Threat Update
VMware exposes Mac to Windows hack
16 April 2009 | PC Advisor by Gregg Keizer
A bug in VMware’s Fusion virtualisation software could be used to run malicious code on a Mac by exploiting Windows in a virtual machine, according to a security researcher. VMware has released Fusion 2.0.4 to plug the hole. According to Kostya Kortchinsky, an exploit researcher at Immunity, a critical vulnerability in VMware’s virtual machine display function can be used to read and write memory on the ‘host’ operating system – the OS running the physical hardware. Related News: Researchers dissect world’s first Mac botnet (16 April 2009 | The Regiser by Dan Goodin)
Fake SMS snoop utility turns spies into zombies
16 April 2009 | The Register by John Leyden
A new variant of the infamous Waledac botnet client doing the rounds poses as a utility that allows would-be snoops to view other other people’s SMS messages online. The fake utility uses various filenames including sms.exe, freetrial.exe, and smstrap.exe but actually contain a variant of the Waledac malware. Anti-virus vendors are in the process of responding to the threat posed by spam emails containing the malware, which began circulating on Wednesday, but detection remains incomplete by Thursday afternoon. (Websense) Related News: Waledac kicks off new spam campaign (16 April 2009 | SC Magazine US by Chuck Miller)
Mebroot infects thousands of websites
16 April 2009 | PC Advisor by Jeremy Kirk
Thousands of websites have been rigged to deliver a powerful piece of malicious software that many security products may be unprepared to handle. The malicious software is a new variant of Mebroot, a program known as a ‘rootkit’ for the stealthy way it hides deep in Windows, said Jacques Erasmus, director of research for the security company Prevx. Related News: ‘Mebroot’ rootkit slides further under the security radar, researcher says.. 15 April 2009 | IDG News Services by Jeremy Kirk
New Skype Vulnerability Discovered
13 April 2009 | ZDNet by Dave Greenfield
A new phishing attack demonstrated by the folks over at Secure Science allows hackers to gain access to a user’s Skype client and then pose as a financial institution or proxy outbond calls. The technique is called “SkypeSkrayping” and is similar to a phishing attacking only a bit more interactive: According to the report, attackers would only have to do the following: SkypeSkrayper: Hello, I apologize for the disruption, but this is a friendly reminder that Skype is having a special today.
Attention Symantec: there’s a bug crawling on your website
15 April 2009 | The Register by Dan Goodin
Symantec has been outed for hosting gaping security holes on its website that could allow miscreants to remotely execute malicious code on the computers of people who visit it. The XSS, or cross-site scripting, bugs allow attackers to steal the web cookies Symantec sets on visitors’ hard drives. Such cookies are frequently used to prove a visitor has already entered a valid password, so the ability to lift the file could be a non-trivial lapse of Symantec’s security. (Kaspersky, BitDefender)
Debit card info top of hacker wish list
15 April 2009 | iTnews Australia by Brett Winterford
A new report shows hackers are focusing more of their efforts on financial services companies, with debit card data becoming the main attraction. Verizon Business’ annual Data Breach Investigations Report is a high-level summary of the 90 data breach incidents the forensic computing group was contracted to investigate in 2008. Related News:
Electronic record breaches hit 5 year high in 2008 (15 April 2009 | Computer World by Tim Lohman)
Criminals exploit careless mistakes as data breaches hit record (15 April 2009 | SC Magazine US by Chuck Miller)
Hackers develop ‘memory-scraping malware’ to steal PINs
17 April 2009 | The Register by John Leyden
More personal data records were breached last year than the previous four years combined, thanks to increased hacker activity rather than insider threats. Verizon’s second annual Data Breach Investigations Report also found that the financial services sector accounted for 93 percent of all such record compromises during 2008. The study is based on an analysis of data involving 285 million compromised records from 90 confirmed breaches, 90 per cent of which are blamed on the activities of cybercriminals.
Hackers prey on Ford Motor Co. searches to boost rankings
14 April 2009 | SC Magazine by Angela Moscaritolo
Attackers are using the Ford Motor Co. name to poison search engine results with some 1.2 million malicious links that lead to rogue security software, according to PandaLabs. Attackers use search-engine optimization (SEO) to get their malicious sites to the top of results on Google and other search engines. On Monday night, researchers at PandaLabs started tracking this threat, which is ongoing, Sean-Paul Correll, threat researcher and security evangelist for Panda Security, told SCMagazineUS.com Tuesday.
