Smartphone users should always be careful of applications installed and links selected as malware attacks continue to increase for this vector
Android Malware - McAfee shows increase for Q1 2012
http://securitywatch.pcmag.com/none/298206-android-malware-spikes-in-2012
QUOTE: According to McAfee the number of malicious Android apps surged from the hundreds to the thousands in the first quarter of 2012, compared to the same period last year. In "McAfee Threats Report: First Quarter 2012" the company reported that the number of mobile threats on Android reached 7,000 samples, while Symbian, Java ME (mobile edition), and "others" combined reached only 1,000.
The figures are alarming, but it's still fairly easy to keep your Android devices clean of malware. For starters, steer clear of third-party app stores (outside Google Play or Amazon App Store for Android). Unlike in the PC environment where worms can spread without any user involvement, mobile infections still rely on users installing malicious apps.
Kaspersky Labs shares a highly advanced new Facebook worm. This new Javascript based worm can spread from three different browsers (IE, Chrome, and Firefox) providing a cross platform attack.
Facebook - Advanced New LilyJade Cross Platform Worm
http://www.securelist.com/en/blog/706/Worm_2_0_or_LilyJade_in_action
It is quite rare to analyze a malicious file written in the form of a cross-platform browser plugin. It is, however, even rarer to come across plugins created using cross-browser engines. In this post, we will look into a Facebook worm that was written using the Crossrider system – a system still in beta testing.
It uses The Crossrider system, which is intended for writing unified plugins for Internet Explorer (version 7 onwards), Mozilla Firefox 3.5 and Google Chrome. This malicious program is a an excellent example of Malware 2.0-class programs based on modern web technologies, using social networks to propagate themselves and generating illegal incomes for their owners by spoofing various services.
A new malicious IM attack is circulating in the Facebook environment, as document by Trend Security
Facebook - New STECKCT worm spreads Instant Messaging
http://blog.trendmicro.com/worm-spreads-via-facebook-private-messages-instant-messengers/
QUOTE: We recently received reports about private messages found on Facebook and distributing a link, which is a shortened URL pointing to an archive file “May09-Picture18.JPG_www.facebook.com.zip”. This archive contains a malicious file named “May09-Picture18.JPG_www.facebook.com” and uses the extension “.COM”. Once executed, this malware (detected as WORM_STECKCT.EVL) terminates services and processes related to antivirus (AV) software, effectively disabling AV software from detection or removal of the worm. WORM_STECKCT.EVL also connects to specific websites to send and receive information.
Another noteworthy routine is that this worm downloads and executes another worm, one detected as WORM_EBOOM.AC. Based on our analysis, WORM_EBOOM.AC is capable of monitoring an affected user’s browsing activity such as message posting, deleted posted messages and private messages sent on the following websites such as Facebook, Myspace, Twitter, WordPress, and Meebo. It is also capable of spreading through the mentioned sites by posting messages containing a link to a copy of itself.
Nmap is an excellent analytical tool used in the past and the new version 6 has been officially released
https://isc.sans.edu/diary/nmap+6+released/13267
http://nmap.org/6/
QUOTE: May 21, 2012—The Nmap Project is pleased to announce the immediate, free availability of the Nmap Security Scanner version 6.00 from http://nmap.org/. It is the product of almost three years of work, 3,924 code commits, and more than a dozen point releases since the big Nmap 5 release in July 2009. Nmap 6 includes a more powerful Nmap Scripting Engine, 289 new scripts, better web scanning, full IPv6 support, the Nping packet prober, faster scans, and much more! We recommend that all current users upgrade.
Contents:
- About Nmap
- Top 6 Improvements in Nmap 6
- Press
- Screen Shots
- Detailed Improvements
- Moving Forward (Future Plans)
- Acknowledgments
- Download and updates
Please ensure your Windows and Office environments are up-to-date to ensure the best levels of protection. A number of patches were rated as critical this month.
Microsoft Security Bulletin Summary for May 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-may
Microsoft Security - ISC analysis for May 2012
https://isc.sans.edu/diary.html?storyid=13159
PC Magazine reviewed and ranked cleaning tools, free AV projects, and premium suites in the attached article:
AntiVirus Products for 2012 - Review by PC Magazine
http://www.pcmag.com/article2/0,2817,2372364,00.asp
QUOTE: To evaluate antivirus utilities I rely on hands-on, real-world testing. The malware removal test involves installing each product on a dozen malware-infested virtual machines and challenging it to clean them up. This article explains how I get from those tests to the figures in the chart below: How We Test Malware Removal I also refer to reports from major independent antivirus testing labs. The labs have vastly more resources than I do, so they can perform large-scale tests that would take more time than I have available. The chart below specifically lists results for the companies whose 2012 products are rounded up here.
