http://news.softpedia.com Softpedia News - Security Softpedia News en-us 2001 - 2009 Softpedia. All rights reserved. Wed, 25 Nov 2009 10:24:28 GMT Wed, 25 Nov 2009 10:24:28 GMT News http://blogs.law.harvard.edu/tech/rss 10 http://www.softpedia.com/base_img/softpedia_logo.gif http://news.softpedia.com/ http://news.softpedia.com/news/Phishing-Scam-Exploits-Legit-Security-News-Article-127880.shtml A new phishing scam capitalizes on people's trust towards reputed news publications and security companies. The rogue email messages masquerade as a Trend Micro newsletter about a real article on the company featured in PC World back in September.

Attacks that try to exploit various subjects attracting a considerable amount of attention from the public are quite common. For example, this can be achieved by poisoning search results with malicious websites, a technique known as black hat search engine optimization.

Because of this, security professionals constantly advise that only trustworthy and renowned news outlets should be used as a method of information. In order to counter these security recommendations, which are detrimental to their illegal business, cybercrooks are increasingly impersonating legit news agencies and publications.

Such is the case with a phishing scam circulating via email recently, in which fraudsters target both PC World and Trend Micro. The professionally designed email bearing the Trend Micro branding marks is quoting an entire article published by PC World on September 21. The article, entitled "Malware Blocking Tests Put Trend Micro on Top," is about an independent test performed by NSS Labs, during which Trend Micro's product achieved a very good rating for its ... (read more)]]> Tue, 24 Nov 2009 13:23:00 GMT Softpedia News - Security http://news.softpedia.com/news/Phishing-Scam-Exploits-Legit-Security-News-Article-127880.shtml Security http://news.softpedia.com/news/Phishing-Scam-Exploits-Legit-Security-News-Article-127880.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Clickjacking-Worm-Crawling-Through-Facebook-127824.shtml The Facebook staff has been hard at work to squash a new worm propagating on the social networking platform with the help of unwary users. Using the image of a female model in lingerie as lure, the nuisance spread from wall to wall through a Web exploitation technique known as clickjacking.

This most recent attack doesn't appear to have had a malicious component and was most likely a proof of concept. The rogue Facebook posts featured the picture of an attractive female model looking over her shoulder and an accompanying message reading "Wanna C Somthin' HOT!?? Click Da' Button, Baby!" Choosing to comply with the instruction while being logged into Facebook did nothing more than re-post the message without authorization on your own wall, thus propagating it further.

The trick was so well crafted and intriguing that it even managed to trick some security professionals. "The worm's landing page is brilliant -- alluring yet mysterious, and very clean, just like we techies like it. […] As a personal lesson, I have to admit mea culpa. I saw the worm being posted from a friend's page and didn't believe it to be dangerous because the lure is pretty cool," Gadi Evron, a reputed security consultant and former Israeli CERT manager, writes for Dark Reading.

After analyzing the worm, Nick FitzGerald, eme... (read more)]]> Tue, 24 Nov 2009 09:26:00 GMT Softpedia News - Security http://news.softpedia.com/news/Clickjacking-Worm-Crawling-Through-Facebook-127824.shtml Security http://news.softpedia.com/news/Clickjacking-Worm-Crawling-Through-Facebook-127824.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Scientology-Attacker-Gets-Prison-Time-127761.shtml Dmitriy Guzner, 19, of Verona, New Jersey was sentenced to one year in prison for launching distributed denial of service (DDoS) attacks against websites belonging to the Church of Scientology in January 2008. Following his release, the young DDoSer will also spend two years on probation.

According to the prosecutors Guzner's attacks were acts of hacktivism and part of a larger anti-Scientology campaign led by a hacking group called Anonymous. In October 2008, the hacker became the first Anonymous member ever to be charged in connection with the group's actions.

Anonymous is believed to have originated on the notorious /b/ forum board of the 4chan website, the birthplace of many Internet memes, including lolcats. The members of this board are known as Internet trolls with a questionable sense of humor, who sometimes harass celebrities or other groups.

But the attacks against the Church of Scientology were much more than simple Internet pranks and escalated into a full-blown hate campaign. According to the attacked organization, Anonymous' actions consisted of 8,139 threatening phone calls, 3.6 million e-mails, 141 million hits on its website, ten acts of vandalism against its property, 22 bomb threats, and eight death threats against Church leaders.

Dmitriy Guzner pleaded guilty in May 2009 and... (read more)]]> Mon, 23 Nov 2009 14:59:00 GMT Softpedia News - Security http://news.softpedia.com/news/Scientology-Attacker-Gets-Prison-Time-127761.shtml Security http://news.softpedia.com/news/Scientology-Attacker-Gets-Prison-Time-127761.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Symantec-Online-Store-Hacked-127726.shtml A self-proclaimed grey-hat hacker has located a critical SQL injection vulnerability in a website belonging to security giant Symantec. The flaw can be leveraged to extract a wealth of information from the database including customer and admin login credentials, product serial numbers, and possibly credit card information.

The flaw was found by a Romanian hacker going by the online handle of Unu, according to whom an insecure parameter of a script from the pcd.symantec.com website, allows for a blind SQL injection (SQLi) attack to be performed. In such an attack, the hacker obtains read and/or write permission to the underlying database of the vulnerable website.

During a regular SQLi attack, the result of a rogue SQL query is displayed inside the browser instead of the normal web page output. Meanwhile, in a blind SQL injection, the query executes, but the website continues to display normally, making it much more difficult to extract information.

