot of governments around the world nervous.

"I hope no one will forget the effects of the Arab Spring," Cerf told an audience. "There are governments that see the Internet as an important social element, business element, political element ... Governments have liked to think they were in control of these elements. And they feel less in control of the Internet because of its ubiquity and its lack of control."

And the threat of losing control, according to Cerf, means that some governments will try to extend their reach and grab back some of that control. He called it a dangerous situation to be faced with.

"Even our own government is beginning to go a tad overboard on intellectual property protection," Cerf added. "There are some big issues coming ... Remember governance is a very, very big word that includes law enforcement, human rights, business transactions. It touches everything, including the standards world and copyrights. That's why Internet governance is Topic A in many quarters."

Continued : http://www.computerworld.com/s/article/9221801/Cerf_calls_Internet_governance_critical_issue_in_high_tech

Also: TCP/IP daddy Cerf: 'Don't rewrite the internet for security'

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!