July 2013 - Posts
AVAST provides a good free AV offering and is popular in Europe as noted in recent download trends:
QUOTE: Softonic, one of the world’s largest download site for Windows, Mac and mobile, has just announced that avast! Free Antivirus is the most popular download in Europe. Thank you to our users who have downloaded AVAST from Softonic! Read Softonic’s Software Trends (PDF) report to learn more about popular downloads and trends.
AVAST and F-Secure are reporting multi-platform variants in the Janicab malware family
QUOTE: Last week, we wrote about a script-based malware targeting Mac users. Yesterday, the folks from avast! revealed a Windows version. On Friday, July 12th a warning from an AVAST fan about a new polymorphic multisystem threat came to an inbox of AVAST. Moreover, an archive of malicious files discussed here were attached. Some of them have been uploaded to Virustotal and therefore they have been shared with computer security professionals on the same day. A weekend had passed by and articles full of excitement about a new Trojan for MacOs started to appear on the web. We decided to make a thorough analysis and not to quickly jump on the bandwagon. The key observation is that the final payload comes in the form of scripts needed to be interpreted by Windows Script Console resp; Python in the case of MacOs. Moreover a script generator that creates new malicious Windows file shortcuts was also included.
Facecrooks security shares a new Facebook hoax that is actively circulating:
QUOTE: Though Facebook is actually considering adding video ads to users’ News Feeds, a hoax message purporting to be from Mark Zuckerberg is spreading across Facebook that claims that these ads will radically change user experience on the site.
“We are currently looking into playing video ads as a way to increase the profitability of Facebook,” the fake Zuckerberg message reads. “These ads will stop what you are doing every ten minutes and play for anywhere from 15 to 60 seconds. You will then be able to resume what you were doing prior to the ad playing.” The hoax message then goes on to say that users should share this message (with a photo of Zuck) if they don’t want Facebook to implement video advertising.
The reason scams like this work is simple: they combine people’s fears about Facebook with a grain of actual news. While Facebook is considering video ads, it would never introduce a product that would halt users from using the site for any length of time. Even if they did want to implement video ads, they wouldn’t send out a survey asking users for their opinion. This scam is one of the more realistic ones that’s been distributed lately, though upon any close level of examination, it’s still an obvious a hoax.
As Facecrooks security notes Facebook users should carefully select goods and services they like, as increased tracking of user behavior generates advertising revenues. While not a major security or privacy threat, users should be aware their online behaviors are being tracked to help generate advertising data and revenues
QUOTE: Facebook has promoted itself as one of the best platforms on the Internet for advertisers to reach their customers, and it’s easy to see why: with an active user base of over 1 billion and comprehensive tracking analytics, advertisers can target their audiences more than ever before. Indeed, some of Facebook’s new analytics tools for its Pages are more far-reaching than ever. While hash tags have so far failed to take off on Facebook, companies can still closely observe user behavior using analytics.
One new Facebook analytic details the reach of a page to both fans and non-fans, as well as an “optimal posting time” function that shows a page’s administrator what times of day their user base is most active. Facebook’s Insights also allow page administrators to closely track user engagement with all of their content. While none of this represents a dire threat to your online privacy or security, you should be extra aware of how your Internet habits can be used by companies before you “Like” a page. While clicking that thumbs-up seems like a fairly innocuous gesture, advertisers can gain all sorts of information about your Facebook habits when you designate yourself as a “Fan” of something.
Microsoft details changes this month associated with it's MAPP initiative:
QUOTE: MAPP was our answer to a common phrase used back then: “Update Tuesday, exploit Wednesday.” This was a time when exploit writers had developed full automation for reverse engineering our security updates and building exploits. Security vendors received information at the same time as everyone else and had to then develop and test signatures before applying the updates. MAPP gave the security vendors, the “good guys,” a head start against the “bad guys.” In the years since its inception, MAPP has been successful in allowing these vendors to release protections when we release the updates so that our customers have the time they need to test and deploy them.
Today, we are introducing a few changes based on the changing threat landscape and feedback from our partners.
MAPP for Security Vendors -- First, in order to have a clear definition of the existing MAPP program and be able to convey how the new programs differ, we are now calling what the world today knows as MAPP, “MAPP for Security Vendors.” So, on top of streamlining and improving the quality of detection guidance, we are expanding the signature development window from one to three business days for MAPP partners who meet certain stringent criteria.
