Spyware, viruses, & security forum: NEWS - April 10, 2012

.. Enterprises

From the Trusteer Research Security Blog:

With critical business services migrating to the cloud, service providers have become a prime target for cybercriminals. In the latest example of financial malware targeting enterprises, we have discovered a Zeus attack that focuses on cloud payroll service providers. These attacks are designed to route funds to criminals, and bypass industrial strength security controls maintained by larger businesses.

Our researchers have captured a Zeus configuration that targets Ceridian, a Canadian human resources and payroll solutions provider. In this attack, Zeus captures a screenshot of a Ceridian payroll services web page (https://clients.powerpay.ca/powerpay/Logon*) when a corporate user whose machine is infected with the Trojan visits this website. This allows Zeus to steal the user id, password, company number and the icon selected by the user for the image-based authentication system. [Screenshot]

The financial losses associated with this type of attack can be significant. In August of last year, Cyberthieves reportedly funneled $217,000 from the Metropolitan Entertainment & Convention Authority (MECA). According to published reports an employee at MECA was victimized by a phishing e-mail and infected with malware that stole access credentials to the organization's payroll system.

Continued : http://www.trusteer.com/blog/Zeus-targets-cloud-payroll-service-siphon-money-enterprises

Forensic snoops: It doesn't take a Genius to break into an iPhone

Analysis Forensic tools against smartphones allow basic 4-digit phone passcodes to be bypassed in minutes.

However, more complex passcodes are far more difficult to defeat and might even leave some information of seized Androids or iPhones outside the range of many tools, according to computer forensics experts.

A YouTube video - which has since been pulled - that accompanied a recent article by Forbes explained how Swedish firm Micro Systemation's XRY tool enabled law enforcement official to bypass an iPhone passcode and gain access to call records, location data, photos and other information in a matter of minutes.

The process is akin to jailbreaking and relies on exploiting vulnerabilities on the device itself, rather than entering through any backdoor. Once a device is jailbroken, the XRY utility is installed and used to brute-force a passcode.

Once a passcode is obtained it then becomes a simple matter to extract sensitive information - including call logs, messages, web browsing history and other data - from a handset. XRY dumps this data on a Windows PC and provides a user interface that allows data to be easily explored.

Continued : http://www.theregister.co.uk/2012/04/10/mobile_forensics/

Adobe and Microsoft today each issued critical updates to plug security holes in their products. The patch batch from Microsoft fixes at least 11 flaws in Windows and Windows software. Adobe's update tackles four vulnerabilities that are present in current versions of Adobe Acrobat and Reader.

Seven of the 11 bugs Microsoft fixed with today's release earned its most serious "critical" rating, which Microsoft assigns to flaws that it believes attackers or malware could leverage to break into systems without any help from users. In its security bulletin summary for April 2012, Microsoft says it expects miscreants to quickly develop reliable exploits capable of leveraging at least four of the vulnerabilities.

Among those is an interesting weakness (MS12-024) in the way that Windows handles signed portable executable (PE) files. According to Symantec, this flaw is interesting because it lets attackers modify signed PE files undetected.

"In addition, the attacker doesn't need to worry about controlling memory; once the user runs the content, the device has been infected," wrote John Harrison, group product manager for Symantec Security Response. "The most common attack will probably be a scenario in which a site offers a free download of a specific program that appears to be legitimately signed."

Wolfgang Kandek, chief technology officer for vulnerability management firm Qualys, is particularly worried about MS12-027, because the weakness spans an unusually wide range of Microsoft products. Microsoft agrees, calling this patch the highest priority security update this month.

Continued : https://krebsonsecurity.com/2012/04/adobe-microsoft-issue-critical-updates/

Further Details:
Security Updates Available for Adobe Reader and Acrobat
Microsoft Security Bulletin Summary for April 2012

Related: Microsoft April 2012 Black Tuesday Update - Overview

How much damage could be done if your Gmail password fell into the wrong hands?

Quite a lot I would wager.

Because not only would an identity thief be able to send emails pretending to be you, and trawl through your old messages for passwords and financial information, but also your Gmail password will also unlock your other Google accounts - including Google+, Adwords, Google Checkout, Google Docs, YouTube and so forth..

So, you should work hard to protect your username and password credentials for Google login details.

Here's an email that SophosLabs has seen spammed out, pretending to come from Google's team: [...]

The email claims that the recovery email address associated with your Google account has changed, and if you do not verify it then you might lose your account in its entirety.

Dear Account User,

Thanks for updating your e-mail address with us.We changed your recovery e-mail address in our files to meesheey@hotmail.com.If this is correct, you can disregard this e-mail. If the new e-mail address is not correct or you did not request this change. Follow the instruction in updating your account http://accounts.google.com

However, Failure to do so may result in account suspension permanently.

Thanks for using Gmail!.

Sincerely

Gmail!.

Clicking on the link in the spammed-out email does not take you to your Google accounts settings, however. Instead, you are taken to a compromised website which is hosting a phishing page - designed to steal your password.

Continued : http://nakedsecurity.sophos.com/2012/04/10/google-phishing/