Alert

NEWS - October 01, 2012

Cyber raiders hold Queensland firms to $3000 ransom by locking computer files

Almost 30 Australian businesses, including 12 in Queensland, have been held to ransom in the past week by cybercriminals who lock up their computer files with unbreakable encryption.

Some businesses have paid the ransom of $3000 or more to unlock their files, rather than lose all their data, Detective Superintendent Brian Hay of Queensland's fraud and corporate crime group said.

Supt Hay said he expected there could be many more Australian victims of the malicious software, known as Ransomware, who have not reported the attacks to police.

"A lot of businesses can't afford the interruptions to their trade and will pay straight away," Supt Hay said.

The businesses known to have been attacked include medical centres in Brisbane and central Queensland, and medical, entertainment, clothing and insurance businesses around Australia.

Continued : http://www.news.com.au/technology/cyber-raiders-hold-qld-firms-to-3000-ransom-by-locking-computer-files/story-e6frfro0-1226484108489#ixzz283HHfSyL

Also:
30 Australian Businesses Affected by File-Encrypting Ransomware
Ransom malware hits Australia as 30 businesses attacked
Discussion is locked
Follow
Reply to: NEWS - October 01, 2012
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - October 01, 2012
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
White House Military Office breached by Chinese hackers?

Following the recent confirmation by a senior intelligence officer with the U.S. Cyber Command that the Pentagon systems and networks are constantly under cyber attacks and cyber espionage attempts that can be traced back to China, the news that the (probably) same attackers targeted the White House military office network shouldn't come as a surprise.

According to unnamed sources, the attackers managed to get into one of the U.S. government's most sensitive computer networks, but it seems that protective measures allowed the breach to be quickly detected and blocked.

The White House Military Office (WHMO) "provides military support for White House functions, including food service, Presidential transportation, medical support and emergency medical services, and hospitality services," but also "oversees policy related to WHMO functions and Department of Defense assets" and "all military operations aboard Air Force One on Presidential missions worldwide," which includes communication with intelligence and military officials, as well as the communication of potential strategic nuclear commands.

Continued : http://www.net-security.org/secworld.php?id=13698

Also: Chinese Hackers Take Bad Trip to White House; Nuclear Command System Among Targets

- Collapse -
Officials Downplay Cyber Attack Against WHMO

On Sunday night, news broke that hackers, allegedly linked to the Chinese government, managed to break into a system used by the White House Military Office (WHMO) for nuclear commands.

Bill Gertz of The Washington Free Beacon, broke the story, citing defense and intelligence officials familiar with the incident.

According to Gertz's sources, "the cyber breach was one of Beijing's most brazen cyber attacks against the United States and highlights a failure of the Obama administration to press China on its persistent cyber attacks."

While the attack may have been a bold attempt to gain access into one of Washington's most sensitive networks, the White House is downplaying the attack.

"This was a spear phishing attack against an unclassified network," a White House spokesperson told SecurityWeek. "These types of attacks are not infrequent and we have mitigation measures in place."

And according to the White House, while the attackers may have found an entry point into a sensitive network, the attack was identified and stopped quickly.

Continued : http://www.securityweek.com/officials-downplay-cyber-attack-against-white-house-military-office

- Collapse -
In a Zero-Day World, It's Active Attacks that Matter

The recent zero-day vulnerability in Internet Explorer caused many (present company included) to urge Internet users to consider surfing the Web with a different browser until Microsoft issued a patch. Microsoft did so last month, but not before experts who ought to have known better began downplaying such advice, pointing out that other browser makers have more vulnerabilities and just as much exposure to zero-day flaws.

This post examines hard data that shows why such reasoning is more emotional than factual. Unlike Google Chrome and Mozilla Firefox users, IE users were exposed to active attacks against unpatched, critical vulnerabilities for months at a time over the past year and a half.

The all-browsers-are-equally-exposed argument was most recently waged by Trend Micro's Rik Ferguson. Ferguson charges that it's unfair and unrealistic to expect IE users to switch — however briefly — to experiencing the Web with an alternative browser. After all, he says, the data show that other browsers are similarly dogged by flaws, and switching offers no additional security benefits. To quote Ferguson:

Continued : http://krebsonsecurity.com/2012/10/in-a-zero-day-world-its-active-attacks-that-matter/

- Collapse -
Firesheep's Scarier, More Muscular Half-Brother Cookie ..
.. Cadger Released! Sort of.

I picked a fine time to not go to DerbyCon.

We all remember Firesheep, a need little Firefox add-on from 2010 that allowed folks to intercept insecure cookies and have all sorts of fun with them, like impersonate people on Facebook. [Screenshot]

Well, Matt Sullivan has created Firesheep's scarier, more muscular half-brother Cookie Cadger. Sites are still using HTTP instead of SSL/TLS to secure communications, and Matt has put together a kick-ass tool that is more focused on being an open-source PEN-TESTING TOOL vs a toy.

