http://news.softpedia.com Softpedia News - Security Softpedia News en-us 2001 - 2009 Softpedia. All rights reserved. Mon, 9 Nov 2009 00:07:23 GMT Mon, 9 Nov 2009 00:07:23 GMT News http://blogs.law.harvard.edu/tech/rss 10 http://www.softpedia.com/base_img/softpedia_logo.gif http://news.softpedia.com/ http://news.softpedia.com/news/Two-Men-Accused-of-Hacking-Their-Former-Employer-s-Computers-126361.shtml Two former employees of an engine parts distributor have been indicted for accessing the company's computer systems repeatedly without authorization after they quit. According to the prosecutors, the men used still active credentials to access sensitive information for almost two years.

Scott R. Burgess, 45 of Jasper, Indiana, and Walter D. Puckett, 39 of Williamstown, Kentucky, were indicted on November 4 for computer intrusion, the United States Attorney's Office for the Southern District of Indiana announces. The pair used to work for Jasper-based Stens Corporation, a distributor of replacement parts for small engine outdoor power equipment.

After quitting their jobs at Stens in late 2004 and early 2005, respectively, Burgess and Puckett went on to work for a rival company. The authorities claim that until September 2006, the two illegally accessed private information stored on computers belonging to Stens Corporation on twelve separate occasions.

The intrusions allegedly had personal and commercial gain motivation and were instrumented through the use of old login credentials. It is also mentioned that Stens' IT staff noticed unusual behavior and disabled several passwords, however the perpetrators switched to using others.

According to Assistant U.S. Attorney Todd S.... (read more)]]> Fri, 6 Nov 2009 15:39:00 GMT Softpedia News - Security http://news.softpedia.com/news/Two-Men-Accused-of-Hacking-Their-Former-Employer-s-Computers-126361.shtml Security http://news.softpedia.com/news/Two-Men-Accused-of-Hacking-Their-Former-Employer-s-Computers-126361.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Major-Security-Hole-Discovered-on-Facebook-and-MySpace-126327.shtml A Web developer has documented a proof-of-concept attack that could have been used to hijack accounts and steal private information on Facebook and MySpace. The attack leveraged a serious security oversight in XML configuration files used to define the cross-domain access policy for Flash applications.

The discovery was made while 24-years-old Dutch Web developer Yvo Schaap tried to find a workaround to a problem he was having with one of his Facebook applications. “I found a solution to one of my function limitations. Surprisingly, when looked into more carefully my solution allowed full access and control to the Facebook user account that accessed my application,” he notes on his blog.

As the programmer goes on to explain, this is not actually a bug, but an insecure configuration issue in crossdomain.xml. This file can be used to tell a Flash application, loaded from a URL and executed locally on the client, if it is able to access a file served from its domain. For example, if the owner of domain A wants to let an application from domain B access its files, it can specify domain B in the crossdomain.xml on its server.

While the crossdomain.xml on facebook.com whitelisted only other domains and sub-domains associated with Facebooks, the similar file on connect.facebook.com c... (read more)]]> Fri, 6 Nov 2009 13:08:00 GMT Softpedia News - Security http://news.softpedia.com/news/Major-Security-Hole-Discovered-on-Facebook-and-MySpace-126327.shtml Security http://news.softpedia.com/news/Major-Security-Hole-Discovered-on-Facebook-and-MySpace-126327.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Attack-Hits-Swedish-Signals-Intelligence-Agency-s-Website-126289.shtml The website of the Swedish National Defence Radio Establishment (Forsvarets Radioanstalt) has been the target of a prolonged denial of service attack this week. There is some speculation that the incident was caused to protest to the agency's new role of intercepting and monitoring Internet traffic passing through Sweden.

Forsvarets Radioanstalt (FRA) is an intelligence agency of the Swedish government, subordinated to the country's Ministry of Defence. It was official established in 1942 and its primary role was radio signal interception and monitoring.

In June 2008, the Swedish Parliament passed anti-terrorism legislation allowing FRA to coduct warrantless wiretapping of telephone and Internet communications that crosses Swedish borders. This includes all international Internet traffic that passes through Sweden, such as Russia's. The law went into effect at the beginning of January but the actual monitoring started last month.

The DoS attack on FRA's website began on Monday evening and according to a report from the Pingdom uptime monitoring service, extended well into Tuesday and Wednesday. This type of attack involves overloading a server with bogus requests until it is unable to process legit ones.

The total downtime suffered was of almost 29 hours, but according to an... (read more)]]> Fri, 6 Nov 2009 09:41:00 GMT Softpedia News - Security http://news.softpedia.com/news/Attack-Hits-Swedish-Signals-Intelligence-Agency-s-Website-126289.shtml Security http://news.softpedia.com/news/Attack-Hits-Swedish-Signals-Intelligence-Agency-s-Website-126289.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Major-SSL-Flaw-Was-Being-Patched-in-Secret-126241.shtml A serious design flaw in the SSL and TLS protocols has been kept secret since its discovery in August. Major technology companies have been privately informed and are working on patches under a non-disclosure agreement since the end of September.

The issue is caused by authentication gaps that get created during SSL and TLS session renegotiation and can be exploited in a man-in-the-middle (MitM) attack scenario. According to the researcher who discovered the bug, an attacker can potentially leverage it to inject arbitrary plain text into what should theoretically be a secure session.