Twitter Worm No Longer Security Threat
14 April 2009 | eWeek by Nicholas Kolakowski
Twitter is finally clear of the weekend worm attacks that left the popular microblogging site, recently rumored to be in talks with Google over a potential acquisition, furiously scrubbing the malware from its system. The StalkDaily worm, which exploited a cross-site scripting vulnerability, was the creation of a bored 17-year-old. Related News: Twitter Worm: A Closer Look at What Happened (14 April 2009 | PC World by Ian Paul); Twitter fends off weekend worm attacks (14 April 2009 | CNET News by Elinor Mills); Twitter fends off weekend worm attacks (14 April 2009 | CNET News by Elinor Mills) (Comments by F-Secure) Twitter exposed by weekend worms (13 April 2009 | PC Advisor by Gregg Keizer) Twitter worm search poisoned 15 April 2009 | SC Magazine US by Dan Kaplan
Web Hosting Talk payment system hack revealed
9 April 2009 | iTnews Australia by Ry Crozier
A hacker has dumped active credit card numbers of users of the popular Web Hosting Talk forums online less than 24 hours after the site restored the lion’s share of data deleted in an initial breach. The latest development is said to have occurred on an old payment system containing 9,561 credit card numbers.
15 April 2009 | ZDNet by Dancho Danchev
There have been numerous reports from affected users that a scareware variant of PersonalAntivirus and ExtraAntivirus has been poping-up at FoxNews.com during the last couple of days, through a malvertising campaign. This most recent case of malvertising (MSN Norway serving Flash exploits through malvertising; Fake Antivirus XP pops-up at Cleveland.com) once demonstrates that whenever a direct access to a high-trafficked site cannot be obtained through a compromise, cybercriminals are logically exploiting third-party content/ad networks to achieve their goals.
Scareware scammers adopt cold call tactics
10 April 2009 | The Register by John Leyden
Scareware scammers are phoning up prospective marks in an effort to frighten people into buying software that has little or no value or utility. Rogue security (AKA scareware) packages are a growing problem. The number of such bogus packages in circulation rose from 2,850 in July to 9,287 in December 2008, tripling in number in just six months, according to the latest figures from the Anti-Phishing Working Group.
Spammers capitalize on Italy earthquake
9 April 2009 | SC Magazine US by Chuck Miller
As the death toll from the earthquake in central Italy grows, spammers have moved to capitalize on the catastrophe. “Today, we observed scam emails sent from randomized email accounts with ‘Italy quake news’ subject lines,” wrote Vivian Ho in a post on the Symantec Security Response Blog.” The subject line of the spam email attempts to be as provocative as possible, to lure victims into opening the message.
Security experts uncover first ever SMS virus
10 April 2009 | iTnews Australia by Phil Muncaster
Finnish anti-malware firm F-Secure is predicting that SMS-generated mobile spam will be a major problem in the future. The company’s Q1 2009 Security Threat Summary charted the first ever SMS virus, and a rise in social networking exploits during the first quarter of 2009.
Phishing Scams
Embarq customer reports receiving fraudulent message 14 April 2009 | Daily Sun by David R Corder Phishing Scam Against Standard Chartered Bank Customers 10 April 2009 | SPAMfighter
Reserve Bank of India Falls Victim to Phishing Email 16 April 2009 | SPAMfighter
Industry News
Cybercriminals target ISPs in developing APJ countries
16 April 2009 | Network World by Melissa Chua
Recent research by information security vendor Symantec has shown that Internet service providers (ISP) in developing countries in the Asia Pacific and Japan region are at risk of being targeted by cyber criminals. The report, which is derived from data collected by Internet sensors, research and the monitoring of hacker communications, covers the period spanning January 2008 to December 2008.
China denies role on US grid hacks
14 April 2009 | PC Authority by Shaun Nichols
The Chinese government is denying any involvement in the reported infiltration of US electric grid systems. Xinhua news agency quoted Chinese foreign ministry spokesperson Jiang Yu as saying that any sort of involvement from China in the incident “doesn’t exist at all.” The denial follows a report in the Wall Street Journal which claimed that agents from China and Russia along with several other countries had infiltrated the computer systems charged with managing electricity in the US and left behind software payloads which could be used to control or disable electric grids in the US.
