Spyware, viruses, & security forum: NEWS - June 23, 2010

As Google has removed the need for an invitation in order to use Google Voice on Tuesday, its telephony management solution has become open to everyone, meaning every US resident. There are already over one million people with Google Voice accounts, and their number is going to grow every day.

Google Voice offers a service that can be really useful: it offers a single telephone number that, when called, forwards the call to a number of other phone numbers such as the users home, office and cell phone as well as offers voice mail services with message transcription. Besides these services, Google Voice offers free calls to the US and Canada, low international rates, web-based voice mail inbox and the capability to make conference calls. The services offered by Google Voice can be used either with the free phone number offered by Google or with the users existing telephone numbers.

http://www.providingnews.com/google-voice-available-for-every-us-citizen.html

RPT-Frontier Communications sues to block Google Voice

Frontier Communications Corp (FTR.N) is suing to stop Google Inc (GOOG.O) from offering a service that gives users one phone number connecting their home, work and cell phones because it infringes a patent, according to a lawsuit filed on Tuesday.

Frontier, which provides phone, Internet access and satellite TV, also asked a federal court to award it damages for the infringement by the Google Voice service.

"Google's deliberate infringement of the (Frontier patent) has greatly and irreparably damaged Frontier," said the complaint, which was filed in the U.S. District Court for the District of Delaware.

Users of Google Voice can request a new phone number from the Internet company. That number is assigned to the user, not any particular device. When someone calls it, the user can decide where that calls rings, such as on a cell phone or home phone.

http://www.reuters.com/article/idUSN2211927620100622

From TrendLabs Malware Blog:

Chinese PC manufacturer Lenovo is the latest high-profile company to be compromised. Sometime over the past weekend, its support pages, which allowed users to download drivers and manuals, were compromised with the addition of a malicious iframe.

The website in this malicious iframe led to the download of a BREDOLAB variant detected as TROJ_BREDOLAB.BY. This malware family is well-known for being a downloader of other malware onto affected systems, particularly ZBOT and FAKEAV variants.

BREDOLAB first gained prominence in late 2009 when the number of reported infections significantly grew. Upon investigation (PDF) by senior advanced threats researcher David Sancho, it was found that BREDOLAB was a new malware family similar to earlier PUSHDO variants.

Continued here: http://blog.trendmicro.com/lenovo-support-page-compromise-leads-to-bredolab/

Comodo issued a press release yesterday that said theyve alerted VeriSign to a security vulnerability that exposes a significant security concern for VeriSigns customers. What they found is open to debate when it comes to risk level. Also, the method of disclosure raises some eyebrows.

Comodo managed to locate the certificate request page for a single VeriSign customer who is indeed a major financial institution. What the certificate request page does is act as a place where someone inside the financial institution goes to ask their certificate administrator for a new certificate. From there, the administrator will need to approve or deny the request, and select the type of certificate to issue.

The reason this portal exists in the first place is business convenience. Administrators can control the certificate environment, they can watch certificate expiration dates, assign certificates to various jobs, manage bulk purchases, as well as access several backend tools VeriSign offers to Enterprise customers who operate in scale.

Comodo was able to discover this site, which is hosted by VeriSign, due to a missing robots.txt file. VeriSign has since fixed the issue, but takes all the blame for not having the proper file in place. The discovery leads one to wonder why Comodo was searching for items related to VeriSign in the first place. When asked, VeriSign said they dont have a similar practice for their competitors.

Continued here: http://www.thetechherald.com/article.php/201025/5780/Comodo-says-VeriSign-s-SSL-processes-vulnerable-to-attack

Prior Reference: Whos your Verisign? Malware faking digital signatures

It seems the last week or so has been a fun time to promote not only the World Cup, but also various bits of software you might not want on your PC. Heres a collection of Shakira uploads on Youtube, all related to her Waka Waka song created for the World Cup:
[See 3 Screenshots]

As you can see, theres everything from the official video to ripped copies of her performing live. There are many more of these videos floating around Youtube, but all of them point to flvpro(dot)com and ask you to download "free movies and TV shows" with the aid of their "direct downloader".

What happens when you try to download the executable from that site?

Continued here: http://sunbeltblog.blogspot.com/2010/06/shakira-world-cup-song-used-to-push.html

Prior "song-related" reference: Waka Waka FIFA 2010: Targeted PDF attack uses World Cup theme