Attention: The forums are currently placed on Read Only.

Thank you for visiting the CNET forums. Our site is currently undergoing some maintenance. During this period (6:30 AM to 8 PM PDT,) you can read the forums content, however posting in the forum will not be available. We apologize for this inconvenience. Click here to read details

Spyware, Viruses, & Security forum


NEWS - October 11, 2011

by Carol~ Moderator / October 11, 2011 12:45 AM PDT
London 2012 CIO: 'It's very hard to launch a DDoS attack on us'

"Gerry Pennell confident at launch of Olympic Games Technology Operations Centre"

Cyber criminals will find it "very hard" to launch a distributed denial of service (DDoS) attack on the London 2012 Olympic Games website, according to the Olympic Games CIO.

Gerry Pennell, CIO at the London Organising Committee for the Olympic Games (LOCOG), said: "The advantage is we are mostly about pushing data out.

"We can use a content distribution network, so it is very hard to launch a DDoS on us, because our front end is so dispersed."

Other information security precautions that London 2012 are taking include keeping mission critical systems, such as those dealing with management of athletic performance, separate from any web-facing systems.

Continued :

London Olympic Games to simulate cyber-attacks
Cyber attack tests for Olympic Games computer systems
Discussion is locked
Collapse -
VeriSign demands website takedown powers
by Carol~ Moderator / October 11, 2011 12:59 AM PDT

VeriSign, which manages the database of all .com internet addresses, wants powers to shut down "non-legitimate" domain names when asked to by law enforcement.

The company said today it wants to be able to enforce the "denial, cancellation or transfer of any registration" in any of a laundry list of scenarios where a domain is deemed to be "abusive".

VeriSign should be able to shut down a .com or .net domain, and therefore its associated website and email, "to comply with any applicable court orders, laws, government rules or requirements, requests of law enforcement or other governmental or quasi-governmental agency, or any dispute resolution process", according to a document it filed today with domain name industry overseer ICANN.

The company has already helped law enforcement agencies in the US, such as the Immigration and Customs Enforcement agency, seize domains that were allegedly being used to sell counterfeit goods or facilitate online piracy, when the agency first obtained a court order.

Continued :

Collapse -
More Info on German State Backdoor: Case R2D2
by Carol~ Moderator / October 11, 2011 2:01 AM PDT

From the F-Secure Antivirus Research Weblog:

Last weekend, the German based Chaos Computer Club (CCC) published details on a backdoor trojan they claimed was being used by German authorities, in violation of German law.

And now, several German states have admitted to using Backdoor:W32/R2D2.A (aka "0zapftis"), though they say the backdoor falls within what's allowed.

In one case, the trojan was installed on a suspect's laptop while he was passing customs & immigration at the Munich International airport.

Here's some additional details about the backdoor itself.

The CCC's report included analysis of the backdoor's DLL and a kernel driver. The CCC apparently did not have access to the installer. (Which would have been locally installed on the suspect's computer.)

We do have the installer.

Here's a screenshot from our malware containment system: [Screenshot]

The installer file is called "scuinst.exe". It was first seen on December 9th, 2010.

Continued :

Related: CCC cracks government trojan

Collapse -
Sneaky fake company virus warnings trick users into..
by Carol~ Moderator / October 11, 2011 2:01 AM PDT
... installing malware

Picture the scene.

You receive an email from someone inside your company. He tells you that there is a virus problem inside the company and it has resulted in data being stolen and some files being deleted.

You are told to install an anti-virus tool to clean-up the infection properly. The link appears to point to a download on your company's own website.

Would you do it?

Well, hopefully not. But people less savvy in security matters might be fooled.

Here is the email that has been spammed out to a number of large companies: [Screenshot: Malicious Email]

Subject: IT Notice
Message body:
Dear all,

Just a quick alert to let everyone know that our company have experienced a new kind of virus to web space and personal computer. found that the computer system information leaked, such as in other server information is moving, a few files deleted. Expert written virus removal tools to help us fully remove this virus, Please download and install the patch, obtain virus definitions, and run the removal tool.Download the tool from: . Please Back Up Your System Databases, If any questions, please do not hesistate to contact IT department.

Although the link appears to the naked eye to point to a file called antivirus.exe on your company's own server (for instance, if your company's website was called it would appear to link to it really directs your browser to a download on a third-party website.

Continued :
Collapse -
Symantec Research: The Motivations of Recent Android Malware
by Carol~ Moderator / October 11, 2011 2:01 AM PDT

For years now, we in the cyber security industry have been saying an explosion of mobile malware is just around the corner. Beginning in earnest this year, we have indeed observed a marked increase in threats targeting mobile devices - particularly the Android platform. However, it's probably not accurate to say the expected explosion has in fact occurred. The reality is that cybercriminals are still very much in the exploratory phase of figuring out how to monetize the exploitation of mobile devices. This is the topic of Symantec's latest research. You can read the whitepaper in its entirety here (pdf).

Above all else, our analysis highlights how most current efforts to monetize mobile malware have only a low revenue-per-infection ratio. This has severely limited the return on investment achievable by attackers. It also offers detailed insight into the top current mobile malware monetization schemes observed by Symantec, including how each works and examples of the malware presently being used to carry them out. These schemes are:

• Premium-rate number billing scams
• Spyware
• Search engine poisoning
• Pay-per-click scams
• Pay-per-install schemes
• Adware
• Stealing mobile transaction authentication numbers (mTAN)

Continued :

Collapse -
Zero-day exploits rarely used by criminals, Microsoft finds
by Carol~ Moderator / October 11, 2011 3:06 AM PDT

"Criminals have easier attack methods, says latest analysis"

Software exploits, including zero-day attacks, appear to play a much smaller part in malware infections than previously thought, Microsoft's latest Security Intelligence Report (SIRv11) has found.

