Security

There are a couple of programs in circulation at the moment designed to steal Steam account login credentials. People can have a lot of money invested in Steam purchases (if you purchase PC games online Steam is probably the best digital delivery service around), and it isn’t really the greatest thing in the world to have one stolen. Steam is a popular thing to have in webcafes, and the company behind it actually support this in a very big way. These particular infection files would cause the most trouble on the networks of netcafes with minimal security in place, allowing chancers to install files with a USB stick, let the stealer grab account logins then come back later to collect the passwords. ...

One our researchers was reading the comments about Dancing With The Stars, and Kate Gosselin’s performance (He’s a huge fan … don’t ask), when he noticed a link to a URL shortening service. Given that it was advertising a video of Kate Gosselin topless, he astutely realised that was a bit suspicious, and checked it out inside a nice, safe virtual pc. Indeed, the shortening service immediately transferred to a website showing a picture of Kate at the beach… ...

When it is not actually a picture but an obfuscated malicious VB script! That’s the story with W32/VBSAuto-F — yet another autorun worm that sets a number of self-starting registry entries, spreads via USB drives, and downloads further malware. The worm embeds code in a JPEG comment field of an ambiguously named file “image.jpg” or “imwin.jpg”. Previewing such files as images remains innocuous, as picture viewers tend not to execute meta data by default. This is unfortunately not the case when the file is run through the VB script engine, which is happy to interpret the same JPEG comment 0xFFFE header bytes to indicate Little-Endian UTF-16 encoded data and execute the remaining portion of the file as code. ...

Scum on the run Security blogger Brian Krebs is reporting some good numbers that show spammers are no longer registering their domains in China (.cn) since that country started requiring actual on-paper registrations and business licenses, which precludes anonymous registration. AND their new top-level domain of choice, Russia (.ru), is going to make life for sca/spammers difficult there. “Russia’s Coordination Center for domain registration will require individuals and businesses applying for a .ru address to provide a copy of a passport or legal registration papers.” Krebs wrote. ...

As Easter approaches, spam related to this upcoming holiday is expected. Spammers didn’t send malicious greetings like last year—they sent out various product promotion ads instead. One particular coupon promotion page offers recipients a free coupon for digital TV service for Easter. A domain attack was observed from this spam attack, and the offer page changed to different product coupons on a daily basis. 1 2 _From: “The Easter Bunny” <easterbunny removed> Subject: How to make this Easter even more magical…</easterbunny>@>_ ...

I’m almost certain this shouldn’t be on the Nokia.de webspace, lurking under the “online.nokia.de” subdomain: Don’t worry though, Admin – they “just changed your index”. This isn’t the first time Nokia domains have come under attack. The above defacement – by an Albanian hacker called “Spammer” – seems eager to let the webmaster know they can help with the bugs, but I’m pretty sure an email would have been just as useful. Nokia.de have been notified of the defacement, but I’ve had no word back as of yet.

Don’t run your PC with admin privileges Sometimes in life you know something is a risk, but you don’t know how BIG a risk it is until somebody actually checks it out. There was a German scientist in Russia who repeated Ben Franklin’s kite-in-the-thunder-storm experiment but didn’t live to write up his results. Los Angeles security firm BeyondTrust has released an analysis of Microsoft’s 75 security bulletins last year. They came to the startling conclusion that if users had operated their computers without administrative rights they would have eliminated 64 percent of their risk from Microsoft vulnerabilities! ...

Whole Foods, a popular health and organic grocery chain, is the subject of a new Facebook scam that phishes for users’ credit and other personal information. A deluge of fraudulent Facebook Pages are popping up that promise a limited number of users Whole Foods gift cards. These Pages are accruing thousands of fans and siphoning off sensitive and lucrative data. The groups offering Whole Foods gift cards are in no way affiliated with the supermarket; rather, con artists are using the Pages to uncover important personal and financial information from users via a bogus credit assessment. After giving the requested information, users watch their computers crash as their identities are completely exposed. ...

Good God! A 419 scam email from someone in grade school! From: FBI AGENT [mailto:[email protected]] Sent: Wednesday, March 31, 2010 7:34 AM Subject: FBI AGENT Hello honest people……… We got your contact from our Microsoft data-base system. This is to inform you all that have lost money to Scammers in Africa, Europe and USA. We hear by inform you there is quick opportunity for you mostly on lottery. My name is FBI brad Martins I assure you am doing all I can to get your lost money back in 2 days . I know what scam means. I work with the global scam Fither in CA 93535.we have all the global scam computer to trace all Scammers Name and location. Reply back to us. We just caught a scammer now, and we found some money with him, we are returning it back to those involves. This mean your money will be refund back to you.Get back to the FBI through this email for immediate response [email protected]

Spyware/DDoS malware combo Google’s security team member Neel Mehta has blogged about yet one more spyware attack on Google users from Asia. This time forces in Vietnam apparently are trying to spy on and stifle dissent from those opposed to the expansion of bauxite mining in the country’s central highlands. The dissenters are opposed to the environmental impact, the involvement of Chinese in the venture and the displacement of people who live in the mining area. Bauxite is the ore that aluminum is extracted from. ...