Report

Cross posted from GFI, Sunbelt Blog: There’s not a day when we don’t see a new scam or hoax—yes, even the old ones—being proliferated on Facebook. I’ve seen both today. Let’s take a quick look at each one, shall we? First off, the scam: The screenshot above is a post generated by the “Sexappeal Meter” app that have spread within the social network. Clicking the “How much Sexappeal you have” link, or sometimes a bit.ly shortened URL, leads users to a page where it requests for permission just like any normal app. Allowing the app access to user profile, however, leads to two succeeding survey scam pages and, eventually, to a page where one can download a browser toolbar. ...

The H-Security: On Tuesday, a user who is known as “lawabidingcitizen” posted an unusual request to the Full Disclosure mailing list, a forum that is mainly used by the security community: “Please do not take down the Sality botnet.” The contributor says that he found a way of dramatically reducing the number of infected computers after analysing the botnet. He adds that the required actions are unlawful, however, but proceeds to describe the method in considerable detail and makes special tools for the task available. ...

The Register: Pro-China hackers have started spoofing security firm AlienVault’s email address in spam messages in an attempt to infect pro-Tibetan recipients with malware. The move follows days after the security tools firm warned that AlienVault about spear phishing attacks against a number of Tibetan organizations. The spear-phishing messages relate to the Kalachakra Initiation, a Tibetan religious festival that took place in early January. The closely targeted messages – sent to organizations such as the Central Tibet Administration and International Campaign for Tibet – carry an infectious Office file attachment with a malware payload, a digitally signed variant of Gh0st RAT (remote access Trojan). ...

SophosLabs: A group of hackers are claiming to have stolen the details of more than 70,000 users of the Digital Playground porn website. The group, calling itself “The Consortium”, appears to have scooped up some 40,000 financial details (including credit card numbers, names, CCV numbers, and expiration dates) as well as the email addresses and passwords of 72,000 users. According to the hackers, who appear to be affiliated with the Anonymous movement, the sensitive information was not encrypted. ...

SophosLabs/NakedSecurity: With alleged Anonymous hackers belonging to the LulzSec group arrested and charged yesterday, and the startling relevation that prominent hacker Sabu had been working undercover for the FBI for months, hacktivists defaced a number of websites belonging to anti-virus firm Panda Security overnight. The hackers changed two dozen pandasecurity.com subdomains to include a YouTube video, showing a pot pourri of Anonymous/LulzSec activity during 2011, and posted what appeared to be the username and password details of over 100 Panda employees. ...

BBC: Hackers gained “full functional control” of key Nasa computers in 2011, the agency’s inspector general has told US lawmakers. Paul K Martin said hackers took over Jet Propulsion Laboratory (JPL) computers and “compromised the accounts of the most privileged JPL users”. He said the attack, involving Chinese IP addresses, was under investigation. In a statement, Nasa said it had “made significant progress to protect the agency’s IT systems”. ...

SophosLabs: This week has seen the annual Mobile World Congress event. For 2012, the giants of the mobile tech world are back in Barcelona to captivate the imagination of the tech press with their latest smartphone and tablet offerings. The mobile industry trade show has certainly not disappointed. Announcements of smartphones with new quad core processors, phone cameras with huge numbers of megapixels crammed onto its sensor and 3 in 1 smartphone-tablet-netbooks have all provided much excitement. ...

Symantec Connect: The Opfake gang has been targeting Android mobile devices, as well as Symbian, but that does not mean they are limiting their targets to these platforms. Where there is money to be made, they are willing to invest time and resources. This includes scams designed for iPhone users. We have come across a couple of Opfake websites that, while hosting malicious apps that Symantec detects as Android.Opfake, are also designed to perform social engineering attacks on iPhone users. ...

At the RSA Conference 2012, McAfee’s Chief Technology Officer, Stuart McClure, and several of his colleagues, have demonstrated a whole range of different attacks on mobile devices. For example, they demonstrated an attack on an NFC (Near Field Communication)-enabled smartphone: the attacker simply attaches a modified NFC tag to a legitimate surface such as an advertising poster. For their live demo, the researchers used a Red Cross donations appeal such as those seen at bus stops in various cities across Europe. ...

Sunbelt: Twilight fans who normally frequent the official website of Stephenie Meyer, infamous writer of the said book and saga, may have found their systems captured by a “being” that is neither a blood-sucker or a giant, feral dog. It might be something supernatural, but not in the security world: zombies. Our friends at avast! have unearthed a recent attack on the author’s website not so long ago:www.stepheniemeyer.com had been hosting Crimepack, an exploit kit that takes advantage of known vulnerabilities of various Web browsers and the Windows OS to install malware. Brian Krebs of_KrebsOnSecurity.com_ took a closer look at this particular exploit pack back in 2010, and it is indeed a nasty one. Not only is it capable of targeting holes of software installed on your system, it also “lets customers [buyers of this Crimepack exploit kit] test various Web reputation services to discover whether any include their exploit sites.” Computers successfully exploited by the Crimepack exploit kit are eventually turned into zombies, which online criminals use to do malicious tasks, such as spamming and launching denial of service (DoS) attacks. ...