Ad: NOOK HD Tablets-Now with Google Play
ie8 fix

Spyware, viruses, & security forum: NEWS - June 12, 2012

by: Carol~ June 12, 2012 6:34 AM PDT

Like this

0 people like this thread

Staff pick

NEWS - June 12, 2012

by Carol~ Moderator - 6/12/12 6:34 AM

Amazon Spam is Back, Blackhole Exploit in Tow

From the GFI Labs Blog:

Recently, we've seen an Amazon spam in the wild that looks like this: [Screenshot]

The sender's name was deliberately called "Amazon.com" to make the spam appear legitimate. What gives away this particular spam, however, is that this sends to multiple recipients even if the email is meant for an individual.

All links in the email body, apart from the linked email address, lead users to the same HTML page that are hosted on various legitimate but compromised WordPress domains. Their URLs contain the following section in their syntax:

/wp-content/themes/twentyten/zone(dot)html

For this particular spam sample, the following URLs were used:

Continued : http://www.gfi.com/blog/amazon-spam-is-back-blackhole-exploit-in-tow/

Related:
Fake Amazon email leads to exploit kit
Emails from "Amazon.com" Fool Users into Visiting Malware-Serving Sites


Reply
Report offensive post
Email to friend

Feds Arrest 'Kurupt' Carding Kingpin?

by Carol~ Moderator - 6/12/12 6:38 AM

In Reply to: NEWS - June 12, 2012 by Carol~ Moderator

The Justice Department on Monday trumpeted the arrest of a Dutch man wanted for coordinating the theft of roughly 44,000 credit card numbers. The government hasn't released many details about the accused, but data from a variety of sources indicates he may have run a large, recently-shuttered forum dedicated to cyber fraud, and that he actively hacked into and absconded with stolen card data taken from other fraud forums.

This much the government is saying: David Benjamin Schrooten, 21, appeared in Seattle federal court on Monday and pleaded not guilty to charges of bank fraud, access device fraud and conspiracy. Schrooten was accused of running Web sites that sold stolen credit card numbers in bulk. Authorities said Schrooten was extradited to the United States after being arrested in Romania, and that another man — 21-year-old Christopher A. Schroebel of Maryland — was an accomplice and also was charged.

The government also mentioned one other detail: Schrooten was allegedly known in the hacking community as "Fortezza." This last detail caught my attention, because for several months members of the cybercrime underground have been inquiring about Fortezza's whereabouts, and what would become of his hacker forum — an exclusive English language "carding" site aptly named Kurupt.su. [Screenshot]

Continued : http://krebsonsecurity.com/2012/06/feds-arrest-kurupt-carding-kingpin/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Tumblr Users Should Beware of Cookie Thieves

by Carol~ Moderator - 6/12/12 7:45 AM

In Reply to: NEWS - June 12, 2012 by Carol~ Moderator

Two researchers say they've found a security hole in Tumblr, one of the most popular sites on the Internet, that could steal users' authentication cookies to break into their accounts.

Aditya Gupta and Subho Halder say they've tried to contact Tumblr about the vulnerability by using mail and Twitter, but so far no one has responded. The social sharing site hosts 59.4 million micro blogs and has published almost 25 billion posts.

The pair says they have identified a dangerous cross-site scripting vulnerability that poses risks for the site's users, according to the site Softpedia.

"I could get the cookies of any user who visits my profile page. They are the actual Tumblr authentication cookies, which means I could use the cookies to log in to the respective user accounts," Gupta said. "Also, I could make a complete worm out of it, so when one person views my profile, he would repost my post and everyone in his list who would see it would then be doing the same. All automatically and without the user's knowledge."

Gupta said he and Halder decided to tell people about the vulnerability after failing to get Tumblr's attention but did not publicly release details to allow the site time to patch the flaw.

Continued : http://threatpost.com/en_us/blogs/tumblr-users-should-beware-cookie-thieves-061112


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Do Not Track should not be enabled by default - W3C proposal

by Carol~ Moderator - 6/12/12 7:45 AM

In Reply to: NEWS - June 12, 2012 by Carol~ Moderator

The latest draft proposal from the W3C working group developing the Do Not Track (DNT) privacy setting says that setting the Do Not Track signal on, or off, by default will not be allowed in compliant clients. The latest draft is the result of the creation of a "compromise proposal" for the various interested parties by Peter Eckersley of the EFF, Tom Lowenthal of Mozilla, and Jonathan Mayer of Stanford University.

