Security

Kaspersky Lab now admits that people attempting to buy Kaspersky’s security products on Oct. 17 were redirected by hackers to a scareware site with links to fake antivirus software called Security Tool. Hackers have caused serious embarrassment for a major security technology company. Kaspersky Lab’s Website was hacked over the weekend, sending customers looking for security software to an external download page pushing counterfeit software. When users tried to download software from Kaspersky on Oct. 17, they were redirected to a malware site that tricked users into downloading fake antivirus software called Security Tool. Once executed, Security Tool displays pop-ups reporting a number of vulnerabilities and threats “found” to scare users into buying what it says is a full version in order to fix these problems. ...

HAVOC CAUSING hacker activist group Operation Payback has extended its reach and strangled the life out of the UK Intellectual Property Office’s website. Yesterday they apparently took down the MPAA’s website in the US, and today, though already busy, they have widened their focus and laid a smackdown on the UK IPO, knocking its website offline. According to a blog post on the Panda security blog Anonymous is 4Chan, and yesterday a forum on that website published its list of targets and its timeline for attacks. ...

Two regional websites for Chancellor Angela Merkel’s Christian Democrats (CDU) were hacked on Tuesday by unknown perpetrators claiming to be Turkish following controversial comments by her conservatives on immigration. Police and domestic intelligence agencies are now investigating in both the city-state of Hamburg and the northern state of Mecklenburg-Western Pomerania after CDU officials said their party sites were paralysed overnight when hackers replaced their homepages with a black background featuring a Turkish crest and critical comments. ...

There has been an “unprecedented wave” of exploits against vulnerabilities in Oracle’s Java during the third quarter of this year, according to data from the Microsoft Malware Protection Center. The software giant provided the following data to back its claims, outlining three specific vulnerabilities (all of which have patches available) that are being exploited en masse: CVE Attacks Computers Description 2008-5353 3,560,669 1,196,480 A deserialization issue in vulnerable versions of JRE (Java Runtime Environment) allows remote code execution through Java-enabled browsers on multiple platforms, such as Microsoft Windows, Linux, and Apple Mac OS X. 2009-3867 2,638,311 1,119,191 Another remote code execution, multi-platform issue caused by improper parsing of long file:// URL arguments. 2010-0094 213,502 173,123 Another deserialization issue, very similar to CVE-2008-5353. As you can see, the first two are particularly worrying: they’ve gone from hundreds of thousands per quarter to millions. The third one is the newest, so it’s possible that it will also do the same. ...

You might be wondering why the frontpage of Twitter has a big “Edit” line running through it in the screenshot below: The answer, of course, is that this is not the real Twitter page at all. It’s part of an increasingly popular kit used for shenanigans: The scammer downloads the zip, edits the links in the .htm file and places something likely to catch the attention of an end-user underneath the “Edit” line. The fact that the fake content is sitting directly underneath the “New Twitter” promotional text is not a coincidence. ...

Sometimes we encounter childish messages from the authors in the body of malware. A variant of the TDSS family we got recently is even going a step further by offering a convenient location for a malware signature. The samples include the message “Put your signature here”, which is shown when run inside a debugger. While in many cases signatures could be still useful for detection, Avira prefer to use other technologies which are more generic and proactive. This is especially the case with malware families like TDSS/Alureon, whose authors continuously adapt their creations so they are able to work around even proactive detection in a short time. This variant is detected as TR/Crypt.XPACK.Gen3.

RealNetworks, Inc. have published product upgrades addressing vulnerabilities in RealPlayer SP 1.1.4 and earlier. The vulnerabilities may allow an attacker to execute arbitrary code. Windows users of RealPlayer SP 1.1.4 and earlier are advised to upgrade to the latest version here For more information, visit RealNetworks’ security advisory here

Currently a new likejacking-attack is running on Facebook. If a user clicks on the link of a friend which is reads “I Will NEVER TEXT Again After Seeing THIS!! on CLICK HERE TO SEE.”, she or he will automatically “like” that link too due to some clever scripting on the attacking website. A second like-link says “This American GUY must be Stoned to Death for doing this to a GIRL (NO SURVEYS)! … on CLICK HERE TO SEE.”. This is another variant of the same likejacking-attack. ...

The information being transmitted is one of Facebook’s basic building blocks: the unique “Facebook ID” number assigned to every user on the site. Since a Facebook user ID is a public part of any Facebook profile, anyone can use an ID number to look up a person’s name, using a standard Web browser, even if that person has set all of his or her Facebook information to be private. For other users, the Facebook ID reveals information they have set to share with “everyone,” including age, residence, occupation and photos. ...

NEW YORK — The Wall Street Journal is reporting that 10 popular Facebook applications have been transmitting users’ personal identifying information to dozens of advertising and Internet tracking companies. The newspaper said Monday that the breach also includes users who set all their information to be completely private. And in some cases, it says, the apps provided access to friends’ names. A Facebook spokesman told the Journal on Sunday that the company would introduce new technology to contain the breach. It’s not clear how long the breach went on. ...