Spyware, viruses, & security forum: NEWS - September 26, 2012

.. Giant Telvent

A company whose software and services are used to remotely administer and monitor large sections of the energy industry began warning customers last week that it is investigating a sophisticated hacker attack spanning its operations in the United States, Canada and Spain. Experts says digital fingerprints left behind by attackers point to a Chinese hacking group tied to repeated cyber-espionage campaigns against key Western interests.

The attack comes as U.S. policymakers remain gridlocked over legislation designed to beef up the cybersecurity posture of energy companies and other industries that maintain some of the world's most vital information networks.

In letters sent to customers last week, Telvent Canada Ltd. said that on Sept. 10, 2012 it learned of a breach of its internal firewall and security systems. Telvent said the attacker(s) installed malicious software and stole project files related to one of its core offerings — OASyS SCADA — a product that helps energy firms mesh older IT assets with more advanced "smart grid" technologies.

Continued : http://krebsonsecurity.com/2012/09/chinese-hackers-blamed-for-intrusion-at-energy-industry-giant-telvent/

Rent-to-own PCs surreptitiously captured users' most intimate moments

"Spyware installed on more than 420,000 PCs even recorded customers having sex."

Seven rent-to-own companies and a software developer have settled federal charges that they used spyware to monitor the locations, passwords, and other intimate details of more than 420,000 customers who leased computers.

The software, known as PC Rental Agent, was developed by Pennsylvania-based DesignerWare. It was licensed by more than 1,617 rent-to-own stores in the US, Canada, and Australia to report the physical location of rented PCs. A feature known as Detective Mode also allowed licensees to surreptitiously monitor the activities of computer users. Managers of rent-to-own stores could use the feature to turn on webcams so anyone in front of the machine would secretly be recorded. Managers could also use the software to log keystrokes and take screen captures.

"In numerous instances, data gathered by Detective Mode has revealed private, confidential, and personal details about the computer user," officials with the Federal Trade Commission wrote in a civil complaint (pdf) filed earlier this year. "For example, keystroke logs have displayed usernames and passwords for access to e-mail accounts, social media websites, and financial institutions."

Continued : http://arstechnica.com/security/2012/09/rent-to-own-pcs-surreptitiously-captured-users-most-intimate-moments/

Also:
FTC: It's Not Cool To Put Spyware On Rent-To-Own Computers Without Customer Consent
Rent-to-Own Laptops Secretly Photographed Users Having Sex, FTC Says
Rent-to-own laptops were spying on users
Rental computers spied on and photographed users, FTC claims

A new Facebook-themed spam campaign is targeting the social network's users, trying to trick them into opening the attached file: [Screenshot]

"The attached ZIP file has the name New-Photo-with-You_on_Facebook_PHOTOID13O8WHZL.zip and contains the 77 kB large file New_Photo_with_You_on_Facebook.gif.exe," warn MX Lab researchers.

The file is currently detected as malicious by 20 of the 43 AV solutions used by VirusTotal, although they can't seem to agree on just what kind of Trojan it actually is. Still, if there's one thing you can be sure of is the fact that the file is definitely bad news.

Users are advised to always be extra careful when viewing notifications seemingly coming from social networks. In this case, the spoofed "Facebook

http://www.net-security.org/malware_news.php?id=2277

.. kill it with fire

"Top spear-phishing email phrases revealed"

FireEye has put together a list of the most common words and phrases that appear in fake emails designed to infect corporate networks and steal data.

The security firm said that the list spotlights the social engineering techniques that feature as a key component of so-called spear phishing attacks. Hackers tend to use words that create a sense of urgency in a bid to trick unsuspecting recipients into downloading malicious files.

The top word category in email-based attacks relates to express shipping. Words such as "DHL", "UPS", and "delivery" featuring in a quarter of overall attacks. Urgent terms such as "notification" and "alert" are included in about 10 per cent of attacks. Some attacks mix and match terms from these two popular categories such as "UPS-Delivery-Confirmation-Alert_April-2012.zip", one example cited by FireEye.

Email-based attacks increased 56 per cent between Q1 2012 and Q2 2012, according to FireEye. The security firm claims these attacks often get through multiple layers of defence - including anti-virus, firewalls and intrusion prevention systems - to reach corporate desktops.

Continued : http://www.theregister.co.uk/2012/09/26/spear_phishing_hooks/

Smartphone developer Samsung has reportedly fixed a flaw in one of its newest phones, the Galaxy S III, that allows attackers to remotely wipe the phone's contents.

The patch addresses a flaw presented at the Ekoparty Security Conference in Argentina late last week that showed how easy it was to remotely reset an S III phone and apparently kill the phone's SIM card. Ravi Borgaonkar, a researcher in the Security in Telecommunications department at the Technical University Berlin, demonstrated an attack that exploited Unstructured Supplementary Service Data (USSD). USSD code is essentially a series of numbers used by mobile service providers to relay messages to GSM phones.

In his talk, which can be seen online here, Borgaonkar showed how a line of USSD code could be sent to a phone via NFC, QR code, SMS, or web link, that resets the device to its factory condition. According to reports, the problem lies in the way the phone's TouchWiz touch interface handles the codes and may affect more phones than the Galaxy S III. Borgaonkar also claims a separate set of code can be sent to wipe out a phone's SIM card. Both attacks take less than three seconds.

Continued : https://threatpost.com/en_us/blogs/samsung-fixes-remote-wipe-flaw-galaxy-s-iii-smartphones-092612

Related: 'Dirty USSD' Hack Wipes Samsung Phones. Is Yours Vulnerable?