The problem was identified by a software engineer and researcher named Marsh Ray, who works for PhoneFactor, a company that develops a tokenless two factor authentication system. The researcher notes on his blog that he began suspecting the existence of this type of bug in early August, while reviewing some third-party code. "Many late nights and weekends later, I had enough evidence to talk about, and at the beginning of September, I had a working exploit and demoed it to Steve Dispensa (PhoneFactor CTO)," he explains.

Understanding the seriousness of the discovery, the two professionals got in touch with several major vendors, including members of the Internet Engineering Task Force (IETF) and the Industry Consortium f... (read more)]]> Thu, 5 Nov 2009 15:40:00 GMT Softpedia News - Security http://news.softpedia.com/news/Major-SSL-Flaw-Was-Being-Patched-in-Secret-126241.shtml Security http://news.softpedia.com/news/Major-SSL-Flaw-Was-Being-Patched-in-Secret-126241.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Gumblar-Crashes-WordPress-and-Joomla-Websites-126239.shtml Independent security researcher Denis Sinegubko has recently stumbled upon a new version of the Gumblar Web botnet that has quite a craving for PHP CMS-driven websites. Mr. Sinegubko has discovered that this latest version (“untested version” as he refers to it) has until now affected more than 300,000 PHP websites, from which about 65,000 running the WordPress blogging platform and 38,000 running the Joomla! CMS.

In his opinion, Gumblar's authors may have unintentionally leaked an untested version on the Web. This latest threat seems to like injecting complex structured PHP sites (regularly referred to as CMSs) like WordPress, Joomla, Drupal, phpBB, vBulletin, Zen Cart, Magento, etc.

The attack works when the botnet manages to acquire FTP credentials to a website. After assuring itself with a backdoor entry for the victim's website, the botnet will open the host's PHP files and add a line of code to the beginning of each file. That line is a PHP declaration containing a 64-base encoded function that will execute other PHP and JavaScript code, which will then try to inject more code into other files.

Whenever a user wants to view the website's content, a function is called upon numerous times, and since PHP won't allow a declaration of the same function more than once, it will return a... (read more)]]> Thu, 5 Nov 2009 15:36:00 GMT Softpedia News - Security http://news.softpedia.com/news/Gumblar-Crashes-WordPress-and-Joomla-Websites-126239.shtml Security http://news.softpedia.com/news/Gumblar-Crashes-WordPress-and-Joomla-Websites-126239.shtml#review_zone Softpedia News (Catalin Cimpanu) http://news.softpedia.com/news/M86-Security-Acquires-Finjan-126187.shtml M86 Security has announced the acquisition of cloud-based Web security provider Finjan. The vendor's products and technology will expand M86's portfolio of Web and messaging security solutions.

M86 Security is a relatively new company formed last November through the merge of UK-based Web security vendor Marshal and US Web security appliance manufacturer 8e6 Technologies. It was initially called, rather uninspired, Marshal8e6, but for branding reasons, the name was later changed to the shorter M86 Security.

M86 further expanded in April 2009 with the acquisition of behavioral-analysis technology developer Avinti, which at the time commercialized its own e-mail security solution. In the same month, M86 signed up John Vigouroux as their new chief executive officer. Mr. Vigouroux previously served as CEO at Finjan, a San Jose-based provider of Software-as-a-Service (SaaS) security solutions.

In addition, Werner Thalmeier, Finjan's former VP of product management also joined M86 more recently, in a similar position. Putting all this into perspective suggests that a good level of compatibility existed between the two companies even before this acquisition was decided.

"The acquisition of Finjan supports our strategy to become the recognized leader in comprehensive inbound and outbound content security," said... (read more)]]> Thu, 5 Nov 2009 11:39:00 GMT Softpedia News - Security http://news.softpedia.com/news/M86-Security-Acquires-Finjan-126187.shtml Security http://news.softpedia.com/news/M86-Security-Acquires-Finjan-126187.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Prevx-Leads-the-Fight-Against-Online-Banking-Trojans-126115.shtml Prevx, one of the pioneers of cloud-based antivirus solutions, has launched a new product that is able to protect online banking transactions even on already infected computers. Dubbed Prevx SafeOnline, it runs at the lower level of the OS in order to keep HTTPS browsing sessions secure.

Online banking fraud is an ever growing problem and has affected a lot of mid-size companies and organizations in recent months. The authors of the Zeus botnet have been particularly successful in stealing millions of dollars through fraudulent transfers and exploiting people who didn't suspect they were being used as money mules.

While the majority of security vendors are trying to come up with better ways of keeping computers from being infected, Prevx has taken a different approach with its SafeOnline product. The whole idea behind this new technology is to assume the worse – that the computer is already compromised.

Prevx SafeOnline focuses on preventing information passed through the browsers from being hijacked. According to the company, it is able to stop phishing attacks, block keyloggers, screen grabbers, cookie stealearsm, as well the most prevalent banking trojans such as Zeus, Sinowal, Goldun, Silent Banker or Bancos.

The new product implements several components, one of them co... (read more)]]> Wed, 4 Nov 2009 14:51:00 GMT Softpedia News - Security http://news.softpedia.com/news/Prevx-Leads-the-Fight-Against-Online-Banking-Trojans-126115.shtml Security http://news.softpedia.com/news/Prevx-Leads-the-Fight-Against-Online-Banking-Trojans-126115.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Cable-Modem-Hacker-Accused-of-Facilitating-Computer-Fraud-125969.shtml Federal authorities have indicted Ryan Harris, an embedded device hacker, for aiding computer intrusion and facilitating fraud. Harris' company sold modified cable modem devices which allowed users to remove the bandwidth limitation imposed by ISPs.

