Spam Attacks Using Opera Email Signature

Wednesday, August 6, 2008 by Mzer0

In the last few days, Opera received complaints and notifications regarding some emails sent to random people on behalf of the Norway-based company. These emails, bearing fake signatures, contained malicious software that was installed on people's computers as soon as they chose to read what the Opera staff wanted to notify them of.

Seeing as how some were misled by the messages, the company decided to advise all its users to avoid any breaking news as well as celebrity or accident related emails coming from unknown senders or from unsolicited sources. To avoid getting infected after reading said emails, meant to gain people's trust by making use of the brand name, users are advised to remove the default signature from their Opera mail client.

Four easy steps are enough to avoid falling into the trap, as the representatives of the company say. In order to change or remove the signature tab that misleads so many, users have to enter the "Visit Tool" menu and select the "Mail and Chat Accounts" option. Next, they have to choose, out of these two, only the email account, and click on the "Edit" button. From here on, they can either delete the default signature, or change it with a customized one that would not cause any more confusion.

The Opera team reassured users that they had nothing to do with the attacks. Although they keep the emails of their subscribers in a database to notify them when some new products are launched, the list was not lost or sold to any third party. The representatives said that the company was the one to be affected the most by spammers. "These attacks trespass on our brand and undermine the trust we have worked hard to build with both Opera users and non-Opera users around the Web. We take this seriously, and hope this notice will help raise greater awareness of and vigilance against these attacks."

[Source: softpedia]

0 comments

 

How to Protect Your Data from Malware

by Mzer0

Internet users are no longer so naive as to open files that come from unknown senders and with the promise of revealing celebrities in compromising situations. However, they still open emails that seem to have been sent by their bosses or business partners, without taking any precaution or verifying who really is behind the "No work tomorrow for all the employees" message.

In order to prevent their data from being hijacked, users are advised by the SANS Institute to enable the Principle of Least Privilege, which allows every module to access only the information and resources that are necessary for its functioning. "We tend to operate desktops under the principle of most privilege. How many of you allow your users administrator rights in the workplace? At home, everyone has local administrator. This allows the ‘bad guys’ free reign." says John Bambenek of the SANS Institute.

A common mistake people make is that of considering an anti-virus solution a cure-all tool. Their confidence in it goes to such extents that they don't back it up with other applications, which can really work together with the anti-virus to create a malware shield. SANS also underlines the importance of a firewall, that can enhance the estimated 90% chances of an anti-virus to block an attack – all the more when anti-viruses don't always manage to keep the pace with malware spreaders and that they only remove known threats.

"For instance, the combination of AV protection with a good perimeter firewall brings you a little farther down the road of security. While there is a debate on whitelisting vs. blacklisting technologies for binaries, a good step would be to start digitally signing binaries and go to a ‘bayesian’ method of determining risk. Not perfect, but better." Bambenek advises.

Both end-users and developers have to acknowledge that data, identities and intellectual property are those in need of protection, and not the case that hosts the information, as hardware components are. By acknowledging that their privacy is at stake, people may become more careful when pressing the "next" and "are you sure?" buttons of their anti-virus without reading the text. With all that, the Institute does not hold people responsible. SANS recommends developers to be more careful when alerting users about malware, because they tend to "mash button" the questions and indications, which are often redundant or too difficult to understand.

[Source: softpedia]

0 comments

 

British Military Hacker to Be Extradited to the U.S. -

by Mzer0

Internet users are no longer so naive as to open files that come from unknown senders and with the promise of revealing celebrities in compromising situations. However, they still open emails that seem to have been sent by their bosses or business partners, without taking any precaution or verifying who really is behind the "No work tomorrow for all the employees" message.

In order to prevent their data from being hijacked, users are advised by the SANS Institute to enable the Principle of Least Privilege, which allows every module to access only the information and resources that are necessary for its functioning. "We tend to operate desktops under the principle of most privilege. How many of you allow your users administrator rights in the workplace? At home, everyone has local administrator. This allows the ‘bad guys’ free reign." says John Bambenek of the SANS Institute.

