Chinese schools, search sites host malicious code

Two universities and two major search portals based in China fell prey to online attackers in the past week, with each site compromised to include malicious code that attempts to gain control of visitors' computers, a security firm said this week.

The compromised sites are:

• China.com
• Sohu.com
• Huazhong normal University webpage
• Pekin University webpage
  

Inserting malicious code into legitimate sites has become an increasingly popular way to infect Internet users' computers. Many of the attacks use flaws in a Web site's back-end database system, such as the recent flaw in Microsoft's SQL server, to add unauthorized code to vulnerable sites.

Earlier this year, attackers had used search-engine optimization (SEO) techniques to include malicious code in the searches cached on various major Web sites, including Wired.com and CNET Networks' online properties.

Read more here.

Subject Lines Spammers Can’t Resist

Spammers often change their subject lines in a bid to escape detection and filters. But there are some tried, tested and true subject lines they keep returning to again and again.Any time you see an e-mail with one of these subject lines, delete it without opening if you want to stay safe:

1. Contact Me
2. Salary too low for you? you can buy Degree/Dip1oma/MasteerMBA
3. Order status
4. Delivery Status Notification
5. Message
6. Delivery Status Notification (Failure)
7. lets get naked
8. Your order
9. Relax and take your time.
10. Conto sospeso temporaneo

Courtesy of McAfee

Read here for detailed article.

Samsung Digital picture frame viruses are back

Purchasers of some models of the Samsung digital picture frames have received warnings earlier this week, following the discovery that a six-month-old computer virus had hitched a ride on the devices.

The file infecting virus, known as W32.Salty.AE, compromised version 1.08 of the Samsung Frame Manager software for Windows XP that comes preinstalled on some of Samsung's frames, according to an alert published earlier this month by the company. Some purchasers of the Samsung SPF-85H 8-Inch Digital Photo Frame from Amazon.com received a warning from the online retailer about the virus.

Samsung recommends using antivirus software to quarantine W32.Salty, and then installing version 1.082 of its Frame Manager software.

Read more here

Friendster outage

Friendster has been out of reach for the last 48 hours, the apparent cause is due to a power outage @ Friendster HQ in Sunnyvale.

Pls dimiss any rumours of accounts being hacked into.

Full report here.

Season's Greetings 2008...

Merry Christmas to all.
It's holidays for the average worker, but remember, Security doesn't stop working. In fact, it's the holidays that they work the hardest.

Stay safe!

Email hoax - MSN is closing down

Some friends have dropped me a message over IM to inquire if MSN was really closing down. I shook my head when I received the messages. First thing that comes to mind - email hoax.

The content of the hoax is as follows:

"Hey it is Andy and john the directors of MSN, sorry for the interruption but msn is closing down. this is because too many inconsiderate people are taking up all the name (eg making up lots of different accounts for just one person), we only have 578 names left. If you would like to close your account, DO NOT SEND THIS MESSAGE ON. If you would like to keep your account, then SEND THIS MESSAGE TO EVERYONE ON YOUR CONTACT LIST. This is no joke, we will be shutting down the servers. Send it on, thanks.

WHO EVER DOES NOT SEND THIS MESSEAGE, YOUR ACCOUNT WILL BE CLOSED AND YOU WILL COST £10.00 A MONTH TO USE. SEND THIS TO EVERYONE ON YOUR CONTACT LIST. NOW YOU KNOW WHAT TO DO. PLEASE DO NOT FORWARD THIS or REPLAY. COPY THE WHOLE EMAIL. GO BACK TO YOUR INBOX AND CLICK ON NEW. AND PASTE THANK YOU FOR YOUR ATTENTION"

I went to Google and checked out the authenticity of the email, and my guess was right. It's an email hoax, documented right here.

So pls do your part, and stop forwarding such emails. It saves bandwidth, and save your time too.

Browsers fail password-management security tests

Have you ever wondered whether the web browser you're using is secured? Let's put them to the test.

