Spyware, Viruses, & Security forum


NEWS - October 14, 2011

by Carol~ Moderator / October 14, 2011 1:00 AM PDT
Mozilla rubbishes Microsoft web browser security tests

"Tests leave out important techniques, say open source developers"

Mozilla has responded to Microsoft's new browser security test with jabs against Internet Explorer.

Earlier this week, Microsoft launched a website that rates the security of IE, Google's Chrome and Mozilla's Firefox.

The site, yourbrowsermatters.org, uses the agent string of those browsers to call up a score between 0 and 4. IE9, Microsoft's latest browser, reaps a perfect 4, and 2009's IE8 collects a 3. Month-old versions of Chrome and Firefox, however, return ratings of 2.5 and 2, respectively. Microsoft registered the site, the ".org" top level domain, typically reserved for non-profits.

Mozilla didn't think much of the test.

"Mozilla is fiercely proud of our long track record of leadership on security," said Johnathan Nightingale, the company's director of Firefox engineering. "We believe that being safe on the web means having a robust browser that defends against malware and phishing, includes new technologies to help sites and users secure themselves, and a responsive security team that gets security updates out quickly and reliably."

Continued : http://news.techworld.com/security/3310921/mozilla-rubbishes-microsoft-web-browser-security-tests/

Related: Microsoft flags Firefox and Chrome for security failings
Discussion is locked
You are posting a reply to: NEWS - October 14, 2011
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - October 14, 2011
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Exposed Dutch ISP Attempts False Police Report
by Carol~ Moderator / October 14, 2011 2:20 AM PDT

From Spamhaus related to "Dutch ISP calls the cops after Spamhaus blacklists it ":

If The Netherlands has penalties for wasting police time, Dutch ISP 'A2B Internet' will be looking at a hefty fine. The owner of the small Dutch transit ISP claimed on Tuesday 11 Oct to have filed a report with local police in the Dutch region of Zaanstreek-Waterland accusing Spamhaus of "extortion" and carrying out a "DoS attack" on his network by listing one of his IP ranges on the Spamhaus Block List ("SBL") for persistently selling internet connectivity to spam and crime outfits.

The SBL Advisory is a database of IP addresses used by almost three-quarters of Internet networks to filter incoming email traffic. Spamhaus places on the SBL IP addresses which do not meet its published policies and therefore from which Spamhaus does not recommend the acceptance of electronic mail. The SBL lists 4 categories of abuse: spam sources, spam hosts, spam services and spam support services.

Per Spamhaus policy, on October 6th, after notifying A2B several times since June without results, an SBL listing which A2B had been ignoring was escalated to the SBL's "providing a spam support service" category and increased to include one of A2B's IP ranges. The escalated SBL record SBL112638 listed for providing routing "knowingly and for profit" to a rogue host known as "CB3ROB" or "Cyberbunker", an outfit which Spamhaus has long seen involved in hosting cryber-crime and spam outfits. SBL listings of CB3ROB had been mounting steadily during 2011 for hosting malware, phishing and websites selling fraudulent goods advertised via spam. CB3ROB had announced that it would not terminate customers due to spam listings - an announcement which sent a golden invitation to even more spam and crime customers to the point where all of CB3ROB was placed on the Spamhaus DROP ("Don't Route Or Peer") list at the beginning of October.

Continued : http://www.spamhaus.org/news.lasso?article=673

Collapse -
The continuation of dangerous rogue ads on Bing (and Yahoo)
by Carol~ Moderator / October 14, 2011 2:20 AM PDT

From the Sunbelt/GFI Blog:

We've noted this before, but Microsoft needs to get a handle on ad placements on Bing. Ok, so Bing isn't the most widely used search engine, but remember that Yahoo plays a part here as well.

In this case, we're talking Sirefef (ZeroAccess aka Max++), probably the nastiest piece of malware circulating on the 'net right now. Sirefef kills any attempt to remove it, and is nearly impossible to clean (short of booting onto a rescue disk and performing cleanup actions, or reformatting).

So just search for "adobe flash", and you might see this ad: [Screenshot]

(That same search term will look identical on Yahoo, since Yahoo displays Bing ads and search results.)

Which leads to an innocent-looking "download flash" page: [Screenshot]

Note that the page isn't actually "GetAdobeFlash.com". Instead, it redirects to a directory on a compromised trucking site (arulbrothers.com), downloading a file from torreandaluz (dot) com/flash/Flash Player 10 Setup.exe

Continued : http://sunbeltblog.blogspot.com/2011/10/continuation-of-dangerous-rogue-ads-on.html

Collapse -
Norton blocks Facebook as 'phishing site'
by Carol~ Moderator / October 14, 2011 2:31 AM PDT

Symantec has withdrawn an update to its Norton consumer security software that branded Facebook a phishing site on Wednesday.