From his site:

Cookie Cadger is a graphical utility which harnesses the power of the Wireshark suite and Java to provide a fully cross-platform, entirely open-source utility which can monitor wired Ethernet, insecure Wi-Fi, or load a packet capture file for offline analysis. The utility (+ source!) was released to the world on Sunday, September 30th during Matthew Sullivan's Derbycon talk.

Continued : http://it.toolbox.com/blogs/securitymonkey/firesheeps-scarier-more-muscular-halfbrother-cookie-cadger-released-sort-of-53182
- Collapse -
UK businesses could get shorter .uk web addresses

"The national registry Nominet has proposed allowing businesses to register straight .uk addresses as well as longer .co.uk addresses."

British businesses may gain the option of registering straight .uk web addresses as well as .co.uk addresses, under proposals made by the country's domain name registry, Nominet.

Nominet opened a consultation into its 'direct.uk' proposals on Monday, saying the new scheme would allow for shorter addresses — these would be so-called second-level domains (SLDs), equivalent to the '.co' in '.co.uk'. The registry also said the new addresses would come with extra security features such as malware scanning.

"We want to provide a really safe and secure place for British businesses to work online," Nominet operations chief Eleanor Bradley said in an introductory video. "[Direct.uk] would come with a series of features that we think would add to that safety and security."

Some of the security features already come with .co.uk addresses, such as DNSSEC, which works against URL spoofing. Registrants for .uk addresses would also need to prove that they are based in the UK, although Nominet has held back from spelling out what kind of evidence would be needed.

The new addresses would be more expensive than .co.uk addresses, which have a wholesale price of £5 per two years. The plain .uk addresses would have a wholesale price of "sub £20 per year", Nominet said, with registrars free to add whatever markup they wish.

Continued : http://www.zdnet.com/uk/uk-businesses-could-get-shorter-uk-web-addresses-7000005021/

Also: Nominet proposes '.uk' Internet domain to boost web security

- Collapse -
Invited to change your Twitter profile's header image? ..
.. Beware, it could be drug spam

Inventive spammers are up to their old tricks again, desperate to do whatever it takes to get you to click on a link to their websites.

The latest campaign we have seen involves messages which, to all intents and purposes, look like they have come from Twitter.

Certainly, without close inspection, there's nothing much to be suspicious about in regards to the email (although maybe they would have been more convincing if they had managed to reference your Twitter name if you have one). [Screenshot]

'Subject: Because you have more to show

We have something for you...

New Twitter profiles

Make your profile beautiful with a header image. Browse your new photo reel. Check out what other people are doing with their profiles.


The emails invite you to update your Twitter profile, to include the new format profile images that the micro-blogging site is attempting to push onto a slightly underwhelmed userbase.

But in this case the emails don't come from Twitter at all. Because if you click on the links you are actually taken to a "Canadian pharmacy" website claiming to sell sexual enhancement drugs.

Continued : http://nakedsecurity.sophos.com/2012/10/01/drug-spam-twitter/
- Collapse -
Visual Android Trojan as virtual theft aid

The rise of mobile malware in the last few years has been well documented, and the latest reports show that malware sending out text messages to premium rate numbers is the type users encounter most often.

This prevalence will likely not be challenged for a while - after all, there are not many crooks who would say no to a fast and easy buck - but users must be aware that new malicious software with as of yet unimaginable capabilities will surface in time.

One of these malicious programs has recently been unearthed, but luckily for all of us the Trojan posing as a camera app is currently only a prototype created by a team of researchers from the Naval Surface Warfare Center in Indiana and the Indiana University.

Continued : http://www.net-security.org/malware_news.php?id=2280

- Collapse -
PlaceRaider: The Military Smartphone Malware Designed to ..
.. Steal Your Life

"The US Naval Surface Warfare Center has created an Android app that secretly records your environment and reconstructs it as a 3D virtual model for a malicious user to browse"

The power of modern smartphones is one of the technological wonders of our age. These devices carry a suite of sensors capable of monitoring the environment in detail, powerful data processors and the ability to transmit and receive information at high rates.

So it's no surprise that smartphones are increasingly targeted by malware designed to exploit this newfound power. Examples include software that listens for spoken credit card numbers or uses the on-board accelerometers to monitor credit card details entered as keystrokes.

Today Robert Templeman at the Naval Surface Warfare Center in Crane, Indiana, and a few pals at Indiana University reveal an entirely new class of 'visual malware' capable of recording and reconstructing a user's environment in 3D. This then allows the theft of virtual objects such as financial information, data on computer screens and identity-related information.

Templeman and co call their visual malware PlaceRaider and have created it as an app capable of running in the background of any smartphone using the Android 2.3 operating system.