Cable modems allow computers to connect to the Internet through the same cable used to deliver TV signals. Internet service providers lend such devices to their customers for free or in exchange of a monthly fee. The modems come pre-configured by ISPs to limit the bandwidth allowed for the customer, depending on the service they subscribe to.

Ryan Harris of San Diego is the founder and owner of a company called TCNISO, which started out as a group of modem modding enthusiasts. The hacker and his friends developed ways of modifying the operating system of many cable modem models in order to remove the bandwidth limitations, also known as caps, imposed by ISPs.

Through his website, 26-year-old Harris, known online as "DerEngel," sold and provided support for cable modem hacking applications that he had been developing since 2003. This software also made it possible for users to spoof the MAC address, a unique network adapter identifier of the device in order to steal the Internet service of other legit customers.

The prosecutors cl... (read more)]]> Tue, 3 Nov 2009 11:54:00 GMT Softpedia News - Security http://news.softpedia.com/news/Cable-Modem-Hacker-Accused-of-Facilitating-Computer-Fraud-125969.shtml Security http://news.softpedia.com/news/Cable-Modem-Hacker-Accused-of-Facilitating-Computer-Fraud-125969.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Malwarebytes-IObit-Stole-Our-Signatures-Database-125928.shtml Malwarebytes accuses Chinese antivirus vendor IObit of stealing its intellectual property and threatens to pursue legal action. Despite the solid evidence presented by Malwarebytes, IObit denies any wrongdoing and plans to respond through its lawyers.

Malwarebytes Corporation is a US-based company developing several security-oriented applications. Its flagship and most popular product is called Malwarebytes' Anti-Malware (MBAM), which comes in both free and commercial flavors and is particularly renowned for its ability to remove rogueware.

In a post published on its official blog yesterday, Malwarebytes takes aim at IObit for allegedly stealing its signatures. "Malwarebytes has recently uncovered evidence that a company called IOBit based in China is stealing and incorporating our proprietary database and intellectual property into their software," the company announces.

It all started with a report that the IObit Security 360 application detects a Malwarebytes' Anti-Malware key generator as Don’t.Steal.Our.Software.A, a name specifically created and used by Malwarebytes. "Why would IOBit detect a keygen for our software and refer to it using our database name?" the company asked.

In order to put their suspicions to the test, Malwarebytes researchers crafted a dummy malware sa... (read more)]]> Tue, 3 Nov 2009 08:56:00 GMT Softpedia News - Security http://news.softpedia.com/news/Malwarebytes-IObit-Stole-Our-Signatures-Database-125928.shtml Security http://news.softpedia.com/news/Malwarebytes-IObit-Stole-Our-Signatures-Database-125928.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/U-S-Department-of-Defense-Will-Consider-Open-Source-Solutions-125884.shtml While open-source software and applications have been providing a generous and efficient way to replace proprietary software in our day-to-day life, many Governments around the Globe have hesitated in adopting such solutions for their official platforms. Last week, the U.S. Department of Defense has released to the public a memorandum in which it encourages and recommends certain types of open-source platforms and situations in which its usage should be embraced.

The memorandum presents a series of strengths and weaknesses choosing to opt for a proprietary or open-source application should be based upon. The paper discusses and eliminates worries publicly expressed by Government officials in the past regarding security issues.

Former problematic topics discussed in the past dealt with the public availability of the source code that led officials to conclude that this presents a real security issue for any kind of usage in Government mediums. Through this memorandum, the DOD expressed more interest in keeping up to date with current technologies and methods of attack than its software security, giving a public vote of confidence and support to the communities that are keeping those OS applications alive.

Nevertheless, the paper does not recommend usage of any open-source solution, b... (read more)]]> Mon, 2 Nov 2009 15:13:00 GMT Softpedia News - Security http://news.softpedia.com/news/U-S-Department-of-Defense-Will-Consider-Open-Source-Solutions-125884.shtml Security http://news.softpedia.com/news/U-S-Department-of-Defense-Will-Consider-Open-Source-Solutions-125884.shtml#review_zone Softpedia News (Catalin Cimpanu) http://news.softpedia.com/news/Cyberspies-Infiltrate-the-Swiss-Foreign-Ministry-125880.shtml The Swiss Federal Department of Foreign Affairs (FDFA) has been the target of cyber-espionage. According to an official press release, government IT specialists have located a piece of malware on the network that was specifically designed to steal information and remain undetected.

The Federal Department of Foreign Affairs is Switzerland's governmental body in charge with maintaining the country's foreign relations. As a depository state of the Geneva Conventions and home to many international organizations, Switzerland plays an important and active role on the international politics scene.

"On 22 October 2009 IT specialists from the FDFA in conjunction with Microsoft discovered that the FDFA had been the target of a professional virus attack. The hackers, whose identities are as yet unknown, made use of special software during the attack to gain access to the Department’s IT infrastructure and acquire information," an official announcement reads.

It is also noted that the spying software was specifically designed to generate as little network activity and traffic as possible in order to hide its presence. Investigations are still underway to determine if the IT systems have been damaged in any way.

Following the discovery, as a precautionary measure, the FDFA computer network has been disconnected from the Internet. Specialized per... (read more)]]> Mon, 2 Nov 2009 14:45:00 GMT Softpedia News - Security http://news.softpedia.com/news/Cyberspies-Infiltrate-the-Swiss-Foreign-Ministry-125880.shtml Security http://news.softpedia.com/news/Cyberspies-Infiltrate-the-Swiss-Foreign-Ministry-125880.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/P2P-Leak-Exposes-Ethics-Committee-Investigations-125847.shtml A confidential report from the Committee on Standards of Official Conduct of the United States House of Representatives was leaked on peer-to-peer file sharing networks. The document contained details about the investigations of thirty house members and some of their aides.

The Committee on Standards of Official Conduct, also known as the Ethics Committee, conducts investigations into possible violations of the ethical code. The work of this committee is often surrounded in a veil of secrecy, as the nature of these investigations and their status are kept confidential.

A 22-page document called "Committee on Standards Weekly Summary Report" came into the possession of the Washington Post last week. According to the publication, the report reveals the status of investigations into the conduct of 19 lawmakers.

It is also mentioned that the actions of 14 other house members are under review by the Office of Congressional Ethics. The names of New York Representative Charles Rangel and California Representatives Maxine Waters and Laura Richardson, are disclosed in the document.

At first, the incident sparked speculation that the Committee's computer systems might have been compromised. However, an official statement released to the media last Thursday points to an accidental leak caused b... (read more)]]> Mon, 2 Nov 2009 11:28:00 GMT Softpedia News - Security http://news.softpedia.com/news/P2P-Leak-Exposes-Ethics-Committee-Investigations-125847.shtml Security http://news.softpedia.com/news/P2P-Leak-Exposes-Ethics-Committee-Investigations-125847.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Former-YouSendIt-CEO-Accused-of-Attacking-the-Company-125832.shtml Khalid Shaikh, co-founder and former CEO of YouSendIt, was indicted last week for allegedly attacking the company's servers repeatedly. The prosecutors claim that he used an Apache benchmarking program to launch the denial of service (DoS) attacks.

YouSendIt is a popular digital content delivery service based in Campbell, California. The company was founded in 2004 by Khalid Shaikh and Amir Shaikh and has since raised around $34 million in venture capital investments. The service was even used by the administration of the City of Los Angeles for sending large files.

Khalid Shaikh served as YouSendIt's CEO until August 2005 and then as its CTO until November 2006. Since leaving the company, the 32-year-old entrepreneur has worked as a consultant for Intel and in March 2009, founded a company called FlyUpload, which rivals YouSendIt.

The indictment states that between December 2008 and June 2009, Mr. Shaikh launched denial of service attacks against YouSendIt's servers on four different occasions. According to the evidence, the ApacheBench HTTP performance measuring program was used to flood the company's servers with more requests than they could handle.

"Each DOS attack temporarily rendered the servers incapable of handling legitimate network traffic and deprived YouSendIt&rsquo... (read more)]]> Mon, 2 Nov 2009 10:15:00 GMT Softpedia News - Security http://news.softpedia.com/news/Former-YouSendIt-CEO-Accused-of-Attacking-the-Company-125832.shtml Security http://news.softpedia.com/news/Former-YouSendIt-CEO-Accused-of-Attacking-the-Company-125832.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/DDoS-Attacks-Cripple-Swedish-Police-Website-125772.shtml Two distributed denial of service (DDoS) attacks have rendered the website of the Swedish police and many others inaccessible for several hours. The results of the preliminary investigation suggest that the platform of a media IT development company was specifically targeted.

The first attack started on Thursday morning and seriously affected the network of a hosting provider called Basefarm. The intended target was a web development company called Adeprimo, owning and serving the biggest group of daily newspapers in Sweden.

"Under normal conditions a relatively high-traffic website receives about 800 requests per second. During the attack against Adeprimo we registered up to 400,000 requests per second. As a consequence part of Basefarm's network infrastructure went down and the required traffic for a number of our customers didn't get through," Sara Murby Forste, Basefarm's managing director, explained.

The company managed to limit collateral damage rather quickly, but around forty sites depending on Adeprimo's platform remained offline until noon. These included the websites of many local newspapers published by the Stampen Group, Eskilstuna Group, Nya Lidkopings Tidning, and the Mittmedia Group.

Basefarm's technical manager Stefan Mansby noted that the malicious traffic originated fro... (read more)]]> Sat, 31 Oct 2009 11:08:00 GMT Softpedia News - Security http://news.softpedia.com/news/DDoS-Attacks-Cripple-Swedish-Police-Website-125772.shtml Security http://news.softpedia.com/news/DDoS-Attacks-Cripple-Swedish-Police-Website-125772.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/E-Crime-The-Halloween-Special-125762.shtml Security researchers report that a wave of Halloween-themed threats are out to get you. Beware of dodgy e-cards, screensaver downloads, poisoned search results, and spam, they warn.

In this day and age, it goes almost without saying that the Internet is a scary place on every holiday. But Halloween in particular is a special time for Internet users, if not for the unusual high number of threats floating around, at least for the irony - this holiday is all about scary stuff. And guess what, according to numerous security experts, you should be scared.

There are a few types of tricks that users should be particularly wary about. Free downloads of Halloween-themed applications or screensavers is one of them. If you really want to decorate your computer's desktop in the spirit of Halloween, every special download should be scanned with a reliable antivirus solution, as it could come packed with malware.

Sending e-cards is also popular during holidays, but spam analysts from Kaspersky advise extreme caution when choosing such a service. If the website asks you to install additional stuff, such as special browser toolbars, it is better to move away. Also, beware of unsolicited emails about gift cards or Halloween sale discounts, as they have a high chance of leading to or containing malware.