The content of the pcd.symantec.com website is written in Japanese, but from what we could determine, it serves a product called Norton PC Doctor. Accessing most of the website's sections requires authentication, and in order to exploit the blind SQLi vulnerability, the hacker had to use a few specialized tools. The Web server appears to be running Windows Server 2000 a... (read more)]]> Mon, 23 Nov 2009 11:51:00 GMT Softpedia News - Security http://news.softpedia.com/news/Symantec-Online-Store-Hacked-127726.shtml Security http://news.softpedia.com/news/Symantec-Online-Store-Hacked-127726.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Comcast-Domain-Hijackers-Indicted-127635.shtml Three individuals were charged on November 19 for their role in an attack, which involved hijacking the comcast.net domain name and redirecting its traffic to a rogue website. According to the indictment, the defendants used social engineering in order to obtain information that facilitated their plans to alter the domain's DNS records.

In May 2008, the comcast.net domain name, belonging to one of the largest Internet service providers in the United States, started redirecting to a Web page reading "KRYOGENIKS Defiant and EBK RoXed COMCAST sHouTz to VIRUS Warlock elul21 coll1er seven.” This made it impossible for Comcast customers to use Web-based services provided by the company, such as email or digital voicemail for several hours.

The subsequent FBI investigation led authorities to 19-year-old Christopher Allen Lewis, a.k.a EBK, of Newark, Delaware, 20-year-old James Robert Black, JR., a.k.a. Defiant, of Tumwater, Washington, and 27-year-old Michael Paul Nebel, a.k.a. Slacker, of Kalamazoo, Michigan. All three were identified as members of the Kryogeniks hacker group.

The hackers were indicted in the United States District Court for the Eastern District of Pennsylvania, where Comcast is headquartered. The defendants "conspired and agreed to commit an offense against the United States, that is, to kno... (read more)]]> Sat, 21 Nov 2009 10:49:00 GMT Softpedia News - Security http://news.softpedia.com/news/Comcast-Domain-Hijackers-Indicted-127635.shtml Security http://news.softpedia.com/news/Comcast-Domain-Hijackers-Indicted-127635.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Twilight-Fans-Attacked-by-Scareware-Pushers-127575.shtml Security researchers warn that an on-going black hat search engine optimization (BHSEO) campaign is poisoning the search results for Twilight's newly released sequel called New Moon. The rogue websites have the purpose of distributing fake antivirus software, also known as scareware or rogueware.

Twilight is a romantic vampire movie based on Stephenie Meyer’s novel with the same name. It was released in 2008 and enjoyed economic success with ticket sales being estimated at over $380 million worldwide.

The movie's sequel, entitled "The Twilight Saga: New Moon," is based on Stephenie Meyer’s second book in the series and is scheduled to be released today. Understandably, this event has attracted a great interest from Twilight fans who are feverishly searching the Internet for information about tickets, show times, reviews and so on.

Security researchers from Trend Micro warn that keywords such as "New Moon premiere live stream," which might appeal to those looking for ways to see the movie without paying, have been particularly targeted. "These results redirect users to fake online scanners, which ultimately lead to the download of a FAKEAV variant detected by Trend Micro as TROJ_FAKEAV.MET. Upon execution, TROJ_FAKEAV.MET drops malicious files and displays fake warning messages. These mes... (read more)]]> Fri, 20 Nov 2009 14:29:00 GMT Softpedia News - Security http://news.softpedia.com/news/Twilight-Fans-Attacked-by-Scareware-Pushers-127575.shtml Security http://news.softpedia.com/news/Twilight-Fans-Attacked-by-Scareware-Pushers-127575.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/German-Banks-Recall-Credit-Cards-Breached-in-Spain-127518.shtml The largest credit card recall effort in Germany's history is underway after an undisclosed payment processor in Spain was breached. Affected individuals are currently being notified and they will be reimbursed if they suffered any losses.

The warning about the dangerous situation came from both Visa and Mastercard. “The German banking industry has responded rapidly to the warning of VISA and MasterCard regarding a possible theft of credit card data from German customers at a Spanish company,” Germany's Central Credit Committee (ZKA), announces (translated from German).

The total number of recalled credit cards is estimated at over 100,000 and Die Spiegel reports that the Bundesverband der Deutschen Volksbanken und Raiffeisenbanken (BVR) banking group has disabled 60,000 cards alone. Financial institutions revealed to be affected by this breach so far include Commerzbank, Deutsche Bank, Lufthansa, DKB-Bank, Barclays and Karstadt-Quelle.

Originally, it was thought that only German citizens who used their credit card in Spain had been impacted. However, because the unnamed compromised organization is providing payment processing solutions, the scope is actually much larger. Credit cards used exclusively in Germany could be affected as well if the local companies processed the transa... (read more)]]> Fri, 20 Nov 2009 10:13:00 GMT Softpedia News - Security http://news.softpedia.com/news/German-Banks-Recall-Credit-Cards-Breached-in-Spain-127518.shtml Security http://news.softpedia.com/news/German-Banks-Recall-Credit-Cards-Breached-in-Spain-127518.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Social-Networks-Used-as-Criminal-and-Investigation-Tools-in-Venezuela-127455.shtml A group of Venezuelan students were recently arrested by local police for various theft charges. After further investigation, authorities proved that they were using many social networking sites, especially Facebook, to monitor their victims' activity and rob their houses while out of town.

Global Post reports that the group was formed by three persons, a couple and a third man, a local student and close friend to many of his victims. The group used his Facebook friends list to acquire information about the man's college friends.

