Spyware, Viruses, & Security forum


NEWS - October 04, 2012

by Carol~ Moderator / October 3, 2012 11:24 PM PDT
Microsoft Drops Suit Against Nitol Botnet Operator In Exchange for Cooperation

"Microsoft Settles with 3322.org Operators in Nitol Botnet Case"

Two weeks ago, Microsoft won a court victory, granting it control over the 3322.org domain. The domain's owner Peng Yong and his company, Changzhou Bei Te Kang Mu Software Technology Co., have settled with Microsoft, and in exchange for his help, Microsoft has agreed to drop its lawsuit.

Codenamed Operation b70, Nitol was discovered after Microsoft started looking into insecure supply chains. By gaining control over the 3322.org domain, the software giant was to command and disable some 70,000 malicious sub-domains.

Research showed that Nitol has been operating on a malicious domain since 2008, and when digging further, they discovered that of the 70,000 malicious sub-domains on 3322.org, there were more than 500 different strains of malware.

Included in the malware variants were Trojans (backdoors), spy tools (able to steal data and activate microphones and cameras), and basic keylogging kits. On its own, Nitol is a DDoS bot, which according to security experts is a minor threat in the grand scheme of things. However, Microsoft was going for gold and wanted Nitol, as well as all of the other malicious domains, shutdown.

Continued : http://www.securityweek.com/microsoft-drops-suit-against-nitol-botnet-operator-exchange-cooperation

Also: Microsoft settles Nitol botnet lawsuit

@ The Official Microsoft Blog: Microsoft Reaches Settlement with Defendants in Nitol Case
Discussion is locked
You are posting a reply to: NEWS - October 04, 2012
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - October 04, 2012
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Swedish Sites Attacked in Retaliation for Police Raid on ..
by Carol~ Moderator / October 3, 2012 11:33 PM PDT
.. Web Host

Several Web sites in Sweden, including the nation's central bank and two government affiliates, were hit with attacks this week, supposedly in retaliation for a police raid on an Internet company tied to The Pirate Bay, the world's largest file sharing site.

That site also was offline until Wednesday, but its officials say it was due to broken Power Distribution Unit.

The group Anonymous warned in a YouTube video that there would be repercussions after a two-day raid earlier this week on Web host PeriQ Networks AB in Solna, just outside Stockholm.

"We see this as a crime against freedom of information," a narrator said. "Swedish goverment will know our capabilities and what we want."

Sweden's Courts Administration site was hit by a DDoS attack, while a "foul message" was left at the National Board of Health and Welfare's web site. As of Wednesday evening, it was business as usual at both sites.

Pirate Bay's four Swedish founders have all been convicted of illegal file sharing, but the Web site continues to operate and is now registered in the Seychelles. Two of The Pirate Bay's founders started PRQ.

Continued : https://threatpost.com/en_us/blogs/swedish-sites-attacked-retaliation-police-raid-web-host-100312

PRQ Raid Targets Revealed, Pirate Party Gets Boost, Plot Thickens....
Swedish police confiscate three servers during raid on former Pirate Bay host
Collapse -
Cyberattacks on US banking websites subside
by Carol~ Moderator / October 3, 2012 11:33 PM PDT

"Prolexic, which says it protects the top financial institutions, says the attackers have done their homework"

The wave of cyberattacks against a half-dozen US financial institutions has subsided this week, but the recent demonstration of force shows a careful honing of destructive techniques that could continue to cause headaches.

The attacks against Wells Fargo, US Bancorp, PNC Financial Services Group, Citigroup, Bank of America and JPMorgan Chase succeeded in drawing ire from consumers trying to use the sites for regular banking.

But customer-facing websites are just a small part of very complicated banking systems consisting of sometimes thousands of back-end applications that are being prodded by attackers, said Scott Hammack, CEO of Prolexic, a company based in Hollywood, Florida, which specialises in defending against distributed denial-of-service (DDOS) attacks.

