In Today’s News (10/05/2011)

By | October 5, 2011

Source: Internet Security Alliance Daily Brief

Lawmaker calls for international pressure to stop China’s cyber-espionage. October 4, Washington Post – The chairman of the House Intelligence Committee spoke in unusually sharp terms Tuesday about China’s alleged efforts to steal American commercial data online, saying Beijing’s cyber-espionage campaign has “reached an intolerable level” that demands action. “Beijing is waging a massive trade war on us all, and we should band together to pressure them to stop,” said Rep. Mike Rogers (R-Mich.) at a hearing on cyber-threats and national security. “Combined, the United States and our allies in Europe and Asia have significant diplomatic and economic leverage over China, and we should use this to our advantage to put an end to this scourge.” He acknowledged that it might seem odd that a lawmaker charged with overseeing the U.S. intelligence community should lament spying by another government. But he said that China’s espionage targets go beyond the U.S. government and military to include scores of private American companies. The Chinese government has vociferously denied accusations from security experts and other nations that it has engaged in a cyber-campaign to steal intellectual property. Source:

Anonymous threatens to ‘erase NYSE from the Internet’. October 3, PC Magazine – Anonymous declared “war” on the New York Stock Exchange (NYSE) the weekend of September 30 and vowed to “erase” it from the Internet October 10 as the Occupy Wall Street protest entered its third week in New York City after a weekend that saw hundreds of protesters arrested during a planned march across the Brooklyn Bridge. “On October 10, NYSE shall be erased from the Internet. On October 10, expect a day that will never, ever be forgotten,” intoned a computer-generated male voice common to many Anonymous videos, in a warning posted on TheAnonMessage YouTube channel. The channel has been used to post several Occupy Wall Street-related video messages since the protest against lax regulation of the financial sector and economic inequality began September 17. Those messages include Anonymous’ initial “official” video regarding Occupy Wall Street, and a warning sent last week to the New York Police Department that threatened retaliation if “the brutality does not stop” against Occupy Wall Street protestors. The threat to “erase” the NYSE from the Internet was not explained, though some speculated Anonymous was planning a Distributed Denial-of-Service (DDoS) attack on the public-facing Web site, similar to DDoS attacks the group has used to take down sites in the past. Others felt that would only be a minor setback for the NYSE and guessed that Anonymous was planning a larger attack, perhaps even an attempt to actually disable trading on the exchange. Source:

PayPal emails replicated in phishing campaign. October 3, Softpedia – An e-mail reading “Your PayPal account has been limited” has been received by many users, in what turned out to be a well-thought-out phishing expedition. Mxlabs informed Softpedia October 3 that the scam e-mails were very well designed and because the seemingly genuine address was spoofed, they looked even more credible. The body of the note reads ”Unfortunately one of your recent transaction with PayPal is not successful because your PayPal account has been limited. It is a measure taken to protect your account and help ensure the safety of the PayPal platform. We want to help you remove this limitation as soon as possible so he can continue to take advantage of the benefits from PayPal.” The whole layout of the e-mail is very well conceived, and all the graphics and content elements are a perfect match to what would normally be seen in a message coming from PayPal. Once the Click Here button is hit, the user is transferred to a site hosted on a domain called mittemaedchen(dot)de. The full address contains some fragments that refer to “pay pal” to make it look more realistic. The next page, which is also well built, contains a form in which the customer is asked for information such as name, date of birth, country, address, and credit card information. After the form is completed, the victim is redirected to the PayPal genuine site. Source:

Critical vulnerabilities in Adobe Photoshop Elements 8. October 4, Help Net Security – Critical vulnerabilities have been identified in Adobe Photoshop Elements 8.0 and earlier versions, Help Net Security reported October 4. These two buffer overflow vulnerabilities (CVE-2011-2443) could cause a crash and potentially allow an attacker to take control of the affected system. An attacker would need to convince a user to open a malicious binary .grd or .abr file to successfully exploit the issue. Because Photoshop Elements 8 is no longer supported, Adobe recommends users upgrade to Photoshop Elements 10. Users who cannot upgrade to Photoshop Elements 10 should not open .grd or .abr files from untrusted sources. Source:

Children’s online games hide bank account stealing malware. October 3, Softpedia – Bitdefender experts warn users to pay closer attention to what their children access on the Internet as in many cases, harmless looking games hide dangerous malware that could compromise the entire information from a device. According to a Bitdefender researcher, “Some of these dangerous games are easily identified by adults –- who suspect that something is abnormal about them when they require permission to install various programs in the computer or they redirect to other Web sites,” he said. ”Thus, attackers choose targets that are easier to dupe. Furthermore, a 4-year-old doesn’t understand the concept of online vulnerability.” The colorful images and playful sounds might look innocent, but in some cases they hide backdoor applications that surrender control of the machine to hackers looking to steal sensitive data. The phenomenon is expected to take off, as recent studies show that in the United States and in the United Kingdom, more than 40 percent of children are highly active in social networking environments. Also, 24 percent of parents do not monitor their children’s Internet activity. Malware containing Flash applications seem to be among the most unsafe as in many cases they look like regular games. When they are executed, redirects are made, which lead kids to insecure locations that host malicious elements. Legitimate sites can also be overtaken by cybercriminals and infested with malevolent code that could hand over the controls to the system to a third party. Source:

U.S. signs international anti-piracy accord. 39. October 3, – The United States, Australia, Canada, Japan, Morocco, New Zealand, Singapore, and South Korea signed the Anti-Counterfeiting Trade Agreement October 1, an accord targeting intellectual property piracy. The European Union, Mexico, and Switzerland — the only other governments participating in the accord’s creation — did not sign the deal at a ceremony in Japan but “confirmed their continuing strong support for and preparations to sign the agreement as soon as practical,” the parties said in a joint statement. Among other things, the accord demands governments make it unlawful to market devices that circumvent copyright, such as devices that copy encrypted DVDs without authorization. The accord also calls on participating nations to maintain extensive seizure and forfeiture laws when it comes to counterfeited goods that are trademarked or copyrighted. Most important, countries must carry out a legal system where victims of intellectual property theft may be awarded monetary damages. Source:

Security hole in HTC phones gives up e-mail addresses, location. October 2, Ars Technica –A security hole found in some HTC Android phones could give apps with Internet permissions access to information such as a user’s location and their text messages, Android Police reported October 2. The vulnerability is part of HTC’s Sense UI and affects a subset of the brand’s most popular phones, including the HTC Thunderbolt, and the EVO 4G. The affected HTC phones have an application package titled HTCLoggers.apk installed with root-level access. Apps with Internet permissions can access HTCLoggers.apk, which provides access to information such as GPS data, WiFi network data, memory information, running processes, SMS data (including phone numbers and encoded text), and system logs that can include information such as e-mail addresses and phone numbers. When called upon, the logging program opens a local port that will provide this data to any app that asks for it. Apps can send the data off to a remote server for safekeeping, as shown by a proof-of-concept app that Android Police researchers developed. Source:

Google and Yahoo services become spammers’ heaven. October 1, Softpedia – Since e-mail arriving from Yahoo or Google services is considered legitimate and useful, spammers take advantage of this to spread malevolent messages. A Sophos security researcher revealed he has been receiving a lot of spam e-mail from Google Picasa and Yahoo! Groups, all being attempts of hackers to cast “spammy” alerts. In the case of Google’s Picasa, a random account is created that contains text and attached pictures that are then shared with other members. So users might end up receiving many Picasa Web albums. Because anything coming from the picture manager is considered to be harmless, it never ends up in the spam folder of the mailbox. Instead, it floods users’ inboxes with myriad scam attempts. With Yahoo! Groups the principle is more complicated, but spammers can just as easily take advantage of the policy slip. The rules allow anyone who owns a group to add members without asking for permission. Instead, after a user is unwillingly made part of a group, they must unsubscribe to stop receiving alerts. This mechanism is utilized successfully and as the Sophos researcher pointed out, in many cases it is not easy to unsubscribe. Another one of Yahoo’s policies makes certain links expire ”to prevent abuse,” thus making it impossible to cancel a subscription. Source:

Leave a Reply