Hacking internet backbones – it’s easier than you think
16 April 2009 | The Register by Dan Goodin
Network backbone technologies used to route traffic over large corporate networks are vulnerable to large-scale hijacking attacks, according to two researchers who released freely available software on Thursday to prove their point. The tools, demonstrated at the Black Hat security conference in Amsterdam, are intended to show that attacks once believed to be only theoretical are very much practical, said Enno Rey, one of the creators of the software. He developed the tools along with researcher Daniel Mende.
Botnets: Reasons It’s Getting Harder to Find and Fight Them
15 April 2009 | Network World by Bill Brenner
The perpetual proliferation of botnets is hardly surprising when one considers just how easy it is for the bad guys to hijack computers without tipping off the users. otnets have long used a variety of configurations, in part to disguise their control mechanisms — see What a Botnet Looks Like. But as user-friendly but insecure applications continue to become available — especially social networking programs used by the non-tech-savvy.
The Rise and Fall of the Srizbi Botnet
14 April 2009 | eWeek (Slideshow)
In its heyday, the Srizbi botnet was arguably the largest botnet in the world. At one point in charge of an army of infected computers numbering some 450,000, the botnet was at the top of the food chain when it came to spam capacity. But following the shutdown of the McColo in November 2008, Srizbi was crippled, paving the way for other botnets to rise in its place.
Case of stolen online identity
14 April 2009 | The Age by Conrad Walters
While Tony Barrell was overseas earlier this year, a message sent to his Facebook friends told a sorry tale. “I’m stranded in London because i got robbed at a park in Kentish town, it was a brutal experience, all cash i had on me were stolen and my credit card was collected too now i’m left with no money here. I need help out of here. “I have been reaching out to friends for help, i need some money so i can get a flight ticket back home so please can you loan me some money till i get back home? i will pay you back as soon as i’m home. Please”
Radical steps are needed to fix Internet security
15 April 2009 | threatpost by Dennis Fisher
The Internet as we know it today was designed to be a place where people could go about their business, whatever it happened to be, anonymously and without interference from other users. This model worked reasonably well for a long time, but it’s become painfully clear in recent months that some fundamental changes are needed in the way people use the network and, more importantly, how their PCs are allowed to behave.
Security Software: Protection or Extortion?
14 April 2009 | Computer World by Rick Broida and Robert Vamosi
As the Conficker worm sprang to life on April 1, talk here at the PC World offices turned to some interesting debates about how best to protect PCs from malware threats. In recent weeks we’ve run several helpful articles offering tips, tricks, and insights to keep you and your PC safe from Conficker and other malware on the Internet. At the same time, a few among us have revealed that they don’t run any security software at all on their own machines–and have no intention of starting now.
Yahoo Asks Users to Update Password Information
14 April 2009 | AppScout by Chloe Albanesius
More than six months after a hacker gained access to Alaska Gov. Sarah Palin’s Yahoo e-mail address, Yahoo on Tuesday announced that it will require users to update their account recovery information in the name of security. “Since the information we collected in the past–such as ZIP codes or birthdays–has increasingly become part of our public persona online, users will be given the option to provide additional information such as an alternate email address and new secret questions of their choice,”. Related News: Six Months After Palin Hack, Yahoo Refreshes Security (14 April 2009 | PC Magazine by Chloe Albanesius)
Hackers’ discount – stolen card details for 8 cents
15 April 2009 | The Age by Conrad Walters
THE theft of personal information by hackers is so prevalent – and efficient – that stolen credit card details now sell for as little as eight cents a card, a report by one of the world’s biggest computer security companies says. The global report, to be released today, has been compiled by monitoring nearly 250,000 online sensors and deploying more than 2.5 million decoy email accounts.
9 April 2009 | SC Magazine US by Angela Moscaritolo
With the U.S. tax filing deadline looming, cybercriminals are putting fraud efforts into high gear with tax-related phishing emails and websites designed to lure users into handing over their personal information, security firms are warning. Fraudsters generally exploit any major holiday or event, but tax season – the deadline to file is Wednesday — could yield them better results because users typically expect to provide personal data during this time, Jamz Yaneza, threat research manager at Trend Micro told SCMagazineUS.com Thursday. (Trend Micro)
Fake news emails often spell trouble
12 April 2009 | Earth Times
Hackers have started trying to hit people where they live by distributing e-mails with fake news of local atrocities in the hope of getting people to open a link and expose their computer to danger. One trick is to send out an e-mail with a subject line reading, “At least 18 killed in your city,” according to the German Federal Office for Information Security (BSI).
