Security

Vulnerability identifier: APSA08-08.

Customers:

To prevent this potential issue, customers can change their Flash Player settings as follows:

1. Access the Global Privacy Settings panel of the Adobe Flash Player Settings Manager at the following URL: http://www.adobe.com/support/documentation/en/flashplayer/help/settings_manager02.html
2. Select the “Always deny” button.
3. Select ‘Confirm’ in the resulting dialog.
4. Note that you will no longer be asked to allow or deny camera and / or microphone access after changing this setting. Customers who wish to allow certain sites access to their camera and / or microphone can selectively allow access to certain sites via the Website Privacy Settings panel of the Settings Manager at the following URL: http://www.adobe.com/support/documentation/en/flashplayer/help/settings_manager06.html.

Adobe is working to address the issue in an upcoming Flash Player update, scheduled for release before the end of October. Further details will be published on the Adobe Security Bulletin page at http://www.adobe.com/support/security.

Certifiedbug, August 19, 2008.
Adobe Flash ads launch Clipboard hijack attack by Rogues

{ 0 comments }

Gadi Evron’s Time for self reflection after the downfall of Atrivo-Intercage.

{ 0 comments }

Disgruntled users wanting to know how grape.jellycloud.com ended up on their computers will be interested in this article at ValleyWag. Apprantly a tipster informed them Jellycloud went under this weekend, with liquidators repossessing their furniture.

Most of the senior management team at JellyCloud used to work at Claria Corporation, previously known as Gator, the behavioral advertising network.

Roboform became a popular spyware-free alternative to Gator’s eWallet.

The Register: ‘Spyware king’ rests in pieces
Certifiedbug: NebuAd and Claria (Gator) connection
Claria stops spying?

{ 0 comments }

2008 No. 2503 (C. 107)
Criminal Law, England And Wales
Criminal Law, Northern Ireland
The Police and Justice Act 2006 (Commencement No. 9) Order 2008

Security researcher Clive Feather has published excerpts of the Computer Misuse Act highlighting the amendments.

Among other changes, denial of service attacks, (Ddos) carry a maximum penalty of up to ten years behind bars, small wonder the updated CMA is controversial. Spyblog has a critique here.

{ 0 comments }

Fright Fight: Washington Attorney General leading battle against scareware with Microsoft
SEATTLE – Attorney General Rob McKenna stood at the frontlines with Microsoft Corp. in the war against spyware in 2006. Now armed with tougher legislation, the state’s top law enforcement officer, with the world’s largest software company, is charging forward with new lawsuits targeting scareware purveyors.

“The Attorney General’s Office along with Microsoft has yanked the fear factor dial out of the hands of businesses that use scareware as a marketing tool and have spun it toward them,” McKenna said.

“We won’t tolerate the use of alarmist warnings or deceptive ‘free scans’ to trick consumers into buying software to fix a problem that doesn’t even exist,” McKenna continued. “We’ve repeatedly proven that Internet companies that prey on consumers’ anxieties are within our reach.”

The Attorney General’s Office along with Microsoft announced the filing of new cases under Washington’s recently improved Computer Spyware Act during a joint press conference today in Seattle.

“Microsoft is honored to assist Washington Attorney General McKenna in helping to protect consumers from online threats,” said Richard Boscovich, Senior Attorney for Microsoft’s Internet Safety Enforcement Team. “Cybercrime continues to evolve, but with public/private collaboration such as this, we can work to champion tougher laws, greater public awareness and, ultimately, stronger protections for online consumers.”

In 2005, Washington became one of the first states to adopt a law explicitly prohibiting spyware activities and imposing serious penalties on violators. The statute doesn’t stop at outlawing programs that collect personal information, but uses a broader definition of “spyware” and punishes those who mislead users into believing software is necessary for security. The law was updated last session to create additional liability for third-parties that permit the transmission of spyware and to address new types of deceptive behaviors, such as misrepresenting the need for computer repairs.

As of today, the Attorney General’s Office has filed seven suits under the statute.

The Attorney General’s Office filed its latest case today in King County Superior Court against the marketers of a program called Registry Cleaner XP. The civil suit brings five causes of action against James Reed McCreary IV, of The Woodlands, Texas, and two businesses: Branch Software, of The Woodlands, Texas, doing business as Registry Cleaner XP, and Alpha Red, Inc., of Houston, Texas. McCreary is the sole director of Branch Software and CEO of Alpha Red.

McKenna said Microsoft referred the case to the Attorney General’s Consumer Protection High-Tech Unit and has been helpful in assisting the office with enforcement issues.

