Spyware, viruses, & security forum: NEWS - August 22, 2012

As suggested by some of its developers back in 2010, the Firefox browser will introduce enhanced separation between add-ons and the rest of the browser. With the change, which is planned to take effect with the release of Firefox 17, scripts on web pages will only be able to access the data belonging to add-ons if they are included in a whitelist.

The beta version of Firefox 15 already logs warning messages in the browser's Error Console when a page that is not on the whitelist tries to access data from add-ons. This behaviour has been included to make add-on developers aware of the new policy and to give them time to fix their add-on's behaviour before the release of Firefox 17.

In the current versions of Firefox, entire add-on objects can be shared by adding them to contentWindow.wrappedJSObject which allows scripts on web sites to access all data belonging to these objects through the window.sharedObject variable. With Firefox 17, add-on developers are required to explicitly mark attributes with the __exposedProps__ property which acts as a whitelist for objects that Firefox will share. Possible values for this property allow read-only access, write-only access and read and write access.

Continued : http://www.h-online.com/security/news/item/Firefox-17-to-make-add-ons-more-secure-1672626.html

A coalition of nearly 20 children's advocacy, health and public interest groups plans to file complaints with the Federal Trade Commission on Wednesday, asserting that some online marketing to children by McDonald's and four other well-known companies violates a federal law protecting children's privacy.

The law, the Children's Online Privacy Protection Act, requires Web site operators to obtain verifiable consent from parents before collecting personal information about children under age 13. But, in complaints to the F.T.C., the coalition says six popular Web sites aimed at children have violated that law by encouraging children who play brand-related games or engage in other activities to provide friends' e-mail addresses — without seeking prior parental consent.

At least one company, however, said the accusation mischaracterized its practices, adding that the law allows an exception for one-time use of a friend's e-mail address. As of late Tuesday, the companies said they had not received copies of the complaints. Obtaining information about adults' social networks to e-mail marketing messages to their friends is a common industry practice called "tell a friend" or "refer a friend." But now an increasing number of children's sites are using the technique by inviting children to make customized videos promoting certain products, for example, and then sending them to friends.

Continued : http://www.nytimes.com/2012/08/22/business/media/web-sites-accused-of-collecting-data-on-children.html

By hunting through benign bits of code on your computer, the Frankenstein virus can turn itself into something rather nasty

MARY SHELLEY'S Victor Frankenstein stitched together the body parts of ordinary individuals and created a monster. Now computer scientists have done the same with software, demonstrating the potential for hard-to-detect viruses that are stitched together from benign code pilfered from ordinary programs.

The monstrous virus software, dubbed Frankenstein, was created by Vishwath Mohan and Kevin Hamlen at the University of Texas at Dallas. Having infected a computer, it searches the bits and bytes of common software such as Internet Explorer and Notepad for snippets of code called gadgets - short instructions that perform a particular kind of small task.

Previous research has shown that it is theoretically possible, given enough gadgets, to construct any computer program. Mohan and Hamlen set out to show that Frankenstein could build working malware code by having it create two simple algorithms purely from gadgets. "The two test algorithms we chose are simpler than full malware, but they are representative of the sort of core logic that real malware uses to unpack itself," says Hamlen. "We consider this a strong indication that this could be scaled up to full malware."

Continued : http://www.newscientist.com/article/mg21528785.600-frankenstein-virus-creates-malware-by-pilfering-code.html

A 23-year-old German man was sentenced to seven years in prison for an online swindle with fake Web shops that caused €1.1 million (US$1.36 million) in damages, a spokeswoman of the lower regional court in Augsburg said on Tuesday.

Authorities believe that the man, who is from Essen, lead a gang swindlers who ran a network of 187 fraudulent online shops, said Matthias Nickolai, spokesperson for the public prosecution in Augsburg. "He himself of course denied that he was the leader," Nickolai added.

The shops sold goods like electronic equipment, home appliances and precious metals among other things, he said. Customers never received the items they ordered and during the time the shops operated they "sold" goods in 2,054 known cases, said Nickolai, citing the indictment. The gang operated between November 2008 and August 2011.

Besides selling nonexistent goods, the swindlers also stole customer bank account data, which they used to pilfer more than €200,000 in 117 individual transactions, he said. The gang used a phishing email to tell victims that a computer virus compromised their accounts. Those emails led victims to a fake website that appeared to be a legitimate bank site in order to obtain account and other personal information from victims, according to the German public prosecutor.

Continued : http://www.pcworld.com/businesscenter/article/261169/german_man_sentenced_to_seven_years_in_prison_for_online_swindling.html

While researchers continue to dig into the Shamoon malware, looking for its origins and a complete understanding of its capabilities, a group calling itself the Cutting Sword of Justice is claiming responsibility for an attack on the massive Saudi oil company Aramco, which some experts believe employed Shamoon to destroy data on thousands of machines.

The attack on Aramco occurred on August 15, taking the main Web site of Saudi Aramco offline. Officials at the company said that the attack affected some of the company's workstations, but did not have any effect on oil production or on the main Aramco networks. The attackers claiming responsibility for the incident dispute that, saying that they deployed a destructive piece of malware that erased data on infected machines and then made them unusable.

"As previously said by hackers, about 30000 (30k) of clients and servers in the company were completely destroyed. Symantec, McAfee and Kaspersky wrote a detail analysis about the virus, good job. Hackers published the range of internal clients IPs which were found in the internal network and became one of the phases of the attack target," the group said in a post on Pastebin shortly after the attack.

Continued : https://threatpost.com/en_us/blogs/some-signs-point-shamoon-malware-aramco-attack-082212

Related: World's largest oil company Saudi Aramco hit by malware