Print

Welcome to Smokey's Security Forums.

Guests have only limited access to the board and it's features, please consider registering to gain full access!

Registration is free and it only takes a few moments to complete.

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Quizmaster]

It looks like a phish but isn't
5 February 2010, 8:55 pm

This is really bad for so many reasons.  It certainly doesn’t help their security.



And yes, it’s completely legitimate.

Alex Eckelberry







Source: Sunbelt Blog

>> To obtain the full Sunbelt blog post, click the link in the first post line <<

[Quizmaster]

Vote for VIPRE Enterprise
5 February 2010, 8:22 pm

If you like VIPRE Enterprise, you can vote for it here for the Network Computing Awards 2010.

Alex Eckelberry







Source: Sunbelt Blog

>> To obtain the full Sunbelt blog post, click the link in the first post line <<

[Quizmaster]

Trojan code sneaks into two Mozilla add-ons
5 February 2010, 8:17 pm

Mozilla yesterday posted a notice on its AMO blog (that’s an acronym for their add-on site addons.mozilla.org)  that two add-ons have been found infected with Trojan code: Sothink Web Video Downloader v. 4.0 and all versions of Master Filer.

Version 4.0 of Sothink Web Video Downloader contained Win32.LdPinch.gen and Master Filer contained Win32.Bifrose. According to the blog, Masterfiler was downloaded 600 times before it was removed from the site Jan. 25 and Sothink was downloaded more than 4,000 times before it was removed Feb. 2.

Mozilla said “AMO performs a malware check on all add-ons uploaded to the site, and blocks add-ons that are detected as such. This scanning tool failed to detect the Trojan in Master Filer. Two additional malware detection tools have been added to the validation chain and all add-ons were rescanned, which revealed the additional Trojan in Version 4.0 of Sothink Web Video Downloader. No other instances of malware have been discovered.”

Blog post here.

Tom Kelchner





Source: Sunbelt Blog

>> To obtain the full Sunbelt blog post, click the link in the first post line <<

[Quizmaster]

VIPRE for Valentines
5 February 2010, 8:16 pm

Ok, it’s not my personal favorite color, but this is a new special being run for the Valentines Day weekend by our web team.  

Alex





Source: Sunbelt Blog

>> To obtain the full Sunbelt blog post, click the link in the first post line <<

[Quizmaster]

Tech support hell
5 February 2010, 7:32 pm

Funny and too close to the truth:

When you finally do get through to an agent, you'll hear something like: "Welcome to DSL technical support, my name is Larry how can I help you today?" You give Larry your account number and begin to explain your situation, knowing all the while that this is a formality. As soon as you stop talking he'll begin the same dance you've danced every time you call tech support.You conclude your exhaustive rundown of your case history. There's a beat, and then Larry responds, "I understand sir. Can you tell me. Is your computer plugged in?"

Link  (Warning: off-color language).

Everything we aim not to be in our support.

Alex Eckelberry

(Thanks Jamie)







Source: Sunbelt Blog

>> To obtain the full Sunbelt blog post, click the link in the first post line <<

[Quizmaster]

Haiti relief scams: more than 170 reported to feds
5 February 2010, 5:15 pm

USA Today is reporting that federal law enforcement agencies have taken more than 170 complaints about Haiti earthquake relief scams. They expect more on social networking sites such as Facebook and Twitter. The scams include spam email, fraudulent web sites and in-person scams.

The story advises those wishing to check on the legitimacy of a relief organization to check the web site of the American Institute of Philanthropy (  http://charitywatch.org/ ), which rates charities.

The Institute says that charitable organizations should spend 75 percent of the cash they raise on their charitable work and no more than 25 percent on fund-raising expenses. Its web page lists several dozen legitimate charities providing relief for the victims of the Haiti earthquake here.

Story here.

Tom Kelchner





Source: Sunbelt Blog

>> To obtain the full Sunbelt blog post, click the link in the first post line <<

[Quizmaster]

Phishing scam steals carbon credits
5 February 2010, 4:36 pm

Wired magazine has run a story on a phishing scam in Europe, New Zealand and Japan that resulted in the loss of 250,000 carbon credit permits worth $4 million from six companies.

The phishing emails spoofed the German Emissions Trading Authority and said that the victim companies needed to re-register their accounts with the authority. When victims entered their information on a fraudulent web page from the link in the phishing emails the scammers accessed their accounts, transferred emissions credits to accounts they controlled then sold them. The amount the scammers made hasn’t been disclosed.

Wired cited information from the BBC and the German newspaper Der Spiegel.

Story here.

User education. User education. User education. User education.

Tom Kelchner





Source: Sunbelt Blog

>> To obtain the full Sunbelt blog post, click the link in the first post line <<

[Quizmaster]

Human factors: compulsive Internet life can replace the real thing
4 February 2010, 8:53 pm

Psychologists doing research at Leeds University in the UK found that people who spend an excessive amount of time on the Internet show signs of depression, although they did not determine if the on-line behavior caused the depression or if depressed people spent more on line.

Catriona Morrison, the lead author, wrote in the journal Psychopathology: "This study reinforces the public speculation that over-engaging in websites that serve to replace normal social function might be linked to psychological disorders like depression and addiction."

The research is the first such study of people in the west. The researchers analyzed the Internet use and depression levels of 1,319 people in Britain between the ages of 16 and 51. They concluded that 1.2 percent were "Internet addicted" and “spent proportionately more time browsing sexually gratifying websites, online gaming sites and online communities. They also had a higher incidence of moderate to severe depression than normal users.

"What is clear is that for a small subset of people, excessive use of the Internet could be a warning signal for depressive tendencies," Morrison said.

Story here.

The “Internet addiction” headlines mostly have been from Asia recently, where marketeers have been trying to convince the public that 10 percent of them are Internet addicted and in need of rehab camps (complete with military-style discipline, beating deaths and electro-shock therapy) that cost thousands.

See our blog piece “China bans use of electroshock therapy” from August.

In the U.S., what is believed to be the first Internet addiction treatment center, called “reStart Internet Addiction Recovery Program,” opened last summer near Fall City, Wash.

See our blog piece “First Internet addiction treatment center opens in Washington state”

Tom Kelchner





Source: Sunbelt Blog

>> To obtain the full Sunbelt blog post, click the link in the first post line <<

[Quizmaster]

VIPRE is a finalist in UK’s Network Computing Awards
4 February 2010, 8:31 pm

VIPRE is among nine finalists in the Security Product of the Year category of the 2010 Network Computing Awards competition. Voting on the Network Computing web site will continue until Feb. 22.



“The Network Computing Awards were launched to recognise the companies, the products and the services that have most impressed the readers of the UK’s longest established computer networking publication.”

“Categories have been refined to recognise the hardware, software and managed services that can assist an organisation in operating securely, efficiently and responsibly in today’s world.”

Awards will be presented on 4th March at Guoman Tower Hotel, London.

More information here.

Tom Kelchner

 







Source: Sunbelt Blog

>> To obtain the full Sunbelt blog post, click the link in the first post line <<

[Quizmaster]

Phony Firefox update comes with Hotbar adware
3 February 2010, 11:54 pm

Our good friends at Broomfield, Colo., security firm eSoft have found an interesting scam to trick Internet users into installing the Hotbar adware: a fake Firefox download site.

The eSoft researchers are theorizing that an affiliate of Pinball Publisher Network (PPB). is responsible. Pinball bought the Zango assets after that pestilent operation failed last spring.

However Sunbelt Software Spyware Research Manager Eric Howes did some more digging and found that PPN offers the download file on a site they own so affiliates can send customers victims there for downloads.

The PPN home page notes that PPN is itself distributing the custom Firefox installer that PPN put together and digitally signed from this web site:

http://freesoftwaredl.com/

The PPN setup wizard says that the distribution of Firefox is “sponsored” by Hotbar. We’re wondering what that means. In reality, they’re taking a distribution of Firefox and infecting it with adware.



We blogged about the Pinball Publisher Facebook fan site last week.

eSoft blog piece here.

The real site to download a legitimate copy of the Firefox browser is here:

http://www.mozilla.com/en-US/firefox/personal.html?from=getfirefox

Tom Kelchner







Source: Sunbelt Blog

>> To obtain the full Sunbelt blog post, click the link in the first post line <<

[Quizmaster]

It’s lame ransomware, but it could fool somebody
3 February 2010, 11:31 pm

Our researcher Adam Thomas found this little gem today. It’s distributed with other malware, cracks and drive-by downloads. It purports to be a security warning from your Windows operating system.



Notice the “Visa, MasterCard, etc” – it doesn’t even bother to list all the cards it accepts.



The really cool thing about it is that it takes FAKE credit card numbers as well as real ones!



Thanks to Sunbelt Software researcher Francesco Benedini for help with the analysis.

Tom Kelchner







Source: Sunbelt Blog

>> To obtain the full Sunbelt blog post, click the link in the first post line <<

[Quizmaster]

Pushdo/Cutwail/Pandex botnet attacking major sites
2 February 2010, 4:43 pm

No one is sure why the Pushdo botnet is running a distributed denial-of-service-like attack against over 300 major web sites including the CIA, Mozilla labs, SANS and Twitter, according to the Shadowserver Foundation. Pushdo is also called Cutwail and Pandex.