According to the state’s complaint, the defendants sent incessant pop-ups resembling system warnings to consumers’ personal computers. The messages read “CRITICAL ERROR MESSAGE! – REGISTRY DAMAGED AND CORRUPTED,” and instructed users to visit a Web site to download Registry Cleaner XP.

Computers capable of receiving Windows Messenger Service pop-ups, also known as Net Send messages, were vulnerable to the attacks. Windows Messenger Service, not to be confused with the instant-messaging program Windows Live Messenger, is primarily designed for use on a network and allows administrators to send notices to users.

“Consumers who visited the Web site were offered a free scan to check their computer – but the program found ‘critical’ errors every time,” said Senior Counsel Paula Selis, who leads the Attorney General’s Consumer Protection High-Tech Unit. “Users were then told to pay $39.95 to repair these dubious problems.”

The filings today bring the number of civil spyware actions brought by Microsoft since the Computer Spyware Act was first enacted in 2005 to 17. In 2006, Microsoft and the Attorney General each brought lawsuits against the same group of defendants under the Washington Computer Spyware Act, obtaining permanent injunctions and settlements. Additionally, Microsoft has routinely worked with the FTC and other state and federal law enforcement agencies in the battle against spyware.

Spyware has arguably become the biggest online threat to consumers and businesses since the advent of the Internet. Microsoft has said that 50 percent of its customer-support calls related to computer crashes can be blamed on spyware.

Complaint

Registry Cleaner XP demo

- 30 –

Media Contacts:
Janelle Guthrie, APR, Communications Director, Office of the Attorney General, 360-586-0725 or janelleg@atg.wa.gov
Dan Sytman, Media Relations, Office of the Attorney General, 360-586-7842 or dans@atg.wa.gov

Editor’s Note: The Attorney General’s Office has also brought enforcement actions against companies that market products named Registry Cleaner, Registry Cleaner Pro, Registry Cleaner 32 and related names. Those cases are unrelated and involve different defendants.

Press release

Update
Microsoft also filed five “John Does” lawsuits. Nameless defendents until discovery reveals the identities of the individuals responsible for marketing the scareware, aka ‘rogues’.
The actual products are well known in the security community and forums that help victims of malware infections.

Antivirus 2009
Malwarecore
WinDefender
WinSpywareProtect
XPDefender

The lawsuits were filed under Washington’s Computer Spyware Act.
Microsoft also amended two complaints filed earlier to unmask those running SMP Soft LLC, a Delaware corporation that markets a scareware product called Scan & Repair Utilities.

A few names should ring a bell.

Antivirus 2009
This site is currently under construction!
ICANN Registrar: 1 & 1 INTERNET AG
registrant-firstname: Oneandone
registrant-lastname: Private Registration

Malwarecore
ICANN Registrar: ESTDOMAINS, INC.
Registration Service Provided By: ESTDOMAINS INC
Status: SUSPENDED
Note: This Domain Name is Suspended.
In this status the domain name is InActive and will not function.

XPDefender
ICANN Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Registration Service Provided By: VIVIDS MEDIA GMBH
Status: SUSPENDED
Note: This Domain Name is Suspended.
In this status the domain name is InActive and will not function.

WinDefender
ICANN Registrar: TUCOWS INC.
Registrant: Whois Anonymizer

WinSpywareProtect
ICANN Registrar: GODADDY.COM, INC.
Registrant: Domains by Proxy, Inc.

XPDefender
ICANN Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Registration Service Provided By: VIVIDS MEDIA GMBH
Status: SUSPENDED
Note: This Domain Name is Suspended.
In this status the domain name is InActive and will not function.

{ 0 comments }

Galexia Pty Ltd.

The basic premise of privacy trustmarks is that end users are supposed to have confidence in web sites displaying the trustmark seal, as it presumably indicates that the site adheres to good privacy standards.[2] In practice, although trustmark seals all appear similar, the level of privacy protection varies a great deal. Some seals are backed by detailed standards and independent audits. Other seals are provided with no requirements or checks (other than payment). Some seals include a free dispute resolution service for complaints, other seals have no complaints mechanism or charge consumers for lodging complaints.

It’s a long interesting article, the author’s conclusion is on page 12 here.

Trustmark Schemes Struggle to Protect Privacy (2008)

Source: Sunbelt Blog

{ 0 comments }

Apprantly IP transit provider UnitedLayer has agreed to provide upstream service to Intercage after Intercage agreed to completely sever ties with Esthost.

Intercage, Inc’s website has a holding page, it looks strangely familiar…

UnitedLayer operates out of the same San Francisco colocation facility as Intercage and Pacific Internet Exchange (PIE).

Kind of reminds me of Lizards that give up their tail to escape.

Is anyone else feeling dizzy yet.