They followed updates, inspected the financial status and analyzed pictures from the victim's profile to gain precious information about their location, house arrangement and time table. After gaining all the necessary data, the man, assisted by the couple, robbed his friend's house when the victim was away (information also acquired through various social network updates).

"They observe the families’ movements, they study the residencies — the comings and goings, the security measures," said Wilmer Flores Trosel, director of the CICPC, a national investigation agency in Venezuela.

Authorities are also warning that sites like Hi5, Facebook, Sonico or Twitter can and have been used by South American kidnappers in the past. It... (read more)]]> Thu, 19 Nov 2009 15:31:00 GMT Softpedia News - Security http://news.softpedia.com/news/Social-Networks-Used-as-Criminal-and-Investigation-Tools-in-Venezuela-127455.shtml Security http://news.softpedia.com/news/Social-Networks-Used-as-Criminal-and-Investigation-Tools-in-Venezuela-127455.shtml#review_zone Softpedia News (Catalin Cimpanu) http://news.softpedia.com/news/Payment-Request-Spam-Carries-Malicious-Attachments-127450.shtml Security researchers warn of a new malware distribution campaign using incorrect billing as a lure. The spam emails pretend to be payment request notifications and a computer trojan is passed as a tool for blocking them.

"The emails pretend to come from the 'Customer Support' division of an online banking organisation and be in connection to payments requested from a variety of different organisations," Sophos' Graham Cluley warns. The scam looks to exploit people's fear of having unauthorized charges made on their accounts.

Their subject line of the rogue emails is "payment request from [company name]" and the message claims that "We recorded a payment request from [company name] to enable the charge of $66.10 on your account." The sum can differ with every email and brands like Microsoft, Starbucks, eBay, Sun Microsystems, Cartoon Network Studios or Fox Film Corporation are amongst the abused company names.

"The payment is pending for the moment. If you made this transaction or if you just authorize this payment, please ignore or remove this email message. The transaction will be shown on your monthly statement as [company name]. If you didn't make this payment and would like to decline it, please download and install the transaction inspector module (attached to this letter)," the rest of ... (read more)]]> Thu, 19 Nov 2009 15:16:00 GMT Softpedia News - Security http://news.softpedia.com/news/Payment-Request-Spam-Carries-Malicious-Attachments-127450.shtml Security http://news.softpedia.com/news/Payment-Request-Spam-Carries-Malicious-Attachments-127450.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/First-Zbot-Related-Arrests-Made-in-Europe-127430.shtml The New Scotland Yard announces that a male and a female suspected of using the Zbot trojan to perform bank fraud were arrested in Manchester earlier this month. The two are the first individuals known to be arrested in Europe for distributing the notorious computer trojan.

The bust was coordinated by officers from the Police Central e-Crime Unit (PCeU), a specialized division of the Metropolitan Police Service, who were assisted by their colleagues from Greater Manchester. The suspects, whose names or nationality have not yet been unveiled, are both 20 years old and were arrested for offenses under the 1990 Computer Misuse Act and the 2006 Fraud Act.

The Zeus bot, or Zbot, is a computer trojan designed to steal bank account information. Most recent versions of this malware are also capable of initiating and hiding fraudulent transactions while the victim is logged in into their online banking account.

Little information is currently known about the trojan's original creators and maintainers, but customized versions of the malware are being sold on the black market to other cybercriminals. Therefore, it is reasonable to assume that there are multiple gangs distributing and using this malware to perform bank fraud, at any given time.

"The ZeuS Trojan is a piece of malware used increasingly b... (read more)]]> Thu, 19 Nov 2009 13:27:00 GMT Softpedia News - Security http://news.softpedia.com/news/First-Zbot-Related-Arrests-Made-in-Europe-127430.shtml Security http://news.softpedia.com/news/First-Zbot-Related-Arrests-Made-in-Europe-127430.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Romanian-National-Pleads-Guilty-to-ATM-Skimming-127316.shtml Victor Vasile Constantin, 23, of Romania, has pleaded guilty to one count of bank fraud and one of identity theft in Connecticut U.S. District Court. The fraudster installed special devices on automated teller machines (ATMs) in order to capture credit card data.

Mr. Constantin was arrested by the Norwalk Police back in March together with Gina Gheorghe, 29, a female accomplice also of Romania, following a surveillance operation. Authorities were alerted by workers from a Norwalk Bank of America branch, who suspected ATM tampering after finding dried glue on one of the machines.

The two were arrested in the bank's parking lot soon after lifting a scanning device and a pinhole video camera that were planted on an ATM. The skimming device had the purpose of copying credit card information stored on its magnetic stripe, which can later be used to clone it. Meanwhile, the video camera was used to record PINs as they were being inputted by the credit card owners.

The suspects were later tied to similar hits at other Bank of America branches in South Norwalk, Greenwich and Ridgefield. The authorities estimate the two Romanian nationals stole at least $150,000 from the accounts of unsuspecting Bank of America customers.

During his plea in front of U.S. Magistrate Judge William I. Garfinkel, ... (read more)]]> Wed, 18 Nov 2009 13:35:00 GMT Softpedia News - Security http://news.softpedia.com/news/Romanian-National-Pleads-Guilty-to-ATM-Skimming-127316.shtml Security http://news.softpedia.com/news/Romanian-National-Pleads-Guilty-to-ATM-Skimming-127316.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Zbot-Spam-Claims-Email-Accounts-Were-Deactivated-127272.shtml Malware distributors are hard at work again to infect computer users with the notorious Zeus banking trojan. Their newest spam campaign informs users that their email accounts have been deactivated and instructs them to run an infected file.