The vast majority of malware infections detected by the company's Malicious Software Removal Tool (MSRT) for the first half of 2011 depended either on user interaction or an abuse of the Windows AutoRun feature to infect PC, with these used in 44.8 percent and 26 percent of attacks respectively.

Surprisingly, despite the fear surrounding software exploits, attacks depending on these barely registered, recording just 5.6 percent of infections. More surprisingly still, under one percent of those turned out to use zero-day exploits, with not a single example of the most common malware types incorporating the method.

This is an unexpected finding. As Microsoft points out, zero day attacks are one of the most feared threat types because it appears to give the attacker the ability to compromise systems in a way that is impossible to quantify until it is too late.

Continued :

Microsoft Security Intel Report suggests zero-day flaws way overblown
Don't worry about zero-days, says Microsoft
Microsoft dismisses zero-day threats

Collapse -
VLC Media Player 1.1.12 closes security hole
by Carol~ Moderator / October 11, 2011 3:06 AM PDT

The VideoLAN project development team has announced the release of version 1.1.12 of the VLC Media Player. The maintenance and security update addresses a NULL dereference vulnerability in the HTTP and RTSP server component used by VLC which could be exploited by an attacker to crash the server process.

For an attack to be successful, a victim must have started VLC server and manually started the HTTP web interface, HTTP output, RTSP output or RTSP VoD functions. Versions up to and including 1.1.11 are affected. According to the developers, the issue "does not affect standard usage of the player".

The thirteenth release of the 1.1.x branch of VLC also brings improvements for audio output: it adds support for AC-3 and DTS passthrough included in version 1.0 of PulseAudio, has fixes for PulseAudio synchronisation, and better support for Mac OS X 10.7 Lion. Other changes include Unix port compatibility updates, translation updates and fixes for bugs that cause VLC to crash on Japanese locale Mac OS X systems.

Continued :

Collapse -
Microsoft flags Firefox and Chrome for security failings
by Carol~ Moderator / October 11, 2011 7:05 AM PDT

Microsoft has unveiled a website aimed at raising awareness of browser security by comparing the ability of Internet Explorer, Mozilla Firefox, and Google Chrome to withstand attacks from malware, phishing, and other types of threats.

Your Browser Matters gives the latest versions of Firefox and Chrome a paltry 2 and 2.5 points respectively out of a possible score of 4. Visit the site using the IE 9, however, and the browser gets a perfect score. IE 7 gets only 1 point, and IE 6 receives no points at all. The site refused to rate Apple's Safari browser in tests run by The Register.

The page is designed to educate users about the importance of choosing an up-to-date browser that offers industry-standard features. The ability to automatically warn users when they're about to download a malicious file, to contain web content in a security sandbox that has no access to sensitive parts of the computer's operating system, and to automatically install updates are just three of the criteria.

Continued :

Collapse -
Biggest Identity Theft Bust Ever Nets 111 In New York
by Carol~ Moderator / October 11, 2011 7:05 AM PDT

Authorities in New York have arrested more than 100 people accused of participating in an identity theft scam that generated $13 million in illicit profits fore crime gains in Europe, Asia, Africa and the Middle East, according to a statement from the District Attorney for Queens County.

The accused are alleged to have stolen financial information from consumers in the U.S. and Europe over a 16 month period. The scam relied heavily on trusted insiders within financial and retail businesses to steal information and, in two cases, merchandise from Kennedy Airport and Citigroup, according to a statement Friday.

The scam was wide ranging and reported to be the largest ever in the U.S. Among those arrested were bank tellers, store employees, restaurant workers and others who worked on behalf of the criminal networks to steal financial and identity data. That data was then used to forge credit cards which were, in turn, passed to organized shopping "teams" who engaged in coast-to-coast shopping sprees, buying designer handbags, game consoles and jewelry-- all goods that can be easily fenced online and turned back into cash for the scammers.

Continued :

Police Arrest 111 Individuals in Queens-Based Identity Theft Bust
'Largest' ID theft ring, trading in Apple products, busted in NY
111 Arrested In Identity Theft Probe

Collapse -
Apple iTunes 10.5 Released
by Carol~ Moderator / October 11, 2011 7:45 AM PDT


Apple released iTunes 10.5 for Windows and Mac OS X. For those following Apple this comes as no big surprise as there are functionality changes expected due to the imminent release of a new iPhone model. What is however a bit surprising is that they also released an impressive list of fixed vulnerabilities in the windows version of iTunes.

Even more interesting is that that list also mentions that e.g. "For Mac OS X v10.6 systems, this issue is addressed in Security Update 2011-006" or "For OS X Lion systems, this issue is addressed in OS X Lion v10.7.2". And those are respectively a security update and an OS update that are not yet released at the time of writing.

Collapse -
Malware-laden fake YesAsia invoices spammed out
by Carol~ Moderator / October 11, 2011 7:45 AM PDT is a popular online retailer that sells Asian and Western products. Think of a website like, but with a focus on selling movies, music, and electronics to customers in Asian countries.

Unfortunately, it seems that cybercriminals are trying to take advantage of YesAsia's popularity by spamming out malicious emails posing as invoices.

Here's an example, claiming that the recipient's credit card has been charged for the purchase of a Logitech webcam and a Freecom external hard drive: [Screenshot: Malicious Email]

Be wary if you receive one of these emails, as the links do not point to but to a ZIP file on instead. is not a real YesAsia website, and was registered by somebody just yesterday for the purposes of duping PC owners into installing the malware.

Continued :

Popular Forums

Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!