Recent threats from Chinese, Russian hackers no surprise
9 April 2009 | CRN Australia by Samara Lyn The Wall Street Journal’s report on cyberthreats against critical U.S. infrastructure—notably the U.S. electrical power grid—notes that experts have determined a large percentage of these security penetrations come from China and Russia.
The geographic source of the attacks, though, should not be a surprise to those following security trends and breaches.
Why the Spam Carbon Footprint is Wrong
16 April 2009 | PC Magazine by Jeremy Kaplan
McAfee just released the details of a new study, conducted and published by ICF International, which seeks to measure the carbon footprint of spam. The study’s conclusions: The global annual energy used to transmit, process, and filter spam is the equivalent to powering 2.4 million homes, and spam filtering saves 135 terawatt hours–the equivalent of taking 13 million cars off the road. The study decides that the average greenhouse gas emissions associated with an individual spam email are about 0.3 grams of CO2. Fascinating, right?
Federal cybersecurity review drawing to a close
16 April 2009 | Computer World by Jaikumar Vijayan
A 60-day review of federal cybersecurity efforts that President Barack Obama ordered in February is scheduled to end this week, although it’s unclear when the much-anticipated findings will be publicly released. The review is being led by Melissa Hathaway, a former Bush administration aide who was tapped by Obama to evaluate ongoing cybersecurity initiatives and analyze whether they’re aligned with government and private-sector needs.
Spyware up 10% in first quarter
16 April 2009 | PC Advisor by Carrie Ann Skinner
Spyware increased by 10 percent in the first quarter of 2009, compared to the same period last year, says Panda Security. According to PandaLabs, the security vendor’s malware detection and analysis centre, the number of Trojans released onto the web increased by 31.5 percent compared to Q1 2008, while there was 21 percent more adware than in the same period last year. Related News: Spyware levels soar to new heights in 2009 (16 April 2009 | VNUNet by Shaun Nichols) (Comments by PandaLabs)
Busting cyber crime: who you gonna call?
16 April 2009 | Computing by Tom Young
Businesses and consumers concerned about e-crime could be forgiven for thinking that issues surrounding the lack of specialist police resources had been resolved by a number of recent initiatives. In the summer the National Fraud Reporting Centre (NFRC) will go live, to record all instances of electronic and non-electronic fraud so the authorities can build a picture of how serious a problem they are facing.
The state of spam 2009, Part 3
16 April 2009 | Network World by M.E Kabay
In 2008 spammers increasingly used free content-hosting services as the call to action in their spam e-mail. Again, spammers know that one way antispam vendors block messages is based on the call-to-action URL or domain in the message, so using many pages hosted by a major free provider enables spammers to have different URLs in each message and a domain name that can’t be blocked. Related News: The state of spam 2009, part 1 (9 April 2009 | Network World by M.E. Kabay) The state of spam 2009, part 2 (14 April 2009 | Network World by M. E. Kabay)
E-Crime strategy is not much cop
16 April 2009 | Computing
The principle of Occam’s Razor says that when all of a number of possible solutions are equal, you should always choose the simplest. Clearly nobody told the authorities in charge of tackling the growing problem of e-crime. As our
analysis this week shows, we seem to have gone from the sub-prime to the almost ridiculous. (Symantec)
Government Weak on IT Security: WA Auditor General
16 April 2009 | Computer World by Tim Lohman
The WA Office of the Auditor General has slammed the privacy practices of government agencies saying that in many, fundamental weaknesses in all of the key areas of information security are present. The announcement follows the tabling in parliament of the Auditor General’s Information Systems Audit Report today. The report consists of two parts, IS Compliance Audit, and General Computer and Application Controls Audits, both of which found serious concerns over the management of privacy and security.
The ‘netbooks can’t run anti-virus’ myth
15 April 2009 | Techworld by John E. Dunn
Where did the idea come from that netbooks can’t run anti-virus software? AV has a deserved reputation for CPU hogging, but that’s when it is running full scans or updating and applying new signatures. The rest of the time most AV programs just sit there rather quietly. Too quietly some would say.
Netbook Evolution: 22 Netbooks in 18 Months
15 April 2009 | PC World by Elias Plastiras ASUS is responsible for introducing the netbook to the PC market as an affordable and simple laptop solution for students. Since the release of the original Eee PC, almost every major PC vendor has released competing models — many taking alternate design paths moving the netbook concept in different directions away from the original Eee PC.