Their idea is that the malware would be embedded in a camera app that the user would download and run, a process that would give the malware the permissions it needs to take photos and send them.

Continued : http://www.technologyreview.com/view/429394/placeraider-the-military-smartphone-malware/
- Collapse -
Facebook Gifts could encourage users to expose private info
Facebook Gifts could encourage users to expose more private information

"Security experts outline potential security and privacy risks posed by Facebook's new social gifting service"

Facebook Gifts, the new social gifting service launched by Facebook on Thursday, might encourage users to expose information like their home addresses, birth date, clothing or shoe size that could pose security and privacy risks, according to security experts.

Facebook used to have a Gift Shop application that allowed users to send virtual gifts in the form of images, but it was discontinued in August 2010. The revamped Facebook Gifts feature is the result of Facebook's May acquisition of mobile e-commerce app Karma and allows users to send physical gifts to their friends.

"Choose a gift, attach a card and send," Facebook said Thursday in an announcement on its website. "You can post your gift to your friend's timeline or send it privately. Your friend can then unwrap a preview of the gift and it will show up on their doorstep a few days later."

Facebook has partnered with many vendors in order to offer a large selection of gifts that includes stuffed animals, cupcakes, toys, coffee mugs, Starbucks gift cards and more. The company receives a percentage of every gift purchase.

Continued : http://www.computerworld.com/s/article/9231827/Facebook_Gifts_could_encourage_users_to_expose_more_private_information
- Collapse -
How millions of DSL modems were hacked in Brazil, to pay..
.. for Rio prostitutes

So, you think you're doing a pretty good job in terms of computer security on your home PC? You've kept your computer fully patched against the latest vulnerabilities? You've ensured that your PC is running the latest-and-greatest anti-virus updates?

Good for you.

Now, how about your router?

My suspicion is that the typical computer user doesn't give a second thought about whether their router could be harbouring a security threat, imagining that the devices don't need to be treated with suspicion.

But if you think that, you're quite wrong.

Fabio Assolini, a researcher for Kaspersky Labs, gave a fascinating presentation at the Virus Bulletin conference in Dallas last week, describing how more than 4.5 million home DSL routers in Brazil were found to have been silently hacked by cybercriminals last year.

Assolini described in his presentation, entitled "The tale of 1001 ADSL modems: Network devices in the sights of cybercriminals", how at some Brazilian ISPs, more than 50% of users were reported to have been affected by the attack.

Here's how the attack came about.

You're on Google's website, but you're not on Google's website

The first thing users may have noticed is that they would visit legitimate websites such as Google, Facebook and Orkut (a Google social network which is particularly popular in Brazil) and would be prompted to install software.

Continued : http://nakedsecurity.sophos.com/2012/10/01/hacked-routers-brazil-vb2012/

Also: DSL modem hack used to infect millions with banking fraud malware
- Collapse -
Is antivirus dead? Startup launches first 'exploit blocking'
.. program

Silicon Valley startup ZeroVulnerabilityLabs has made available a free program it claims stops malware from exploiting a wide range of software vulnerabilities regardless of whether these flaws are publically known or not.

Available now in a beta version for consumers and non-profits (the business version requires a license), ExploitShield Browser Edition is designed to be "install and forget," the company said.

Once installed, the software named 17 applications as being protected, including the most common and troublesome ones such as Adobe Reader and Flash, Java, Microsoft Office, various browsers and a number of video players. Others may be added in future. [Screenshot]

Security innovations pop up from time to time and this one represents a lateral approach to what has become a major - possibly the major issue - for consumers and businesses alike; how to secure PCs when software flaws crop up on an almost daily basis.

Continued : http://news.techworld.com/security/3401365/is-antivirus-dead-startup-launches-first-exploit-blocking-program/
- Collapse -
Tech think tank's site rejects browser do-not-track requets

"Do-not-track technology could hurt the ability of websites to deliver free services to users, the ITIF says"

he website for the Information Technology and Innovation Foundation (ITIF) now tells visitors it will not honor their browsers' do-not-track requests as a form of protest against the technology pushed by privacy groups and parts of the U.S. government.

The tech-focused think tank on Friday implemented a new website feature that detects whether visitors have do-not-track features enabled in their browsers and tells them their request has been denied.

"Do Not Track is a detrimental policy that undermines the economic foundation of the Internet," Daniel Castro, senior analyst at the ITIF wrote in a blog post. "Advertising revenue supports most of the free content, services, and apps available on the Internet."

Behavioral advertising, which tracks Web users in order to deliver relevant advertising to them, is a service in which "everyone wins," he added. "Ad-supported websites increase their revenue, users receive fewer irrelevant ads and more free content, and advertisers get to be in front of their target audiences."

Continued : http://www.computerworld.com/s/article/9231857/Tech_think_tank_s_website_rejects_browser_do_not_track_requests

CNET Forums