MAPP for Responders -- Through this new program, MAPP for Responders, we are working to build new partnerships and community collaborations that will enable strategic knowledge exchange. Microsoft intends to contribute to this effort by sharing threat indicators such as malicious URLs, file hashes, incident data and relevant detection guidance. Employing a “give to get” model, the community will benefit when data they provide is enriched by aggregating it with data from others.
MAPP Scanner-- The MSRC employs some of the brightest engineers in the industry, the sort who build tools such as !exploitable, OffVis, and EMET. MAPP Scanner, currently in a closed pilot program, is a content-based vulnerability scanner developed by our security engineers to aid in investigating incidents. We are introducing MAPP Scanner as a cloud-based service that can be used to scan Office documents, PDF files, Flash movies, and suspect URLs, to determine if they are attempting to exploit a vulnerability.
Going Forward -- As with Microsoft’s other security initiatives, such as the BlueHat Prize and our new bounty programs, the mission for MAPP is simple: mitigate entire classes of attack and protect customers. We have a long history of working across many different communities to drive this mission and will continue to do so.
With Windows 8, Microsoft has introduced versioning rather than service pack updates as the key approach for being on latest build. The requirements to be on latest build for update support will be similar to what is required for being on latest service packs
QUOTE: Windows 8 customers will have two years to move to Windows 8.1 after the General Availability of the Windows 8.1 update to continue to remain supported under Windows 8 lifecycle. With the availability of Windows 8.1 Enterprise Preview, it is time to start planning your deployment - and there are deployment tools and guidance available to help make these updates seamless for customers.
The new corporate preview version for Windows 8.1 is now available
QUOTE: Windows 8.1 Enterprise Preview is now available for download for customers to start testing the operating system in their environments. Windows 8.1 Enterprise Preview builds on the Window 8.1 Preview which is currently available, adding premium features designed to address mobility, security, management and virtualization needs of today’s enterprise. Here are the premium features that will be offered to customers as a part of the Windows 8.1 Enterprise edition:
* Windows To Go Creator
* Start Screen Control.
* Virtual Desktop Infrastructure (VDI)
* AppLocker Windows Enterprise Side-Loading
These Enterprise edition features add to the broader range of the new business capabilities in Windows 8.1. These features included:
* Assigned Access
* Inbox VPN Clients
* Open MDM
* Workplace join
* Remote business data removal
All current versions of browsers improve user privacy protection. In recent testing, NSS Labs rated IE10 as being most secure in area of privacy controls.
QUOTE: You can buy dozens of security products designed to protect your online privacy in dozens of different ways. Really, though, when it comes down to it, shouldn't privacy protection be built right into the browser? Truth to tell, the major browsers all have varying degrees of privacy protection built in, but some handle it better than others. A recent report from NSS Labs details the differences. For testing purposes, the researchers examined the latest versions of Internet Explorer, Firefox, Chrome, and Safari. They evaluated each product's default settings, since the majority of users are unlikely to fiddle with the defaults. Internet Explorer emerged as a clear winner, which may come as a surprise to Chrome enthusiasts.
Conclusions - Internet Explorer provides the best privacy protection of the bunch, says this report. Safari, Firefox, and Chrome follow, in descending order. In its current form, Do Not Track is not effective; the report encourages readers to support legislation strengthening privacy rights.
Fake royal birth photos and articles are circulating as "bait" to compromise PC or user security. On all major news events users should exercise caution when presented with email, links, Facebook selections, etc.
QUOTE: BBB warns, be careful when searching Google for news about the royal baby. Scam artists use fake websites to corrupt your computer. On Facebook, you may see a friend likes an "exclusive" video of the new royal baby. Curious, you click on the link. You are taken to a 3rd party website, where a pop up appears prompting you to "update your video player" before you can view the clip. You click "Ok." However, when you download the file, you aren't updating your software. You are downloading a virus that scans your machine for banking and other personal information. Similar scams can be found on Twitter and other social media.
Take the following steps to protect yourself:
1. Don't take the bait. Just stay away from promotions of "exclusive," "shocking" or "sensational" footage. If it sounds too outlandish to be true, it is probably a scam.
2. Hover over a link to see its true destination. Before you click, mouse over the link to see where it will take you. Don't click on links leading to unfamiliar websites.
3. Report Scams. On Facebook, report scam profiles, posts and other suspicious activity
4. Use good anti-virus software. Be sure your anti-virus software is up-to-date!
5. Stick to major and trusted news sites. If anyone is going to have the latest scoop, it's going to be them.
Android users must be even more cautious when selecting applications, as the new master key vulnerability has quickly materialized into an exploit. This new attack allows an infected version of an app to spoof digital signature controls. This new attack is circulating in-the-wild in China:
Two apps distributed in Chinese marketplaces are exploiting Android's "master key" vulnerability, Symantec researchers found. The "master key" vulnerability, publicized earlier this month, allows attackers to modify existing apps by inserting a malicious file with the exact same name as an existing one in the application package.
When Android opens the package file, it validates the first file's digital signature and doesn't validate the second because it thinks it has already validated that file. The biggest concern was that attackers can exploit the flaw to create malicious apps which can masquerade as legitimate apps and remotely take control of user devices.
Symantec found two apps distributed in an app marketplace in China that were using the exploit. The apps are used to find and make appointments with a doctor. The Trojan hides using the Android 'Master Key' vulnerability to keep the legitimate app signature valid. The Trojan allows attackers to perform the following actions:
* Open a back door
* Steal sensitive data (such as IMEI and phone number) and sends it to apkshopping.com
* Send premium SMS messages
* Disable certain security apps by using any available root commands
* Send SMS message to all the device's contacts in order to infect others
More can be found here:
On July 21, 2013, Microsoft released Office 2010 SP2 and below are key links
The following are the key areas of improvements that are offered by SP2:
Excel 2010 SP2
* Improves the overall stability, performance, and compatibility with other versions of Excel. For a more detailed list of specific issues that the service pack fixes, please download a version of the workbook that is available below.
* Fixes issues in which the performance of Excel decreases, and Excel file sizes become larger when additional built-in styles are copied during the duplication of data between different Excel instances.
* Fixes an issue in which data validation lists that contain comma signs (,) are broken in an .xlsx or .xlsb file. This issue occurs when you set the user locale to a location that does not use comma signs (,) to separate the lists. For example, Germany uses semicolons (;) to separate the lists. When you set Germany as the location, data validation lists that contain commas are all broken.
* Fixes an issue in which an .xlsx file created in Microsoft Office 2013 that contains an App bound to a table is corrupted on save. Additionally, it addresses the issue in which all Agave formulas in the workbook sheet are removed from the file.
Outlook 2010 SP2
* Fixes the issue regarding the message size of certain long email messages. Additionally, it fixes an issue that occurs when you perform a spell check before you send an email message.
PowerPoint 2010 SP2
* Improves the quality of videos in a presentation after the videos are optimized or compressed by PowerPoint.
* Fixes issues that occur when you co-author a presentation with other users at the same time.
* Fixes an issue in which Mozilla FireFox crashes when you try to view a presentation in PowerPoint Web App on a Mac computer that has Microsoft Silverlight 3 or Silverlight 4 installed.
Word 2010 SP2
* Fixes issues regarding bookmarks, fields, track changes, templates, tables, object wrapping, autocorrect options, and email addresses. Additionally, it fixes general reliability issues that occur when you post a blog entry on Microsoft SharePoint Server 2013 and Microsoft Office 365 blogs.
* * * * * * * * * * * * * * *
Download Service Pack 2 for Microsoft Office 2010 (KB2687455)
32-Bit Edition from Official Microsoft Download Center:
64-Bit Edition from Official Microsoft Download Center:
During July 2013, hackers gained access to the Linux Ubuntu Forums impacting over 19,000 active users.
QUOTE: The official forums for the Linux Ubuntu OS have been offline following a security breach this weekend. An intruder reportedly gained access to 1.8 million user names and passwords as part of the attack. If you're among those affected, now would be a good time to get a password manager. The attack was first reported on July 20, and the forum has since been replaced by a simple splash page. "Unfortunately the attackers have gotten every user's local username, password, and email address from the Ubuntu Forums database," reads the Ubuntu website. "The passwords are not stored in plain text, they are stored as salted hashes." Even so, the site advises that users who recycled their login information should change the passwords on all affected sites. The UK Register reports that, prior to being taken offline, the Ubuntu forum had over 1.8 million registered users, 19,493 of whom are active on the site. The site, which is still offline as of writing, is apparently a major hub for the Ubuntu user and development community. Canonical, the company which manages Ubuntu releases, advises visitors to go elsewhere for the time being.
Microsoft has just released Service Pack 2 for Office 2010 for 32 and 64 bit versions as follows:
Download Service Pack 2 for Microsoft Office 2010 (KB2687455)
32-Bit Edition from Official Microsoft Download Center:
64-Bit Edition from Official Microsoft Download Center:
Interesting performance review, where latest version of Firefox (v22) offers significant performance improvements.