PC Magazine shares an recent review of MSE 4.0 ... In personal testing on all family PCs, there is more consistency in auto-updating and it continues to be transparent in terms of impacting performance. No issues so far in use on XP and Windows 7 systems.
Microsoft Security Essentials 4.0
http://www.pcmag.com/article2/0,2817,2403986,00.asp
QUOTE: This product is a straight-up antivirus, not a feature-stuffed suite wannabe. Its main window shows current security status, with a button to resolve any problems. Another button launches an on-demand scan. That's it!
Pros -- Does a decent job protecting an already-clean system. Good ratings from independent antivirus test labs. Free!
Cons -- Unusually slow scan. Failed to run on one test system. Low detection rate in malware cleanup test. Failed to thoroughly clean up threats it did detect.
Bottom Line -- Microsoft Security Essentials 4.0 does a decent job protecting a clean PC, but in testing its cleanup of already-infested systems wasn't thorough.
Facecrooks Security shares an awareness of another new scam in circulation:
Facebook - Free Facebook Credits Generator Scam
http://facecrooks.com/Scam-Watch/free-facebook-credits-generator-facebook-scam.html
QUOTE: Alternate Message: Get Free Facebook Credits
Scam Type: Survey Scam
Trending: May 2012
Why it’s a Scam: First off, always be suspicious of special offers that require you to like multiple items. Also, requiring you to share posts on your Facebook wall is a favorite trick of the scammers. This is how the scam is spread very rapidly on Facebook. Think before you click, so you aren’t willingly spreading scams and spam on Facebook. When you ‘FINALLY Click here to claim your Credits,’ the following survey scam loads
Facecrooks shares links to monitor developments in Privacy
Privacy - List of key web advocates
http://facecrooks.com/Internet-Safety-Privacy/top-facebook-pages-every-privacy-advocate-should-like.html
QUOTE: The organizations listed below offer educational resources and information on how you can get involved to help protect your digital privacy rights. We encourage you to ‘Like” their Facebook pages and visit their websites. For your convenience, you can subscribe to a Facebook Interest List that we created - Online Privacy Resources (this list includes all of the pages below)
- Electronic Frontier Foundation - The Electronic Frontier Foundation (EFF) is the first line of defense when your rights in the digital world come under attack.
- EPIC – Electronic Privacy Information Center - Defending Privacy – EPIC is a public research center, based in Washington, DC. For 15 years, EPIC has been on the front lines of the leading battles to safeguard privacy, freedom of expression, and civil liberties.
- Center for Democracy & Technology - CDT is a public interest group working to keep the Internet open, innovative, and free.
- IAPP (International Association of Privacy Professionals) - The International Association of Privacy Professionals is the largest association of privacy pros with more than 10,000 members in 70 countries. It helps define, support and improve the profession through networking, education and certification.
- Data Privacy: NCSA - Data Privacy: NCSA is a a page managed by the National Cyber Security Alliance to help those interested in data protection and privacy keep up to date on the issues.
- Future of Privacy Forum - Advancing Responsible Privacy Practices.
- Privacy and Security Guide - Unofficial Guide To Facebook Privacy And Security
- Facebook and Privacy - Like this Page to learn how to exercise your choice to share what you want with those you want, keep up with changes, and talk with others about the importance of privacy in our digital age.
- TRUSTe - protects your privacy and help companies build trust with their customers and users
Facecrooks security highlights a new tool available to assess privacy for popular Facebook apps
http://facecrooks.com/Internet-Safety-Privacy/privacyscore-new-tool-rates-privacy-risk-of-the-most-popular-facebook-apps.html
QUOTE: Privacyscore, a project conducted by Privacychoice, recently released a Facebook application that rates the privacy risks of the most popular Facebook applications. Pictured below is what you’ll see when you visit the app. Hovering over one of the featured apps, displays their score.
As with all BETA products, a good working knowledge of how to work around issues is essential:
Microsoft - Security Essentials v4 BETA release
http://betanews.com/2012/04/25/microsoft-releases-security-essentials-4/
QUOTE: Microsoft has released Security Essentials 4.0, the latest version of its lightweight, straightforward antivirus package. The bulk of the changes this time are under the hood. MSE’s “Automatic Remediation” now does a better job of quarantining threats on its own, for instance, no user intervention required. And Microsoft claims scanning performance and malware detection rates have both improved on the previous build.