The malicious emails come with a "your mailbox has been deactivated" subject and claim that the user is being contacted in regards to unusual activity identified on their mailbox. "As a result, your mailbox has been deactivated. To restore your mailbox, you are required to extract and run the attached mailbox utility," the messages read.

One notable social engineering component used in this campaign is that emails are forged to appear as arriving from a notifications@ address with the same domain as the user's account. Therefore, if someone's email address is something@example.com, the spam mail will have its From field spoofed to be notifications@example.com.

"We've seen this trick before (of pretending to be from the administrators of your email system) but the reason why it is still being used is because it works. Users panic if they think they might be at risk of having their umbilical cord to the internet cut off and may race to open the attachment before thinking about the malice that might lie behind it," Graham Cluley, senior technology consultant a... (read more)]]> Wed, 18 Nov 2009 10:10:00 GMT Softpedia News - Security http://news.softpedia.com/news/Zbot-Spam-Claims-Email-Accounts-Were-Deactivated-127272.shtml Security http://news.softpedia.com/news/Zbot-Spam-Claims-Email-Accounts-Were-Deactivated-127272.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Members-of-a-Bank-Fraud-Gang-Sentenced-to-Prison-in-UK-127218.shtml Four members of a banking fraud ring operating in UK have been sentenced to a total of over thirteen years in prison. The men, who used a computer trojan to get into the online banking accounts of their victims, were arrested in London back in April.

In April 2009, we reported on the arrest of nine London-based suspects, four women and five men, in connection with identity theft and bank fraud activities. The operation, which culminated with simultaneous raids at several locations in South East London, was a joint effort between Metro Police's new Central e-Crime Unit (PCeU) and its Specialist Crime Directorate (SCD).

Last Friday, November 13, Joao Dos Santos Cruz, 33, of Angola, Paolo Jorgi aka Ricardo Pereira, 36, of Portugal, Azamat Rahmonov, 25 and Shohruh Fayziev, 23, both of Uzbekistan, were sentenced in London's Southwark Crown Court, the Metropolitan Police annouces. A fifth man, Edgar Orlando Henriques, 21, of Venezuela, has failed to appear in court and is currently wanted.

According to the authorities, the suspects distributed a computer trojan that targeted the customers of several financial institutions. After being installed on a victim's computer, the malware began monitoring browsing sessions for a list of known online banking sites.

Once such page was detected... (read more)]]> Tue, 17 Nov 2009 15:08:00 GMT Softpedia News - Security http://news.softpedia.com/news/Members-of-a-Bank-Fraud-Gang-Sentenced-to-Prison-in-UK-127218.shtml Security http://news.softpedia.com/news/Members-of-a-Bank-Fraud-Gang-Sentenced-to-Prison-in-UK-127218.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Poor-Flash-Design-Decision-Puts-Users-and-Websites-at-Risk-127180.shtml Adobe has recently rebutted the claims of a security researcher, according to whom a design flaw in the way Flash Player executes SWF files can put websites accepting user uploads at risk. The professional now says the company totally missed the point and that its expectations of webmasters to address this are completely unrealistic.

Almost two weeks ago, we reported about the security risks of misconfigured crossdomain.xml files. These files contain rules for Flash's cross-domain access policy. However, more recently, a security researcher named Mike Bailey has exposed an ever more dangerous issue with Flash's same origin policy.

A same origin policy is a security model according to which a script being executed from a domain can only access resources on the same domain. Mr. Bailey claimed that, while this held true for JavaScript, it differed when it came to ActionScript, the scripting language of Flash. The researcher has actually identified two separate design choices the Flash developers made, which, in his opinion, are flawed and open the door for various cross-site-scripting-like attacks.

The first one is in the way Flash Player chooses to execute files or not. In order to determine if a file is a valid SWF, the player checks for its header. The header consists of a speci... (read more)]]> Tue, 17 Nov 2009 11:30:00 GMT Softpedia News - Security http://news.softpedia.com/news/Poor-Flash-Design-Decision-Puts-Users-and-Websites-at-Risk-127180.shtml Security http://news.softpedia.com/news/Poor-Flash-Design-Decision-Puts-Users-and-Websites-at-Risk-127180.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Inadequate-Cybersecurity-at-the-Los-Alamos-Nuclear-Lab-127111.shtml According to a report from the Government Accountability Office (GAO), the cybersecurity mechanisms implemented by the Los Alamos National Laboratory (LANL) on its computer network are insufficient. The GAO audit found that classified information is not properly organized and that the actions of some users on the network are not being recorded.

The Los Alamos National Laboratory is one of the largest scientific laboratories in the world that conduct research in a variety of fields including national security, renewable energy, nanotechnology, supercomputing or medicine. The laboratory is being run by an organization called Los Alamos National Security (LANS), and its work is overseen by the U.S. Department of Energy through its National Nuclear Security Administration (NNSA).

The Government Accountability Office (GAO) conducted its audit of the LANL cybersecurity strategy after the laboratory experienced several security incidents involving classified information. In February, we reported that according to a leaked internal memo, no less than 80 LANL computers were missing. Of these, 13 were confirmed as stolen, while the fate of the remaining 67 was unknown.

