201

Mozilla overlooked malware-laced Firefox add-ons

http://www.theregister.co.uk/2010/02/05/malicious_firefox_extensions/

Two Firefox add-ons available for months on Mozilla's website infected users with malware that stole passwords and opened a backdoor on Windows machines, the open-source browser maker has confirmed.

The add-ons, available on an experimental section of Mozilla’s official add-on download site carried trojans that have been detected since 2008 by commercial anti-virus products. And yet they weren’t removed until late January and earlier this week because a scanning tool used to vet add-ons during upload failed to catch the malicious files.

202

Fake Firefox Update Pages Push Adware
http://threatcenter.blogspot.com/2010/02/fake-firefox-update-pages-push-adware.html

203

The SoThink detection may have been a false positive.
http://blog.mozilla.com/addons/2010/02/04/please-read-security-issue-on-amo/comment-page-1/#comment-45452

"Alan Baxter says:
February 6, 2010 at 11:51 am

It looks like the current scans of the SoThink 4.0 addon may have been false positives. SoThink updated the addon to 4.2 because of false positive reports in May 2008. Did AMO verify that 4.0 actually contained a trojan?

From http://74.125.47.132/search?q=cache:aou1K7snX3QJ:https://addons.mozilla.org/en-US/firefox/addons/versions/6541+site:addons.mozilla.org+sothink+"version+history"&cd=1&hl=en&ct=clnk&gl=us:
Version 4.2 — May 16, 2008 — 685 KB
Works with:

  • Firefox: 1.5 – 3.0b3
    Fixed Bug
  • Some of anti-virus softwares misreported that it contained virus.
204

Conficker…again… ???

Conficker outbreak infects Leeds hospital servers
http://www.theregister.co.uk/2010/02/09/conficker_nhs_outbreaks/

ZeuS tracker shrinks takedowns from days to minutes
http://www.theregister.co.uk/2010/02/05/zeus_tracker/

Leaky anti-virus defences letting malware through
http://www.theregister.co.uk/2010/02/08/security_scanner_shortcomings/

205

First the police, then the health service…what is next, the the fire service?

Seriously though, ESPECIALLY in those areas there should be safeguards against things like that, like no external media or no personal laptops etc. as this seems to be a vector for attack…

206

One Mozilla malware report turned out to be a false positive

Mozilla has announced that their report of a trojan in the SoThink Video Downloader extension was a false positive after all.
http://blog.mozilla.com/addons/2010/02/09/update-on-the-amo-security-issue/

207

Wow. I’ve got to wonder how much of a backlash Mozilla’s going to get; IMHO, it’s going to be big and well-deserved. First, letting a trojan into addons, even experimental addons, is just plain a bad decision, given there were - and are - tools detecting said trojan. Smearing SoThink - even accidentally - is only going to make it worse.
Maybe Mozilla just had a lot of bad luck, but the circumstances are sure weird.

208

New Russian Botnet Tries to Kill Rival

An upstart Trojan horse program has decided to take on its much-larger rival by stealing data and then removing the malicious program from infected computers.
http://www.nytimes.com/external/idg/2010/02/09/09idg-new-russian-botnet-tries-to-kill-rival-90923.html
209

lol Polonus has already mentioned that the first thing a rogue would do is get rid of the competition, to avoid other malware interference…I would add to make sure the victim will send the cash to the winner only :smiley: This seems confirmed here ;D

210

Security chip that does encryption in PCs hacked

http://news.yahoo.com/s/ap/20100208/ap_on_hi_te/us_tec_crypto_chip_cracked;_ylt=AlgYlCohoMwaXKR3qvFz_VwjtBAF;_ylu=X3oDMTJyZzFmdXMxBGFzc2V0A2FwLzIwMTAwMjA4L3VzX3RlY19jcnlwdG9fY2hpcF9jcmFja2VkBGNwb3MDMgRwb3MDNQRzZWMDeW5fdG9wX3N0b3J5BHNsawNzZWN1cml0eWNoaXA

211

Certainly not good news, Pondus.

Almost nothing is secure now.

212

Very interesting article. An extremely scary one too. Thanks for the link Pondus.

213

Anybody seen this? The Zimuse virus returns:
http://www.thewindowsclub.com/retro-virus-comes-back-to-hit-hard-disk-mbr

It waits 20-40 days, then overwrites the user’s MBR and reboots the computer. Result: fatal. (http://www.youtube.com/watch?v=KgjX4LQrkgI shows the virus in action)
Because it’s installation is pretty much silent, users frequently have no idea what hit them.

214

Windows Activation Technologies Update for Windows 7
http://windowsteamblog.com/blogs/genuinewindows/archive/2010/02/11/windows-activation-technologies-update-for-windows-7.aspx

215

I think this was posted already, may be in the update section, yesterday :wink:

216

and here we go again…

Adobe to rush out another critical Reader patch
http://www.computerworld.com/s/article/9156038/Adobe_to_rush_out_another_critical_Reader_patch?source=rss_news

217

Kaspersky defends false detection experiment
http://www.theregister.co.uk/2010/02/10/kaspersky_malware_detection_experiment/

218

I think this one is in the >> Updates << topic also already.

219

Sounds like a lot of a**e covering going on at kasperski. They know that samples of undetected files are sent to all AVs in VT that didn’t detect, part of the VT agreement I believe.

I would say they have shot themselves in the foot. At worse it is almost malicious and at best potentially damaging to their reputation.

220

Didn’t we go through something like that not to long ago ??? Not very pleasant for the customer or the Company. :cry: