Spyware, viruses, & security forum: NEWS - April 04, 2012

It was mid November 2011. I was shivering on the upper deck of an aging cruise ship docked at the harbor in downtown Rotterdam. Inside, a big-band was jamming at a reception for attendees of the GovCert cybersecurity conference, where I had delivered a presentation earlier that day on a long-running turf war between two of the largest sponsors of spam.

The evening was bracingly frigid and blustery, and I was waiting there to be introduced to investigators from the Russian Federal Security Service (FSB). Several FSB agents who attended the conference told our Dutch hosts that they wanted to meet me, but in a private setting. Stepping out the night air, a woman from the conference approached, formally presented the three men behind her, and then hurried back inside to the warmth of the reception.

A middle-aged stocky fellow introduced as the senior FSB officer spoke in Russian, while a younger gentleman translated into English. They asked did I know anything about a company in Moscow called "Onelia"? I said no, asked them to spell it for me, and inquired as to why they were interested in this firm. The top FSB official said they believed the company was heavily involved in processing payments for a variety of organized cyber criminal enterprises.

Continued : http://krebsonsecurity.com/2012/04/gateline-net-was-key-rogue-pharma-processor/

From the F-Secure Antivirus Research Weblog:

Over the last several weeks, we've been monitoring a rash of ransomware campaigns across Europe, in which messages, supposedly from the local police, are displayed demanding that a fine must be paid in order to unlock the computer. We wrote about a Finnish language variant last month. Attacks are still quite active according to our statistics. [Screenshot]

Even when somebody is savvy enough to recognize the message is a fake, the malware's accusations of offensive materials having been discovered on the user's hard drive creates a chilling effect, which has likely prevented some folks from seeking outside help.

Here's a screenshot we took earlier today using a recent variant: [Screenshot]

To unlock their computer, the user is asked to purchase a Paysafecard from a local convenience store chain (in Finland, it's R-Kioski) in the amount of 100 euros. The technique is effective, as even non-technical people who might not be able to use online payment services such as Webmoney or eGold will be able to walk to the nearest store to part with their money.

In this particular case, the e-mail address talletus@cybercrime.gov shown in the screenshot does not belong to the attackers. The domain cybercrime.gov is valid and belongs to the US Department of Justice.

Continued : http://www.f-secure.com/weblog/archives/00002344.html

From TrendLabs Malware Blog: Trojan on the Loose: An In-Depth Analysis of Police Trojan

During March 2012, GFI Labs documented several spam attacks and malware-laden email campaigns infiltrating users' systems under the guise of communications purporting to be from well-known companies and promotions for popular products and services.

Google, LinkedIn, Skype and the video game Mass Effect 3 were among the brands exploited by cybercriminals in order to attract more victims.

"Taking advantage of the notoriety of companies, celebrities and major events is a tactic cybercriminals continue to use because it works," said Christopher Boyd, senior threat researcher at GFI Software.

"They know that Internet users are bombarded with countless emails every day, and these scammers prey on our curiosity and our reflex-like tendency to click on links and open emails that look like they're coming from a company we know and trust," he added.

Continued : http://www.net-security.org/malware_news.php?id=2055

.. Researchers

From McAfee Labs Blog Central:

As mobile phones allow us to carry our money in an electronic "wallet," they will also become a greater target for crooks. Picking a pocket is a risky endeavor for a thieves, but it will be much less so if all they need to do is bump into their victims or brush by them with a mobile phone. Thieves are now more likely to go after both mobile payment software and phones enabled with near-field communications (NFC). However, things are not so bad; security researchers proof-of-concept (PoC) attacks against Google Wallet and Square's credit card readers have prompted improvements in security.

Security researchers have already tested Square's credit card readers, using exploits and keyloggers to intercept credit card numbers as they pass to their mobile phones. Square has now added encryption to new versions of its credit card reader. Does that mean that they're completely secure? Not necessarily. Security researcher Adam Laurie is taking a closer look. Laurie has a large amount of experience in reverse-engineering embedded systems and RFID hardware. His research includes finding vulnerabilities in hotel room safes, RFID passports, and chip and PIN credit cards. As word of the new, more secure Square readers arrived, he posted an open request on Twitter. This can only be good for the security of the mobile payment system.

http://blogs.mcafee.com/enterprise/mobile/mobile-wallets-attract-greater-interest-from-thieves-researchers

We've all heard of Twitter accounts getting hacked. It's happened to Ashton Kutcher, Justin Bieber, Steve Wozniak, numerous media outlets. Even we "normal" folks can be compromised, unwittingly. Recently my coworker accidentally clicked a URL-shortened link that resulted in her account spewing Direct Messages with a phishing link.

We were reminded again last week when Twitter took its popular application TweetDeck offline for a day after an Australian user discovered a bug that exposed a number of Twitter accounts.

As incredibly useful as Twitter is, we can't ignore the fact that we share the Twitterverse with spambots, cyber criminals, crazy exes, etc. So how do you stay safe on Twitter? It's a mixture of choosing the right Twitter client and remaining vigilant.

Continued : http://securitywatch.pcmag.com/security/296223-how-to-use-twitter-safely