Facebook is now actively promoting AV solutions that include free 6 month trial periods plus products like MSE, AVG, or AVAST that are completely free
Facebook Security Page
https://www.facebook.com/security
Facebook Security - AV Products being promoted for better security
http://facecrooks.com/Internet-Safety-Privacy/facebook-announces-av-marketplace-free-antivirus-better-platform-security.html
QUOTE: One of the more exciting announcements made in the post is that the security companies mentioned above will be sharing educational materials on the Facebook Security page.
Hundreds of pages of data are highlighted in the latest release
Microsoft SIR Volume 12 release - Huge release of analytical information
http://blogs.technet.com/b/security/archive/2012/04/25/microsoft-security-intelligence-report-volume-12.aspx
QUOTE: Today we released the latest volume of the Microsoft Security Intelligence Report (SIR) containing a large body of new data and analysis on the threat landscape. This volume of the SIR includes:
• Latest industry vulnerability disclosure trends and analysis
• Latest data and analysis of global vulnerability exploit activity
• Latest trends and analysis on global malware and potentially unwanted software
• Latest analysis of threat trends in more than 100 countries/regions around the world
• Latest data and insights on how attackers are using spam and other email threats
• Latest global and regional data on malicious websites including phishing sites, malware hosting sites and drive-by download sites
A good article documenting the need to review phone bills in detail each month:
Mobile Security - How can you tell your phone is infected?
http://securitywatch.pcmag.com/none/296919-how-to-tell-if-your-phone-is-infected
QUOTE: On a PC the signs are pretty obvious. Your computer slows to a near-screeching halt, your browser re-directs you to random websites, your friends are suddenly calling asking about your career change to become a Viagra distributor (since your email has probably been hacked). Your IT guy can often tell by looking at your process names, as malware authors might name their malicious process 'svchsot.exe' to look like a legit one 'svhost.exe' (see what I did there?).
Harder To Tell On a Phone -- According to Kaspersky malware researcher Tim Armstrong, users usually don't discover something's wrong until they look at their phone bills and don't recognize the numbers of text message recipients. Premium rate SMS Trojans are the most common type of mobile malware. This malware disguises itself in a legit-looking app, and secretly sends SMS short codes that bill the caller. Nor will an average user really be able to tell by checking app permissions. Android developers can choose from dozens of permissions, and as Armstrong notes, it's often impossible to guess which are legitimate and which are warning signs.
Both Windows and Mac users are protected if they are up-to-date on security patches.
http://securitywatch.pcmag.com/hacking/297184-new-multi-layer-malware-attack-uses-same-exploit-as-flashback
QUOTE: A malware attack called Flashback infested well over a half-million Macs last week by exploiting a Java vulnerability. All Mac users have since updated to Apple's recently-released Java update, thereby rendering all Flashback variants powerless. Right. In your dreams! In the real world, hundreds of thousands of Macs remain infested, and a new threat has surfaced that gains entry using the same exploit but goes on to wreak even more havoc.
According to a post by Graham Cluley on Sophos's Naked Security blog, Sophos researchers determined that this new threat is attacking both Mac and Windows computers through the same Java vulnerability Flashback used. Windows users who permit automatic updates should be safe, as Microsoft patched the vulnerability in mid-February. Windows and Mac users who haven't updated are vulnerable.
ISC highlights recent security update and the creation of a removal tool for the Flashback Trojan attacks circulating in-the-wild.