Continued : http://news.techworld.com/security/3402000/cyberattacks-on-us-banking-websites-subside/

Related: DDoS attacks on major US banks are no Stuxnet—here's why

Collapse -
HSTS becomes IETF proposed standard
by Carol~ Moderator / October 3, 2012 11:33 PM PDT
HSTS, the HTTP Strict Transport Security protocol, has been approved as a proposed standard by the IETF. HSTS is designed to allow web sites to ensure that only secure connections are being made to them by informing browsers that they should use a secure connection. The mechanism works by the server responding with a Strict-Transport-Security header which signals to the browser that it should connect using HTTPS for a time, not only for this connection but, potentially for subdomains as well. Once a browser gets this header it is under orders to only use secure connections to the site.

Many sites have previously either used HTTP redirects to get users to their secure pages or insecurely taken user names and passwords before sending the user on their way to an HTTPS page. HSTS reduces the ability for an attacker listening in on those connections to gather cookies or other data which may be exchanged on a session which began insecurely; a flaw which Firesheep has exploited since 2010.

HSTS has already been picked up by the industry, with PayPal, Blogspot and Etsy implementing the server side and Chrome, Firefox and Opera implementing the browser side. Microsoft's Internet Explorer and Apple's Safari have yet to incorporate HSTS

Continued : http://www.h-online.com/open/news/item/HSTS-becomes-IETF-proposed-standard-1722502.html
Collapse -
Bogus Skype password change notifications lead to phishing
by Carol~ Moderator / October 3, 2012 11:34 PM PDT

Bogus emails supposedly sent by Skype are targeting users of the popular VoIP service, saying that their Skype password has been "successfully changed", Hoax-Slayer warns. [Screenshot]

Users who haven't recently initiated the password change themselves are in danger of believing that their account is in the process of being hijacked and following the offered links without thinking.

Those that do will be faced with a spoofed Skype login page that sends the entered login credentials to the scammers behind this phishing attempt.

Users are advised always to log into the legitimate online services they use only via the official login page.

Following your own bookmark to it or entering the right URL in the browser address bar yourself are safe ways for checking what's going on with your account. Following links included in unsolicited emails - and especially those that try to create a sense of urgency - is not.


Collapse -
UK to invest £2m in global cyber security centre
by Carol~ Moderator / October 4, 2012 2:38 AM PDT

The UK will invest £2 million to set up a "centre of excellence" that will dish out advice to other countries needing to beef up their cyber security research and practices, Foreign Secretary William Hague said at the Budapest Conference on Cyberspace.

The funds will go towards establishing the Centre for Global Cyber-Security Capacity Building, which will be based at one of eight academic institutions designated 'Academic Centres of Excellence in Cyber Security Research'.

The Centre, which will bring together governments, researchers and security experts, will aim to position the UK at the centre of international cyber security efforts.

"Cyberspace is emerging as a new dimension in conflicts of the future. Many nations simply do not yet have the defences or the resources to counter state-sponsored cyber attack," Hague said.

"If we do not find ways of agreeing principles to moderate such behaviour and to deal with its consequences, then some countries could find themselves vulnerable to a wholly new strategic threat: effectively held to ransom by hostile states," he added.

Continued : http://www.itproportal.com/2012/10/04/uk-to-invest-2m-in-global-cyber-security-centre/

UK government to invest £2m in international cybersecurity centre
UK.gov to spunk £2m a year policing global cyber-security

Collapse -
Some Wordpress Themes, Thousands of Sites Open to XSS
by Carol~ Moderator / October 4, 2012 2:38 AM PDT
.. Vulnerability

A number of Wordpress themes being distributed by the developer Parallelus are vulnerable to cross-site scripting (XSS) attacks, reports said.

Themes, bits of PHP and HTML code that alter the look and functionality of sites, are usually installed via Wordpress' dashboard tool or by FTP.

