Spyware, Viruses, & Security forum

General discussion

NEWS - October 14, 2009

by Donna Buenaventura / October 14, 2009 12:11 AM PDT
Tailor-Made ZBOT Spam Campaign Targets Various Companies

Trend Micro threat analysts were recently alerted to a phishing attempt targeting random employees of several companies. The email posed as a notification from the company's "system administrator," reminding the employee to update his/her system's software due to a recent server software upgrade. The spammed email, like other phishing emails, contained a URL that led to users to a phishing site hosted on the several subdomains that resolved to the same IP address.

Trend Micro Advanced Threats Researcher Joey Costoya believes the subdomains are tailor-made, depending on the recipent's email address. This makes the email seem legitimate, even if it is not, tricking unknowing users into clicking the URL.

As of this writing, the URLs are already inaccessible. Trend Micro analyzed the domains and subdomains used in this attack and found that they are already blacklisted. The domain was registered for only one year.

More in http://blog.trendmicro.com/tailor-made-zbot-spam-campaign-targets-various-companies/
Discussion is locked
You are posting a reply to: NEWS - October 14, 2009
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - October 14, 2009
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
MJ's New Song Leaked Triggers Spam Attacks.
by Donna Buenaventura / October 14, 2009 12:16 AM PDT

Michael Jackson's new song "This Is It" premiered on MichaelJackson.com at midnight on October 12 where fans can listen to it for free. But apparently a 45-second preview of the song leaked onto YouTube the day before.

The spam has been making rounds to trick folks into accessing the link included in the email to listen to the preview (obviously its not a real email from CNN nor is the ad a real ad from GAP!).

More info with screenshot in http://www.symantec.com/connect/blogs/mj-s-new-song-leaked-triggers-spam-attacks

In another blog entry, Symantec is... "Taking a Closer Look at Trojan.Bredolab":

Trojan.Bredolab is a threat that has been distributed widely and consistently this year. This research paper takes a closer look at the Trojan to discover how it works, why it's so widespread, and the motivations behind it.

In short, Bredolab is distributed by spam emails and drive-by-download attacks. (In fact, last month we blogged about a wave of spam emails used to distribute it.) Once it's on a computer, Bredolab downloads and installs a variety of other threats.

Read about it in http://www.symantec.com/connect/blogs/taking-closer-look-trojanbredolab

Collapse -
Q&A: Websense threat research manager, Carl Leonard
by Donna Buenaventura / October 14, 2009 12:18 AM PDT

V3.co.uk sat down with Carl Leonard to discuss his role as head of the Websense threat labs in Europe, and the state of the threat landscape

Carl Leonard discusses Web 2.0, user-generated content and the dangers of drive-by malware.

Questions by V3.co.uk to Mr. Leonard are:
As head of the Websense European threat research team, what does your role entail?
You've been analysing threats for over six years now. What have been the biggest changes during that time?

More and the answers in http://www.v3.co.uk/v3/analysis/2251189/q-websense-threat-research?

Collapse -
New iPhone 3GS May Be Jailbreak-Proof
by Donna Buenaventura / October 14, 2009 12:20 AM PDT

The cat-and-mouse game between Apple and a cadre of hackers continues, as Apple is reportedly now shipping iPhone 3GS units that are jailbreak-proof. Several hackers specializing in iPhone 3GS jailbreaks are saying that the well-known 24kpwn exploit is no longer viable, because Apple is now shipping iPhone 3GS models with a new bootrom that can resist the hacking technique, according to iClarified.

If you think that last sentence sounded like a bunch of technical nonsense, you're not alone. So let's break this jailbreaking jargon down: Death of the Hackable Bootrom

Continue reading at http://www.pcworld.com/article/173629/new_iphone_3gs_may_be_jailbreakproof.html?

Collapse -
Missing dot drops Sweden off the Internet
by Donna Buenaventura / October 14, 2009 12:23 AM PDT

What was essentially a typo last night resulted in the temporary disappearance from the Internet of almost a million Web sites in Sweden -- every address with a .se top-level down name.

According to Web monitoring company Pingdom, which happens to be based in Sweden, the disablement of an entire top-level domain "is exceptionally rare. ... Usually it's a single domain name that has been incorrectly configured or the DNS servers of a single Web host having problems. Problems that affect an entire top-level zone have very wide-ranging effects as can be seen by the .se incident. ... Imagine the same thing happening to the .com domain, which has over 80 million domain names."

The total blackout of .se lasted for about an hour and a half, Pingdom says, although aftershocks are expected to continue.

