Month: June 2010

Number one: “WordPress-based, GoDaddy-hosted websites hacked”

Sucuri Security revealed that GoDaddy servers were hacked yesterday afternoon and thousands of WordPres blogs and other PHP-based sites were loaded with a malicious script aimed at infecting visitor’s machines with rogue security products.

Help here:

“Simple cleanup solution for latest WordPress hack”

Number two: “Massive Malware Hits Media Web Sites”

Researchers have estimated that intruders used SQL injection attacks to compromise about 7,000 Web pages. The Jerusalem Post and Wall Street Journal sites were among them.

Number three: “Apple’s Worst Security Breach: 114,000 iPad Owners Exposed”

Gawker reported that they were given data on 114,000 iPad 3G user accounts by intruders who hacked an AT&T server. The accounts included those of CEOs, top political figures and military personnel.

Gawker said “…it’s possible that confidential information about every iPad 3G owner in the U.S. has been exposed.”

They also said AT&T fixed the security vulnerability

Tom Kelchner

Update:

Number four: “Turkish Hacker Hijacks .CO.IL MSN and Hotmail Domains”

Softpedia is reporting that hacktivists hacked the MSN and hotmail sites of Israel, msn.co.il and hotmail.co.il, (both belong to Microsoft) and posted a pro-Palestinian message and photograph.

Lucian Constantin, Softpedia Security News Editor speculated that the intruders could have used stolen credentials to log into the control panel or social engineered an employee at the domain registrar.

Facebook and the PTA have announced a joint long-term project aimed at teaching kids Internet safety. The partnership was announced at the Parent Teacher Association’s national convention in Memphi, Tenn., today.

Topics included are: cyber-bullying, Internet safety and security and “citizenship online.”

According to the joint news release, “The partnership is founded on the belief that awareness is essential to supporting safe and responsible Internet use. Thus, in addition to creating comprehensive and engaging resources, PTA and Facebook are committing to aggressively promoting Internet safety information to their respective audiences. National PTA will use its Website (www.pta.org), and actively reach out to the 24,000 local PTAs across the country with a goal of reaching every American public school. Facebook will raise awareness of the resources among the hundreds of millions of parents, teachers and children using its service through an in-kind Facebook commitment equivalent to $1 million and promotion on other parts of the site, including the safety center.”

News release here.

Thanks Wendy

Tom Kelchner

The U.S. Federal Trade Commission has issued an alert to consumers and businesses to be alert for scammers using the BP oil spill in the Gulf of Mexico as a subject for their con schemes.

“Scammers will likely use e-mails, websites, door-to-door collections, flyers, mailings and telephone calls to solicit money by claiming they’re raising money for environmental causes or offering fraudulent services related to the oil spill. In reality, many could be trying to get inside consumers’ homes or get access to their personal information. The consumer alert advises consumers to check with the Better Business Bureau to get information on businesses and charities, and offers tips on how to avoid these scams,” they said.

Alert here: “FTC Urges Consumers to Watch Out for Scams Related to Gulf Oil Spill”

Tom Kelchner

Update:

Our good friends at McAfee AV have blogged about some dodgy affiliate marketing spam they’ve seen with oil spill themes.

Sam Masiello wrote:

“We’ve seen emails offering legal advice for those who have been affected by the spill, using subject lines such as:

File your lost income claim against BP Oil
Gulf Coast Oil Spill Information
Gulf coast oil spill legal information
Have you been effected by the oil spill?
Oil Spill Injury Representation
Oil Spill Lawsuit Compensation
Oil Spill Lawsuit Information for
Oil Spill Lawsuit Information
Will the oil spill hurt your business?

“These emails typically contain one or two short lines of text and a link to information on filing a lost-income claim against those responsible. Once the link is clicked, the fog of redirection and obscurity begins. One particular example contains a link to a URL on jellydrum.com, which redirects to lynxtrack.com, then to chilaytrk.com, before finally hopping to http://www.consumerinjuryalert.com/oil/index.php.”

