bob3160
2181
If you’re using Gmail, these messages are automatically placed in the spam folder.
MikeBCda
2182
Generally I lump these in with the “warnings” about account problems from banks I’ve never done business with, or supposed failed-delivery notices from UPS and the like. Other than the odd forum here and there, I’m not a registered member of any social or business organization on the net (other than my ISP and Yahoo, that is), so I know without doubt such mail is just garbage.
True, and a better idea is no matter email is suspect or not, just don’t click links you receive in there, if you got an email from LinkedIn, just head directly to LinkedIn website to see if you really have a message or not rather than clicking links in the email, same for facebook etc.
bob3160
2184
Miley Cyrus Fans, be careful, and stay safe.
“A Facebook post made to resemble a breaking news announcement about a Miley Cyrus sex tape brings tagjacking back into the social scam spotlight.”
system
2185
It does not matter what email spam filter you are using be it what Gmail uses, what any other email program uses, or those who use independent email spam filters. Not everyone uses Gmail, thankfully, because there are better email services, IMHO. And, having a variety of email services is good for the business just as it is good to have more than one OS company, more than one CPU maker, more than one browser producer, more than one AV company, etc.
In my own email service, I have the spam filter set at medium so that it does not block some things I want to receive that would otherwise be blocked by the high setting. I like the ability to decide what email I want or do not want.
This one slipped through and I’m glad it did. This way, I could investigate it, warn LinkedIn about it as it could have come from a compromised LinkedIn account, and finally, warn others who are LinkedIn members who are either on this forum as members or as visitors. Not eveyone who visits this forum, Bob, are Avast users … nor are all of them Gmail users and probably do not want to be.
By the way, what I sent to LinkedIn was the complete email without the obvious changes I made in my post here and I have already gotten a thank you from LinkedIn for notifying them about the problem account.
system
2186
Team GhostShell Exposes 120,000 Records From Universities - Dark Reading
Calculated attacks turn up hundreds of thousands of vulnerable records at 100 universities across the globe, hacker group says
The hacktivist group TeamGhostShell says it has embarked on a new campaign to expose data and vulnerabilities at 100 of the top universities around the world.
In a posting on Pastebin Monday, TeamGhostShell released some 120,000 records from universities such as Oxford and Harvard. The campaign, which the group has dubbed “Project WestWind,” has revealed vulnerabilities in university systems that could put hundreds of thousands more records at risk, the group says.
Read more at :
http://www.darkreading.com/identity-and-access-management/167901114/security/attacks-breaches/240008262/team-ghostshell-exposes-120-000-records-from-universities.html
system
2187
DSL modem hack used to infect millions with banking fraud malware
Even when PCs are locked down, modems and routers can still be compromised.
Millions of Internet users in Brazil have fallen victim to a sustained attack that exploited vulnerabilities in DSL modems, forcing people visiting sites such as Google or Facebook to reach imposter sites that installed malicious software and stole online banking credentials, a security researcher said.
The attack, described late last week during a presentation at the Virus Bulletin conference in Dallas, infected more than 4.5 million DSL modems, said Kaspersky Lab Expert Fabio Assolini, citing statistics provided by Brazil’s Computer Emergency Response Team. The CSRF (cross-site request forgery) vulnerability allowed attackers to use a simple script to steal passwords required to remotely log in to and control the devices. The attackers then configured the modems to use malicious domain name system servers that caused users trying to visit popular websites to instead connect to booby-trapped imposter sites.
See & read more at :
http://arstechnica.com/security/2012/10/dsl-modem-hack-infects-millions-with-malware/
system
2188
New Android Malware Is A Burglar’s Best Friend
PlaceRaider, an experimental smartphone trojan designed by Indiana University and the U.S. Navy, hijacks a user’s phone to make detailed 3D models of their bedrooms and offices.
Newly released malware PlaceRaider sounds like science fiction: It's Android malware designed to build 3-D models of users' apartments for burglars and assassins. But PlaceRaider--developed by a team at Indiana University--is very real. The new malware was built as an academic exercise, and it exposes security flaws that government agencies would love to use. More importantly, it also exposes unintended mobile functionality that large companies like Google could easily monetize.
PlaceRaider, which was summarized in a recent arXiv paper, is a piece of “visual malware” which smartphone cameras, accelerometers, and gyroscopes, to reconstruct victims’ rooms and offices. The trojan runs in the background of any phone running Android 2.3 or above, and is hidden in a photography app that gives PlaceRaider the necessary permissions to access the camera and upload images. Once installed, PlaceRaider quietly takes pictures at random that are tagged with the time, location, and orientation of the phone. PlaceRaider also, of course, mutes the phone’s shutter sound.
Read more at :
http://www.fastcompany.com/3001699/new-android-malware-burglars-best-friend
system
2189
Spam Email With Malware Attached
This one was blocked for me but be aware if you receive one
From: EarthLink Support
To: charleyo3@cccccccccc
Subject: EarthLink Virus Blocker Alert: Message from "American Airlines" Quarantined
Date: Oct 4, 2012 10:49 PM**************************************
EARTHLINK VIRUS BLOCKER MESSAGE STATUS
**************************************
MESSAGE QUARANTINED
Virus Detected: CMU-201209-1348558767
Message Details:
From: “American Airlines” sign-ids793@aa.com
Subject: Your ticket
Date: Thu, 4 Oct 2012 23:41:37 -0300 (BRT)
For your protection, EarthLink Virus Blocker has quarantined a message sent to you because it contains a virus.
