NEWS - September 03, 2012

by Carol~ Sep 3, 2012 7:41AM PDT

Attacks on Java security hole hidden in bogus Microsoft Services Agreement email

Online scammers are using a recent email from Microsoft as bait in a widespread spam campaign that exploits vulnerabilities in Oracle's Java software to install malicious programs on vulnerable systems.

Experts at The SANS Institute's Internet Storm Center warned on Saturday that operators there received multiple reports of a spam campaign that uses a recent Microsoft email regarding changes to its Services Agreement for products such as Hotmail and Skydrive to fool users.

The attacks have prompted renewed calls for internet users to disable Java on their systems pending a new update from Oracle Corp. to fix critical, remotely exploitable vulnerabilities in the ubiquitous web technology.

According to SANS, the malicious email is based on an August 27 communication from Microsoft titled "Important Changes to Microsoft Services Agreement and Communication Preferences."

The phishing email replaces links in the original messages with malicious links that send unwitting readers to websites that install a new variant of the Zeus malware, ISC handler Russ McRee warned in a post on September 1st.

The actual Microsoft message, dated August 27, can be viewed here.

Continued : http://nakedsecurity.sophos.com/2012/09/03/java-security-hole-microsoft/

Also:
Rogue Microsoft Services Agreement Email Notifications Lead to Latest Java Exploit
Spoofed Microsoft notification leads to Zeus

See: FAKE Microsoft Service Agreement Email Phish

Discussion is locked

From the McAfee Labsl Blog:

We discovered another fake antivirus/antimalware tool late in August. The "Windows 8 Security system" claims to detect infections, and displays alerts to scare users into purchasing protection. The real infection, of course, is the Win 8 Security System itself. It's no surprise that developers of rogue antivirus software are playing up the connection to Windows 8, which Microsoft plans to release at the end of October.

Win 8 Security System is quite similar to fake AV product Windows Ultra-Antivirus and is extremely aggressive and hard to remove. A victim's system gets infected with Win 8 Security System after visiting an infected website. Recent exploits teach us it is easy to fall victim to rogue software like Win 8 Security System, which extort money from PC owners to "fix" their systems. McAfee Labs recommends disabling Java in your browsers and running your antimalware software with real-time protection enabled. You should also be careful with downloading files from torrents or clicking on email and chat links.

Win 8 Security System will display lots of fake alerts and messages and will show a scan window on each system boot. It will display lots of detections, though it is obvious these are fake. [Screenshot]

Continued : http://blogs.mcafee.com/mcafee-labs/win-8-security-system-another-fake-antivirus-malware

From the Symantec Security Response Blog:

Symantec Security Response has been investigating further reports of infections of W32.Disstrack, the threat used in the Shamoon attacks. W32.Disttrack is a highly destructive threat that destroys files and the master boot record (MBR) of the infected machine, causing maximum disruption.

W32.Disttrack uses a hardcoded "wiping date" which is read from a variably named ".pnf" file it creates on the filesystem. It will periodically check this date and once it has been exceeded, it will then drop and execute the wiper component. The wiper component will wipe the following in order:

• A prioritized list of files
• Master Boot Record
• Active Partition

The list of prioritized files contain the wiper components themselves and files contained in the following folders:

• C:\Documents and Settings
• C:\Users
• C:\Windows\System32\Config

Continued : http://www.symantec.com/connect/blogs/shamoon-attacks-continue

NEWS - September 03, 2012

CNET Forums

Other Forums

Forum Info