The snafu meant that users of Norton Internet Security were blocked from accessing the social networking site and were told a "fraudulent web page" had been blocked, as illustrated in a discussion thread on Symantec's support forums here.

While wags might joke that Facebook is all about persuading punters to supply personal information to a website that ought not to be trusted, it's a bit of a stretch to even compare Zuckerberg's Reservation to a fraudulent banking site. Symantec responded to the problem within hours. From the looks of support forum postings affected users were left dazed and confused rather than seriously inconvenienced or aggrieved by the screw-up.

Security firms update their signature definition files to detect either rogue applications or questionable websites at increasing frequency in order to keep up with malware production rates. Plenty of effort is put into the quality assurance process across the industry but even so mistakes sometimes occur. False positives are a cross-industry problem that affects all vendors.


Collapse -
SEC Says Public Companies Must Disclose Cyberattacks
by Carol~ Moderator / October 14, 2011 3:08 AM PDT

The Securities and Exchange Commission on Thursday issued new guidelines that said publicly-traded companies must disclose when they suffer cyberattacks and describe intellectual property stolen by hackers.

Previously, publicly-traded companies were not required to report computer intrusions or whether they had fixed the problem in their SEC filings. But starting next year, they must acknowledge those cyberattacks to regulators and explain measures they plan to take to close their cybersecurity gaps, according to the SEC guidance.

"This is a huge paradigm shift,'" said Tom Kellermann, chief technology officer of mobile security company AirPatrol Corp.

In May, a group of Democratic lawmakers, including Senate Commerce Committee Chairman Jay Rockefeller, sent a letter to the SEC asking regulators to clarify whether companies must disclose cyberattacks or data breaches or the risk of them occurring. The committee's review of SEC filings found that companies did not reveal measures they took to improve cybersecurity and were vague about their cyber vulnerabilities.

Continued : http://www.huffingtonpost.com/2011/10/13/sec-disclose-cyberattacks_n_1010050.html

SEC Urges Disclosure of Hacker Threats in Public Company Filings
SEC Says Public Companies May Need to Disclose Attacks
Big biz told to reveal hack attacks

Collapse -
Malware Uses New DLL Loading Technique - MS11-071
by Carol~ Moderator / October 14, 2011 3:09 AM PDT

It has been a year since we have witnessed a DLL hijacking technique which loads a malicious DLL that affects hundreds of programs. The method involves dropping a collection of normal files together with the malicious DLL from within a directory. We recently analyzed the following archive sample. Only the file "deskpan.dll" was detected as malicious. [Screenshot]

A DLL file inside a folder immediately looks like a DLL hijacking candidate. Once the user opens the document file, the malicious DLL also gets loaded. This attack also works with any legitimate rich text format file (.rtf), or text file (.txt). In order to execute the malicious file "deskpan.dll", it needs to be located in the folder named "[any characters]. {42071714-76D4-11D1-8B24-00A0C9068FF3}".

Deskpan.cpl is the Display Panning CPL Extension, a module related to the display settings of pictures that appear on a user's screen. Together with associated DLLs, this extension allows users to adjust the advanced display adapter properties and display monitor properties. Ordinarily it is installed in the windows/system32 directory.

Once executed the malware creates the following files and registry entries:

Continued : http://blog.commtouch.com/cafe/malware/malware-uses-new-dll-loading-technique-%E2%80%93-ms11-071/

Collapse -
SpyEye malware continues to plague computers
by Carol~ Moderator / October 14, 2011 3:09 AM PDT

"The tricky malware hides itself on computers and can be hard to detect"

The SpyEye banking malware continues to plague computers across the world and is proving to be a difficult foe to detect and remove from infected Windows PCs, according to two researchers from EMC's RSA security division.

Uri Rivner, who is head of new technologies for consumer identity protection, and Jason Rader, chief security strategist, both donned white lab coats for their session at the RSA security conference in London on Thursday for a technical tear-down and review of SpyEye.

The two researchers also changed their titles: Rivner became part of the dangerous malware department at RSA General Hospital and Rader the head of research for the malware epidemic division of the U.S. CDC (Centers for Disease Control and Prevention).

SpyEye has been around for more than a year and is the successor to the Zeus banking malware. SpyEye emerged after the author of Zeus, who went by the screen name "Slavik," stopped developing it. But another person by the name "Harderman" took over the project, Rivner said.