A special attack... (read more)]]> Sat, 31 Oct 2009 09:40:00 GMT Softpedia News - Security http://news.softpedia.com/news/E-Crime-The-Halloween-Special-125762.shtml Security http://news.softpedia.com/news/E-Crime-The-Halloween-Special-125762.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/OpenDNS-Blocks-Ebay-co-uk-as-Phishing-Site-125731.shtml Internet users resolving DNS requests through the OpenDNS were not able to access pages on the Ebay UK website yesterday. The problem was caused by a bogus entry in the phishing filter used by the service.

The reports started flowing in around last night, when many users trying to access any page starting with http://cgi.ebay.co.uk received a "Phishing Site Blocked" error. "Phishing is a fraudulent attempt to get you to provide personal information under false pretenses. We prevented you from loading this page as part of our safer, faster, and smarter DNS service. […] Powered by OpenDNS," the message read.

The problem lasted for about one hour, during which time some users expressed their frustration at not being able to bid on the products they wanted. Some people have figured out on their own how to add exceptions to the site blocking feature or disable the phishing filter entirely.

But even if the step by step solution, which required a registered account, was posted in the support forums, there were users who pointed out that they never heard of OpenDNS before this incident and did not sign up willingly for their service.

Daniel Gifford, the community manager of OpenDNS, eventually announced that they "removed what appeared to be a questionable sub-domain of ebay.co.uk from [th... (read more)]]> Fri, 30 Oct 2009 15:24:00 GMT Softpedia News - Security http://news.softpedia.com/news/OpenDNS-Blocks-Ebay-co-uk-as-Phishing-Site-125731.shtml Security http://news.softpedia.com/news/OpenDNS-Blocks-Ebay-co-uk-as-Phishing-Site-125731.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Malicious-Emails-Claim-Facebook-Passwords-Were-Reset-125697.shtml Security researchers warn that a new malware distribution campaign masquerading as Facebook password reset notification e-mails is making the rounds. The attached .ZIP archives contain a Trojan downloader, which is used to deploy scareware on the compromised systems.

The rogue emails have their From field spoofed in order to appear as they were sent from a service@facebook.com address. Their subject is “Facebook Password Reset Confirmation” and they come with an attached file called Facebook_Password_####.zip (where # is a random letter or digit).

“Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in the attached document,” the emails, allegedly signed by “The Facebook Team,” read.

Obviously, opening the attached file is not a good idea, as the archive contains the installer for a new version of the Bredolab Trojan. It is worth noting that the Bredolab authors are using this trojan as a deployment platform for other malware, in order to generate revenue.

In this case, it appears that they are collecting per-install fees from scareware pushers. “Upon execution, TROJ_BREDLAB.SMF connects to a malicious website and downloads a FAKEAV variant detected as TROJ_FAKEAV.... (read more)]]> Fri, 30 Oct 2009 12:10:00 GMT Softpedia News - Security http://news.softpedia.com/news/Malicious-Emails-Claim-Facebook-Passwords-Were-Reset-125697.shtml Security http://news.softpedia.com/news/Malicious-Emails-Claim-Facebook-Passwords-Were-Reset-125697.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Banished-AV-Researcher-Accuses-Kaspersky-of-Hacking-125629.shtml A former antivirus analyst ostracized by the AV community for unethical behavior is accusing Kaspersky Lab of injecting malicious code into his newly launched website. Researchers with the Russian antivirus vendor portray the former white hat as a cyber-criminal associated with the Sinowal gang.

Peter Kleissner is an 18-year-old hacker living in Vienna, Austria. He made a name for himself partially due to a research paper regarding master boot record (MBR) rootkits, which he presented at the 2009 Black Hat security conference. MBR rootkits consist of malicious code that is able to execute before the operating system and reinfect it on every reboot.

During his Black Hat talk, the hacker publicly released the source code for such a program developed by himself and dubbed the "Stoned Bootkit." This rootkit is particularly interesting, as it is able to infect all post-XP Windows operating systems, including Windows 7. Additionally, it features an application programming interface (API), allowing even cybercrooks with average programming skills to create potent malware.

At the time, Peter Kleissner was working for Austria-based AV vendor Ikarus, and his decision to release an open source MBR rootkit obviously not fell well with fellow antivirus professionals. And as if that violation of the white... (read more)]]> Thu, 29 Oct 2009 14:15:00 GMT Softpedia News - Security http://news.softpedia.com/news/Banished-AV-Researcher-Accuses-Kaspersky-of-Hacking-125629.shtml Security http://news.softpedia.com/news/Banished-AV-Researcher-Accuses-Kaspersky-of-Hacking-125629.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Cisco-to-Acquire-ScanSafe-125519.shtml Cisco Systems announced its plan to acquire ScanSafe for $183 million. The networking giant plans to integrate the Web security company's cloud-based service into some of its existent products.

Headquartered in San Francisco, but with offices in London and Tokyo, ScanSafe is a global provider of Web and Messaging security solutions. The company is a pioneer in the field of Software-as-a-Service (SaaS) security by maintaining a network of high-end data centers located across the world.

One of the first applications for ScanSafe's technology will be to integrate it with Cisco's new AnyConnect VPN Client. The company's data centers will also allow Cisco to extend its security portfolio with cloud-based solutions.