He cautioned:

“As we frequently recommend, be careful whom you give your personal information to. You have no control over your data once you give it away, so provide it only to vendors that you feel you can trust. Never provide sensitive information that you are not comfortable giving out, and if you feel that your email address may be used for unwanted marketing, use a throw-away address that you check only as needed or not at all. You do not have ultimate control over how your data is used or to whom it is given, but you do have control over how personal the information is that you provide.”

McAfee blog piece here: Peering Into the Affiliate Marketing Window

Costin Raiu at Kaspersky Labs blogged about this malicious little gimic and I though it was insidious enough that it should be publicized further.

Raiu uploaded his first HD movie to YouTube and immediately got an email from YouTube that said “Congratulations on your first YouTube upload!” and gave some hints and tips.

Several hours later he got another email that said: “Hello, Have you tryed (sic) YouTube Toolbar?” The misspelling set off alarm bells in his head, he investigated and found that the email message that he received included a link that would download a variant of Backdoor.IRC.Zapchast.

Raiu blog post: “YouTube Toolbars”

Sunbelt description of Backdoor.IRC.Zapchast here.

It’s just one more instance that supports the security rule: “don’t click on links in email from strangers and think twice about clicking on links from those you know.”

Tom Kelchner

“Hi, and welcome to my online pictures portfolio. Please enjoy your stay.”

Those are the words that leap from your speakers (along with some tinkly relaxing music) as you open up what appears to be a rather nice looking online art gallery – a gallery pack that has been traded on hacking forums over the last couple of weeks as a “great way to infect people”. While I’m not entirely sure if the people distributing it have gone to all the trouble of creating it from scratch, there’s definitely a scam in the offing.

I’m not exaggerating how nice it is, either – this Flash gallery allows you to slide the images on a track at the bottom, and they’re also divided up into numerous galleries. Classical paintings, fantasy landscapes and pictures of blue floaty lights all lie in wait to stimulate your mind. There’s also this guy:

Unfortunately, Clint doesn’t look too happy and that’s never a good sign. The wheeze here is that to view additional imagery, you’ll need to say “Yes” to this Java prompt:

You’d think people would avoid dubious Java prompts, but oh well. It’s worth noting that because the gallery files are being used by lots of random people, there is no way to know what kind of infection is lurking when the java prompt appears – it could be absolutely anything at all. However, below is what happened when we visited one of the live sites.

Should the victim hit the Run button, they’ll end up with a file called Winconfig.vbs in their Temp folder. This is what you’ll see if you examine the code:

“Update.exe” arrives on the system to little fanfare, again in the Temp folder and carries all the characteristics of a password stealing Trojan.

Currently there are 19/41 detections listed in VirusTotal.com (although it’s called svchost.exe on there), and we detect this as Trojan.Win32.Generic.pak!cobra.

I’m a big fan of art myself, but I’m not so sure I’d want my computer to be turned into a performance piece…

Christopher Boyd

It wasn’t you, it was them

Twitter’s status page reported that the micro-blogging service had latency and error problems today and was down for a number of hours:

“Update 12:29 PM PDT / 19:29 UTC: We’ve identified the cause of today’s incident as an error with networking equipment. This networking error prevented us from serving at full capacity.”

Tom Kelchner

“Violent video games are like peanut butter”

For tens of millions of people worldwide, video gaming – on consoles, PCs, phones or online – is a big piece of life. For those not close to the gaming scene it might be hard to understand how captivating that world is for the enthusiasts. Everybody in every region of the planet with electricity appear to be asking the question: “is it really good for you to spend so many hours playing those games?” Researchers and commentators have been taking a hard look at the good and bad mental health aspects of gaming.

Violent Video Games May Increase Aggression in Some But Not Others, Says New Research

American Psychological Association this month published a special issue of its Review of General Psychology devoted to the effects of video games. Some of the articles:

(Video games as learning tools)

— “Video games serve a wide range of emotional, social and intellectual needs, according to a survey of 1,254 seventh and eighth graders. The study’s author, Cheryl Olson, PhD, also offers tips to parents on how to minimize potential harm from video games (i.e., supervised play, asking kids why they play certain games, playing video games with their children).”