SpyEye is a kit that is sold to other online criminals. It's easy to use, and people need a high level of technical skills to conduct an attack.

Continued : http://www.networkworld.com/news/2011/101411-spyeye-malware-continues-to-plague-251982.html

Collapse -
Jail Sentence for Pirate Bay Co-Founder Made Final
by Carol~ Moderator / October 14, 2011 4:58 AM PDT

The Stockholm District Court sentence against Pirate Bay founder Gottfrid Svartholm was finalized today after he failed to appear at the Court of Appeal. Svartholm, also known as Anakata online, did not appear at the appeal trial last year because he was hospitalized in Cambodia and later went missing. The Court of Appeal has now decided to finalize the initial verdict of one year jail time and a fine of $1.1 million.

November last year, the Swedish Appeal Court found three people behind The Pirate Bay guilty of contributory copyright infringement offenses. The trio were handed prison sentences and ordered to pay millions of dollars in damages.

One of the defendants in the original trial, Pirate Bay co-founder Gottfrid Svartholm, was not included in the verdict because he was absent from the court hearings due to medical circumstances. The Court of Appeal decided to schedule a separate hearing for him to take place at a later date.

Continued : http://torrentfreak.com/jail-sentence-for-pirate-bay-co-founder-made-final-111014/

Collapse -
Verizon Privacy Changes: Verizon Now Monitors & Shares Your
by Carol~ Moderator / October 14, 2011 4:58 AM PDT

'Verizon Privacy Changes: Verizon Now Monitors And Shares Your Web Surfing Information'

On Wednesday, the largest wireless carrier in the United States, Verizon, announced that they will now use information they collect about the websites you visit, the apps you use and your location to "create business and marketing reports" and to "make the mobile ads you see more relevant."

In a statement regarding the privacy change, Verizon says, they will also share your location information with other companies so that these third parties can "create business and marketing reports" about things like the "number of mobile users who take a particular highway during rush hour."

While all Verizon customers are subject to the changes, those who don't want their information shared can choose to opt-out on Verizon's website. If you choose to remain opted-in, Verizon says that none of the information they use or share will be able to be personally identified as yours.

Continued : http://www.huffingtonpost.com/2011/10/13/verizon-privacy-changes_n_1009415.html

Collapse -
Air Force downplays drone virus
by Carol~ Moderator / October 14, 2011 6:15 AM PDT

The U.S. Air Force is downplaying reports of a rampaging drone virus, claiming the infection was properly and easily contained from the start.

In an official statement, the USAF insisted the malware was "more of a nuisance than an operation threat," as the ability of drone pilots to remotely fly the aircraft from Creech Air Force Base in Nevada "remained secure throughout the incident."

According to Air Force Space Command spokeswoman Col. Kathleen Cook, the infection was located on a small, portable hard drive used to transfer information between systems at Creech.

Contrary to earlier reports, Cook claimed the virus did not actually log computer keystrokes, but was instead designed to steal credentials from users playing online games like Mafia Wars. ??

"It's standard policy not to discuss the operational status of our forces. However, we felt it important to declassify portions of the information associated with this event to ensure the public understands that the detected and quarantined virus posed no threat to our operational mission and that control of our remotely piloted aircraft was never in question," said Cook.

Continued : http://www.tgdaily.com/security-features/59035-air-force-downplays-drone-virus

Military: Computer Virus Wasn't Directed at Drones
AP: Drone Virus Could Have Come From Games Like 'Mafia Wars'
Drone virus may have originated with online gaming

Collapse -
Mass ASP.NET attack causes websites to turn on visitors
by Carol~ Moderator / October 14, 2011 6:15 AM PDT

An infection that causes poorly configured websites to silently bombard visitors with malware attacks has hit almost 614,000 webpages, Google searches show.

The mass infection, which redirects users to a site exploiting old versions of Oracle's Java, Adobe's Flash player and various browsers, was first disclosed by researchers from Armorize on Wednesday. At the time, it appeared to affect about 180,000 pages. By time of writing on Friday, the initial attack and a follow-on exploit has spread to 613,890 combined pages. The SQL injection attack mostly exploits websites running Microsoft's ASP.Net web application framework.