A common mistake people make is that of considering an anti-virus solution a cure-all tool. Their confidence in it goes to such extents that they don't back it up with other applications, which can really work together with the anti-virus to create a malware shield. SANS also underlines the importance of a firewall, that can enhance the estimated 90% chances of an anti-virus to block an attack – all the more when anti-viruses don't always manage to keep the pace with malware spreaders and that they only remove known threats.

"For instance, the combination of AV protection with a good perimeter firewall brings you a little farther down the road of security. While there is a debate on whitelisting vs. blacklisting technologies for binaries, a good step would be to start digitally signing binaries and go to a ‘bayesian’ method of determining risk. Not perfect, but better." Bambenek advises.

Both end-users and developers have to acknowledge that data, identities and intellectual property are those in need of protection, and not the case that hosts the information, as hardware components are. By acknowledging that their privacy is at stake, people may become more careful when pressing the "next" and "are you sure?" buttons of their anti-virus without reading the text. With all that, the Institute does not hold people responsible. SANS recommends developers to be more careful when alerting users about malware, because they tend to "mash button" the questions and indications, which are often redundant or too difficult to understand.

[Source: softpedia]

0 comments

 

Oracle Issues Workaround for Publicly Disclosed Vulnerability -

by Mzer0

The vulnerability in question is rated as highly critical, ranking in at 10.0 on the CVSS (Common Vulnerability Scoring System), and it is the first time since 2005 that Oracle breaks the quarterly update release cycle to address a security issue. The Apache plugin for Oracle WebLogic (you might know it under its former name, BEA WebLogic) suffers from a buffer overflow vulnerability that may allow a hacker to plant malicious software onto a particular machine.

"Unfortunately, the person(s) who published this vulnerability and associated exploit codes did not contact Oracle before publicly disclosing this issue. This means that the vulnerability was made public before providing Oracle an opportunity to develop an appropriate fix for this issue and notify its customers. In addition, the vulnerability was made public shortly after the publication of the July 15th Critical Patch Update, therefore prompting Oracle to issue an out of cycle security update," says Eric Maurice from Oracle.

Once the Oracle team found out about the vulnerability, which has been named CVE-2008-3257, it got right to work on trying to find a fix. The first counter measure that the development team came up with was a "recommended workaround", and all Oracle users were advised to read it and implement the measures presented within. As of yesterday, the 28th of July, Oracle has announced that a patch will also be made available.

"We expect this fix to be ready very soon, and we will issue an updated Security Alert to let customers know about its availability. In the meanwhile, we recommend that all customers implement the recommended workaround," said Eric Maurice.

The recently discovered vulnerability in the Oracle software further adds to the debate that disclosing security vulnerabilities aids attackers. On the one hand, an attacker does not have to spend huge amounts of time looking for vulnerabilities because technical details are already available on the web. On the other hand, by making such information available to the general public, the software manufacturer is forced to take action and address the situation.

The best course of action would be to inform the software provider about the situation and allow its research team to come up with a fix. After the vulnerability has been fixed, one can release technical details about the vulnerability.

[Source: softpedia]

0 comments

 

Hacked Data Used by Korean Loan Sharks

Tuesday, August 5, 2008 by Mzer0

According to the Korean police, an unidentified Chinese hacker managed to get hold of 9 million credit records that were sold on for a profit in Korea. The person responsible for stealing these records is known only as Chun, and it seems that he managed to flee to China before the Korean law enforcement agencies had a chance to take him into custody. Another 29-year-old suspect related to this incident has evaded the authorities by going to China. The police did manage to arrest 6 people believed to be accomplices of Chun, but they have been all processed and released.

Out of the 9 million records the hacker got hold of, 4.8 million belong to banks, 260,000 to loan firms, 650,000 to online shopping malls, 5,300 to universities, and 3.2 million to various web pages.

Shin, 42 years of age, one of the people that the Chinese police took into custody, ran a so called "loan mediating company" that would contact people and offer to lend them money. The contact information of these potential customers was provided by a Chinese hacker who, back in May 2006, broke into Korean banks, loan firms and Internet shopping malls databases for the bargain price of $14,900. About 4.8 million records were obtained from banks alone, including info such as name, address, phone number, and credit card details.