QUOTE: While Chrome 27 is the leader in most categories, Firefox 22 is right on its heels in second place. So, with close second-place finishes in nearly all categories that Chrome wins, Mozilla really needed to exploit any weakness in Chrome. And it does just that. Chrome's extreme fall from grace in start-up time really hurt. With Firefox attaining top marks in that category, an extreme divide is created where we'd normally expect both browsers to pace each other. The same type of brutality is used against Chrome in reliability testing, where Firefox 22 almost pulls off a perfect score, while Chrome 27 has issues with more than 25% of the workload. Although this is not the first time that Firefox has edged out Chrome, this is the most punishing margin of victory. It's as if Mozilla knew just where to strike. Now, the onus is on Google to either completely outpace Firefox in performance (as it once did), or focus on addressing Chrome's own weaknesses. Either way, Mozilla buys Firefox some time at the top.
German researchers have discovered an encryption SIM card vulnerability found in older mobile devices
QUOTE: A flaw in the encryption technology used by some SIM cards in mobile devices can be exploited to take control of the device, a German researcher has found. The vulnerability would allow attackers to send spoofed text messages to obtain the 56-bit data encryption standard (DES) key used by the targeted phone's SIM card, Karsten Nohl, founder of Berlin's Security Research Labs, told the New York Times and Forbes. With the key in hand, attackers would be able to install malicious software and perform other nefarious operations on the device. More details will be revealed during his presentation at the Black Hat conference in Las Vegas later this month. About half of the SIM cards in use today still rely on the older DES encryption rather than the newer and more secure triple-DES, Nohl estimated. Over a two-year period, Nohl tested 1,000 SIM cards in Europe and North America and found that a quarter of them were vulnerable to attack. He believed that as many as 750 million phones may be affected by this flaw.
PC Magazine offers excellent recommendations for travel safety as noted below:
QUOTE: Summertime! Off to the beach, or to the mountains for some cooler temperatures. Visiting family or exploring new locales. Keep the following security tips from Grayson Milbourne, director of security intelligence at Webroot, in mind as you make your travel plans this summer.
2. Be Alert for Rogue Wireless - Don't just hop on and off free public wireless networks willy-nilly. You may think the wireless network belongs to the hotel or the airport (just because it says Terminal 1 doesn't mean the airport owns the network!) but it may easily be a rogue network.
3. Backup Your Device - If you are taking a laptop or mobile device on your vacation, back it up first. You don't want to lose all your contacts, photos, and files just because you accidentally lost it or left it on the plane.
4. Don't Let Your Device Out of Sight - Try to keep your device with you. If you have your laptop with you, consider using the room safe instead of leaving it on the desk while you are out. You don't want to take the chance of it being stolen or have someone use it without your knowledge.
5. Install Device Protection - For smartphones and tablets, install anti-theft and mobile device management before you leave for your trip. And if you don't think you will get it back, then you can send the command to remote wipe the data.
6. Update Everything - Update your software, operating system, and security tools before you leave. You don't want to be hit with a malware attack while you are on the road.
1. Don't Tell People When Your House is Empty -- You don't want to come back from your trip to find that burglars have taken advantage of your publicly announced absence to help themselves to your belongings. If you must post updates of all the fun you are having every day on Facebook, then please, make sure you are using the privacy controls. Make sure only your real friends and trusted contacts can see your posts.
Microsoft has redesigned and launched their MMPC site with numerous improvements
QUOTE: Today we launched our new Microsoft Malware Protection Center website. Throughout the redesign process we have been listening to your feedback. You asked for an easier way to find our security software and updates; you can now get to all of our product downloads straight from our homepage. While you’re on the homepage you’ll also see links to our help archive, blogs, and trending security topics from the Microsoft Community forums. One of our top priorities is to make it easier for you to solve any issues with malware and potentially unwanted software. To help, we created a box on each page of our new website that answers some of your most-asked questions. We also added new content to address common problems, such as:
* How to identify and fix ransomware
* How to avoid exploits
* How to avoid rogue security software
* What common error codes in Microsoft security software mean
As noted in brief awareness article, it is best to share privately in advance and then post photos or trip highlights publicly later. Hopefully, folks who share travels in real time mode have others watching plus good alarm system.
