Spyware, viruses, & security forum: NEWS - April 02, 2012

From F-Secure Antivirus Research Weblog:

A new Flashback variant (Mac malware) has been spotted exploiting CVE-2012-0507 (a Java vulnerability). We've been anticipating something like this for a while now. [Screenshot]

Oracle released an update that patched this vulnerability back in February... for Windows.

But — Apple hasn't released the update for OS X (yet).

It appears that the Flashback gang is keeping up with the latest in exploit kit development. Last week, Brian Krebs reported that the CVE-2012-0507 exploit has been incorporated into the latest version of the Blackhole exploit kit. And that's not all. Though it is unconfirmed, there are rumors of yet another available exploit for an "as-yet unpatched critical flaw in Java" on sale.

So if you haven't already disabled your Java client, please do so before this thing really become an outbreak. Check out our previous post for instructions on how to disable Java on your Mac.

Our previous instructions on how to check whether you are infected with Flashback is still applicable. However, for this variant, there is an additional updater component that is created in the infected user's home folder. By default it is created as "~/.jupdate".

Continued: http://www.f-secure.com/weblog/archives/00002341.html

Related: New Java Attack Rolled into Exploit Packs

The British government is proposing new legislation which would allow the police and secret service to monitor internet users' email and web activity.

Unsurprisingly, privacy campaigners are up in arms about the plan which would force internet service providers to give British intelligence agencies' real-time access to electronic communications.

However, the authorities argue that it is necessary for national security and to fight terrorism, online child abuse and organised crime.

Presently, ISPs keep details of which websites users visit, and who they send and receive emails and internet phone calls from, for 12 months. This information can be accessed retrospectively by investigators, provided the correct legal hoops (such as being granted a warrant from a magistrate's court) were jumped through.

Under the new proposals, ISPs would install hardware from GCHQ - the Government's electronic snooping agency - allowing investigators to tap into a real-time feed of data, and examine when communications were sent, and who to, in order to build up intelligence on criminal activity.

Continued : http://nakedsecurity.sophos.com/2012/04/02/uk-government-spy-plans/

"A man accused of being associated with the Lulzsec hacktivist campaigns is back in jail."

Ryan Cleary, who allegedly ran the Internet Relay Chat rooms used by the group, was arrested last year but released on bail with some conditions.

His lawyer, Karen Todner, told The INQUIRER that Cleary has been re-arrested for breaking his bail conditions.

Cleary was ordered not to use the internet, but apparently broke that bail condition by emailing Hector Xavier Monsegur, otherwise known as Sabu, over Christmas.

He was re-arrested on 5 March, the day before other Anonymous-linked hackers were arrested and the US Federal Bureau of Investigation (FBI) went public with the news that Sabu had turned informant.

Cleary remains accused of hacking into the UK Serious Organised Crime Agency as well as some other organisatons. When he was released in June 2011, the conditions of his bail required him to stay home at night and stay off the internet.

Continued : http://www.theinquirer.net/inquirer/news/2165188/alleged-hacker-ryan-cleary-jail

Also:
LulzSec suspect Ryan Cleary sent back to jail - for contacting Sabu
Alleged LulzSec hacker back in jail after breaking bail conditions
LulzSec suspect Cleary sent back to jail

Adobe has published a free tool that can help administrators and security researchers classify suspicious files as malicious or benign, using specific machine-learning algorithms. The tool is a command-line utility that Adobe officials hope will make binary classification a little easier.

Adobe researcher Karthik Raman developed the new Malware Classifier tool to help with the company's internal needs and then decided that it might be useful for external users, as well.

" To make life easier, I wrote a Python tool for quick malware triage for our team. I've since decided to make this tool, called "Adobe Malware Classifier," available to other first responders (malware analysts, IT admins and security researchers of any stripe) as an open-source tool, since you might find it equally helpful," Raman wrote in a blog post.

"Malware Classifier uses machine learning algorithms to classify Win32 binaries - EXEs and DLLs - into three classes: 0 for "clean," 1 for "malicious," or "UNKNOWN." The tool extracts seven key features from a binary, feeds them to one or all of the four classifiers, and presents its classification results."

Continued : http://threatpost.com/en_us/blogs/adobe-releases-malware-classifier-tool-040212

From the Adobe Secure Software Engineering Team (ASSET) Blog: Presenting "Malware Classifier" Tool