The botnet has been spewing initial SSL connection requests, causing servers to return an SSL negotiation error. The attacks don’t appear to be of sufficient intensity to knock any of the target sites off line and possible could be a mechanism to mask the botnet’s other traffic.

SecureWorks said Pushdo is sending the SSL packets to port 443. The botnet also uses that port for command-and-control traffic.

Last June, MessageLabs estimated that the Pushdo botnet, believed to be the world’s largest, was comprised of 1.5 to 2 million bots that pumped out 74 billion spam messages per day (51 million per minute.) They said 14 percent of the bots were in Brazil, 14 percent in South Korea and 10 percent in the U.S.

Story here.





Source: Sunbelt Blog

>> To obtain the full Sunbelt blog post, click the link in the first post line <<

[Quizmaster]

The ghost of Zango toolbar has a Facebook fan page
29 January 2010, 11:59 pm





Here’s something they don’t teach in marketing 101: If you’re pushing software that no one wants -- like, say, annoying adware -- and your downloads are going nowhere, what do you do?

Answer: you push somebody else’s popular software AND BUNDLE YOUR CRAP WITH IT!

Remember Zango? It was that irritating adware company that spent years and a million weasel words trying to make its operation seem legitimate. It was fined $3 million in 2006 by the U.S. Federal Trade Commission and it unsuccessfully sued anti-virus vendor Kaspersky in Federal Court in 2007 for calling the Zango malcode “malcode?” After several years of sagging revenue amidst a larger collapse of the adware industry, the company finally folded and sold its assets at fire sale prices last April. (Sunbelt Blog story here. )

The buyer, Pinball Publisher Network, is still distributing Zango and sadly enough it still offers users nothing of any value, which is why PPN offers Open Office, 7-Zip and Firefox bundled with it. PPN and its affiliates are simply trying to piggyback on those programs and in the process, leech from their value and good name.

Here’s what its fans get:

“Hotbar's toolbar for IE, Outlook/Outlook Express and Word provides FREE access to premium content including weather, paid for by advertising. Based on keywords generated by your browsing, Hotbar shows ads in a separate browser window or a temporary Slider, and toolbar search suggestions. ShopperReports provides comparison shopping offers in a Sidebar. Both run continuously and update automatically. Uninstall easily via Add/Remove Programs.”

AND here’s a cynical bit of advice from a user on a forum where affiliates discuss their experiences with PPI (pay per install) programs such as Pinball Publisher Network:

"if your users use IE tell them they need firefox to see the website and bingo $$$ pinball is so easy to make money with. All you need is sites that users are looking to download things. Alot of sites are loosing money using silly fill me in to unblock me content, i mean if your users are looking to download they will download!"

VIPRE detects the installer generically as "Trojan.Win32.Generic!BT" and detects the adware itself as “PinballCorporation.” Since the installer basically loads all the old Zango files, users who happen across it will probably see VIPRE detecting “Zango” and “Hotbar” as well.

Thanks Adam Thomas and Eric Howes and big hat tip goes to Wendy Ivanoff for getting spammed with this crap and bringing it to our attention

Tom Kelchner







Source: Sunbelt Blog

>> To obtain the full Sunbelt blog post, click the link in the first post line <<

[Quizmaster]

Facebook privacy settings: 35 percent actually checked them
29 January 2010, 9:49 pm

At a privacy roundtable sponsored by the U.S. Federal Trade Commission in San Francisco, Facebook Director of Public Policy Tim Sparapani said that 35 percent of the 350 million Facebook users (that's 122 million!) actually checked their privacy settings when Facebook suggested it in December.

The BayNewser, a San Francisco media news site, said Sparapani told their reporter that “the industry average for users' actively engaging with their settings is actually between 5-10 percent.”

Story here.

Tom Kelchner





Source: Sunbelt Blog

>> To obtain the full Sunbelt blog post, click the link in the first post line <<

[Quizmaster]

Happy Data Privacy Day
28 January 2010, 10:32 pm



From Richard Purcell, executive director of The Privacy Projects (http://www.theprivacyprojects.org), organizing sponsor of Data Privacy Day:

“Most consumers see the benefit of living online, but too few are aware of just how much information is being collected, who is collecting it, and how it is being used. We hope to reach adults and young people and advance privacy awareness with the educational materials and resources available at the Data Privacy Day webpage.”

The Privacy Projects is a Nordland, Washington-based, non-profit research institute that funds academic research into “evidence-based” privacy aimed at enhancing policies, practices and tools necessary to meet the power of the new technologies. An independent voice, TPP seeks to offer insight to companies, governments and consumer advocates as new information-driven businesses are considered, developed and deployed.

News Release here.

Tom Kelchner







Source: Sunbelt Blog

>> To obtain the full Sunbelt blog post, click the link in the first post line <<