QUOTE: While the first impulse for many vacationers is to share every detail about their trip on social media sites like Facebook, security expert David Walsh warns that tech-savvy criminals could see your posts and use it as a reason to break into your home. Walsh, chief executive of security monitoring service Net Watch, said vacationers need to be particularly careful in the summer months, when home break-in numbers rise due to vacations and holidays. “You may think that checking in at the airport is a nice way to let your friends and family know that you’re going on holiday, but in reality you are also letting people know that your home is empty and an easy target,” he said. “If you want to share your holiday plans, don’t do it in real time, wait until you are safely home.”
According to police, some burglars search Facebook using keywords that help to reveal whether someone is traveling or not, or even look at who has checked in at airports using Foursquare. In this time of online oversharing, it’s only natural that criminals would catch on and take advantage. In fact, according to an infographic put together by door company Distinctive Doors, around 75 percent of convicted burglars believe other robbers are using social media to find and scope out their targets. While it’s nice to tell everyone back home about your tropical trip, it might be best to wait until you’re actually home to post those photo albums.
Almost all Ransomware attacks require users to pay money to unlock their computer (unless preferably a removal tool is used from an AV Vendor). With the new Shadowlock Trojan horse, users must fill out a survey to "unlock" their computer. The author also created an Easter Egg at the end of the process that plays the musical tones from the movie Close Encounters of the 3rd kind and opens the CD/DVD tray at end of process. Shadowlock uses the advanced "dot Net" Framework services and could evolve to a more malicious attack in the future.
QUOTE: In the vein of fake computer lockers everywhere, such as the Trojan.Ransomlock, Trojan.Fakeavlock, and Trojan.Winlock families, comes Trojan.Shadowlock. Unlike any of its predecessors however, this malware "encourages" users to fill out an online survey instead of outright demanding an online payoff. Online surveys in general return very little money, but they do eventually add up in the long run. In this case, it turns out the malware author has a sense of humor and left in a certain Easter egg for reverse engineers to find. The Easter egg is a sound bite of the famous five-tone motif from the movie Close Encounters of the Third Kind
After some time, Shadowlock finally reveals some of its capabilities. The threat can do several things, such as killing popular browsers (Firefox, Chrome, Internet Explorer, Safari, and Opera) and disabling certain system tools. It can also eat up any available disk space and disable the Windows firewall. It can even redirect users to websites with shocking content through the default Web browser. On a more playful note, the threat can also swap mouse buttons, open the CD tray, or launch basic OS apps like Calculator or MS Paint.
Interestingly enough, a vast majority of these functions are never called in the code. Two possibilities come to mind. One is that the author may have found some code and added the survey scam on top of it. The other possibility is that the author may be testing the waters, so to speak. These functions (as well as others) may find themselves being used in a future variant. At Symantec, we protect our customers by detecting this threat as Trojan.Dropper, Trojan Horse, or Trojan.Shadowlock. According to our telemetry, this threat is not widespread. Be advised however, if you see your CD tray opening and hear eerie theme music, you may be experiencing a close encounter of the Shadowlock kind.
Security researcher Graham Cluley notes a popular hoax circulating on Facebook. Just like email hoaxes, when the message asks you to share this warning with all your friends, it is usually a hoax.
QUOTE: More and more Facebook users have been sharing a message warning of a change in Facebook’s privacy settings, and how a new “Graphic app” could let any member of the social network see your photos, likes and comments. Despite the message being inaccurate, and containing a number of misunderstandings, it continues to circulate. The truth is that there is no such thing as “Graphic App”, and the material you post on Facebook is viewable by others based upon the sharing settings you have chosen, just as it has always been.
COPY OF HOAX MESSAGE: Hello to all of you who are on my list of contacts of Facebook. I would like to ask a favour of you…. You may not know that Facebook has changed its privacy configuration once again. Thanks to the new “Graphic app”, any person in Facebook anywhere in the world can see our photos, our “likes” and our “comments”. During the next two weeks, I am going to keep this message posted and I ask you to do the following and comment “DONE”. Those of my friends who do not maintain my information in private will be eliminated from my list of friends, because I want the information I share with you, my friends, to remain among my friends and not be available to the whole world. I want to be able to publish photos of my friends and family without strangers being able to see them which is what happens now when you choose “like” or “comment”.
Unfortunately we cannot change this configuration because Facebook has made it like this. So, please, place your cursor over my photo that appears in this box (without clicking) and a window will open. Now move the cursor to the word “Friends”, again without clicking and then click on “Settings”. Uncheck “Life Events” and “Comments and Like”. This way my activity with my family and friends will no longer be made public. Now, copy and paste this text on your own wall (do not “share” it!). Once I see it published on your page, I will un-check the same for you. Thanks so much.
More Posts Next page »