Archive for October, 2007
Author: Dave Lewis
October 31, 2007 at 9:11 pm · Filed under Spam/Phishing
Spammers show some smarts…it happens from time to time. Sadly.
From Computer World:
Spammers are using a virtual stripper as bait to dupe people into helping criminals crack codes they need to send more spam or boost the rankings of parasitic Web sites, security researchers said today.
A series of photographs shows “Melissa,” no relation to the 1999 worm by the same name, with progressively fewer clothes and more skin each time the user correctly enters the characters in an accompanying CAPTCHA (Completely Automatic Public Turing Test to Tell Computers and Humans Apart), the distorted, scrambled codes that most Web mail services use to block bots from registering hundreds or thousands of accounts. Spammers rely on Web e-mail accounts because they’re disposable; by the time filters have blocked the address, the spammers throw it away and move on to another.
The CAPTCHAs that Melissa feeds to users are, in fact, legitimate codes snatched from Yahoo Mail’s signup screens, said analysts at Trend Micro Inc. The hackers, frustrated at their inability to come up with a way to automate account registration, are getting users to do their dirty work.
“They’re using human beings in semi-real time to translate CAPTCHAs by proxy,” said Paul Ferguson, a network architect at Trend Micro. “You have to give them this, it’s clever.”
Distributed computing. Hmmm.
Article Link
Tags: Melissa Stripper, Captcha, Spammers
Author: Dave Lewis
October 31, 2007 at 7:18 pm · Filed under Spam/Phishing
All good things must come to an end it would appear. A touch melodramatic but, you’ll get the point. There is a piece of malware making the rounds according to vnunet.com that targets Mac OS X. This particular beastie is a phishing trojan called OSX.RSPlug.A is masked to look like a video codec.
From vnunet.com:
Users attempting to install the codec receive a piece of malware classified as a ‘DNS Changer’. The software changes the way OS X will handle the DNS requests that are used to link numerical IP addresses to web URLs. The tool allows the attackers to redirect web traffic. Users attempting to visit Paypal, Ebay or certain banking sites for instance will be directed to a phishing website instead.
If confirmed, the trojan would be the first piece of truly malicious software to be targeted at OS X. Researchers have previously developed OS X attacks and exploits, but those were largely proof-of-concept attacks that lacked a malicious payload.
At this point it has not been confirmed by any of the major AV houses. The vendor that claimed the find, Intego, has not been available for comment.
Article Link
UPDATE: Well damn. Just when I was starting to think that this was some company trying to drum up business, there is corroboration.
McAfee has confirmed the OSX.RSPlug.A trojan and reported that it is spreading through fake codec sites in addition to the porn website.
Tags: OS X Malware, Phishing Trojan, Malware, Trojan, OS X Trojan
Author: Dave Lewis
October 31, 2007 at 1:08 pm · Filed under Crime
Here is an interesting piece that appeared in Network World:
Orbicule has announced the release of Undercover 2, a major upgrade to its theft recovery software for Mac OS X. The software is now Leopard-compatible, among other improvements. A single user license costs $49, and it’s a free upgrade for Version 1.0 users.
With Undercover installed, you can attempt to find out where your Mac is located if it’s stolen — the software will regularly ping servers to identify itself and its location. Undercover will also take screenshots and can activate newer Macs’ built-in iSight Webcams to help identify the thief.
Besides Leopard support, other changes in Version 2 include a “dead-Mac-timeout” feature that will automatically lock the host Mac if it’s disconnected from the Internet for more than two months.
Read on.
Article Link
Tags: Theft Recovery, Leopard Security, Stolen Mac
Author: Dave Lewis
October 31, 2007 at 12:42 pm · Filed under Legal Aspects
This is from a couple weeks back. However, I thought this was interesting to throw out there. A company called “IP Innovation and Technology Licensing Corp.” claims to own a patent 5,072,412 which was filed in 1991. Using this claim they have filed suit against Red Hat and Novell. According to the patent it was filed for Xerox. Did Xerox release this to IP Innovation?
From InfoWorld:
Red Hat and Novell are accused of infringing on the patents by selling the Red Hat Linux system, the Novell SUSE Linux Enterprise Desktop, and the Novell SUSE Linux Enterprise Server, according to the lawsuit filed in the U.S. District Court for the Eastern District of Texas, Marshall Division.
The plaintiffs also contend that the defendants are deliberately and willfully infringing on the patents because they were previously notified of the infringement.
IP Innovation in Northbrook, Ill., and Technology Licensing are seeking an injunction from the court, damages, and “other relief that the court or a jury may deem just and proper,” according to the lawsuit.
IP Innovation is a subsidiary of Acacia Technologies Group.
Now from the patent 5,072,412:
Workspaces provided by an object-based user interface appear to share windows and other display objects. Each workspace’s data structure includes, for each window in that workspace, a linking data structure called a placement which links to the display system object which provides that window, which may be a display system object in a preexisting window system. The placement also contains display characteristics of the window when displayed in that workspace, such as position and size. Therefore, a display system object can be linked to several workspaces by a placement in each of the workspaces’ data structures, and the window it provides to each of those workspaces can have unique display characteristics, yet appear to the user to be the same window or versions of the same window. As a result, the workspaces appear to be sharing a window. Workspaces can also appear to share a window if each workspace’s data structure includes data linking to another workspace with a placement…
OK, so are they going to go after Apple as well?