5 popular web browsers were put to the test:

• Google's Chrome
• Apple's Safari
• Microsoft's Internet Explorer 7.0
• Mozilla Firefox
• Opera
  

Google's Chrome browser and Apple's Safari have received poor marks in a new set of tests evaluating the security of password-management features in five popular Web browsers.

Read on the report for more details and the astonishing results.

Microsoft Security Advisory (960906)

What:
Microsoft WordPad is a simple text editor supplied with most versions of Microsoft Windows. WordPad Text Converters are components installed by default that allow some applications to open Word documents if Word isn't installed.

WordPad is prone to a remote code-execution vulnerability because of an unspecified error that may result in corrupted memory. This issue can be triggered when WordPad is used to open specially crafted '.doc', '.wri', or '.rtf' files.

An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts may result in denial-of-service conditions.

How:
1. An attacker constructs a malicious document sufficient to trigger this issue. The file may
consist of arbitrary code, replacement memory addresses, and possibly NOP instructions.

2. The attacker uses email or other means to distribute the file and entices an unsuspecting
victim to open it.

3. When the victim opens the file, arbitrary code will run. Successfully exploiting this issue can
result in the remote compromise of affected computers. Failed exploit attempts may crash
the application.

Prevention:
Microsoft has identified the following workaround for this issue; Disable the WordPad Text Converter for the Word 97 file format. Please see the referenced advisory for more information regarding this workaround.

Read more here

Fake Friendster and Facebook Sites with One IP Address

Facebook and Friendster users please beware.

There is currently a fake website hosting Friendster and Facebook login pages. Logging into these fake websites will compromise your login credentials.

Please read more here.

DIY: Old diskette ornaments (for X'mas)

Season greetings coming soon. Got a bunch of old diskettes lying around collecting dust. Why not make them into a geeky holiday ornament for your tree? It's the perfect gift for your geeky friends.
Read on for some geeky ideas =)

Internet Explorer 7 Zero-Day Exploit

Internet Explorer 7 has an exploit.

Yup, you did not read it wrongly, it's called the IE 7.x Zero-Day Exploit. This is a nice rundown by HD Moore, with all the juicy technical details, of the recent zero-day exploit against Internet Explorer 7. The exploit, inadvertently released by Chinese researchers, involves how IE7 handles XML.

Probably I shall spare the technical details and just summarize for the peeps here. The problem in IE7 means a computer could be infected with malicious software merely by visiting a Web site, one of the most dangerous computer security scenarios. It affects computers running IE7 on Windows XP, regardless of the service pack version - meaning irregardless whether you're patched up to the latest services pack or not (XP SP 3 inclusive!)

My view on this? Use an alternative browser like Firefox or Chrome for the time being until Microsoft issues a patch for it.

Well, Microsoft has acknowledged the issue but has not indicated when it will release a patch:

“Microsoft is investigating new public reports of attacks against a new vulnerability in Internet Explorer. Our investigation so far has shown that these attacks are against Windows Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008.”

If you're into the techie explanations, you may refer to these readings:
Symantec, MSRC and SearchSecurity's Security Bytes blogs.

Microsoft issued its Security Advisory 961051 yesterday.

Source

Koobface Worm Targets MySpace, Other Sites

There's nothing like social networking sites to keep people connected and worms propagating — such as the all new and improved Net-Worm:W32/Koobface.CZ. A little infection equals a little comment in someone's little site somewhere.