GAO recognized that the laboratory had made significant improvements in implementing a cybersecurity strategy, but points out that ... (read more)]]> Mon, 16 Nov 2009 14:48:00 GMT Softpedia News - Security http://news.softpedia.com/news/Inadequate-Cybersecurity-at-the-Los-Alamos-Nuclear-Lab-127111.shtml Security http://news.softpedia.com/news/Inadequate-Cybersecurity-at-the-Los-Alamos-Nuclear-Lab-127111.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Practical-Twitter-Attack-Using-SSL-Renegotiation-Bug-Demoed-127087.shtml A security researcher has devised a practical Man-in-the-Middle (MITM) attack leveraging the recently disclosed SSL and TLS renegotiation flaw. The proof-of-concept attack shows that it is possible to steal login credentials from Twitter by exploiting the yet unpatched bug.

Two weeks ago, it was revealed that a serious security issue affecting the widely deployed SSL and TLS protocols was being patched in secret by several major technology vendors. The patching effort apparently began in September, but so far only OpenSSL is close to releasing a working fix.

The flaw, discovered by Marsh Ray, a researcher working for a two-factor tokenless authentication solution provider, is located in the session renegotiation procedure. By exploiting this flaw during a Man-in-the-Middle condition, an attacker can insert plain text, possibly rogue commands, into a secure session.

Some professionals have dismissed the seriousness of the problem for Web implementations, especially since it can't be used to extract information from a session's encrypted data. However, a Turkish researcher named Anil Kurmus disagrees and has recently presented a real world attack scenario based on the bug.

In his PoC attack, Kurmus successfully intercepts requests sent to the Twitter API and drops their cont... (read more)]]> Mon, 16 Nov 2009 11:33:00 GMT Softpedia News - Security http://news.softpedia.com/news/Practical-Twitter-Attack-Using-SSL-Renegotiation-Bug-Demoed-127087.shtml Security http://news.softpedia.com/news/Practical-Twitter-Attack-Using-SSL-Renegotiation-Bug-Demoed-127087.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Zbot-Pushers-Target-UK-Vodafone-and-Verizon-Customers-127030.shtml Security researchers warn that a spam campaign distributing a new Zbot version is currently in circulation. The bogus emails try to trick users into opening and installing the malicious attachments, which are passed as a tool for checking the account balance.

The emails have their header spoofed to appear as originating from no-reply@vodafone.co.uk or noreply@verizonwireless.com and their subject is, "Your credit balance is over the limit." The email body is also identical, except for the references to the mobile service operator. "Your credit balance is over its limit. Please use the attached [Operator Name] Balance Checker Tool to review and analyze your payments," it reads.

The attached file is called balancechecker.zip and contains a new version of the Zbot banking trojan. Zbot, also known as Zeus, is a prominent family of information-stealing computer trojans that has been highly successful in stealing money from the bank accounts of both companies and private individuals lately.

"There is a danger that unsuspecting mobile phone owners might fall for the trap, perhaps convinced by the use of Vodafone's logo which is embedded in the email, and launch the file attachment, thus infecting their computers," Graham Cluley, senior technology consultant at Sophos, notes. The version of ... (read more)]]> Sat, 14 Nov 2009 11:02:00 GMT Softpedia News - Security http://news.softpedia.com/news/Zbot-Pushers-Target-UK-Vodafone-and-Verizon-Customers-127030.shtml Security http://news.softpedia.com/news/Zbot-Pushers-Target-UK-Vodafone-and-Verizon-Customers-127030.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/IQ-Quiz-Mobile-Scam-Hits-Twitter-126998.shtml Security researchers warn of a shady IQ test being promoted on Twitter via the Direct Messages feature. This is actually a scam that tries to trick people into subscribing to a useless mobile service for $9.99 per month.

According to threat analysts from Trend Micro, this latest spam campaign is being instrumented from compromised Twitter accounts. "The accounts are used to send out Direct Messages to the followers of the users who own the compromised accounts," the researchers note.

These private messages try to convince users into taking an IQ test by visiting the included link. Once on the dubious page, the user indeed has the ability to take such a test, however, there's a catch. At the end, they are asked for their mobile phone number, allegedly in order to receive the results.

"Though the real motive for this scheme is unclear, we believe that this was set up to gather mobile numbers from unknowing users to become potential targets for SMS spam or other mobile-related attack," JM Hipolito, technical communications specialist at Trend, writes. Things are actually pretty clear if you read the fine print on the website, which makes it clear that "This is an auto renewing subscription service that will continue until canceled […]" and that it is "Available for $9.909 per month charged on your wireless... (read more)]]> Fri, 13 Nov 2009 15:12:00 GMT Softpedia News - Security http://news.softpedia.com/news/IQ-Quiz-Mobile-Scam-Hits-Twitter-126998.shtml Security http://news.softpedia.com/news/IQ-Quiz-Mobile-Scam-Hits-Twitter-126998.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Twitter-Hack-Oops-Britney-Did-It-Again-126944.shtml Britney Spears has got her Twitter and MySpace accounts hijacked by vandals looking to defame her. The rogue status updates posted yesterday on her feed made references to Devil worshiping and the New World Order.

Britney Spears, Twitter and hackers seem to be a recurring theme. Back in January, she was amongst the victims of a hacker who commandeered 33 high-profile accounts belonging to the likes of Barack Obama, Rick Sanchez or Fox News.

A second attack happened in June when pranksters falsely announced the singer's death via her Twitter feed as part of a larger attack also affecting the accounts of P Diddy and Ellen DeGeneres. In both previous incidents, the hijacking occurred indirectly, by exploiting a flaw in a third-party platform or by compromising administrative credentials; however, this latest attack seems to be more personal.