Now, going back to the little nugget from the beginning of this post I may be mistaken but, aren’t patents only valid for 17 years? Oh wait…it has only been 16 [EDIT] Ah, it appears to be 20 years. A money grab…big shock.
Ugh.
Patent Link
Article Link
Tags: Patent Nonsense, Patent Fight, Software Patents
Author: Dave Lewis
October 31, 2007 at 12:07 pm · Filed under Privacy
From the Honolulu Advertiser:
Starting Thursday, consumers in all 50 states will be able to freeze access to their credit files at all three major credit bureaus to prevent identity thieves from opening fraudulent accounts in their names. By that date, all three major credit bureaus will offer “security freeze” protection to all consumers living in the eleven states that have not passed laws requiring it and the five states that currently limit this protection to identity theft victims.
To help consumers learn how to take advantage of this powerful identity theft safeguard, Consumers Union, the nonprofit publisher of Consumer Reports, is making available online an updated “Guide to Security Freeze Protection” at http://www.financialprivacynow.org/
“Consumers across the country now have the power to put the freeze on one of the worst forms of identity theft,” said Jeannine Kenney, Senior Policy Analyst with Consumers Union. “The security freeze stops identity thieves cold by preventing them from using stolen information to open fraudulent accounts.”
Thirty-nine states and the District of Columbia have enacted laws requiring the credit bureaus to allow consumers to protect their credit files with a security freeze. The eleven states that have not adopted security freeze laws are Alabama, Alaska, Arizona, Georgia, Idaho, Iowa, Michigan, Missouri, Ohio, South Carolina, and Virginia.
Article Link
Tags: ID Theft, Privacy, ID Theft Protection, Consumer Credit
Author: Dave Lewis
October 31, 2007 at 10:33 am · Filed under Malware
F-Secure has noted that the folks behind the Storm worm have a new social engineering ploy on the go. They are sending out and email with an interactive dancing skeleton.
With an unpatched system, visiting the site will trigger an exploit to automatically download and execute a malicious file. The new filename is halloween.exe. We already detect this as Email-Worm.Win32.Zhelatin.LJ
I’m sure this doesn’t need saying but, I will anyway. Don’t click it if you get one.
Article Link
Tags: Storm Worm, Malware, Virus, Social Engineering, Dancing Skeleton Email
Author: Dave Lewis
October 31, 2007 at 7:50 am · Filed under Conventions, Data Security
David Litchfield has an interesting paper that he is going to present at the upcoming Deepsec conference in Vienna.
From David’s blog:
I finished my code for the upcoming Deepsec conference in Vienna (November 20th-23rd). I’m presenting a discussion on memory-resident backdoors in Oracle (I will refrain from calling them “rootkits”). The code I wrote exploits a buffer overflow using ASCII armoured shellcode that dynamically creates a decoder which decodes the backdoor and then executes it.
Very interesting. He also notes that this type of rootkit backdoor is harder to detect that than the typical rootkit. If anyone is going to be attending Deepsec please check out his talk. I caught his talk on Oracle database forensics at Black Hat in Vegas this summer. He announced at tool that he was going to release called FEDS for performing database forensics but, I have not seen it released as of yet.
He’s an excellent presenter.
Article Link
Tags: Memory Resident Backdoors, Oracle Backdoors, David Litchfield, Hacking Oracle
Author: Dave Lewis
October 30, 2007 at 5:08 pm · Filed under Geek
Very cool. My copy of Leopard was sitting at home waiting for me today. Now, I have to wait until the weekend when I have enough time to devote to the upgrade. This will be a long few days.
On a more topical note here is a link to the security features in Leopard that I posted last week.
More after the jump »
Author: Dave Lewis
October 30, 2007 at 1:49 pm · Filed under News
You are probably familiar with the “HackerSafe” logo that adorns numerous websites. Now, the private company behind the logo, ScanAlert has been picked up by McAfee for $51 million. Hell, I would part with this site for $1 million. Ha!
From McAfee:
On October 30, McAfee, Inc. announced a definitive agreement to acquire ScanAlert, Inc., creators of the HACKER SAFE® trust mark, the world’s leading provider of ecommerce Web site security services.
ScanAlert, with it’s HACKER SAFE technology protects over 75,000 web sites. In addition to being used by the majority of the Internet Retailer Top 500 list, it is the only trust mark displayed within the search results of major comparison shopping sites including PriceGrabber, Yahoo!® Shopping and Pronto.com. As a leading provider of PCI compliance services, ScanAlert also delivers multilingual PCI validation to merchants and payment processors in over 70 countries. Tens of thousands of organizations - from small online businesses to FORTUNE 500 multinationals - rely on ScanAlert to protect, audit and certify the security of their networks and ecommerce infrastructure.
Article Link
Tags: ScanAlert, McAfee, HackerSafe, McAfee Buys ScanAlert
Next entries »
Explore
Security Bloggers Network
