Spyware, viruses, & security forum: NEWS - September 19, 2012

Watch out for malicious UPS/FedEx notifications when waiting for iPhone 5

From the Websense Security Labs Weblog:

The first batch of iPhone 5s will be delivered on Friday of this week. Apple sold more than 2 million of the new phone in less than 24 hours so clearly there's a huge interest in getting the device. This means that many people are eagerly waiting for their shipping notifications, to learn when the phone will arrive. I'm one of the people who pre-ordered an iPhone 5, and I'm still waiting for my delivery notification. From reading discussion forums online, I know that all orders from Apple's online store will ship with UPS. So when I received a UPS notification email today, I obviously expected it to be about my iPhone. Turns out, it wasn't. [Screenshot]

Instead the email contained an attached HTML page that, when loaded, displayed the page below:

[Screenshot]

When I look at the emails monitored by our Cloud Email Security service, I can see that we've intercepted and blocked over 45,000 emails similar to this one. UPS/FedEx lures are not new, but in times like this -- when people are eagerly waiting for an email of this type -- the risk is great that recipients will have their guards down and will run the attached file.

The page above isn't as innocent as it looks. There's a hidden, obfuscated script on the page that deobfuscates to this:

Continued : http://community.websense.com/blogs/securitylabs/archive/2012/09/18/watch-out-for-malicious-ups-fedex-notifications-when-waiting-for-iphone-5.aspx

"How long would it take a determined attacker to hack into Apple's iPhone 4S from scratch? A Dutch research team uses the Pwn2Own contest to provide the answer."

How long would it take a determined attacker to hack into Apple's iPhone device from scratch?

That was the intellectual challenge that drove a pair of Dutch researchers to start looking for an exploitable software vulnerability that would allow them to hijack the address book, photos, videos and browsing history from a fully patched iPhone 4S.

The hack, which netted a $30,000 cash prize at the mobile Pwn2Own contest here, exploited a WebKit vulnerability to launch a drive-by download when the target device simply surfs to a booby-trapped web site.

"It took about three weeks, starting from scratch, and we were only working on our private time," says Joost Pol (photo left), CEO of Certified Secure, a nine-person research outfit based in The Hague. Pol and his colleague Daan Keuper used code auditing techniques to ferret out the WebKit bug and then spent most of the three weeks chaining multiple clever techniques to get a "clean, working exploit."

Continued : http://www.zdnet.com/mobile-pwn2own-iphone-4s-hacked-by-dutch-team-7000004498/

Also: iPhone 4S exploited in Mobile Pwn2Own hacking contest in Amsterdam

.. cyber crooks

Businesses should be far more concerned about Eastern European hackers for hire than Asian cyber snoops, according to security firm Trend Micro.

Trend Micro warned that European mercenary hackers are currently mounting far more sophisticated campaigns and attacks that their East Asian counterparts in a report entitled: Peter the Great vs Sun Tzu.

The report highlighted a significant disparity in the two regions hacker methodologies.

"The Eastern European custom-written, carefully crafted tools are designed for very specific attacks," Trend Micro security director Rik Ferguson told V3.

"Asian teams use more off the shelf stuff, things like Spyeye, Zeus, exploit kits. They go after targets that aren't bulletproof and are more widespread."

Ferguson highlighted the importance of reputation among Eastern bloc hackers as a key reason for the difference.

Continued : http://www.v3.co.uk/v3-uk/news/2206625/eastern-european-hackers-posing-bigger-threat-than-asian-cyber-crooks

Also:
Peter the Great beats Sun Tzu in cybercrime
Report Examines Eastern European Hackers Vs. East Asian Hackers

Last week, Microsoft Corp. made headlines when it scored an unconventional if not unprecedented legal victory: Convincing a U.S. court to let it seize control of a Chinese Internet service provider's network as part of a crackdown on piracy.

I caught up with Microsoft's chief legal strategist shortly after that order was executed, in a bid to better understand what they were seeing after seizing control over more than 70,000 domains that were closely associated with distributing hundreds of strains of malware. Microsoft said that within hours of the takeover order being granted, it saw more than 35 million unique Internet addresses phoning home those 70,000 malicious domains.

First, the short version of how we got here: Microsoft investigators found that computer stores in China were selling PCs equipped with Windows operating system versions that were pre-loaded with the "Nitol" malware, and that these systems were phoning home to subdomains at 3322.org. The software giant subsequently identified thousands of sites at 3322.org that were serving Nitol and hundreds of other malware strains, and convinced a federal court in Virginia to grant it temporary control over portions of the dynamic DNS provider. [Screenshot]

Microsoft was able to do that because - while 3322.org is owned by a firm in China — the dot-org registry is run by a company based in Virginia. Yet, as we can see from the graphic above provided by Microsoft, Nitol infections were actually the least of the problems hosted at 3322.org (more on this later).

Continued : http://krebsonsecurity.com/2012/09/malware-dragnet-snags-millions-of-infected-pcs/