"It's not clear at this stage how Britney's Twitter account was compromised - but probably the most likely bet is that a simple easy-to-crack password was being used or that one of Britney's team fell for a phishing attack," Graham Cluley, senior technology consultant at Sophos, notes. The password cracking theory is enforced by the fact that the singer's MySpace account was also compromised at the same time.

The hacker's intention in this case was only to va... (read more)]]> Fri, 13 Nov 2009 10:48:00 GMT Softpedia News - Security http://news.softpedia.com/news/Twitter-Hack-Oops-Britney-Did-It-Again-126944.shtml Security http://news.softpedia.com/news/Twitter-Hack-Oops-Britney-Did-It-Again-126944.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/UK-Government-s-Cyber-Security-Squad-to-Launch-in-March-126867.shtml UK's Cyber Security Operations Centre (CSOC) will become operational on March 10 next year, according to the government. The centre, which has the role of fending off cyber attacks against the country's computer infrastructure, will initially have a staff of nineteen.

The Cyber Security Operations Centre was established, along with the Cabinet Office of Cyber Security, as part of UK's new National Cyber Security Strategy launched back in June. The centre will operate in the same building as the UK Government Communications Headquarters (GCHQ) in Cheltenham.

The centre's role will be to monitor UK's cyberspace and defend it from cyber attacks, as well as fight back when necessary. The Parliamentary Under-secretary for Security and Counter-terrorism Lord Alan West suggested during an interview for BBC that the government plans to recruit young former hackers for the job. "You need youngsters who are deep into this stuff... If they have been slightly naughty boys, very often they really enjoy stopping other naughty boys," Lord West said.

This comment did not fall well with some information security professionals, who didn't agree with the proposed approach. "It is entirely unacceptable that our security services and our government are broadcasting the message that the only qualification ne... (read more)]]> Thu, 12 Nov 2009 14:33:00 GMT Softpedia News - Security http://news.softpedia.com/news/UK-Government-s-Cyber-Security-Squad-to-Launch-in-March-126867.shtml Security http://news.softpedia.com/news/UK-Government-s-Cyber-Security-Squad-to-Launch-in-March-126867.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/A-More-Human-Koobface-a-More-Dangerous-Facebook-126745.shtml Security researchers warn that the infamous Koobface social networking worm received and upgrade, which allows it to create and use Facebook accounts in a similar way a real person would. The new component also performs various checks in order not to arouse suspicion.

Koobface is a computer worm targeting the users of social networking websites. It spreads by hijacking or automatically creating bogus accounts and posting links to malicious web pages. The most common Koobface lure is the “intriguing video” trick, in which the user is enticed into visiting a malicious URL in order to see an online video.

However, on the landing page, the user is actually presented with an image mimicking an embedded video, which allegedly requires a special codec or Flash player upgrade to view. The executable server is actually the installer for the worm.

According to security researchers from antivirus vendor Trend Micro, a recent upgrade of the worm enhances it to automatically register Facebook accounts and activate them by visiting confirmation URLs sent to Gmail addresses, authenticate with the new account and join Facebook groups, as well as add new friends and post messages on their walls.

“Overall, this new component behaves like a regular Internet user that starts to connect... (read more)]]> Wed, 11 Nov 2009 14:34:00 GMT Softpedia News - Security http://news.softpedia.com/news/A-More-Human-Koobface-a-More-Dangerous-Facebook-126745.shtml Security http://news.softpedia.com/news/A-More-Human-Koobface-a-More-Dangerous-Facebook-126745.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/RBS-WorldPay-Hackers-Indicted-126679.shtml The gang of fraudsters who stole $9 million after hacking into the RBS WorldPay payment processor last year have been indicted by a grand jury in Atlanta, the United States Department of Justice announces. Four hackers and six cashers were charged with various counts of wire fraud, computer fraud and aggravated identity theft.

Back in December 2008, close to the winter holidays, a major US-based payment processor called RBS WorldPay announced that its network and computer systems were breached by unknown attackers. The company, which is operated by the Royal Bank of Scotland Group, said at the time that only around 100 re-loadable payroll cards had been misused and subsequently disabled.

However, what the company failed to note is that some of the compromised cards were actually used to steal a whooping nine million dollars. Not only that, but the impressive sum was withdrawn over a 24-hour period from over 2,100 ATMs located in at least 280 different cities worldwide, making this attack one of the most organized and sophisticated of its kind ever to be instrumented.

The indictment reveals that the hackers intercepted and cracked encrypted data passing through the network, after which they artificially inflated the limits of the accounts chosen as targets. The payroll card details including PIN numbers were then ... (read more)]]> Wed, 11 Nov 2009 09:51:00 GMT Softpedia News - Security http://news.softpedia.com/news/RBS-WorldPay-Hackers-Indicted-126679.shtml Security http://news.softpedia.com/news/RBS-WorldPay-Hackers-Indicted-126679.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Koobface-Infiltrates-Google-Reader-126620.shtml Security experts at TrendMicro have discovered at least 1,300 public Google Reader pages infected with a new Koobface type of attack. Hackers have employed Google Reader accounts to host links redirecting users to a Koobface infected page.

Attackers employed Google Reader's possibility to share links and messages between users to host an image resembling a Flash video. Whenever the user tried to view the video, they were redirected to a cloned YouTube page containing a video. As in previous attacks, the user was soon prompted with an alert that invited them to upgrade their Flash player. Hidden was the fact that instead of the updated software, the user was downloading the doomed Koobface downloader component that would that take over the victim's computer.

