Spyware, Viruses, & Security forum

General discussion

NEWS - November 4, 2009

by Donna Buenaventura / November 3, 2009 10:26 PM PST
DOWNAD/Conficker Turns 1yr

Worm Exploits MS08-067 Bug

DOWNAD, also known as the Conficker worm, was first seen in the wild taking advantage of the MS08-067 vulnerability. True to form, it propagated via shared networks. Like its predecesors-the Sasser and Nimda worms-it also raised security concerns with regard to a spike in port 445 activity.

A few days after its appearance, reports suggested that the threat had spread. More than 500,000 unique hosts spread across networks in the United States, China, India, the Middle East, Europe, and Latin America fell prey to the threat. Several residential broadband service providers also reported having an even larger number of infected customers.

New Year, New Variant
Improved Domain Generation Functionality
Infection Peaks
Updated Patches Still Key

More details in http://blog.trendmicro.com/downadconficker-turns-1yr/
Discussion is locked
You are posting a reply to: NEWS - November 4, 2009
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - November 4, 2009
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
From Server/Outlook update to FDIC to facebook phish: now...
by Donna Buenaventura / November 3, 2009 10:29 PM PST
with a twist

In the past few weeks, the authors behind Zbot has been busy. Around October 12 we have seen the server upgrade spam with links. Later on the 14th we've seen the same campaign with the malware attached to similar-looking server upgrade notices. By the 22nd of October, the spam messages touts Outlook updates.

For a few days during the past week, the group has turned their attention to the Federal Deposit Insurance Corporation (FDIC), spamming out links to malware sites[...]

After the blast of FDIC messages, the Zbot authors turned to facebook as their latest platform to spread malware. However, they added a twist to it. The messages are well-crafted to look like a real Facebook message[...]

Continue reading in http://www.sophos.com/blogs/sophoslabs/?p=7248
Collapse -
Tis the Season for Christmas Spam! Fa La La La La…
by Donna Buenaventura / November 3, 2009 10:32 PM PST

It didn't take long for spammers to change from Halloween lures to spam and malware. They've already moved to the Christmas season, and we have started to see emails from the Cutwail botnet that are using a Christmas theme to trick users into visiting malicious websites. Spammers must be trying to beat retailers to the advertising punch this year.

The campaign we are currently monitoring uses subject lines that try to get users to visit websites selling fake jewelry and Rolexes. These spammers aren't cheap either. Only the best will do for their customers–brands such as Cartier, Gucci, and Tag Heuer are on "sale" to all who would be fooled.


Other blog entries of McAfee:

Facebook Phishing Campaign Pushes 'Cocktail' Attack

The missing letter that links Fake AV and Extreme Porn

Collapse -
DDoS on www.fra.se
by Donna Buenaventura / November 3, 2009 10:33 PM PST

The Swedish Signals Intelligence agency (F

Collapse -
Java, BlackBerry desktop get security bug fixes
by Donna Buenaventura / November 3, 2009 10:35 PM PST

Sun Microsystems and Research In Motion have issued critical bug fixes for security issues with their products.

The patches were issued separately on Tuesday, with Sun releasing version 6 Update 17 of its Java Runtime Environment and BlackBerry updating its BlackBerry Desktop Software, used to sync data between the BlackBerry and a PC.

Both updates include fixes for critical security bugs that could be abused by attackers to run unauthorized software on a victim's computer, although none of the flaws appear to have been publicly known before Tuesday.


Collapse -
Windows 7 vulnerable to 8 out of 10 viruses
by Donna Buenaventura / November 3, 2009 10:38 PM PST

From Sophos:

Now that we in the northern hemisphere have had some time to digest the Windows 7 hype and settle in for the coming winter, we thought we would get some more hard data regarding Windows 7 security.

On October 22nd, we settled in at SophosLabs and loaded a full release copy of Windows 7 on a clean machine. We configured it to follow the system defaults for User Account Control (UAC) and did not load any anti-virus software.

We grabbed the next 10 unique samples that arrived in the SophosLabs feed to see how well the newer, more secure version of Windows and UAC held up. Unfortunately, despite Microsoft's claims, Windows 7 disappointed just like earlier versions of Windows. The good news is that, of the freshest 10 samples that arrived, 2 would not operate correctly under Windows 7.

More in http://www.sophos.com/blogs/chetw/g/2009/11/03/windows-7-vulnerable

Collapse -
A Single Sign-In for All Your Websites? Google Hopes So
by Donna Buenaventura / November 3, 2009 10:40 PM PST

It's one of the basic tenets of online security: Never use the same password/username combo for every website that requires one. The logic is sound, of course. A single security breach could expose your most private information - such as banking and credit card numbers - to the bad guys.

Problem is, who can remember multiple passwords and usernames? Many times I've signed up for a service, returned to the site a few weeks later, and quickly realized that I couldn't remember my login details.

Google and other major online players, including AOL, Facebook, Microsoft Plaxo, MySpace, and Yahoo, are pitching a simpler alternative: A single password/username combo, such as your Google or Yahoo ID, for multiple sites. The concept, based on the industry standard OpenID 2.0 protocol isn't exactly new. In fact, Google announced over a year ago that it would support the single single-in plan.


Collapse -
Adobe patches critical vulnerabilities in Shockwave Player
by Carol~ Moderator / November 4, 2009 2:42 AM PST

4 November 2009, 18:47

Adobe has released an update to its Shockwave Player to address five critical vulnerabilities, four of which could allow an attacker to inject and execute malicious code on affected systems. The vulnerabilities were discovered by the French security services provider VUPEN Security and, for an attack to be successful, a victim must first visit a specially crafted site. Adobe Shockwave Player versions up to and including are affected. Version addresses the issues and is available to download for Windows and Mac OS X. Adobe recommends that all users update to the latest release as soon as possible.

The Adobe Shockwave Player is a quasi big brother of the Flash Player and includes a much wider range of functions. Typically, it's used for more complex, interactive presentations, games and other applications. It's likely that most users only have the Adobe Flash Player installed, which is reportedly not affected. Installing the Shockwave Player automatically installs Adobe's Flash Player.

Also See:
Security updates available for Shockwave Player security bulletin from Adobe.
Adobe Shockwave Player Multiple Code Execution Vulnerabilities, advisory from VUPEN.



Additionally See:
Vulnerabilities \ Fixes - http://forums.cnet.com/5208-6132_102-0.html?messageID=3166695#3166695

Collapse -
Shutting Twitter backdoors
by Carol~ Moderator / November 4, 2009 3:17 AM PST

4 November 2009, 19:08

Having recently been warned by Twitter that his password might have been compromised, Terence Eden changed his Twitter password. But having 'changed the lock on the Twitter door', he realised that the door to the service remained wide open in the form of OAuth access.

OAuth is a protocol for granting third party services access to an account (such as a Twitter account), without having to tell the third party your password. For this to work, the user simply needs to confirm in Twitter that app XZY is permitted to access his or her Twitter profile. This permission is then completely unrestricted ? even after the user changes his or her password.

This means that once an attacker has got hold of a user's password, he can authorise services of his choice, such as 'My Backdoor'. Twitter then issues an OAuth token to My Backdoor allowing it to access Twitter in future. This token remains valid even after the legitimate account owner has reset his password. The My Backdoor service, which is controlled by the attacker, now has unrestricted access to the user's Twitter account.

Continued here: http://www.h-online.com/security/news/item/Shutting-Twitter-backdoors-850717.html

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.