Spyware, viruses, & security forum: NEWS - January 07, 2013

Nvidia has quietly released a new set of drivers to patch up a security flaw found within the Display Driver service, which came to light via a U.K.-based researcher on Christmas day.

If you happen to be an owner of a GeForce graphics processing unit (GPU), then the quiet release of the latest GeForce-based drivers is certainly worth a quick download.

On Saturday, the firm made the new WHQL-certified graphics drivers -- version 310.90 -- available. The release notes say that the file "adds a security update for the NVIDIA Display Driver service (nvvsvc.exe)." However, it does not mention the fact that U.K. researcher Peter Winter-Smith discovered a flaw in December which makes the display driver service vulnerable to buffer overflow and code injection attacks. In other words, the security flaw could potentially be used by a remote attacker with a domain account to gain access to a system running older drivers.

In addition to killing off the security flaw, the driver update also comes complete with a number of bug fixes and performance enhancements for some gaming titles. New 3D Vision profiles have been added, and faster performance will improve a number of PC games including Call of Duty: Black Ops 2 and Assassin's Creed III.

Continued : http://www.zdnet.com/nvidia-releases-driver-update-to-fix-security-exploit-7000009448/

Also: NVIDIA Releases Fix For Dangerous Display Driver Exploit

Related: Nvidia Display Driver Service Attack Escalates Privileges on Windows Machines

See Vulnerabilities & Fixes : NVIDIA Graphics Drivers for Windows "nvsr" Named Pipe Buffer Overflow Vulnerability

I have an old gpu.
I use old drivers.
I don't game.
It works fine.

I'd like to get the security update.......however....Nvidia imbedded the thing in a 160MB download.

That download gets me all the drivers and bells+whistles to support the latest gpu's and fixes for games.

I'm a little hesitant to apply that to my old gpu and muck things up.

For now I'm just going to sit on it and search for a way to update nvvsvc.exe.....that's where the security issue is......without having to update everything.

Nvvsvc.exe is a nvidia driver helper.
I have not found a good explanation of what it's for.

Based on this w7 machine.
Nvvsvc.exe is not a running process.
Under services I do see nvidia driver helper.
That service points to nvvsvc.exe.
I have that service disabled.....its been disabled for a long time.
I have not found anything that does not function.
Ymmv.

My plans are to ignore this thing and not go looking for trouble.

The author of Blackhole, an exploit kit that booby-traps hacked Web sites to serve malware, has done so well for himself renting his creation to miscreants that the software has emerged as perhaps the most notorious and ubiquitous crimeware product in the Underweb. Recently, however, the author has begun buying up custom exploits to bundle into a far more closely-held and expensive exploit pack, one that appears to be fueling a wave of increasingly destructive online extortion schemes.

An exploit pack is a software toolkit that gets injected into hacked or malicious sites, allowing the attacker to foist a kitchen sink full of browser exploits on visitors. Those visiting such sites with outdated browser plugins may have malware silently installed. In early October 2012, security researchers began noticing that a new exploit pack called Cool Exploit Kit was showing up repeatedly in attacks from "ransomware," malicious software that holds PCs hostage in a bid to extract money from users.

"Kafeine," a French researcher and blogger who has been tracking the ties between ransomware gangs and exploit kits, detailed Cool's novel use of a critical vulnerability in Windows (CVE-2011-3402) that was first discovered earlier in the year in the Duqu computer worm. Duqu is thought to be related to Stuxnet, a sophisticated cyber weapon that experts believe was designed to sabotage Iran's nuclear program.

Continued : http://krebsonsecurity.com/2013/01/crimeware-author-funds-exploit-buying-spree/

An account posing as that of the Facebook Security Team has been spotted sending warnings to random users, trying to fool them into believing that their Facebook account will be suspended due to a violation of the social network's Terms of Service: [Screenshot]

The message offers a link for verifying the account, and it takes users to a third party Facebook application that requests them to enter their Facebook page name, email or phone and password.

If entered and submitted, that information is automatically sent to the scammers behind this phishing scheme and used to hijack the account.

If you have fallen for the trick, try to access your account. If you are able to do so, change your password immediately. If you have already been locked out, report the compromise and Facebook will help you regain control of the account.

Continued: http://www.net-security.org/secworld.php?id=14186

According to a report by GameSpy, users on Ubisoft's forums have been complaining about having lost access to their accounts on the company's Uplay online service. Starting around 30 December, many of the affected users say they have received emails telling them that the email addresses for their accounts had been changed to addresses associated with particular sites under the Russian .ru and .su top-level domains, suggesting that the hacks are part of a larger attack by a hacker or group of hackers. According to GameSpy, Ubisoft has confirmed the situation and said that "a limited number" of accounts are affected. No personal or financial details were compromised, according to the company.

Ubisoft did not give details of how the hackers managed to breach the accounts, but access for affected users was restored promptly once staff in charge of the matter returned from their holiday breaks. Some users in the forum thread in question claimed to have randomly generated passwords for their Uplay account. Uplay is Ubisoft's DRM and multiplayer matchmaking system; users who lost access to their accounts were unable to play games registered through it.

Continued : http://www.h-online.com/security/news/item/Ubisoft-investigating-compromised-Uplay-accounts-1778618.html

Also: Ubisoft probes sudden rash of hijack attacks on gamers' accounts

Iran is developing "intelligent software" to control how Iranians can access social-networking sites, according to Associated Press.

The new software will prevent Iranians from being exposed to malicious content while allowing them to take advantage of the "useful aspects" of the Internet, said Iran's chief of police, Gen. Esmail Ahmadi Moghadam, AP reported. Moghadam did not specify which social networking sites would be controlled or when the software will go live.

"The designing of intelligent software to control social networking Web sites" is underway, Moghadam said.

The Iranian government heavily restricts access to social networking sites such as Facebook and Twitter as well as other sites that authorities believe promote dissent or are morally corrupt as part of its strict censorship policy. However, many Iranians bypass the official filters using proxy software and Virtual Private Networks (VPN).

Continued : http://securitywatch.pcmag.com/none/306619-iran-developing-software-to-control-social-networking-sites

Also: Iran Designing Software for Controlled Social Media Access