— “Commercial video games have been shown to help engage and treat patients, especially children, in healthcare settings, according to a research review by Pamela Kato, PhD. For example, some specially tailored video games can help patients with pain management, diabetes treatment and prevention of asthma attacks.”

— “Video games in mental health care settings may help young patients become more cooperative and enthusiastic about psychotherapy. T. Atilla Ceranoglu, M.D., found in his research review that video games can complement the psychological assessment of youth by evaluating cognitive skills and help clarify conflicts during the therapy process.”

(Games and violence)

— Christopher J. Ferguson, PhD, of Texas A&M International University and guest editor of the issue, found “Recent research has shown that as video games have become more popular, children in the United States and Europe are having fewer behavior problems, are less violent and score better on standardized tests. Violent video games have not created the generation of problem youth so often feared.”

He said, “violent video games are like peanut butter. They are harmless for the vast majority of kids but are harmful to a small minority with pre-existing personality or mental health problems.”

— Patrick Markey, PhD, found that a combination of personality traits can help predict which young people will be more adversely affected by violent video games.

He used the most popular psychological model of personality traits – the Five-Factor Model – to examine the effects. The five traits in the model are: neuroticism, extraversion, openness to experience, agreeableness and conscientiousness.

“Analysis of the model showed a ‘perfect storm’ of traits for children who are most likely to become hostile after playing violent video games, he said. Those traits are: high neuroticism (e.g., easily upset, angry, depressed, emotional, etc.), low agreeableness (e.g., little concern for others, indifferent to others feelings, cold, etc.) and low conscientiousness (e.g., break rules, don’t keep promises, act without thinking, etc.)”

Chinese Boot Camp Prison Break

On the GamePron.com blog, someone writing under the name Jessica Citizen relates a story in which 14 “patients” (ages 15-22) of the Huai’an Internet Addiction Treatment Centre in east China’s Jiangsu province tied up their supervisor and escaped from the facility. They tried to take a taxi to a nearby town, but since they had no money and were dressed in identical uniforms, the taxi driver turned them in to police.

The story quotes the mother of the ringleader as saying that she had paid 18,000 yuan ($2,635 US) for six months of treatment for her son.

Chang Ping on how “Internet addiction disorder” is a joke

Not everyone in China agrees that treating “Internet Addiction” is sound medicine.

The Danwei.org site ran a story last year about Chang Ping, an editorial writer who has been critical of China’s use of extreme methods such as electro-shock therapy (discontinued last year) to cure young people of “Internet addiction.”

In an article entitled “Where has the debate on Internet addiction gone?” he wrote:

“The Ministry of Health has stopped using electro-shock therapy to cure ‘Internet addiction’ and the many young people who adore using the Internet will no longer be threatened by ‘computers,’ and they are ecstatic. But, perhaps they didn’t look at the notice too closely: it stated that the safety concerns of electro-shock therapy cannot be determined and its effectiveness cannot be defined. What this really means is that they are announcing a different standard for treating Internet addiction, and the officials will still decide that ‘Internet addiction’ is a kind of disease.

“Like most medical terms, ‘Internet addiction disorder’ was imported. The difference is, when it started it was a joke. In 1995, a mental illness doctor from the US, Ivan Goldberg, mocked the Diagnostic and Statistical Manual of Mental Disorders and its standard description of gambling addiction, and created Internet Addiction Disorder, IAD. He didn’t predict that this would be used seriously when his colleagues liked the term and it quickly proliferated in the media.”

Tom Kelchner

The New York Daily News is reporting that Omer Zaheer Meertold, a 25-year-old Pakistani man, has launched a version of Facebook for Islamic people. He told the HinduStan Times that he was motivated by the Facebook “Everybody Draw Mohammed Day” controversy that resulted in Facebook being banned in Pakistan briefly.

Meertold said: “People from all faiths are welcome to come and interact with one another and understand Muslims.” The site is “to provide a platform to decent people of different faiths to come in harmony.

Observers, however, have found anti-western and anti-Israel material on Millatfacebook.

NY Daily News story here.

