Spyware, viruses, & security forum: NEWS - March 11, 2013

From the Kaspersky Labs blog:

The 2014 FIFA World Cup has already kicked off, at least for Brazilian bad guys. Next year's big event in Brazil has become one of the most prominent tactics used by Latin American cybercriminals as they unleash a real avalanche of phishing messages, fraudulent prizes and giveaways, malicious domains, fake tickets, credit card cloning, banking Trojans and a lot of social engineering.

Indeed Brazil figured among the top five countries where users risk being caught 'offside' by phishing attacks, according to a recent study (pdf) conducted by RSA and released in January. The country is in fourth place, along with the UK, USA, Canada and South Africa. So it's no big surprise to find four Brazilian brands in the Top 10 most targeted on PhishTank stats.

Offers range from alleged cash prizes, trips and tickets to watch the games, while the attacks involve massive phishing mailings, and, to add spurious credibility, stars of the national soccer team have been 'signed up' by the conmen. Here's one example featuring Neymar, the latest Brazilian hero to be dubbed the new Pele: [Screenshot]

Continued : https://www.securelist.com/en/blog/208194146/The_Brazilian_Phishing_World_Cup

Australia's Reserve Bank has confirmed it has been attacked, after a report in the Australian Financial Review claimed its "... computer networks have been repeatedly and successfully hacked in a series of cyber-attacks to infiltrate sensitive internal information, including by Chinese-developed malicious software".

The Reserve Bank (RBA) is Australia's central bank and has functions broadly comparable to those of the Bank of England or the US Federal Reserve.

The AFR report mentions hacks on France that resulted in several thousand confidential documents supposedly making their way in the general direction of China, but does not say if Australian documents were lost.

The RBA has since issued a statement admitting to detecting attacks but has classified them as mere "virus attacks". Here's what the RBA had to say:

Continued : http://www.theregister.co.uk/2013/03/11/reserve_bank_of_australia_attacked/

... protection

"New family of Mac malware masqueraded as printer software."

Researchers have identified the Mac malware that infected employees of Apple, Facebook, and Twitter, and say it may have been used to compromise machines in other US organizations, including auto manufacturers, government agencies, and a leading candy maker, according to a published report.

Pintsized.A is a new family of Mac malware that uses an exploit to bypass Gatekeeper, an OS X protection that allows end users to tightly control which sources are permitted to install apps, according to an article published Monday by The Security Ledger. Mac antivirus provider Intego says the trojan masquerades on infected machines as Linux printing software known as cupsd, although it runs from a different location than the legitimate title. It's unclear exactly how the malware gets around Gatekeeper.

Continued : http://arstechnica.com/security/2013/03/mac-malware-that-infected-facebook-bypassed-os-x-gatekeeper-protection/

From the F-Secure Antivirus Research Weblog:

Google Play has a problem — and it isn't malware.

Depending on location, Potentially Unwanted Applications (PUA) can be rather difficult to avoid.

Here's a screenshot of User Reviews from a "weather widget" application: [Screenshot]

In English (both U.S. and U.K.), there are eight user reviews. Just eight. Even if you click on a link to "Read All User Reviews".

But if you use the Danish UI... this is one additional review you'll see: [Screenshot]

And it's good that Danes can see it, because the reviewer explains it's a "nice" app that uses push notifications to drop spam ads, one of which presented his ten year-old daughter with an offer to win an iPad. The daughter provided her father's phone number... and it ended up costing 150 Danish Krone (about 26 USD).

Worst of all — this weather widget app is the second result among free apps if Danes search for "vejr".

More popular, and far more reputable, applications such as "AccuWeather" (TM) haven't done Search Engine Optimization for the Danish market and so end up lower in "relevant" results.

Continued : http://www.f-secure.com/weblog/archives/00002521.html

Homeland Security's Computer Emergency Response Team is warning today that some printers manufactured by Hewlett-Packard, including 10 of its LaserJet Professional printers, have a security vulnerability that could allow an attacker to remotely access data.

According to CERT, the problem stems from a telnet debug shell glitch that can allow an unauthenticated user to connect to the printer and in turn, glean data. CERT warned of the problem this morning; HP's Software Security Response Team wrote about the problem in a security bulletin last week.

According to the bulletin, HP's following LaserJet Pro printers are vulnerable: P1102w, P1606dn, M1212nf, M1213nf, M1214nfh, M1216nfh, M1217nfw, M1218nfs, M1219nf and CP1025nw.

German security researcher Christop von Wittich with Hentschke Bau GmbH was credited with discovering the flaw.

HP is advising affected customers to download updated firmware for printers impacted by the bug from the company's Support Center site. The company is also encouraging those still concerned with the vulnerability to email security-alert@hp.com for further guidance.

Continued : https://threatpost.com/en_us/blogs/hp-cert-warn-critical-hole-laserjet-printers-031113

See Vulnerabilities / Fixes: HP LaserJet Pro Printers Telnet Debug Shell Vulnerability

Dating site Zoosk resets some user accounts following password dump

Zoosk.com, an online dating service with about 15 million unique visitors each month, is requiring some users to reset their passwords. The move comes after someone published a list cryptographically protected passcodes that may have been used by subscribers to the website.

In the past, the San Francisco-based company has said it has more than 50 million users. With this dump, a small but statistically significant percentage of the 29-million-strong password list contained the word "zoosk," an indication that at least some of the credentials may have originated with the dating site. Jeremi Gosney, a password expert at Stricture Consulting Group, said he cracked more than 90 percent of the passwords and found almost 3,000 had links to Zoosk. The cracked passcodes included phrases such as "logmein2zoosk," "zoosk password," "myzooskpass," "@zoosk," "zoosk4me," "ilovezoosk," "flirtzoosk," "zooskmail."

Other passwords contained strings such as "flirt," "lookingforlove," "lookingforguys," and "lookingforsex," another indication that they were used to access accounts at one or more dating websites. Many users choose passwords containing names, phrases, or topics related to the specific website or generic type of service they're used to access. In December, Ars profiled a 25-GPU cluster system Gosney built that's capable of trying every possible Windows passcode in the typical enterprise in less than six hours.

Continued : http://arstechnica.com/security/2013/03/dating-site-zoosk-resets-some-user-accounts-following-password-dump/

Bruce Schneier @ his "Schneier on Security" blog:

I worry that comments about the value of software security made at the RSA Conference last week will be taken out of context. John Viega did not say that software security wasn't important. He said:

'For large software companies or major corporations such as banks or health care firms with large custom software bases, investing in software security can prove to be valuable and provide a measurable return on investment, but that's probably not the case for smaller enterprises, said John Viega, executive vice president of products, strategy and services at SilverSky and an authority on software security. Viega, who formerly worked on product security at McAfee and as a consultant at Cigital, said that when he was at McAfee he could not find a return on investment for software security.'

I agree with that. For small companies, it's not worth worrying much about software security. But for large software companies, it's vital.

Continued : http://www.schneier.com/blog/archives/2013/03/is_software_sec.html