H Security

The Koobface network is apparently down, according to Facebook. Ryan McGeehan, Facebook security official, told Reuters that the company’s decision to expose the five men alleged to be behind the malware had had an effect within 24 hours: “The thing that we are most excited about is that the botnet is down.” Yesterday, Facebook decided to publish the names of alleged gang members based on details of research carried out in 2009-2010 by two German researchers. One of the researchers works for Security company Sophos, which pre-empted Facebook’s announcement by publishing the report.

http://www.h-online.com/security/news/item/Koobface-C-C-goes-silent-after-alleged-controllers-exposed-1416869.html

Certifiedbug.com

Koobface command and control servers silent

H Security

The five men behind the Koobface worm, which spreads over Facebook and other social networks, hide in plain sight, living comfortably in St Petersberg, Russia, according to Facebook investigators and other security researchers.

http://www.h-online.com/security/news/item/Koobface-gang-to-be-exposed-by-Facebook-1414813.html

IDG News Service -
http://www.computerworld.com/s/article/9223484/Facebook_researchers_turn_up_heat_on_Koobface_gang

Certifiedbug.com

Koobface malware gang exposed

Beta News
By Ed Oswald

Data on up to 24 million customers of online shoe retailer Zappos was compromised according to an email sent by its CEO Tony Hsieh on Sunday. While Hsieh says that full credit card information is safe, hackers may have the last four digits of the cards.

Hackers accessed names, email addresses, physical addresses, and phone numbers. Passwords were also compromised, however in encrypted form. As a result, the company sent out an email to all its customers, advising them to change their passwords as a protective measure. Zappos is also asking customers to reset their passwords elsewhere where it may be the same.

http://betanews.com/2012/01/16/zappos-hack-exposes-personal-information-of-24-million-customers/

Certifiedbug.com

Zappos hack exposes personal information

Beta News
By Christopher Budd

I joined the Microsoft Security Response Center (MSRC) in April 2001 and left the company in December 2010. During that time I was involved in security and privacy at Microsoft, culminating in my role handling worldwide crisis communications for security and privacy incidents. I am one of a handful of people who knows what the security world was like at Microsoft before Chairman Bill Gates’ Trustworthy Computing memo on Jan. 15, 2002. I was also part of the growth and transformation that memo brought about over the years.

As Microsoft marks the tenth year anniversary of that memo, it seems a good time to share a former insider’s view of what it really meant and accomplished. As well, I’ll share thoughts on why, in the next 10 years, it’s critical that other technology companies follow Gates’ lead.

Memos from Gates were viewed as rare pronouncements from on high, and that was the case with this memo. In a single movement, Gates enshrined security, privacy and reliability as central, aspirational ideals.

http://betanews.com/2012/01/16/10-years-after-bill-gates-trustworthy-computing-memo-what-it-meant-for-microsoft-and-why-every-tech-company-needs-one/

Certifiedbug.com

10 years after Bill Gates’ Trustworthy Computing memo

ESET Threat Blog

The year 2011 could be referred to as a year of growth in complex threats. Over the course of this year we witnessed an increase in the number of threats targeting the Microsoft Windows 64-bit platform, and bootkits in particular. Here is a self-explanatory diagram depicting the evolution of bootkit threats over time:

http://blog.eset.com/2012/01/03/bootkit-threat-evolution-in-2011-2

Certifiedbug.com

Advanced Bootkit attacks in 2011

• First Android worm
• Your personal data will get stolen from a social network.
• Political Theater (using this theme for malware attacks)
• SMBs Are No Longer Immune
• Mac Malware Will Continue to Rise

http://securitywatch.pcmag.com/none/291879-top-5-security-predictions-for-2012

Certifiedbug.com

PC Magazine’s top five security predictions for 2012

Heads up from the Microsoft Malware Protection Center.

Friendly spam carries Zbot
This morning I spotted a few messages from my mobile carrier in my email inbox. This was not surprising as, only a few hours prior, I had logged into the carrier’s website to pay the monthly bill. The standard mode of operation for my provider is to receive a bill via email, and a confirmation message after paying the bill, also through email.

Today, however, one message stood out in several ways. First, the subject line was quite varied from what I was expecting to see:

Important Account Information from Verizon Wireless TRACK-ID: 15730301098

At this time, there is limited detection among vendors – we identify it as PWS:Win32/Zbot.gen!Y.

http://blogs.technet.com/b/mmpc/archive/2011/12/06/friendly-spam-carries-zbot.aspx

Careful out there.