According to Janne Ahlberg, a Finnish product security professional and pentester, the XSS vulnerabilities lie in the Unite, Salutation, Intersect and Traject themes. The themes cost around $30-$60 for a regular license on Themeforest.net, a Wordpress theme marketplace.

In a post on his blog, Ahlberg notes that not all of the themes and templates associated with Parallelus are vulnerable but that thousands of sites, personal and business, could be affected. Ahlberg notes that there have been almost 5,000 purchases of the Unite theme alone. The XSS vulnerability could lead to the remote execution of JavaScript if left unpatched.

Continued : https://threatpost.com/en_us/blogs/some-wordpress-themes-thousands-sites-open-xss-vulnerabilities-100312

Also: More XSS Vulnerabilities Found in Wordpress Themes
Collapse -
A tech support scammer dials Ars Technica. "I am calling..
by Carol~ Moderator / October 4, 2012 4:00 AM PDT
.."I am calling you from Windows":

"Cold caller from "Windows Technical Support" asks for remote access to my PC."

When the call came yesterday morning, I assumed at first I was being trolled—it was just too perfect to be true. My phone showed only "Private Caller" and, when I answered out of curiosity, I was connected to "John," a young man with a clear Indian accent who said he was calling from "Windows Technical Support." My computer, he told me, had alerted him that it was infested with viruses. He wanted to show me the problem—then charge me to fix it.

This scam itself is a few years old now, but I had not personally received one of the calls until yesterday—the very day that the Federal Trade Commission (FTC) announced a major crackdown on such "boiler room" call center operations. The very day that six civil lawsuits were filed against the top practitioners. The very day on which I had just finished speaking with Ars IT reporter Jon Brodkin, who spent the morning on an FTC conference call about this exact issue. And here were the scammers on the other end of the line, in what could only be a cosmic coincidence.

I walked around my office with the phone against my ear, then settled into my desk chair and put the call on speakerphone. I wanted to know just what it felt like to be on the receiving end of such a call. I wanted to know how a group of scammers half a world away convinced random and often tech-illiterate people to do things like run the built-in Windows Event Viewer, then connect to a website, download software, and install it (together, no easy feat for many mainstream users). I wanted to know just how the scammers eventually convinced their marks to open up remote control of their PCs to strangers who had just called them on the telephone.

Continued : http://arstechnica.com/tech-policy/2012/10/i-am-calling-you-from-windows-a-tech-support-scammer-dials-ars-technica/

Related to:
FTC Halts Massive Tech Support Scams
FTC Blocks "Tech Support" Fraud Schemes Linked to India
FTC shuts down tech support scams from India that charged $49-$450 to remove nonexistent malware
Collapse -
iOS 6 closes configuration hole
by Carol~ Moderator / October 4, 2012 6:03 AM PDT

Even users who aren't interested in the new features in iOS 6 should make sure that they install the new version on their iPhone or iPad: the update also closes a critical vulnerability in the code for checking certificates that potentially enables attackers to access the information stored on an iOS device and allows them to intercept data traffic.

The iPhone configuration program is a powerful tool that can turn into a weapon in the wrong hands Zoom Hardly anything on Apple's web site points towards the existence of the "iPhone Configuration Utility" (Windows, Mac); it can only be found in the support area for enterprise customers. It allows custom system settings to be deployed to multiple iOS devices, for example, it offers a convenient way for companies to deploy their corporate Wi-Fi network settings on devices when supplying their employees with new phones or to implement security guidelines such as a minimum password length. [Screenshot]

Of course, these profiles also offer many opportunities for misuse. Because of this, iOS checks whether the exported configuration files (.mobileconfig) were signed with the certificate of a trusted issuer. In corporate environments, this enables employees to make sure that a pending system update has indeed been approved by the IT department. If the certificate check is successful, iOS confirms this by ticking a box and displaying the word "Verified" in large green letters.

Continued : http://www.h-online.com/security/features/iOS-6-closes-configuration-hole-1713110.html

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?