Chun, Shin, and the other people involved in the case did not use the data provided by the hacker to fraudulently obtain credit cards or lines of credit. What they did instead was use that info to contact people and put them in touch with loan sharks. It is estimated that about 1,100 transactions were made, and for each one Chun charged a 5-15% commission. The Korean authorities also estimate that part of the records were sold on to an unscrupulous loan operation for a profit. Chun and his associates were so successful that they managed to bring in an estimated $2.67 million.

A warrant has been issued under the name of 42-year-old Chun, but the Seoul Metropolitan Police Agency's Cyber Crime Investigation Division will first have to track him down, then take him in custody. His six accomplices were arrested, but have not been detained.

This incident is very much similar to spam, except that instead of sending you messages that try to convince you to buy something, the Koreans in question phoned people and asked them whether they would like to borrow some money.

[Source: softpedia]

0 comments

 

Public Vulnerability Disclosure Aids Attackers

by Mzer0 ,

It would seem that people who are up to no good and want to get your machine infected, take less time to do so than in the past. By using information available to the general public, they are able to prepare an attack in a shorter time limit. Generally speaking, it takes about 24 hours from the moment a vulnerability is disclosed until an attack is already prepared and ready to launch. The thing is that most users find out about that particular vulnerability a lot later and consequently leave themselves exposed to infection.

In the past hackers and attackers of all sorts would spend quite a considerable amount of time looking for security vulnerabilities that they could exploit. In recent trends, this research work has been replaced by programs that generate automated attacks based on what information has been released about a security issue.

"The bad guys are not the ones actively finding vulnerabilities — they've shifted their business to standing on the shoulders of the security research community. They don't have to do the hard work anymore. Their job is packaging what's been provided to them," says Kris Lamb, operations manager for IBM's X-Force as cited by MSNBC.

Since the security experts do all the research and then by disclosing the findings basically make the attacker's work that much easier, a debate has been launched on how much information should be shared with the general public and how much should be kept private. If a researcher releases technical details as well as "proof-of-concept" exploit code, then a wrongdoer has all the necessary information to launch an attack, especially if said researcher has done so before a security fix could be issued by the software manufacturer.

Just to put things into perspective, in 94% of the cases a hacking exploit was ready in less than 24 hours after disclosing a vulnerability within various web browsers. Compared to 2007, one can notice a 24% increase.
[Source: softpedia]

0 comments

 

"FBI vs. Facebook" Storm Worm Makes Computers Go Mad

by Mzer0

FBI warns users not to open any emails that are headed by the "FBI vs. Facebook" subject. They do not contain any information regarding a lawsuit, an investigation, or other activity that the two parts could be involved in. Clicking on the eye-catching titled emails will result in users being infected with a storm worm. This makes their machines part of a widespread storm worm botnet, which has the ability of transforming personal computers into machines that intermediate identity thefts or malware spread throughout the network.

Storm worm hidden in

When trying to visualize the email that promises details of the confrontation between the federal institution and the social network, users receive the message "Your download will start shortly. If you are unable to read the article, save it and run on your computer." Those who choose to save the executable file are infected with the storm worm and lose control over some of the activities on their computers.

"The spammers spreading this virus are preying on Internet users and making their computers an unwitting part of criminal botnet activity. We urge citizens to help prevent the spread of botnets by becoming web-savvy. Following some simple computer security practices will reduce the risk that their computers will be compromised," said Special Agent Richard Kolko, Chief, FBI National Press Office.

The FBI also offered some common sense advice to aid users in keeping their systems safe from becoming affected by the storm worm virus. They are warned not to click on emails coming from unknown senders, especially if these come with attached pictures, which can easily hide malware. Also, people are encouraged to go directly to the homepage of an institution and search from there, rather than click on a link they receive. Finally, the FBI recommends caution whenever someone, no matter how authoritative they may seem, asks for private information or, most importantly, for financial details.

[Source: softpedia]

0 comments