The change in the draft was partly triggered when Microsoft said it had turned Do Not Track on by default in Internet Explorer 10. This announcement triggered debate within the standards group as it works with publishers, social networks, advertisers and browser makers to try and establish the Do Not Track standard. Mozilla was concerned that a browser maker, by setting DNT on by default, would be removing the option for the user to make a choice.

The proposal adds a line - "An ordinary user agent must not send a Tracking Preference signal without a user's explicit consent" - to the start of the User Agents section of the DNT proposal, though it is currently preceded by a disclaimer that it has not "been extensively discussed with stakeholders". It also notes that it should be considered a preliminary position on the issue. The requirement for explicit consent does allow for users to be prompted on first run of an application and asked if they want to enable Do Not Track. The proposal change potentially places Internet Explorer 10 in the position of, if unchanged, being non-compliant with the final specification.

Continued : http://www.h-online.com/security/news/item/Do-Not-Track-should-not-be-enabled-by-default-says-W3C-proposal-1615978.html


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Flame is Lame

by Carol~ Moderator - 6/12/12 7:45 AM

In Reply to: NEWS - June 12, 2012 by Carol~ Moderator

Mikko Hypponen @ the F-Secure Antivirus Research Weblog:

When the Flame malware was found two weeks ago, it was characterized as 'Highly advanced', 'Supermalware' and 'The biggest malware in history'.

These comments were immediately met with ridicule from experts who were quick to point out that there was nothing particularly new or interesting in Flame.

In fact, the only unique thing in Flame seemed to be its large size. Even that was not too exciting as analysts went digging for examples of even larger malware and indeed found them (some malware tries to look like video files so they carry full-length movies inside their bodies).

Suggestions that Flame was created by a government and, like Stuxnet and Duqu, would be the product of a nation-state were met with ridicule as well.

But let's have a look at what we've learned about Flame over these two weeks.

1. Flame has a keylogger and a screengrabber

They naysayers are unimpressed. "We've seen that before. Flame is lame."

2. Flame has built-in SSH, SSL and LUA libraries

"Bloated. Slow. Flame is still lame."

3. Flame searches for all Office documents, PDF files, Autodesk files and text files on the local drives and on network drives. As there would easily be too much information to steal, it uses IFilters to extract text excerpts from the documents. These are stored in a local SQLLite database and sent to the malware operators. This way they can instruct the malware to hone in on the really interesting material.

"Flame is lame"

Continued : http://www.f-secure.com/weblog/archives/00002383.html


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

UK Defamation Bill Debate Could Unmask Internet Trolls

by Carol~ Moderator - 6/12/12 9:47 AM

In Reply to: NEWS - June 12, 2012 by Carol~ Moderator

UK ISPs may have to unmask Internet trolls, as politicians debate overhauling defamation laws

It's taken time for defamation to go digital it seems. The UK's defamation laws are more comfortably set in times for print and television than they are suited to the fast pace and activity we see online.

A defamation bill [PDF] is to be debated in the House of Commons today that could lead to the protection of website owners if they help to unveil Internet trolls.

The bill will more generally look at reforming aspects of the law of defamation. Currently this is governed by common law and the balance of course is whether changes would affect freedom of speech.

A draft Bill was published in March 2011 and subject to pre-legislative scrutiny. The Defamation Bill was presented on 10 May 2012. It extends to England and Wales only, today should see the second reading.

Proposed changes, if the bills is passed, mean that claimants would have to show they have suffered serious harm before suing for defamation. Under the law as it currently stands, a claimant does not have to prove the words they are complaining about have caused them actual damage.

Continued : http://thenextweb.com/uk/2012/06/12/uk-isps-may-have-to-unmask-internet-trolls-as-politicians-debate-overhauling-defamation-laws/

Also:
MPs debate new measures to identify internet trolls
Websites Will Be Forced To Identify Trolls


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Thousands of Twitter accounts wide open after TweetGif hack

by Carol~ Moderator - 6/12/12 12:14 PM

In Reply to: NEWS - June 12, 2012 by Carol~ Moderator

Part of a database containing the credentials for more than 8,000 Twitter accounts, apparently obtained from the TweetGif image hosting service, is currently circulating online. The extract contains access tokens and the associated access token secrets which can be used to access users' Twitter accounts.