Sources:
Report for AS27595
Controversial ISP Intercage now back online
‘Malware-friendly’ Intercage back among the living

{ 0 comments }

EstDomains, Inc: Improved Detection and Prevention System is Live

EstDomains, Inс (http://estdomains.com), announces the launch of new improved and even more efficient version of detection and prevention system oriented to the avoidance of potentially fraudulent transactions, spamming and harmful software distribution that might be performed from the company customers’ accounts.

From the very beginning, EstDomains, Inc (http://estdomains.com), a domain name registration services provider, has undertaken the obligations to provide Internet community with most secure solutions for network presence establishment and running of successful and stable online enterprise. The management of the company also realizes the great necessity of keeping the Internet clean of the fraudulence, harmful software or any disposal of obscene materials. According to the Acceptable Usage Policy, valid for EstDomains, Inc (http://estdomains.com), the appropriate measures are taken against customers who take a risk of using provided services for spam delivery, phishing attempts, distribution or storage of data that may damage user’s computer equipment such as viruses or any other kinds of malware, corrupted codes that are designed with an intention to steal personal data and credit card information or any related materials involved in cybercrime arrangements. Carefully elaborated account monitoring system is used to reveal AUP violation cases among company’s customers. The corrupted account holders are deprived of their account without any refund along with the ultimate right of companies’ services further usage.

In order to prevent crooked customers from being able to continue with their illegal enterprises, the new advanced and more efficient account monitoring system has been applied to the services provided for domain name registration. The improved system is equipped with a whole pack of advanced features that use smart schemes for detailed analyses of the activity performed by an account holder, whose account has been suspended due to violation of AUP terms and conditions. On top of everything else, carefully elaborated clusters also reveals accounts that are registered under different name but in reality belong to a person who has been involved in AUP infringements. Various details, such as IP addresses, minute payments descriptions, personal data analysis, accounts sign up logs and so on, are used for the creation of a common pattern, which indicates characteristic features of one particular person. These patterns are indispensable tool in the further investigations that are led in order to recognize corrupted account holders from other law-abiding customers. The revealed accounts violating AUP are deactivated. As usual, in order to avoid wrong accusations, the domain name holder, whose account contains domain names that violate company’s Acceptance Usage Policy, will receive a notification with a warning and further detailed instruction how to report a mistake. The required information proving that the account is not privy to the delinquent activity of any kind must be submitted within 24 hours.

Once again EstDomains, Inc would like to address the interactive community and ask for help in making the Internet space more safe and user-friendly. Please report infringements that involve the activity of EstDomains, Inc customers to: https://support.estdomains.com.

Wilmington, DE (PRWEB) September 21, 2008.
http://www.prweb.com/releases/2008/9/prweb1357644.htm

Uh huh, kept for historical purposes.

{ 0 comments }

The Identity Theft Enforcement and Restitution Act, S. 2168, was originally introduced in 2007.
http://leahy.senate.gov/press/200711/111607a.html

The House of Representatives Monday night finally approved provisions of the Act which is on its way to the President to be signed into law after its inclusion in another bill to protect former US Vice Presidents, H.R. 5938.

Sen. Patrick Leahy (D-Vt.), sponsor of S. 2168, said in a prepared statement.

The anti-cyber crime Provisions included in the Former Vice President Protection Act would:

• Give victims of identity theft the ability to seek restitution for the loss of time and money spent restoring credit and remedying the harms of identity theft;
• Enable prosecution of those who steal personal information from a computer even when the victim’s computer is located in the same state as the thief’s computer. Under current law, federal courts only have jurisdiction if the thief uses an interstate communication to access the victim’s computer.
• Eliminate the requirement that damage to a victim’s computer exceed $5,000 before charges can be brought for unauthorized access to a computer. The provision protects innocent actors while punishing violations resulting in less than $5,000 in damage as misdemeanors.
• Make it a felony to employ spyware or keyloggers to damage ten or more computers regardless of the aggregate amount of damage caused, ensuring that the most egregious identity thieves will not escape with a minimal, or no, sentence.
• Makes it a crime to threaten to steal or release information from a computer. Current law only permits the prosecution of those who seek to extort companies or government agencies by explicitly threatening to shut down or damage a computer. Violators of this provision are subject to a criminal fine and up to five years in prison.
• Add the remedies of civil and criminal forfeiture to the arsenal of tools available to federal prosecutors to combat cyber crime, and mandate that the U.S. Sentencing Commission review and update its guidelines for identity theft and other cyber crime offenses.

Bill To Fight Identity Theft Headed To President’s Desk For Signature

http://www.govtrack.us/congress/bill.xpd?bill=h110-5938

{ 0 comments }