For Cisco this is the second acquisition of a company specializing in Web security, after IronPort in 2007. That deal allowed the networking equipment manufacturer to add an on-premise security solution to its offerings, under the form of IronPort's Web Security appliance.

"With the acquisition of ScanSafe, Cisco is executing on our vision to build a borderless network security architecture that combines network and cloud-based services for advanced security enforcement," commented Tom Gillis, vice president and general manager of Cisco's Security Technology Business Unit (STBU).

... (read more)]]> Wed, 28 Oct 2009 14:49:00 GMT Softpedia News - Security http://news.softpedia.com/news/Cisco-to-Acquire-ScanSafe-125519.shtml Security http://news.softpedia.com/news/Cisco-to-Acquire-ScanSafe-125519.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Almost-Six-Million-Web-Pages-Infected-in-Recent-Months-125496.shtml According to statistics released by a Web security vendor, the third quarter of 2009 was characterized by a spike in Web-based malware infections. In total, over 640,000 sites, amounting to 5.8 million web pages, were infected by 52,000 distinct threats during this period.

The report was released by Dasient, a company based in Palo Alto, California, and reflects data gathered through its Web Anti-Malware (WAM) service. "Based on the telemetry data we've gathered from the web, we estimate that more than 640,000 sites and approximately 5.8 million pages were infected in the quarter," writes Ameet Ranadive, co-founder of the company and former strategy consultant at McKinsey.

This number represents a significant increase over previous estimates. Microsoft's Security Intelligence Report for the last half of 2008 placed the number of infected pages at around one million per month, half of the average number of monthly infections reported by Dasient for Q3 2009.

The company's Web Anti-Malware (WAM) platform was launched at the middle of June and has so far identified over 72,000 unique Web-malware infections. Over 70% of these (52,000) were discovered in the third quarter of this year.

Mr. Ranadive explains that this "has been accelerated by the fact that using legitimate sit... (read more)]]> Wed, 28 Oct 2009 12:15:00 GMT Softpedia News - Security http://news.softpedia.com/news/Almost-Six-Million-Web-Pages-Infected-in-Recent-Months-125496.shtml Security http://news.softpedia.com/news/Almost-Six-Million-Web-Pages-Infected-in-Recent-Months-125496.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Malvertizement-Infects-Gizmodo-Visitors-With-Scareware-125471.shtml A malicious ad that silently infected visitors with scareware has made its way on Gizmodo. The incident was the result of a successful social engineering attack directed at the ad sales team of Gawker Media, the site's owner.

Gizmodo is a popular technology blog owned by Gawker Media, an online media company covering news on multiple topics through a series of dedicated websites. The company's revenue is mainly obtained from selling online advertising on its network.

"Guys, I'm really sorry but we had some malware running on our site in ad boxes for a little while last week on Suzuki ads. They somehow fooled our ad sales team through an elaborate scam," Gizmodo editor Brian Lam announced yesterday. "It's taken care of now, and only a few people should have been affected, but this isn't something we take lightly as writers, editors and tech geeks," he added.

According to The Business Insider, which published the e-mail correspondence between Gawker and the attackers, the scam was indeed well instrumented and complex in nature. After reading the back and forth emails, one thing is clear – the scammer, whoever he or she was, was well versed in online advertising sales.

"They have intimate knowledge of online ad sales, including terms like eCPM, roadblocking, RON, IAB... (read more)]]> Wed, 28 Oct 2009 10:50:00 GMT Softpedia News - Security http://news.softpedia.com/news/Malvertizement-Infects-Gizmodo-Visitors-With-Scareware-125471.shtml Security http://news.softpedia.com/news/Malvertizement-Infects-Gizmodo-Visitors-With-Scareware-125471.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Six-Million-Vulnerable-Embedded-Network-Devices-Connected-to-the-Internet-125378.shtml A study on the prevalence of vulnerable embedded network devices on the Internet has revealed worrying results. Researchers have discovered tens of thousands of remotely-accessible devices with default passwords during their scans so far.

The project, which maps the distribution of vulnerable embedded network devices over several continents, is the work of a few researchers from Columbia University's Intrusion Detection Systems Lab. Their effort started last December and involves scanning the IP space of major ISPs in North America, Europe and Asia.

"Devices like routers, NAS appliances, home entertainment appliances, wifi access points, web cams, VoIP appliances, print servers and video conferencing units reside on the same networks as our personal computers and enterprise servers and together form our world-wide communication infrastructure. Widely deployed and often misconfigured, they constitute highly attractive targets for exploitation," the researchers explain (PDF).

So far the scanning has focused on one of the simplest attack vectors – publicly-accessible management interfaces configured with default passwords. The data is then broken down by several criteria, such as device type or region, in order to get a better picture of the overall situation o... (read more)]]> Tue, 27 Oct 2009 13:17:00 GMT Softpedia News - Security http://news.softpedia.com/news/Six-Million-Vulnerable-Embedded-Network-Devices-Connected-to-the-Internet-125378.shtml Security http://news.softpedia.com/news/Six-Million-Vulnerable-Embedded-Network-Devices-Connected-to-the-Internet-125378.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Thousands-of-Time-Warner-Routers-Still-Vulnerable-125348.shtml Time Warner has failed to properly address critical security issues in tens of thousands of routers distributed to its customers. The distributed patch is not only insufficient, but also disables the only option users had to properly configure the device themselves.

Last week we reported that as much as 65,000 thousands SMC8014 series routers distributed by Time Warner to its customers in the New York area had gaping security holes. The problems were discovered by Pip.io Founder and CTO David Chen, who disclosed them on his blog after contacting the telecom company and receiving an unsatisfactory response.