Users log into the third-party TweetGif app using their Twitter account, and Twitter then provides TweetGif with an access token. This token allows TweetGif to access the user's Twitter account in perpetuity without having to request permission each time it wishes to do so.

The tokens remain valid even when the account password is changed. As a precautionary measure, anyone who has used TweetGif in the past is advised to revoke the service's access rights under Settings Apps on twitter.com. The LulzSecReborn Hacker group has already claimed responsibility for leaking the user data. The group was also responsible for publishing data from the MilitarySingles.com e-dating web site and from security services provider CSS Corp earlier this year.

http://www.h-online.com/security/news/item/Thousands-of-Twitter-accounts-wide-open-after-TweetGif-hack-1616181.html

Also:
LulzSec Reborn posts 10,000 Twitter passwords of TweetGif users online
TweetGif Hacked, 10,000 Twitter Account Leaked By Anonymous


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Current Black Hole Exploit Kit Spam Runs

by Carol~ Moderator - 6/12/12 1:51 PM

In Reply to: NEWS - June 12, 2012 by Carol~ Moderator

Same Operation, Diversification of Targets Being Spoofed: Current Black Hole Exploit Kit Spam Runs

From TrendLabs Malware Blog:

Recent Changes in Black Hole Exploit Kit Spam Runs

As a continuation of our efforts to protect customers as outlined in our previous post, this post is an update on the current Black Hole Exploit Kit spam run activity. We've been identifying Black Hole Exploit Kit spam runs for a while and so far, it continues to have high activity. These spam runs remain a concern for organizations spoofed by spammers, owners of compromised websites, and the number of users receiving these phishing emails. The solutions we've released for these spam runs with unique insight from big data analysis and the power of Trend Micro Smart Protection Network are still effectively detecting and addressing email sent by spammers.

Changes in Black Hole Exploit Kit Spam Runs

We've noticed recently that while the same strategy is still being used, the spammers have now added new legitimate organizations to spoof. Specifically, they mimic legitimate emails from these entities in phishing email to lure users into clicking the URL in the message. The attack starts with spam containing a link to a compromised website which redirects users to the website where malware is hosted. As mentioned, the difference is that the organizations that are spoofed in the attack have diversified.

Recent Activity with Diversified Organizations

The following table includes the dates of activity and some of the new organizations being spoofed by Black Hole Exploit Kit spammers: [Table]

Continued : http://blog.trendmicro.com/same-operation-diversification-of-targets-being-spoofed-current-black-hole-exploit-kit-spam-runs/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Spokeo Data Broker to Pay $800,000 in FTC Privacy Case

by Carol~ Moderator - 6/12/12 1:52 PM

In Reply to: NEWS - June 12, 2012 by Carol~ Moderator

Data broker and online people search service Spokeo will pay US$800,000 to settle U.S. Federal Trade Commission charges that it sold consumer profiles to other companies without taking steps required under the U.S. Fair Credit Reporting Act (FCRA) to protect consumers, the FTC announced Tuesday.

In the first FTC case addressing the sale of Internet and social media data in the employment screening area, the agency alleged that Spokeo operated as a consumer reporting agency but failed to ensure that the information it sold would be used only for legal purposes, the agency said. Spokeo also violated the FCRA by failing to ensure that the information it sold was accurate and by failing to tell users of its consumer reports about the company's obligations under the credit law, the FTC alleged.

Spokeo marketed consumer profiles to companies in the human resources, background screening and recruiting industries, the FTC said.Spokeo collects personal information about consumers from hundreds of online and offline data sources, including social networks, the FTC said. It merges the data to create detailed personal profiles of consumers, containing the consumer's name, address, age range, and email address. The profiles can also include hobbies, ethnicity, religion, participation on social networking sites, and photos.

Continued : http://www.pcworld.com/businesscenter/article/257419/spokeo_data_broker_to_pay_800000_in_ftc_privacy_case.html


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close