Note: We do not recommend that you view a message that has a virus attached, even if you have up-to-date antivirus software. However, if you choose to view it anyway, you can: Sign in to Web Mail (https://webmail.earthlink.net), then click the Virus Blocker folder on the left.
Sincerely,
EarthLink Support
By the way, I have never flown on AA.
system
2190
Government Agencies Get Creative In APT Battle
Strapped for cash and feeling pinched by the increase in targeted attacks, some federal agencies are coming up with their own solutions for better protecting their information
SANS National Cybersecurity Conference -- BALTIMORE, MD. -- A handful of security professionals at the U.S. Department of Energy's laboratories were getting weary of trying to repel advanced persistent threat (APT)-type attacks and keep up with the latest threats. So they decided to roll their own tool to automate intelligence-sharing among the agency's national labs and scores of smaller labs.
“A couple of us were basically tired of losing [the race to keep up with new threat intelligence], so we decided we were going to do something about it. We were tired of getting together in little rooms” to share information, said Matt Myrick, senior cybersecurity engineer at DOE’s Lawrence Livermore Laboratory, in a presentation here today. So Myrick and a handful of colleagues from Sandia Labs, Los Alamos Labs, and DOE’s Pantex plant wrote a Python-based tool to block malicious websites, hashes, spear-phishing attacks. The so-called Master Block List (MBL) runs on an Apache server and can be integrated with any application to share real-time threat data.
Read more at :
http://www.darkreading.com/threat-intelligence/167901121/security/news/240008438/government-agencies-get-creative-in-apt-battle.html
system
2191
“I am calling you from Windows”: A tech support scammer dials Ars Technica
Cold caller from “Windows Technical Support” asks for remote access to my PC.
When the call came yesterday morning, I assumed at first I was being trolled—it was just too perfect to be true. My phone showed only "Private Caller" and, when I answered out of curiosity, I was connected to "John," a young man with a clear Indian accent who said he was calling from "Windows Technical Support." My computer, he told me, had alerted him that it was infested with viruses. He wanted to show me the problem—then charge me to fix it.
This scam itself is a few years old now, but I had not personally received one of the calls until yesterday—the very day that the Federal Trade Commission (FTC) announced a major crackdown on such “boiler room” call center operations. The very day that six civil lawsuits were filed against the top practitioners. The very day on which I had just finished speaking with Ars IT reporter Jon Brodkin, who spent the morning on an FTC conference call about this exact issue. And here were the scammers on the other end of the line, in what could only be a cosmic coincidence.
See & read much more at :
http://arstechnica.com/tech-policy/2012/10/i-am-calling-you-from-windows-a-tech-support-scammer-dials-ars-technica/
Asyn
2192
Microsoft Security Bulletin Advance Notification for October 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-oct
polonus
2193
Undetectable rootkit making the rounds. TDSS/TDL4 malware infecting the MBR, see the write up here: https://blog.damballa.com/archives/1810
Kudo’s for the discussion there go to Damballa labs’s Manos Antonakakis, Jeremy Demar, Kevin Stevens and David Dagon. Infected machines are used for clickfraud. Would be interestin g to know if ZeroVulnerability’s Exploit Shield protects against this infection?
polonus
system
2194
Skype Worm Spreads Ransomware, Botnet Links
Security researchers are warning Skype users about an ongoing attack that dupes people into loading a link that spreads malware.
… the attack has resulted in infected users spamming their contact lists with messages in both English and German. The English version of the message states: “lol is this your new profile pic?” along with a URL. The message in German is similar.
In both cases, the shortened URL eventually redirects to a download on hotfile.com that pulls down an archive named "Skype_todaysdate.zip” containing a single executable file of the same name.
Read more at :
http://www.eweek.com/security/skype-worm-spreads-ransomware-botnet-links/?kc=EWKNLEDP10102012B
system
2195
mchain
2196
Asyn
2197
system
2198
Firefox 16.0.1 is available and should fix the problem!
mchain
2199
system
2200
New computer virus targets Venezuelans after vote
A newly detected computer virus aims to steal Venezuelans' online credentials using a link that purports to reveal information about the country's recent presidential election, the digital security company Kaspersky Lab said on Friday.
The malicious software was launched after Venezuela’s Oct. 7 presidential election and was spread by email, said Dmitry Bestuzhev, head of the Moscow-based company’s research and analysis team in Latin America.
At least 75 Kaspersky customers came under attack by the malware, and non-customers surely did, too, he said.
Bestuzhev said in a blog post on Friday that the malicious file is named “listas-fraude-electoral.pdf.exe,” which translates as “electoral fraud lists” — a title likely to make some Venezuelans curious after President Hugo Chavez’s re-election victory.
Read more at :
http://my.earthlink.net/article/tec?guid=20121012/46cc37a8-964a-4c93-9946-8aa790aad6ea