There were two distinct types of problems with these cable modem/router combo devices. First was an improper access control implementation issue, where the only difference from the limited user and admin user on its Web management interface were menus hidden via JavaScript. This meant that by simply disabling JavaScript in the browser, one could access all the administrative features with what should have been limited user credentials.

The second type of issues resulted from improper default configuration of the devices. And while the device manufacturer, SMC Networks, was responsible for the access control problem, the configuration issues were Time Warner's to address. These included... (read more)]]> Tue, 27 Oct 2009 10:31:00 GMT Softpedia News - Security http://news.softpedia.com/news/Thousands-of-Time-Warner-Routers-Still-Vulnerable-125348.shtml Security http://news.softpedia.com/news/Thousands-of-Time-Warner-Routers-Still-Vulnerable-125348.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/New-Mass-Web-Injection-Attack-Spreading-125278.shtml Security researchers warn that a new injection attack has infected thousands of websites with malicious IFrames. In order to avoid detection, the rogue IFrames get their src attribute through an onload JavaScript event.

The infection was first spotted by malware analysts from antivirus vendor Sophos on the website of music legend Van Morrison. "What I did see was a heavily obfuscated script injected into the page that references an iframe. A quick analysis of the obfuscated script revealed that it adds an iframe to the page to load content from a remote site," Paul O Baccas, virus and spam researcher at SophosLabs reported on October 22nd.

Since then Sophos has added detection for this threat under Mal/Iframe-N. Mr. Baccas announced yesterday that the number of infections with this malicious piece of code had risen to reach several thousands of websites, including some high profile ones.

Aside from the heavy obfuscation, which is a common technique of hiding rogue code on compromised pages, this attack makes use of a specific trick to avoid Web scanners. More specifically, decoding the string will result in an IFrame that doesn't have a direct src value. Instead it uses an onload="if (!this.src) {this.src='http://DOMAIN.TLD'; this.height=N; this.width=N;}" function to generate it.

The... (read more)]]> Mon, 26 Oct 2009 14:40:00 GMT Softpedia News - Security http://news.softpedia.com/news/New-Mass-Web-Injection-Attack-Spreading-125278.shtml Security http://news.softpedia.com/news/New-Mass-Web-Injection-Attack-Spreading-125278.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Contract-of-Settlements-Spam-Contains-Trojan-125251.shtml A new spam run is tricking people into opening an infected file by passing it as a contract of settlements. The attachment is password protected in order to bypass email scanners and the language used lends credibility to the spam.

The fake emails have a subject of "Contract of Settlements" and claim to be sent from an organization called LSM Company. "Greetings. We have prepared a contract and added the paragraphs that you wanted to see in it. Our lawyers made alterations on the last page. If you agree all the provisions we are ready to make the payment on Friday for the first consignment. We are enclosing the file with prepared contract," the contained message reads.

Unlike the average spam e-mails, the spelling of this one is proper and the wording used sounds professional. The attached file is called contract_1.zip and is a password-protected archive. The password is provided inside the message body and unpacking the .zip it will reveal a computer Trojan installer.

"The danger is that some people will feel so curious about an unsolicited contract materialising in their inbox that they'll enter the password to decrypt the file, open the file contained within and end up infecting their PC," Graham Cluley, senior technology consultant at Sophos, explains. He also points out that this spam is... (read more)]]> Mon, 26 Oct 2009 11:49:00 GMT Softpedia News - Security http://news.softpedia.com/news/Contract-of-Settlements-Spam-Contains-Trojan-125251.shtml Security http://news.softpedia.com/news/Contract-of-Settlements-Spam-Contains-Trojan-125251.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Guardian-Jobs-UK-Website-Hacked-125233.shtml The administrators of the jobs.guardian.co.uk have announced that the online recruitment website suffered a serious security breach. As a result, the company has notified nearly 500,000 people that their data might have been compromised.

The Guardian Jobs website is owned by Guardian News and Media Limited, the company that publishes the Guardian and the Observer newspapers. The online recruitment site is powered by job board software developed and maintained by a company called Madgex Limited.

"We can confirm that we are investigating a breach of security to the guardian jobs site that we were alerted to yesterday," an announcement released this Saturday by Guardian News and Media, reads. "We would like to assure you that we are absolutely committed to protecting the privacy of our users and we are treating this situation with the utmost seriousness," the company stressed.

The incident, which is described as a "deliberate and sophisticated crime," is still being investigated by the new Police Central e-crime Unit (PCeU). Because of this, no details regarding the method of compromise have been released. However, Madgex gives assurances that the problem has been remedied and the system is now secure.

As far as impact goes, around 500,000 users have been potentially affected. Even though this r... (read more)]]> Mon, 26 Oct 2009 10:35:00 GMT Softpedia News - Security http://news.softpedia.com/news/Guardian-Jobs-UK-Website-Hacked-125233.shtml Security http://news.softpedia.com/news/Guardian-Jobs-UK-Website-Hacked-125233.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Australian-Pizza-Boy-Becomes-ATM-Hacker-125183.shtml An Australian man has managed to escape a jail sentence despite admitting to stealing nearly AU$30,000 (around US $27,700) from ATMs. According to the prosecutors, he devised the attacks using information from an ATM repair manual found on the Web.

Brian Sommer, 23, from Bundaberg, Queensland, used to work in a pizza shop back in 2007, when he came across an ATM repair manual on the Internet. The document contained default passwords for accessing certain ATM models and information about their options.

The young computer enthusiast realized that he could use the information to access the hard disks of ATMs and alter the settings so that he could withdraw large amounts of cash. He put his idea to test for the first time on a service station's ATM and managed to walk off with $21,120. An hour later, he hit another automated teller machine in Hervey Bay and scored $7,500.

There was a flaw in Sommer's plan, though – it required the use of real credit cards. Therefore, in order to pull off several attacks over a period of seven months, the hacker used cards belonging to himself, his girlfriend, his mother, as well as two friends. This led the authorities knocking on his door.

The hacker appeared in front of the Bundaberg District Court two days ago and prosecutor Sarah Klemm requested... (read more)]]> Sat, 24 Oct 2009 10:14:00 GMT Softpedia News - Security http://news.softpedia.com/news/Australian-Pizza-Boy-Becomes-ATM-Hacker-125183.shtml Security http://news.softpedia.com/news/Australian-Pizza-Boy-Becomes-ATM-Hacker-125183.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Lost-Suitcase-Helps-Uncover-Credit-Card-Fraud-Scheme-125171.shtml Items found in a suitcase lost at an airport helped authorities uncover a credit-card fraud operation and identify the people responsible for instrumenting it. The owner of the misplaced luggage made the mistake of calling back and asking about it.

According to The Sacramento Bee, U.S. Attorney Lawrence Brown and Sacramento County Sheriff John McGinness announced on Friday in a joint statement that Joseph Hatfield, 27, and Jahmeelah Sullins, 22, both of Sacramento, California, had been indicted for instrumenting a credit-card fraud scheme. Both face charges of conspiracy to commit and committing access-device fraud.

The illegal operation was discovered due to a suitcase belonging to Hatfield, which got lost at the Sacramento International Airport back in February. When Southwest Airlines workers recovered the unclaimed luggage and opened it up, they discovered a device for reading and writing credit cards inside, along with multiple such cards.

After being informed, the authorities started an investigation and determined that the credit cards found were cloned and were used to acquire merchandise and gift cards from stores in Sacramento, Texas, Florida and other places. The suitcase also contained a counterfeit driver's license in the name of one Adam Constant.

The break ... (read more)]]> Sat, 24 Oct 2009 08:59:00 GMT Softpedia News - Security http://news.softpedia.com/news/Lost-Suitcase-Helps-Uncover-Credit-Card-Fraud-Scheme-125171.shtml Security http://news.softpedia.com/news/Lost-Suitcase-Helps-Uncover-Credit-Card-Fraud-Scheme-125171.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Malware-Cleaners-Affiliates-No-Better-than-Scareware-Pushers-125122.shtml A malware researcher, going by the online handle of S!Ri, warns that many affiliates for companies selling security software are deceiving users in order to earn install fees. To test this he posted a bogus report about a made-up rogue security application and then watched as others started promoting software that allegedly removed it.

S!Ri is a Microsoft MVP (Most Valuable Professional) and a malware researcher at Malwarebytes. He is also known as the developer of the SmitFraudFix, a popular tool specifically designed to remove scareware and other Desktop hijacking malware. The security researcher also maintains a blog where he documents new versions of such rogue application.

Scareware, also known as rogueware or fake antivirus, is software that uses invasive tactics to trick users into paying for licenses. The vast majority of them scare users by displaying fake security alerts claiming that their computers are infected. In order to mimic professional security programs they also show fake system scans and have well-designed user interfaces.

They then offer the option to remove the inexistent infections, but only if a license code is acquired first. Falling for this trick will not only cost users the amount they pay for a useless license, but also their credit card details, ... (read more)]]> Fri, 23 Oct 2009 11:27:00 GMT Softpedia News - Security http://news.softpedia.com/news/Malware-Cleaners-Affiliates-No-Better-than-Scareware-Pushers-125122.shtml Security http://news.softpedia.com/news/Malware-Cleaners-Affiliates-No-Better-than-Scareware-Pushers-125122.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Botnets-Increasingly-Used-for-Click-Fraud-125090.shtml ClickForensics, one of the top traffic quality management companies, reports that click fraud performed with the use of botnets is on the rise. In the third quarter of this year this type of activity has registered a 15 percent rise compared to the same period in 2008.

ClickForensics compiled and analyzed the data from its specialized system that monitors fraud activity associated with Cost Per Click (CPC) advertising campaigns. According to the company, the collected data spans more than 300 advertising networks, including the top search engines.

Compared to the previous year, the click fraud average rate was down by almost two percent during Q3 2009. Fraudulent clicks accounted for around 14% of the total number of hits, which is however an increase over Q2, when they represented 12.7%.

One of the most worrying problems identified is the use of botnets to automate click fraud. This type of activity represented 42.6% of the total click fraud rate. "This was a significant rise - more than doubling in the past two years and up from the 27.5 percent reported for the same quarter last year," the ClickForensics report notes.

This unusual increase is likely the result of new specialized malware, such as the Bahama botnet, which was identified back in September and has been held responsib... (read more)]]> Fri, 23 Oct 2009 10:10:00 GMT Softpedia News - Security http://news.softpedia.com/news/Botnets-Increasingly-Used-for-Click-Fraud-125090.shtml Security http://news.softpedia.com/news/Botnets-Increasingly-Used-for-Click-Fraud-125090.shtml#review_zone Softpedia News (Lucian Constantin)