The two stories we’re going to be seeing here shortly will be:

— “Facebook sues Islamic rival over name theft”
— “Hacktivists from Facebook and Millatfacebook duke it out”

It would be nice if “…sweet people from other religions” on both social media outlets prevail.

Tom Kelchner

The chief operating officer of Twitter, Dick Costolo, has announced that Twitter has 190 million visitors per month and the service pumps out 65 million tweets per day. The 190 figure doesn’t represent registered users, since many visitors only get on the site to read tweets that are posted.

ComScore, however, estimated 83.6 million unique visitors to Twitter.com in April, according to Tech Crunch.

Story here.

Tom Kelchner

Eight bulletins:

MS10-032 (Microsoft Windows)
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (979559)
Important — Elevation of Privilege

MS10-033 (Microsoft Windows)
Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902)
Critical — Remote Code Execution

MS10-034 (Microsoft Windows)
Cumulative Security Update of ActiveX Kill Bits (980195)
Critical — Remote Code Execution

MS10-035 (Microsoft Windows, Internet Explorer)
Cumulative Security Update for Internet Explorer (982381)
Critical — Remote Code Execution

MS10-036 (Microsoft Office)
Vulnerability in COM Validation in Microsoft Office Could Allow Remote Code Execution (983235)
Important — Remote Code Execution

MS10-037 (Microsoft Windows)
Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Elevation of Privilege (980218)
Important — Elevation of Privilege

MS10-038 (Microsoft Office)
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452)
Important — Remote Code Execution

MS10-039 (Microsoft Office, Microsoft Server Software)
Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554)
Important — Elevation of Privilege

MS10-040 (Microsoft Windows)
Vulnerability in Internet Information Services Could Allow Remote Code Execution (982666)
Important — Remote Code Execution

MS10-041 (Microsoft Windows, Microsoft .NET Framework)
Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343)
Important – Tampering

More details here: Microsoft Security Bulletin Summary for June 2010

Tom Kelchner

The Computer Entertainment Suppliers Association, a Japanese trade group, has estimated that piracy of video games for consoles such as Nintendo DS and PSP cost the gaming industry $41.5 billion between 2004 and 2009.

The numbers came from a research study done with the Tokyo University Baba Lab, which tabulated downloads of the top 20 Japanese games from 114 piracy sites.

The trade group and the Baba Lab said peer-to-peer sharing could make the total much higher.

The U.S. and China host 60 percent of the piracy sites, they said. The largest number of Internet users accessing the piracy sites were from U.S., while Japan had the second highest and China third.

Story here: “CESA: Portable Piracy Cost Game Industry $41.5 Billion”

Tom Kelchner

Dangerous search: “World Cup printable bracket”

Thanks Mike

Tom Kelchner

Today at Tech.Ed in New Orleans, we announced plans to release two new products for the gateway:  VIPRE Email Security for Gateway™ and VIPRE WebFilter™.  Both products are based on a hardened Linux platform, and incorporate VIPRE technology.

These two products will be released to the public within the next 90 days. 

VIPRE Email Security for Gateway provides rich antispam and antivirus functionality at the SMTP gateway.  VIPRE WebFilter provides in-line content filtering and antivirus.

More propaganda here.

Alex Eckelberry

HP announced at Internet Week in New York today that it will begin making printers with their own email addresses so users can send print jobs to them from portable devices or anything connected to the web..

Vyomesh Joshi, HP executive vice president of the company’s Imaging and Printing Group, said the new Eprint service would let customers store documents in the cloud and print them with any device. He demonstrated the service using an Ipad, which has no built-in printing capability.

The Inquirer quoted, HP’s Vice President of Worldwide Marketing and Communications Tariq Hassan saying that the printer email addresses have password protecting and the process has anti-spam protection.

Inquirer story: “HP printers can get emails”

It will be interesting to see where the dark side goes with this. One can imagine malicious spam downloading malcode that will compromise the security of the printing process and set up botnets to deliver printed malvertising. Then there will be “male enhancement” and Canadian pharmacy ads waiting for you in your printer.

Tom Kelchner

Ten privacy and consumer groups have combined their efforts to seek changes in the draft privacy bill that is before the U.S. House Subcommittee on Communications, Technology and Internet. The groups released a letter today with their proposed changes.

Last month Rep. Rick Boucher (D-Virginia), who is chair of the subcommittee, and the ranking minority member of the committee, Cliff Stearns (R-Florida), introduced a draft of a bill that would expand privacy protections both on- and off-line, requiring companies to allow consumers to opt-out of any data collection. IP addresses are on the list of information covered by the bill.

Their suggestions included:

— Incorporating the Fair Information Practice Principles, including the principle of not collecting more data than is necessary for the stated purposes, limits on how long data should be retained and a right to access and correct one’s data.

— Expanding the bill’s definitions of “sensitive information” to include health-related information beyond just “medical records.”

— Requiring strict “opt-in” procedures for the collection and use of data and a prohibition on the use of any sensitive information except for the transactions that consumers provided.

Read the letter here.

News release here: “Ten Privacy and Consumer Groups Ask Congressional Leaders to Strengthen Privacy Bill“

The groups are:
— Center for Digital Democracy
— Consumer Federation of America
— Electronic Frontier Foundation
— Consumer Action
— Privacy Rights Clearinghouse
— Consumer Watchdog
— World Privacy Forum
— U.S. PIRG, the federation of state Public Interest Research Groups
— Privacy Lives
— Privacy Times

See our May 5 blog entry “Is there a privacy law in the making for the U.S.?”

After Boucher and Stearns made the draft public, consumer and industry groups quickly showed their general dissatisfaction with the draft wording, which is expected to be changed after the two congressmen collect comments. Boucher and Stearns said they hope to introduce the bill formally in coming weeks. (Our blog piece here.)

Tom Kelchner

Mark Croonen, who is the secretary of the Australian Defense Cycling Club and obviously a really serious cyclist, drew our attention to this privacy and security issue with Garmin Connect, a website on which members can upload GPS computer data from their cycling trips for others to see.

He wrote: “when you upload your ride data, by default Garmin Connect shares your data with the world unless you specifically change the privacy settings. So all things being equal the average user won’t give this a second thought and will leave the settings on public access. Furthermore even if you do change the default settings it won’t change the settings for any rides you have already uploaded, you’ll have to go back and manually change the setting for each ride.”

Croonen said the problem is that a miscreant can use the service to profile users in preparation for burglarizing their homes. Using the Garmin Connect site (without logging on), it would be possible to find riders in any area and determine what days they regularly out riding, running or whatever else they do with their Garmin GPS devices.

He said, “to a thief this is wonderful news. I’m going to guess that if you have a Garmin you’re a reasonably keen cyclist and as such you’re probably going to have a couple of bikes. (Btw I can also find out what type of Garmin you have). So I know where you live, what time you go out and how long you will be out for. Thank you the bike shop is open. As you can see from this user I just need to go around to their place on a Saturday or Sunday morning and I will have about an hour to do what I like,” he wrote.

“From here I can zoom in on their activities and see when they are out riding, walking etc. From here I can quickly look for patterns as to when the user will be out of the house and for how long.”

“I don’t mean to pick on Garmin Connect as I’m sure other services probably have the same issue but if you are going to use these services this is probably something you want to keep in mind.”

Mark’s discussion is “Security concerns with Garmin Connect” on his blog “The Cycle Way.”

Thanks Mark

Tom Kelchner

That is the mixed message we should take from a piece of spam floating around mailboxes over the weekend.

Click to Enlarge

I suppose it should be no surprise that with everyone sweating over whether or not to cancel their Facebook accounts, spammers should jump on the bandwagon and pretend you’re never going to see your farm or fortune cookie applications again.

“You have deactivated your Facebook account. You can reactivate your account at any time by logging into Facebook using your old login email and password. You will be able to use the site like you used to”.

Thank goodness for that! Anyway, clicking the Signin button takes you to a cookie cutter pharmacy site hosted at oursharp(dot)com:

I’m almost certain I didn’t add a “Cheap Viagra” application onto my Facebook page recently, but I suppose I could be wrong. I’m just glad they didn’t have the brainwave to direct users to a phishing page – I suspect if that had been the case, it might have taken considerably longer to tell me how many cows you have on Farmville…

Christopher Boyd

Slightly more time gaming than the average U.S. citizen watches TV

Marketing research firm NPD Group studied the gaming habits of 20,000 members of its consumer panel and found that the most avid group spends 48.5 hours per week playing computer games.

The study divided gamers into six groups. The most intense group, the “extreme gamers:”
— averaged 29 years old
— were mostly men (although one third were women!)
— played mostly on consoles
— purchased 24 games in the previous three months
— make up only four percent of the 174 million people who play computer games in the U.S.

The study also found that the average time spent playing games grew from 12.3 hours per week last year to 13 this year.

Study: ‘Extreme Gamers’ play 48 hours a week

Computers and computerized equipment have massively changed life in one generation and stories like this are snapshots of those changes. You can draw a lot of conclusions from the facts, ranging from “That isn’t healthy! Why don’t they go outside and play?” to “Whoa! What a market!”

Here’s a whole different slant though. Our own Chris Boyd has made a career out of the gaming he loves. This is his take:

“I think I probably fall at the extreme end, probably clocking up somewhere between 5 to 8 hours a day gaming. I also use that time to explore console based exploits, scams and other shenanigans so hey, it’s all for the greater good.

“I’d also add that if it wasn’t for computer games (wow, remember when people still called them that?) I might not be working with tech or computers now. The Commodore Plus/4 blew me away when I realized I could program crude text adventure games on it, and the fun of pulling both machine and game apart continues to stay with me today. If I couldn’t have played games on it, I’d have probably used it as a doorstop and ended up selling double glazing or something.

“Also, the Dreamcast was the best console of all time.”

Tom Kelchner and Chris Boyd

Tom Baker was the best Doctor. Now that we’ve got that out of the way, you may have heard the BBC has created a downloadable Doctor Who game called “City of the Daleks”. It seems they released it early, but the game has caused a bit of an outcry. See if you can guess why from the EULA screenshot:

“Provided you download and use the software for use in the United Kingdom only…” That’s right, because the game is funded by the licence fee anyone in the UK can get it for “free”, but it’s currently unavailable to anyone outside that region – paid versions will be released at some point in the near future.

Of course, this hasn’t gone down too well with people seeing the below screen when trying to download:

All manner of proxies, tricks and mirrors have been deployed in an effort to get around the geolocational locking used to prevent non UK residents playing the game, which has also apparently resulted in people having a fiddle with program files to disable the protection.

This means in a short space of time numerous versions of the game are springing up to download, some of which seem to be legit:

However, there are many others out there with different file sizes, filenames or both.

Some sites are advertising downloads on Youtube, then going offline completely the next day like the site below did:

While they appeared to be linking to a file showing up as the correct download size (by itself not an indicator of legitimacy), there are others out there which seem to have gained a fair few MBs:

475MB? Shouldn’t that be 331MB? Also note that the name of the file has changed from “Installer-CityoftheDaleks.exe” to “Setup.exe”. I haven’t been able to grab the above file for inspection as it seems to be taking a bit of a hammering download wise, but I’d advise anyone desperate to grab a copy of the game from Rapidshare, Mediafire or anywhere else (there’s quite a few filesharing forums distributing copies of the game, too) to please be careful and scan with an antivirus program before running it.

DON’T follow the advice on this forum and “disable AV software” if trying to install copies of the game obtained from sources other than the official page, especially if you’re dealing with a random file you just grabbed from some site you’ve never heard of.

There are some things even the mighty sonic screwdriver can’t fix, and your PC is probably one of them.

Christopher Boyd

/ Edit 1 – Someone has even uploaded a version to a site that requires payment by SMS to obtain the gamefile, to the tune of £10 plus network rates. That’s pretty spectacular.

Defacing a .gov.ua website that seems to have something to do with law enforcement / traffic policing and putting the words “Terrorist Network” on the splashpage?

Yeah, that’s going to end well.

Christopher Boyd