Spyware, viruses, & security : NEWS - November 4, 2009
- 11/4/09 6:26 AM
NEWS - November 4, 2009
by Donna Buenaventura - 11/4/09 6:26 AM
DOWNAD/Conficker Turns 1yr
Worm Exploits MS08-067 Bug
DOWNAD, also known as the Conficker worm, was first seen in the wild taking advantage of the MS08-067 vulnerability. True to form, it propagated via shared networks. Like its predecesors-the Sasser and Nimda worms-it also raised security concerns with regard to a spike in port 445 activity.
A few days after its appearance, reports suggested that the threat had spread. More than 500,000 unique hosts spread across networks in the United States, China, India, the Middle East, Europe, and Latin America fell prey to the threat. Several residential broadband service providers also reported having an even larger number of infected customers.
New Year, New Variant
Improved Domain Generation Functionality
DOWNAD Uses P2P
Infection Peaks
Updated Patches Still Key
More details in http://blog.trendmicro.com/downadconficker-turns-1yr/
From Server/Outlook update to FDIC to facebook phish: now...
by Donna Buenaventura - 11/4/09 6:29 AM
In reply to: NEWS - November 4, 2009 by Donna Buenaventura
with a twist
In the past few weeks, the authors behind Zbot has been busy. Around October 12 we have seen the server upgrade spam with links. Later on the 14th we've seen the same campaign with the malware attached to similar-looking server upgrade notices. By the 22nd of October, the spam messages touts Outlook updates.
For a few days during the past week, the group has turned their attention to the Federal Deposit Insurance Corporation (FDIC), spamming out links to malware sites[...]
After the blast of FDIC messages, the Zbot authors turned to facebook as their latest platform to spread malware. However, they added a twist to it. The messages are well-crafted to look like a real Facebook message[...]
Continue reading in http://www.sophos.com/blogs/sophoslabs/?p=7248
Tis the Season for Christmas Spam! Fa La La La La…
by Donna Buenaventura - 11/4/09 6:32 AM
In reply to: NEWS - November 4, 2009 by Donna Buenaventura
It didn't take long for spammers to change from Halloween lures to spam and malware. They've already moved to the Christmas season, and we have started to see emails from the Cutwail botnet that are using a Christmas theme to trick users into visiting malicious websites. Spammers must be trying to beat retailers to the advertising punch this year.
The campaign we are currently monitoring uses subject lines that try to get users to visit websites selling fake jewelry and Rolexes. These spammers aren't cheap either. Only the best will do for their customers–brands such as Cartier, Gucci, and Tag Heuer are on "sale" to all who would be fooled.
http://www.avertlabs.com/research/blog/index.php/2009/11/03/tis-almost-the-season-for-christmas-spam-fa-la-la-la-la/
Other blog entries of McAfee:
Facebook Phishing Campaign Pushes 'Cocktail' Attack
http://www.avertlabs.com/research/blog/index.php/2009/11/03/facebook-phishing-campaign-pushes-cocktail-attack/
The missing letter that links Fake AV and Extreme Porn
http://www.avertlabs.com/research/blog/index.php/2009/11/03/the-missing-letter-that-links-fake-av-and-extreme-porn/
DDoS on www.fra.se
by Donna Buenaventura - 11/4/09 6:33 AM
In reply to: NEWS - November 4, 2009 by Donna Buenaventura
The Swedish Signals Intelligence agency (Försvarets Radioanstalt FRA) is currently under a large-scale DDoS attack.
At the moment www.fra.se is inaccessible.
FRA was in the news recently, as Sweden passed a law giving them legal permission to tap Internet traffic passing through Swedish national borders. For example, the majority of Russian international Internet traffic passes through Sweden.
http://www.f-secure.com/weblog/archives/00001808.html
Java, BlackBerry desktop get security bug fixes
by Donna Buenaventura - 11/4/09 6:35 AM
In reply to: NEWS - November 4, 2009 by Donna Buenaventura
Sun Microsystems and Research In Motion have issued critical bug fixes for security issues with their products.
The patches were issued separately on Tuesday, with Sun releasing version 6 Update 17 of its Java Runtime Environment and BlackBerry updating its BlackBerry Desktop Software, used to sync data between the BlackBerry and a PC.
Both updates include fixes for critical security bugs that could be abused by attackers to run unauthorized software on a victim's computer, although none of the flaws appear to have been publicly known before Tuesday.
http://www.networkworld.com/news/2009/110409-java-blackberry-desktop-get-security.html
Windows 7 vulnerable to 8 out of 10 viruses
by Donna Buenaventura - 11/4/09 6:38 AM
In reply to: NEWS - November 4, 2009 by Donna Buenaventura
From Sophos:
Now that we in the northern hemisphere have had some time to digest the Windows 7 hype and settle in for the coming winter, we thought we would get some more hard data regarding Windows 7 security.
On October 22nd, we settled in at SophosLabs and loaded a full release copy of Windows 7 on a clean machine. We configured it to follow the system defaults for User Account Control (UAC) and did not load any anti-virus software.
We grabbed the next 10 unique samples that arrived in the SophosLabs feed to see how well the newer, more secure version of Windows and UAC held up. Unfortunately, despite Microsoft's claims, Windows 7 disappointed just like earlier versions of Windows. The good news is that, of the freshest 10 samples that arrived, 2 would not operate correctly under Windows 7.
More in http://www.sophos.com/blogs/chetw/g/2009/11/03/windows-7-vulnerable
A Single Sign-In for All Your Websites? Google Hopes So
by Donna Buenaventura - 11/4/09 6:40 AM
In reply to: NEWS - November 4, 2009 by Donna Buenaventura
It's one of the basic tenets of online security: Never use the same password/username combo for every website that requires one. The logic is sound, of course. A single security breach could expose your most private information - such as banking and credit card numbers - to the bad guys.
Problem is, who can remember multiple passwords and usernames? Many times I've signed up for a service, returned to the site a few weeks later, and quickly realized that I couldn't remember my login details.
Google and other major online players, including AOL, Facebook, Microsoft Plaxo, MySpace, and Yahoo, are pitching a simpler alternative: A single password/username combo, such as your Google or Yahoo ID, for multiple sites. The concept, based on the industry standard OpenID 2.0 protocol isn't exactly new. In fact, Google announced over a year ago that it would support the single single-in plan.
http://www.pcworld.com/article/181347/a_single_signin_for_all_your_websites_google_hopes_so.html
Adobe patches critical vulnerabilities in Shockwave Player
by Carol~ - 11/4/09 10:42 AM
In reply to: NEWS - November 4, 2009 by Donna Buenaventura
4 November 2009, 18:47
Adobe has released an update to its Shockwave Player to address five critical vulnerabilities, four of which could allow an attacker to inject and execute malicious code on affected systems. The vulnerabilities were discovered by the French security services provider VUPEN Security and, for an attack to be successful, a victim must first visit a specially crafted site. Adobe Shockwave Player versions up to and including 11.5.2.601 are affected. Version 11.5.2.602 addresses the issues and is available to download for Windows and Mac OS X. Adobe recommends that all users update to the latest release as soon as possible.
The Adobe Shockwave Player is a quasi big brother of the Flash Player and includes a much wider range of functions. Typically, it's used for more complex, interactive presentations, games and other applications. It's likely that most users only have the Adobe Flash Player installed, which is reportedly not affected. Installing the Shockwave Player automatically installs Adobe's Flash Player.
Also See:
Security updates available for Shockwave Player security bulletin from Adobe.
Adobe Shockwave Player Multiple Code Execution Vulnerabilities, advisory from VUPEN.
http://www.h-online.com/security/news/item/Adobe-patches-critical-vulnerabilities-in-Shockwave-Player-849517.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Additionally See:
Vulnerabilities \ Fixes - http://forums.cnet.com/5208-6132_102-0.html?messageID=3166695#3166695
Shutting Twitter backdoors
by Carol~ - 11/4/09 11:17 AM
In reply to: NEWS - November 4, 2009 by Donna Buenaventura
4 November 2009, 19:08
Having recently been warned by Twitter that his password might have been compromised, Terence Eden changed his Twitter password. But having 'changed the lock on the Twitter door', he realised that the door to the service remained wide open in the form of OAuth access.
OAuth is a protocol for granting third party services access to an account (such as a Twitter account), without having to tell the third party your password. For this to work, the user simply needs to confirm in Twitter that app XZY is permitted to access his or her Twitter profile. This permission is then completely unrestricted – even after the user changes his or her password.
This means that once an attacker has got hold of a user's password, he can authorise services of his choice, such as 'My Backdoor'. Twitter then issues an OAuth token to My Backdoor allowing it to access Twitter in future. This token remains valid even after the legitimate account owner has reset his password. The My Backdoor service, which is controlled by the attacker, now has unrestricted access to the user's Twitter account.
Continued here: http://www.h-online.com/security/news/item/Shutting-Twitter-backdoors-850717.html
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