Google was soon to react to these findings, taking all the necessary steps into blocking the infected URLs. Unlike previous attacks that used MySpace, Facebook and Twitter, this one seems not to have made the same type of impact, maybe thanks to Google's quick reaction and the fact that its users are a slight more Web-educated than all the social network users in the past.

The Mountain View-based company has recently found itself in the sights of many black hat attacks because of its bigger and bigger array of services that seems to provide more and more ... (read more)]]> Tue, 10 Nov 2009 14:20:00 GMT Softpedia News - Security http://news.softpedia.com/news/Koobface-Infiltrates-Google-Reader-126620.shtml Security http://news.softpedia.com/news/Koobface-Infiltrates-Google-Reader-126620.shtml#review_zone Softpedia News (Catalin Cimpanu) http://news.softpedia.com/news/Mega-D-Spam-Botnet-Suffers-Severe-Blow-126594.shtml One of the Internet's most notorious spam botnets, Mega-D, was severely crippled by researchers from a small security company. The blow was delivered late last week and the millions of junk emails spewed out by the botnet every hour instantly stopped.

Mega-D, also known as Ozdok, is a botnet primarily used for spam. At the height of its existence, this botnet was credited with being responsible for one third of the daily spam traffic. Spam analysts from M86 Security note that an individual Mega-D bot is capable of sending as much as 15,000 junk emails per hour.

At the beginning of the month, a start-up security company called FireEye, based in Milpitas, CA, published an in-depth analysis of Mega-D and its command and control infrastructure. At the time, FireEye security researchers explained that the botnet had several fallback mechanisms in place in case their primary command and control servers went down.

Some of them were probably added by its creators after the botnet was seriously affected by the depeering of a rogue hosting company called McColo last year. However, the FireEye analysis revealed some loopholes in the implementation of these safety protocols, prompting researchers to try and exploit them.

According to Atif Mushtaq, a security researcher with the company, this was done in a... (read more)]]> Tue, 10 Nov 2009 13:12:00 GMT Softpedia News - Security http://news.softpedia.com/news/Mega-D-Spam-Botnet-Suffers-Severe-Blow-126594.shtml Security http://news.softpedia.com/news/Mega-D-Spam-Botnet-Suffers-Severe-Blow-126594.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Botnet-Command-and-Control-Server-Hosted-on-Google-App-Engine-126559.shtml Security researchers have discovered a botnet that queried a rogue application hosted on Google's App Engine platform for commands. Its command and control server instructed infected computers to download and install a backdoor component.

The unusual piece of malware was discovered by researchers from network security company Arbor Networks, who tracked its connections to a Google App Engine application. "The app in question is being used to feed URLs to the zombies for them to download," Jose Nazario, manager of security research at Arbor, explains.

The Google App Engine allows developers to run the Web applications on Google's infrastructure. Hosting an application that does not require more than 500 MB of storage space and five million page views per month is free. So far, the platform features a Java Runtime Environment and a Python interpreter.

Google has been notified of the abuse and has taken the rogue application offline. Researchers were not able to uncover much of the specific commands that this botnet C&C server was able to give as they did not obtain access to the code hosted on Google App Engine.

The only relevant malicious behavior they noticed was the command to download a file called aa.exe from a third-party URL. This file is actually an installer for a... (read more)]]> Tue, 10 Nov 2009 10:48:00 GMT Softpedia News - Security http://news.softpedia.com/news/Botnet-Command-and-Control-Server-Hosted-on-Google-App-Engine-126559.shtml Security http://news.softpedia.com/news/Botnet-Command-and-Control-Server-Hosted-on-Google-App-Engine-126559.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Beware-of-Zbot-Flavored-Facebook-Phishing-126467.shtml Security researchers warn of a new wave of malicious emails that target Facebook users. The messages falsely claim that a fresh login system is being implemented, directs people to a phishing site and also attempts to infect them with malware.

This new spam campaign is interesting because it incorporates two different types of attacks into one. First, there is a phishing component, which attempts to trick Facebook users into exposing their login credentials. The lure used is the classic "system upgrade" one, in this case in the form of a new revamped login system.

"In an effort to make your online experience safer and more enjoyable, Facebook will be implementing a new login system that will affect all Facebook users. […] Before you are able to use the new login system, you will be required to update your account," the emails, coming from @facebookmail.com addresses, read.

Visiting the included link will take users to a fake Facebook login page, where their email address is already filled in and they have to input their passwords. Once someone falls victim to the phishing trick, they are redirected to yet another page that encourages them to download a malicious file.

The file is called updatetool.exe and is advertised as an official Facebook utility for upgrading accounts. In realit... (read more)]]> Mon, 9 Nov 2009 13:16:00 GMT Softpedia News - Security http://news.softpedia.com/news/Beware-of-Zbot-Flavored-Facebook-Phishing-126467.shtml Security http://news.softpedia.com/news/Beware-of-Zbot-Flavored-Facebook-Phishing-126467.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Computer-Trojan-Helped-Expose-Secret-Syrian-Nuclear-Reactor-126423.shtml The use of a computer Trojan played a critical role in gathering intelligence regarding a now-destroyed secret nuclear reactor in Syria. The information-gathering program was planted by Mossad operatives on the laptop of a Syrian official while he was staying in London.

Journalists from the German publication Der Spiegel have recently published an article describing the events that led and followed Israel's bombing of the Syrian nuclear reactor at Al Kibar. According to them, Israel had reason to believe that Syria might be planning to launch a secret nuclear program even since 2002, but information was scarce at the time.