Apple Security - Flashback Removal Tool
http://isc.sans.edu/diary.html?storyid=12991
QUOTE: Earlier in the week Apple released a Java update which included software to remove the Flashback Trojan from OS X Lion machines running Java. The Flashback Trojan removal tool is now also available for OS X Lion machines not running Java. This Flashback malware removal tool is available through the OS X Software Update tool, or from Apple's download site
DBAs and security teams should apply these patches promptly as numerous products were updated
http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html
QUOTE: Affected Products and Versions Patch Availability
Oracle Database 11g Release 2, versions 11.2.0.2, 11.2.0.3 Database
Oracle Database 11g Release 1, version 11.1.0.7 Database
Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5 Database
Oracle Application Server 10g Release 3, version 10.1.3.5.0 Fusion Middleware
Oracle BI Publisher, versions 10.1.3.4.1, 10.1.3.4.2 Fusion Middleware
Oracle DB UM Connector for Oracle Identity Manager, Version 9.1.0.4 Fusion Middleware
Oracle Identity Manager 11g, versions 11.1.1.3, 11.1.1.5 Fusion Middleware
Oracle JDeveloper, version 10.1.3.5.0 Fusion Middleware
Oracle JRockit versions, R28.2.2 and earlier, R27.7.1 and earlier Fusion Middleware
Oracle Outside In Technology, versions 8.3.5, 8.3.7 Fusion Middleware
Oracle WebCenter Forms Recognition, version 10.1.3.5 Fusion Middleware
Enterprise Manager Grid Control 11g Release 1, version 11.1.0.1 Enterprise Manager
Enterprise Manager Grid Control 10g Release 1, version 10.2.0.5 Enterprise Manager
Oracle E-Business Suite Release 12, versions 12.0.4, 12.0.6, 12.1.1, 12.1.2, 12.1.3 E-Business Suite
Oracle E-Business Suite Release 11i, version 11.5.10.2 E-Business Suite
Oracle Agile, version 6.0.0 Supply Chain
Oracle AutoVue version 20.0.2 Supply Chain
Oracle PeopleSoft Enterprise CRM, version 9.1 PeopleSoft
Oracle PeopleSoft Enterprise HCM, version 9.1 PeopleSoft
Oracle PeopleSoft Enterprise HRMS, versions 8.9, 9.0, 9.1 PeopleSoft
Oracle PeopleSoft Enterprise FCSM, versions 9.0, 9.1 PeopleSoft
Oracle PeopleSoft Enterprise PeopleTools, versions 8.50, 8.51, 8.52 PeopleSoft
Oracle PeopleSoft Enterprise Portal version 9.1 PeopleSoft
Oracle PeopleSoft Enterprise SCM, versions 9.0, 9.1 PeopleSoft
Oracle Siebel Life Sciences, versions 8.0.0, 8.1.1, 8.2.2 Health Sciences
Oracle FLEXCUBE Direct Banking, versions 5.0.2, 5.3.0-5.3.4, 6.0.1, 6.2.0 Contact Oracle Customer Support
Oracle FLEXCUBE Universal Banking, versions 10.0.0-10.5.0, 11.0.0-11.4.0 Contact Oracle Customer Support
Primavera P6 Enterprise Project Portfolio Management, versions 6.2.1, 8.0, 8.1, 8.2 Primavera
Oracle Sun Product Suite Oracle Sun Product Suite
Oracle MySQL Server, versions 5.1, 5.5
This excellent set of Windows utilities was recently updated
ISC: Sysinternals - April 2012 Product Releases
http://isc.sans.edu/diary.html?storyid=13006
http://blogs.technet.com/b/sysinternals/archive/2012/04/17/updates-notmyfault-procmon-v-3-01-testlimit-v-5-2-mark-s-webcasts-and-windows-internals-6th-edition-part-1.aspx
QUOTE: Among the release are updates to the following:
• NotMyFault
• Process Monitor v3.01
• TestLimit v5.2
• Webcasts from Mark R.
• Windows Internals 6th Ed. Part 1
The ISC documents an important security release:
Word Press 3.3.2 security release
http://isc.sans.edu/diary/WordPress+Release+Security+Update/13024
http://core.trac.wordpress.org/log/branches/3.3?rev=20552&stop_rev=20087
http://wordpress.org/news/2012/04/wordpress-3-3-2/
http://Pluploadwordpress.org/download/
QUOTE: WordPress released a security update (version 3.3.2) that fixes 3 external libraries (Plupload, SWFUpload and SWFObject) as well as privilege escalation and cross-site script (XSS) issues as well as 5 other bugs. Change log posted here. The advisory is posted here and you can download the update here.
As Apple works to resolve current issues with Flashbook, malware authors continue to innovate attacks.
New 'Flashback.S' Variant Spotted in the Wild
http://securitywatch.pcmag.com/none/296979-new-flashback-variant-spotted-in-the-wild
QUOTE Intego reported on Monday afternoon that Flashback has already evolved into a new variant, exploiting the same Java vulnerability that earlier this month had infected more than half a million Macs. This time, however the user does not even need to enter a password to complete the install. "It's an entirely silent install now," Intego researcher Lysa Myers told Security Watch. "We've seen silent installs on OS X before, but this is the first time we've seen something to this extent." Flashback.S drops two files in the user's home folder, then deletes cached Java files to avoid detection.
More Posts
Next page »