Certifiedbug.com

Fake “Important Account Information from Verizon” carries Zbot

FBI Press Release
Manhattan U.S. Attorney Charges Seven Individuals for Engineering Sophisticated Internet Fraud Scheme That Infected Millions of Computers Worldwide and Manipulated Internet Advertising Business

Malware Secretly Re-Routed More Than 4 Million Computers, Generating at Least $14 Million in Fraudulent Advertising Fees for the Defendants

In conjunction with the arrests yesterday, authorities in the United States seized computers at various locations, froze the defendants’ financial accounts, and disabled their network of U.S.-based computers—including dozens of rogue DNS servers located in New York and Chicago. Additionally, authorities in the United States took steps with their foreign counterparts to freeze the defendants’ assets located in other countries. Remediation efforts were immediately undertaken to minimize any disruption of Internet service to the users of computers infected with the Malware. This remediation was necessary because the dismantling of the defendants’ rogue DNS servers—to which millions of computers worldwide had been redirected—would potentially have caused all of those computers, for all practical purposes, to lose access to websites.

The remediation effort is being carried out pursuant to the order of a Manhattan federal court judge. As part of that order, the defendant’s rogue DNS servers have been replaced with legitimate ones. Internet Systems Consortium (“ISC”), a not-for-profit entity, was appointed by the court to act as a third-party receiver for a limited period of 120 days during which time it will administer the replacement DNS servers. Although the replacement DNS servers will provide continuity of Internet service to victims, those replacement servers will not remove the Malware from the infected computers. Users who believe their computers may be infected can find additional information at FBI.gov.

http://www.fbi.gov/newyork/press-releases/2011/manhattan-u.s.-attorney-charges-seven-individuals-for-engineering-sophisticated-internet-fraud-scheme-that-infected-millions-of-computers-worldwide-and-manipulated-internet-advertising-business

Certifiedbug.com

U.S. Attorney Charges Seven Individuals in massive click-fraud scheme

“AOL Administration Center” spam comes from a spoofed email address this is a classic example of Canadian Pharmacy spam.

Full text of the bogus email, the # in the subject line changes.

From: “AOL Administration Center (R)”
To:
Subject: AOL Administration Center Notification #73916

Hi,
You have 1 notification (#73916) from AOL Administration Center
Please follow the instructions to continue.
Thanks,
The AOL Mail Team

Click here to opt out of receiving future promotional e-mail messages from AOL or go to AOL Keyword:
Email Preferences and unsubscribe. This screen name cannot respond to replies.

Click here for other Important Information about Commercial E-mail from AOL or visit http://about.aol.com/email_information.
AOL Email, PO Box 65627, Sterling, VA 20165-8805.

——————————————
“UNIFORM TRAFFIC TICKET” spam has been around awhile and continues to do the rounds. The email has an attached file which contains a malicious Trojan horse.
http://garwarner.blogspot.com/2011/08/new-york-city-uniform-traffic-ticket.html

Full text of the bogus email, the ID # in the subject line changes.

Date: Wed, 03 Aug 2011 12:42:23 +0530
From: “N.Y. State Department of Motor Vehicles”
To:
Subject: UNIFORM TRAFFIC TICKET (ID:89254305)

New York State Department of Motor Vehicles

UNIFORM TRAFFIC TICKET (ID:50385056),

POLICE AGENCY
NEW YORK STATE POLICE
Local Police Code 5278

THE PERSON DESCRIBED ABOVE IS CHARGED AS FOLLOWS

Time: 7:25 AM
Date of Offense: 10/10/2011
IN VIOLATION OF NYS V AND T LAW

9690 Description of Violation
SPEED OVER 55 ZONE
TO PLEAD, PRINT OUT THE ENCLOSED TICKET AND SEND IT TO TOWN COURT, CHATAM HALL., PO BOX 117

Certifiedbug.com

AOL Administration Center & Uniform Traffic Ticket Spammed Scams

Healthcare Network

Figures released to the privacy campaign group Big Brother Watch show that 806 separate incidents involving patient medical records being compromised took place at 152 NHS trusts between July 2008 and July 2011.

The group, which obtained data from the majority of NHS organisations in the UK, found that breaches included 23 incidents of patient information being posted on social networking sites by staff, 129 separate instances of NHS employees looking up details of colleagues and family members and 57 incidents involving unsecured confidential information being stolen or lost by staff.

Of the 129 incidents concerning healthcare staff inappropriately looking up patient information, 91 related to an NHS employee illicitly viewing the confidential medical details of a colleague. In some cases the individual was found to have revealed the information to other staff.

http://www.guardian.co.uk/healthcare-network/2011/oct/28/nhs-staff-breach-personal-data-806-times

Certifiedbug.com

NHS staff breach the Data Protection Act