Their suspicions intensified in 2004 after United States' National Security Agency (NSA) informed them of an unusually high number of calls between Pyongyang, the capital of North Korea, and a region in the Syrian desert situated close to the Euphrates river. This place was called Al Kibar.

Then, in late 2006, Mossad operatives succeeded in obtaining more concrete evidence. Apparently, this was achieved by installing a professional trojan on the computer of a senior Syrian government official. The clandestine program was planted on his laptop left in a Kensington hotel room during a trip to London.

The trojan stole secret documents and images depicting t... (read more)]]> Mon, 9 Nov 2009 09:21:00 GMT Softpedia News - Security http://news.softpedia.com/news/Computer-Trojan-Helped-Expose-Secret-Syrian-Nuclear-Reactor-126423.shtml Security http://news.softpedia.com/news/Computer-Trojan-Helped-Expose-Secret-Syrian-Nuclear-Reactor-126423.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Two-Men-Accused-of-Hacking-Their-Former-Employer-s-Computers-126361.shtml Two former employees of an engine parts distributor have been indicted for accessing the company's computer systems repeatedly without authorization after they quit. According to the prosecutors, the men used still active credentials to access sensitive information for almost two years.

Scott R. Burgess, 45 of Jasper, Indiana, and Walter D. Puckett, 39 of Williamstown, Kentucky, were indicted on November 4 for computer intrusion, the United States Attorney's Office for the Southern District of Indiana announces. The pair used to work for Jasper-based Stens Corporation, a distributor of replacement parts for small engine outdoor power equipment.

After quitting their jobs at Stens in late 2004 and early 2005, respectively, Burgess and Puckett went on to work for a rival company. The authorities claim that until September 2006, the two illegally accessed private information stored on computers belonging to Stens Corporation on twelve separate occasions.

The intrusions allegedly had personal and commercial gain motivation and were instrumented through the use of old login credentials. It is also mentioned that Stens' IT staff noticed unusual behavior and disabled several passwords, however the perpetrators switched to using others.

According to Assistant U.S. Attorney Todd S.... (read more)]]> Fri, 6 Nov 2009 15:39:00 GMT Softpedia News - Security http://news.softpedia.com/news/Two-Men-Accused-of-Hacking-Their-Former-Employer-s-Computers-126361.shtml Security http://news.softpedia.com/news/Two-Men-Accused-of-Hacking-Their-Former-Employer-s-Computers-126361.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Major-Security-Hole-Discovered-on-Facebook-and-MySpace-126327.shtml A Web developer has documented a proof-of-concept attack that could have been used to hijack accounts and steal private information on Facebook and MySpace. The attack leveraged a serious security oversight in XML configuration files used to define the cross-domain access policy for Flash applications.

The discovery was made while 24-years-old Dutch Web developer Yvo Schaap tried to find a workaround to a problem he was having with one of his Facebook applications. “I found a solution to one of my function limitations. Surprisingly, when looked into more carefully my solution allowed full access and control to the Facebook user account that accessed my application,” he notes on his blog.

As the programmer goes on to explain, this is not actually a bug, but an insecure configuration issue in crossdomain.xml. This file can be used to tell a Flash application, loaded from a URL and executed locally on the client, if it is able to access a file served from its domain. For example, if the owner of domain A wants to let an application from domain B access its files, it can specify domain B in the crossdomain.xml on its server.

While the crossdomain.xml on facebook.com whitelisted only other domains and sub-domains associated with Facebooks, the similar file on connect.facebook.com c... (read more)]]> Fri, 6 Nov 2009 13:08:00 GMT Softpedia News - Security http://news.softpedia.com/news/Major-Security-Hole-Discovered-on-Facebook-and-MySpace-126327.shtml Security http://news.softpedia.com/news/Major-Security-Hole-Discovered-on-Facebook-and-MySpace-126327.shtml#review_zone Softpedia News (Lucian Constantin) http://news.softpedia.com/news/Attack-Hits-Swedish-Signals-Intelligence-Agency-s-Website-126289.shtml The website of the Swedish National Defence Radio Establishment (Forsvarets Radioanstalt) has been the target of a prolonged denial of service attack this week. There is some speculation that the incident was caused to protest to the agency's new role of intercepting and monitoring Internet traffic passing through Sweden.

Forsvarets Radioanstalt (FRA) is an intelligence agency of the Swedish government, subordinated to the country's Ministry of Defence. It was official established in 1942 and its primary role was radio signal interception and monitoring.

In June 2008, the Swedish Parliament passed anti-terrorism legislation allowing FRA to coduct warrantless wiretapping of telephone and Internet communications that crosses Swedish borders. This includes all international Internet traffic that passes through Sweden, such as Russia's. The law went into effect at the beginning of January but the actual monitoring started last month.

The DoS attack on FRA's website began on Monday evening and according to a report from the Pingdom uptime monitoring service, extended well into Tuesday and Wednesday. This type of attack involves overloading a server with bogus requests until it is unable to process legit ones.

The total downtime suffered was of almost 29 hours, but according to an... (read more)]]> Fri, 6 Nov 2009 09:41:00 GMT Softpedia News - Security http://news.softpedia.com/news/Attack-Hits-Swedish-Signals-Intelligence-Agency-s-Website-126289.shtml Security http://news.softpedia.com/news/Attack-Hits-Swedish-Signals-Intelligence-Agency-s-Website-126289.shtml#review_zone Softpedia News (Lucian Constantin)