The infection injects code into websites operated by restaurants, hospitals, and other small businesses and plants an invisible link in visitors' browsers to sites including jjghui.com and nbnjkl.com. Those sites in turn redirected to several other websites that include highly obfuscated code. At the end of the line is a cocktail of attacks that exploit known vulnerabilities in Java and the other targeted programs. Computers running unpatched versions are then commandeered. Servers in the attack used IP addresses based in the US and Russia. [Screenshot]

Continued : http://www.theregister.co.uk/2011/10/14/mass_website_inection_grows/

Also: 300,000 Websites Fall Victim to ASP Mass Infection

Collapse -
U.S. Copyright Czar Cozied Up to Content Industry, E-Mails
by Carol~ Moderator / October 14, 2011 6:16 AM PDT
.. Show

Top-ranking Obama administration officials, including the U.S. copyright czar, played an active role in secret negotiations between Hollywood, the recording industry and ISPs to disrupt internet access for users suspected of violating copyright law, according to internal White House e-mails.

The e-mails, obtained via the Freedom of Information Act, (.pdf) show the administration's cozy relationship with Hollywood and the music industry's lobbying arms and its early support for the copyright-violation crackdown system publicly announced in July.

One top official even used her personal e-mail account at least once in the course of communicating during the negotiations with executives and lobbyists from companies ranging from AT&T to Universal Music.

Internet security and privacy researcher Christopher Soghoian obtained the e-mails via a government sunshine request for them filed in June, and provided them to Wired. The e-mails are embedded at the end of this story.

The records show the government clearly had a voice in the closed-door negotiations, though it was not a signatory to the historic accord, which isn't an actual government policy.

Continued : http://www.wired.com/threatlevel/2011/10/copyright-czar-cozies-up/
Collapse -
SpyEye and Zeus Malware: Married Or Living Separately?
by Carol~ Moderator / October 14, 2011 6:16 AM PDT

Everyone knows that the first year of marriage can be a tough one -around three percent of them end in the first 12 months. Looks like the same can be true of malware marriages, with the union of the Zeus and SpyEye Trojan now in question.

Just one year after news broke that the Zeus and SpyEye Trojan families had merged, virus experts say there's reason to question whether the union is still in tact.

Researchers at Microsoft and Kaspersky Lab told Threatpost that, although there's clearly evidence that code was shared between the two malware families, the rumored merger of Zeus and SpyEye never took place. In fact, the two botnets continue as separate entitites, with some researchers wondering if they are even controlled by the same individuals or criminal groups.

Zeus and SpyEye were the two main families of botnet software, with SpyEye playing the role of upstart competitor to the more established Zeus. For a while, the competition for online hosts was intense, with both malware families adding features to remove the other on systems they infected.

Continued : http://threatpost.com/en_us/blogs/spyeye-and-zeus-malware-married-or-living-separately-101411

Collapse -
Dennis Ritchie, Father of C and Co-Developer of Unix, Dies
by Carol~ Moderator / October 14, 2011 6:16 AM PDT

Linus Torvalds once said, in reference to the development of Linux, that he "had hoisted [himself] up on the shoulders of giants." Among those giants, Dennis Ritchie (aka dmr) was likely the tallest. Ritchie, the creator of the C programming language and co-developer of the Unix operating system passed away on October 8 at the age of 70, leaving a legacy that casts a very long shadow.

I got my start with technology because of Ritchie's work on the Unix GENIE time-share system. It made it possible for my high school to time-share the PDP-11 at SUNY-Stony Brook—the same model computer that Ritchie, Kenneth Thompson and their team used to create Unix—and for me to write my first lines of code on a DECwriter II TTY terminal.

But Ritchie's C is even more important, in many ways, than Unix. It is the fundamental building block upon which much of what we consider to be the modern world was built.

Ritchie didn't invent the curly-bracket syntax—that came from Martin Richards' BCPL. But the C programming language, which he called "quirky, flawed, and an enormous success," is the basis of nearly every programming and scripting tool, whether they use elements of C's syntax or not. Java, JavaScript, Objective C and Cocoa, Python, Perl, and PHP would not exist without dmr's C. Every bit of software that makes it possible for you to read this page has a trace of dmr's DNA in it.

Continued : http://www.wired.com/wiredenterprise/2011/10/dennis-ritchie/

Dennis Ritchie: The Shoulders Steve Jobs Stood On
Dennis Ritchie, father of Unix and C, dies
Father Of C And UNIX, Dennis Ritchie, Passes Away At Age 70
RIP Dennis Ritchie, inventor of C and father of UNIX

Collapse -
If you use FF
by James Denison / October 15, 2011 12:03 AM PDT

and the add on for User Agent spoofing, and set it to report you are using IE instead, then you get a 4.

Collapse -
(NT) That's cheating.
by Kees_B Forum moderator / October 15, 2011 12:05 AM PDT
In reply to: If you use FF
Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?