What I’ll be looking for in Melissa Hathaway’s report on cybersecurity
9 April 2009 | Computer World by Ira Winkler
The big talk in Washington’s cybersecurity world is Melissa Hathaway’s magical 60-day review, which is supposed to recommend how U.S. government cybersecurity efforts should be pursued. The technical press and lobbyists are all abuzz over whether or not there will be a cybersecurity coordinator who reports to the president. In certain circles, this is even more gossiped about than what Michelle Obama is wearing, but frankly the discussion is even less useful.
Report: Yahoo, Microsoft CEOs meet face to face
13 April 2009 | ZDNet Asia by Ina Fried
Discussions between Microsoft and Yahoo about a search partnership, while still preliminary, have taken place in recent weeks, according to a report on the All Things Digital Web site. The talks have included a face-to-face meeting between Microsoft CEO Steve Ballmer and Yahoo CEO Carol Bartz, the report said. AllThingsD stressed that the talks are centered on what sort of search and advertising partnership might be possible, rather than an all-out acquisition.
What Will the Cybersecurity Act of 2009 Do to Your Job and Business?
10 April 2009 | eWeek by Larry Seltzer
Further analysis of the proposed Cybersecurity Act of 2009 raises more questions than it answers. Many parts of the cyber-security bill represent good ideas, some set up security patronage work and some create vast new systems of rules for how security professionals can do their jobs. Not long after I wrote my column on the proposed cyber-security bills in the Senate, the actual text of the legislation became available.
Gotcha!
Student sentenced for F-ucked up grade hack
14 April 2009 | The Register by Dan Goodin
A university student in Florida on Tuesday was sentenced to 22 months in prison for his role in a bungled scheme to hack into his school’s computer system and make hundreds of grade changes. Christopher Jacquette, 29, of Tallahassee was also ordered to serve three years of supervised release for his part in the plot, which used keyloggers to access protected computers at Florida A & M University, according to federal prosecutors.
Bottle Domains dumped by auDA over security breach
15 April 2009 | iTnews Australia by Ry Crozier
The Australian domain name administrator has ruled out a review of its registrar agreements in the wake of its decision to terminate Bottle Domains accreditation today over a security breach. auDA took the action after it emerged Bottle may have hidden the hacking of its database for almost two years. A spokesperson for Bottle was “not available” for comment. Related News: Nicholas Bolton loses internet domain registration business (15 April 2009 | The Age by Mark Hawthorne)
Pharmacy hackers busted in Romania
14 April 2009 | SC Magazine US by Dan Kaplan
Romanian authorities said they have arrested five people accused of illegally accessing computer systems belonging to U.S. pharmaceutical companies.The Central European nation’s Directorate for Fighting Electronic Crime said Monday in a statement that the suspects infiltrated a number of computers to steal credit card data that resulted in losses of about $800,000.
First arrests for new police e-crime unit
14 April 2009 | IT PRO by Asavin Wattanajantra
The newly-formed Police Central e-crime Unit (PCeU) has announced its first successful operation, which has resulted in nine arrests. Over 50 officers from the PCeU, local boroughs and the Specialist Crime Directorate raided addresses in southeast London. They were targeting an ‘organised European criminal network’ which had been targeting the financial industry with a Trojan virus.
Teen claims responsibility for disrupting Twitter
14 April 2009 | CNN
Someone opened a can of worms on popular microblogging service Twitter this weekend, a company co-founder says, and a 17-year-old told an online tech news network that he was that someone. In a post on Twitter’s official blog, company co-founder Biz Stone said computer worms had spread virus-infected tweets that assaulted Twitter in four waves from Saturday morning through Sunday night.
New e-crime units nabs nine banking Trojan suspects
9 April 2009 | The Register by John Leyden
Nine suspects in a banking Trojan case have been arrested by specialist cybercops from the UK’s new Police Central E-Crime Unit (PCeU). The suspects – four women and five men – were arrested following police raids in south east London. Investigators reckon the group of UK-based eastern European nationals used malware planted on compromised machines to steal login credentials and plunder online banking accounts.
Jennifer Lopez evicts cybersquatters
10 April 2009 | The Age
American singer and actress Jennifer Lopez has won a cybersquatting case against a U.S. web operator who registered two internet addresses that used her name for commercial profit, a U.N. agency said. The disputed domain names, jenniferlopez.net and jenniferlopez.org, directed users to a website that generated paid advertising revenues, according to the ruling issued by the World Intellectual Property Organization (WIPO).
Tags: Computer Secutiry News, Spyware News