This version of Koobface targets the following sites in its body:

– bebo.com
– myyearbook.com
– blackplanet.com
– facebook.com
– myspace.com
– friendster.com

It also has its own site, where it can query for more data, updates and of course the comments that it posts to the targeted websites. The site hosts plenty of comments (and of course the corresponding links) for the worm to use. Here are some of them:

**Pls do not visit the links. If you want to go ahead, do it at your own risk!!

– COMMENT: Are you sure this is your first acting experience?
– LINK: http://finditand .com/go/be.php?0e9c60ch=d41d8cd98f00b204e9800998ecf8427e

– COMMENT: is it u there?
– LINK: http://findit12 .com/go/be.php?e7883ch7=d41d8cd98f00b204e9800998ecf8427e

– COMMENT: impressive. i'm sure it's you on this video.
– LINK: http://find-notall .com/go/be.php?70dd4ch=d41d8cd98f00b204e9800998ecf8427e

– COMMENT: How can anyone get so busted by a spy camera?
– LINK: http://find-allhere .com/go/be.php?50ch=d41d8cd98f00b204e9800998ecf8427e

– COMMENT: You're the whole show! i'm admired with you
– LINK: http://freemarksearch .com/go/be.php?ch23=d41d8cd98f00b204e9800998ecf8427e

Read on to see more examples at Source.

Lack of education leads to rising tide of web, email and social networking attacks

Sophos has published its Security Threat Report 2009 examining the threat landscape over the last twelve months, and predicting emerging cybercrime trends for 2009. The report reveals that more malware is hosted on American websites and more spam is relayed from American computers, than any other country. As evidence of this, when an American internet company, accused of collaborating with spammers and hackers, was disconnected from the net in November, there was a staggering 75 percent drop in spam.

Sophos's research reveals that in 2008 organised criminal gangs tripled their attacks against innocent websites, injecting malicious code to infect visiting home users and businesses. In addition, 2008 has seen concerted campaigns by hackers to pose as legitimate anti-virus vendors, creating new professional-looking websites and applications every day with the intention of scaring users into believing that their computers have been compromised. On average, Sophos identifies five new scareware websites every day, with the figure peaking at over 20 per day on occasion.

The report, which documents the major internet attacks of 2008, also reveals a startling rise in hackers spamming out malicious attachments, designed to compromise PCs in order to steal identities, money and resources. By the end of 2008, Sophos was tracking five times more malicious attacks arriving through files attached to emails than at the start of the year.

Furthermore, spammers and malware authors have shown a deadly interest in websites like Facebook - breaking into innocent users' accounts to take advantage of trusted social networks and send spam and malware.

Internet attacks are overwhelmingly orchestrated via networks of innocent home computers that have - unknown to their owners - been commandeered by hackers. Sophos urges home users and businesses to properly defend their PCs with up-to-date anti-virus software, security patches and firewalls.

Source

Mumbai Terrorists Used Google Earth, Boats, Food

The recent Mumbai terrorist incident that took away a Singaporean hostage, shocking news for the nation. But look what's even more shocking. An Internet application that has been abused and mis-used for malicious intents:

The Mumbai terrorists used Google Earth to help plan their attacks. This is bothering some people:

Google Earth has previously come in for criticism in India, including from the country's former president, A.P.J. Abdul Kalam.

Kalam warned in a 2005 lecture that the easy availability online of detailed maps of countries from services such as Google Earth could be misused by terrorists.

Of course the terrorists used Google Earth. They also used boats, and ate at restaurants. Don't even get me started about the fact that they breathed air and drank water.

A Google spokeswoman said in an e-mail today that Google Earth's imagery is available through commercial and public sources. Google Earth has also been used by aid agencies for relief operations, which outweighs abusive uses, she said.

That's true for all aspects of human infrastructure. Yes, the bad guys use it: bank robbers use cars to get away, drug smugglers use radios to communicate, child pornographers use e-mail. But the good guys use it, too, and the good uses far outweigh the bad uses.

Source

Friendster weird messages

It appears that lately, Friendster users are getting spammed, by their own network of friends.
The title goes like these:

1. Hi All
2. Hola!
3. Hey
4. Hey buddy
5. Letting you know…

While the content goes like this:


Here's what other users are saying:
Link 1
Link 2

So pls, refrain from clicking on that LINK... yes, I know it may look very tempting.
But just be willing to take the consequences then.