TechBlog

Symantec Connect: WikiLeaks.org is in the news after their recent publications linked to leaked government documents. Spammers are now leveraging the current level of interest with social engineering techniques to infect users’ computers. Symantec is observing a wave of spam spoofing WikiLeaks to lure users into becoming infected with a new threat. The spam email has subject line “IRAN Nuclear BOMB!” and spoofed headers. The “From” header purports to originate from WikiLeaks.org, although this is not in fact the case, and the message body contains a URL. This URL downloads and runs WikiLeaks.jar which has a downloader ‘WikiLeaks.class’ file. The downloader pulls the threat from http://ugo.file[removed].com/226.exe. Symantec detects this threat as W32.Spyrat. ...

Sunbelt Blog: Above, you can see a vaguely optimistic VirusTotal user summary in relation to a file that’s been doing the rounds for about a month or two. Here is the file in question: A “receipt generator”, I hear you ask – what do people want with one of those? The answer, of course, is rather straightforward: This is a particularly interesting scam, as it doesn’t target regular PC users – it targets the people who sell you things, such as the merchants on the Amazon marketplace. This is what the would-be social engineer sees when they fire up the program: ...

Mashable: Tumblr has returned to the web after a full day’s, err, vacation. The popular blogging/reblogging platform went down yesterday afternoon during some planned maintenance; the exact reasons for the outage are unknown, but Tumblr has mentioned database cluster issues. Rumors aside, the downtime had nothing whatsoever to do with a 4chan-led DDoS attack. The official company blog states a fact of life for any successful startup: Keeping up with at-scale traffic on a startup’s budget and infrastructure is hard, hard work, “more work than our small team was prepared for,” the blog reads. ...

Mashable: After launching its own incredibly successful, single-purpose hardware and a slew of free apps for mobile and PC devices, Amazon is getting ready to launch a new web app version of Kindle. Amazon’s timing is impeccable, particularly if the tech giant is trying to take the wind out of Google’s sails; Google just launched its own e-reading, e-bookstore platform today. An Amazon rep said in an e-mail to ComputerWorld that the new version of the web app is intended to “enable users to read full books in the browser and any website to become a bookstore offering Kindle books” — exactly what Google E-books aims to do with its own platform. The previous version of Kindle for Web, as the app is properly called, was not nearly as noteworthy, allowing users to read only first-chapter previews of books online. ...

Google has just released ‘Google Books’ app for iOS. The Google Books app offers access to over 2 million Google eBooks on iPhone, iPod touch, or iPad. Take your favorite books with you on the go. The app is free and requires to sign in with your Google account. Google Books Features: Great Reading Experience – Change font, search within book, information about book – Night-reading mode – Offline reading mode ...

Symantec Connect: We have become familiar enough with malware creators poisoning popular search engine terms through SEO techniques in order to deliver their malicious files to a greater pool of unsuspecting users. Other popular services such as Twitter have not escaped the watchful eyes of the miscreants. This attack involves pumping out many of the same tweets with different accounts to push them into the Twitter trending list. That way more people are likely to see them even if the individual user accounts being used to send the tweets don’t have that many followers. Incidentally many of the accounts used in this attack don’t have that many followers and are quite fresh – meaning they are probably fake accounts set up specifically for the purpose of spamming tweets. ...

It’s a normal day to us. We receive a new Bamital virus sample report from a customer, and we provide an analysis. Suddenly, something interesting bursts into my eyes: What’s your thought on this code fragment? At the first glance, this piece of code looks like a non-malicious call to manipulate the Windows Printer SubSystem. But if you’ve analyzed Alureon before, it may look familiar to you. Yes, Alureon also takes advantage of the Windows Print Subsystem to install its payload. ...

Mashable: A large number of messages containing only the link “goo.gl/R7f68” has appeared on Twitter today, redirecting the users to various malware-laden sites. The messages are mostly coming from disposable accounts, but they also appear on some accounts that appear to be genuine, which indicates that there’s a worm spreading and sending the messages from infected accounts. Furthermore, all of the messages containing the link are sent from the mobile version of Twitter. ...

Avira programmers spent a lot of work and drastically overhauled the Avira AntiVir Rescue System which is now available in version 3.7.16. Next to a much better usability due to the redesigned user interface and 11 supported languages the new version offers even improved detection and removal capabilities. Avira AntiVir Rescue System uses Linux as operating system. The new kernel has much better and wider hardware support. The bootable CD can not only be used to analyse the system for malware infections and remove them, but also enables the user to get access to data on the system in case the operating system won’t start anymore so it can be backed up onto a USB drive, for example. ...

Take a look in the Email I got from Google a few minutes ago: Dear Website Optimizer user, We are writing to inform you of a potential security issue with Website Optimizer. By exploiting a vulnerability in the Website Optimizer Control Script, an attacker might be able to execute malicious code on your site using a Cross-Site Scripting (XSS) attack. This attack can only take place if a website or browser has already been compromised by a separate attack. While the immediate probability of this attack is low, we urge you to take action to protect your site. ...