"The .SE registry used an incorrectly configured script to update the .se zone, which introduced an error to every single .se domain name," says Pingdom. "We have spoken to a number of industry insiders and what happened is that when updating the data, the script did not add a terminating '.' to the DNS records in the .se zone. That trailing dot is necessary in the settings for DNS to understand that '.se" is the top-level domain. It is a seemingly small detail, but without it, the whole DNS lookup chain broke down."

http://www.networkworld.com/community/node/46115

Collapse -
Google Online Security: Show Me the Malware!
by Donna Buenaventura / October 14, 2009 12:28 AM PDT

Google Online Security has announced that webmaster can now see where is the location of the malware on their website. That is, if their website has been diagnosed by Google's Diagnostic site as 'malicious' or hosted malware. They wrote in a blog post yesterday:

As part of Cyber Security Awareness Month, we're highlighting cyber security tips and features to help ensure you're taking the necessary steps to protect your computer, website, and personal information. For general cyber security tips, check out our online security educational series or visit http://www.staysafeonline.org/. To learn more about malware detection and site cleanup, visit the Webmaster Tools Help Center and Forum.

To help protect users against malware threats, Google has built automated scanners that detect malware on websites we've indexed. Pages that are identified as dangerous by these scanners are accompanied by warnings in Google search results, and browsers such as Google Chrome, Firefox, and Safari also use our data to show similar warnings to people attempting to visit suspicious sites.

We're happy to announce that we've launched a feature that enables Google to provide even more detailed help to webmasters. Webmaster Tools now provides webmasters with samples of the malicious code that Google's automated scanners detected on their sites. These samples - which typically take the form of injected HTML tags, JavaScript, or embedded Flash files - are available in the "Malware details" Labs feature in Webmaster Tools. Registered webmasters (registration is free) of infected sites do not need to specially enable the feature - they will find links to it on the Webmaster Tools dashboard. Webmasters will see a list of their pages that we found to be involved in malware distribution and samples of the malicious content that Google's scanners encountered on each infected page. In certain situations we can identify the underlying cause of the malicious code, and we'll provide these details when possible. We hope that the additional information will assist webmasters and help prevent their visitors from being exposed to malware.


Read more in http://googleonlinesecurity.blogspot.com/2009/10/show-me-malware.html

Collapse -
AVG upgrades free security tool to scan shortened URLs
by Donna Buenaventura / October 14, 2009 12:30 AM PDT

AVG has added a feature to its LinkScanner Web security product that scans shortened URLs, which can often blindly lead users into a malicious software attack.

LinkScanner, which AVG launched as a free product in April, performs real-time scanning of Web pages as users browse and blocks those pages that may have been rigged to exploit a software vulnerability.

There are many services that will shorten URLs, which are useful because the micro-blogging site Twitter limits posts to 140 characters or less. But the short URLs pose a particular danger since there's no way to tell in the browser window where the link leads. Twitter as well as other social networking sites have seen malicious shortened URLs proliferate.

Around August, Twitter began filtering bad URLs using Google's Safe Browsing API (application programming interface), which enables client applications to check against Google's blacklist of known bad Web sites.

http://www.networkworld.com/news/2009/101309-avg-upgrades-free-security-tool.html

Collapse -
Adobe Plugs 29 Critical Reader, Acrobat Holes
by Donna Buenaventura / October 14, 2009 12:31 AM PDT

Adobe Systems Inc. on Tuesday issued a new version of both Adobe Acrobat and its free Adobe PDF Reader to fix at least 29 separate security vulnerabilities in these products.

If you have either (or both) of these programs installed, take a moment to update them. Adobe warns that hackers already are exploiting at least one of the flaws to break into vulnerable systems.

http://voices.washingtonpost.com/securityfix/2009/10/adobe_plugs_critical_reader_ac.html

Collapse -
Twitter launches tool for nailing spammers
by Donna Buenaventura / October 14, 2009 12:34 AM PDT

Twitter added a tool that lets users flag accounts of spammers at the globally-popular microblogging service.

Hitting a "Report as spam" button newly added to the Action section of Twitter pages alerts Twitter's safety team to check out what, if anything, should be done about a purportedly abusive profile.

"Folks can now help us conquer spam by calling our attention to a profile they find questionable," Jenna Dawn of Twitter said in a blog post.

http://tech.yahoo.com/news/afp/20091014/tc_afp/usitinternettwitter
http://blog.twitter.com/2009/10/help-us-nail-spammers.html

Collapse -
Mozilla service detects insecure Firefox plugins
by Carol~ Moderator / October 14, 2009 10:08 AM PDT
Slated for browser embedding

By Dan Goodin
14th October 2009

Mozilla has introduced a service that checks Firefox browser plugins to make sure they don't have known security vulnerabilities or incompatibilities.

The service debuted on Tuesday with this page, which checks 15 plugins to make sure they're the most recent versions. Over time, Mozilla developers plan to scan additional addons, and they also plan to embed a feature into version 3.6 of the open-source browser that will automatically indicate which plugins used on a current page are out of date.

The offering builds on a feature Mozilla rolled out last month that warned Firefox users when they had an out-of-date version of Adobe's Flash media player installed. In its first week, Mozilla statistics showed more than half of those who installed the latest Firefox release were running an insecure version of the frequently attacked plugin.

Not that the service has necessarily gotten off to as good a start as one might hope. Our tests failed to detect the use of Adobe Reader, another application widely abused by criminals. And other plugins, such as Google Picasa and the iTunes Application Detector were also left out in the cold.

Continued here: http://www.theregister.co.uk/2009/10/14/mozilla_firefox_security_plugin/
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?