The FBI is willing to pay top dollar to download some malware

FBI

The Federal Bureau of Investigation is willing to pay top dollar for the malicious, infectious software the rest of us pay to keep out of our computers, according to the Federal Business Opportunities website.

A Monday price quote request by the Investigative Analysis Unit of the agency’s Operational Technology Division is asking computer security developers and retailers to help the agency build a library of malware for an undisclosed reason, letting the companies name their price.

“The IAU has a team of highly trained technical analysts, specialists and engineers providing on-scene technical support, employing innovative, custom developed analytical methods and tools to analyze collected data,” the request reads. “Critical to the success of the IAU is the collection of malware from multiple industry, law enforcement and research sources.”

The agency’s minimum specifications for malware to purchase include 35 gigabytes of shareable malware per day, updated every 24 hours, across a wide range of file types.

“The collection of this malware allows the IAU to provide actionable intelligence to the investigator in both criminal and intelligence matters,” the request states, describing the acquisition of malware as ”critical to the success of the IAU’s mission to obtain global awareness of malware threat.”

The request also indicates the FBI will test any such malware before purchase, and that it will notify vendors when and where to send the software, after which the test products will be deleted due to “the nature of the solicitation.”

Initial descriptions and quotes for malware packages are due on Feb. 14.

Avira starts blocking some browsers and email clients

Avira Antivirus Logo

Since yesterday, some Avira Internet Security users have only been able to use their web browsers if they first disable Avira Web Protection. According to Avira, some customers are getting a “data structure error” that requires a complete uninstall and fresh installation of the program.

However, users in the Avira forum are saying that reinstalling does not solve all their problems: activating IPv6 support and the Drive-by protection causes new browsing issues – this appears to be a Java-related problem, particularly if the latest version, Java 7, is installed. Disabling browser protection is the only way to get around the problem. Chrome, Opera, Firefox and the Thunderbird email client are all affected. Avira has acknowledged that there is an issue with Avira Web Protection and the recently released Chrome version 28; the problem is currently being investigated.

The cause of the problem is not known, but may have been the result of a regular signature update. The recently announced forced upgrade of 2010 and 2012 versions to the 2013 version seems to be unrelated.

Source: H-Online

Update 1:

There are a temporary fix for now: http://www.avira.com/en/support-for-home-knowledgebase-detail?kbid=1500

Chrome 28 with new Blink engine and Rich Notifications

chrome-logo

Google has released the stable version 28 of its Chrome browser. It is the first version to use the new Blink engine for rendering web pages and it appears that the new engine will allow web pages to be loaded about ten per cent faster. The developers say that the increased speed is also thanks to the new threaded HTML parser, which frees up the JavaScript thread, allowing DOM content to be displayed faster. The HTML parser also takes fewer breaks, which is said to result in time savings of up to 40 per cent. Another contributor to the faster working speed is the optimized V8 JavaScript engine.

Rich Notifications are another new Chrome feature. Chrome already supported basic notifications, but with the new notifications users can be shown, and can interact with, tips and information outside of the browser. For example, a pop-up window in the Windows task bar can inform users when a new email arrives. Notifications can contain pictures, buttons and URLs as well as text. The notifications are handled by a notification center outside the browser, which not only allows the information to be displayed without a running browser but also serves as somewhere a user can consult to see what notifications they have missed.

Chrome’s new Rich Notifications in action
Source: Google

Rich Notifications replace HTML-based notifications in the Chrome extensions: HTML-based notifications are no longer supported in version 28. Comprehensive instructions for developers are available. At the moment, Rich Notifications only work in Chrome OS and Windows – support for Mac OS X and Linux is said to be coming.

Version 28 also closes various security holes including a richly rewarded use-after-free issue with network sockets and a well-rewarded fix to a HTTP/SSL man-in-the-middle attack. Other rewarded bugs included two use-after-free issues in input handling and resource loading, plus an out-of-bounds read in SVG, all found by Chrome bounty regular miaubiz, a screen data leak through GL textures with Windows and NVIDIA cards, and a lack of entropy in renderers.

The updated browser is available to download for Windows, Linux and Mac OS X or, for existing users, will arrive automatically. Chrome has also seen its Flash player updated to version 11.8.800.97 as noted in Adobe’s patch day.

Firefox 22 enables WebRTC, makes social APIs easier to manage

logo-onlyBetaNews: Mozilla has released Firefox 22.0 FINAL for Windows, Mac and Linux. The update includes some platform-specific improvements — Firefox following display scaling options in Windows, and providing download progress indicators in its dock application icon in OS X — plus a number of other tweaks and improvements.

Other new features include the ability for users to now manage their social API plug-ins via the Add-ons menu (select Services in the left-hand menu to do so), while users can now adjust the playback rate of HTML5 audio and video files (right-click the playback screen and choose Play Speed to do so).

One major behind-the-scenes update is that WebRTC — the technology used for sharing audio/video streaming and data sharing between browser clients — is now fully enabled by default in Firefox. This is achieved by enabling the two remaining components, PeerConnection and DataChannels, the latter of which can be used to reduce latency in real-time gaming by allowing gaming apps to connect peer-to-peer between devices.

Another new feature is the enabling of asm.js optimizations (codenamed OdinMonkey), which Mozilla promises will see major performance improvements. Other performance tweaks include asynchronous canvas updates that will improve WebGL rendering, better memory usage and shorter display times when rendering images.

Other changes include plain text files being displayed with word wrap within the Firefox window and support for using the Pointer Lock API outside of full-screen view. Developers gain access to a new built-in font inspector, plus CSS3 Flexbox as well as a new Web Notifications API have both been implemented. HTML5 support has also been extended to support the new <date> and <time> elements.

Firefox 22.0 FINAL is available now as a free, open-source download for Windows, Mac and Linux.

firefox-22

WordPress hardened with XSS, DoS and SSRF fixes

WordPressWith the second security and maintenance release of WordPress 3.5, the developers of the popular open source blogging software have closed 12 bugs, seven of them security issues. In their announcement, the developers “strongly encourage” all users to update all their installations of the software to version 3.5.2 immediately. In addition to the fixed vulnerabilities, the new release also includes some proactive changes intended to harden the platform against attacks.

Security fixes in this release include measures to prevent server-side request forgery (SSRF) attacks. The TinyMCE editor, the external SWFUpload library and other components have been updated to fix cross-site scripting (XSS) holes; WordPress’s own SWFUpload fork is used by the blogging platform to transfer files to the server, while TinyMCE is used as the software’s content editor. A problem that could be exploited by attackers to perform denial-of-service (DoS) attacks on sites that use WordPress’s password protection for posts has also been fixed.

WordPress 3.5.2 is available for download from the project’s web site. Alternatively, existing users can update automatically via DashboardUpdates in the WordPress admin interface. The source code for WordPress is licensed under the GPLv2 or later.

Cross-posted from Heise-Security.

iPhone Notifications to Google Glass

Google has already released a MyGlass Companion app for Android via the Play Store, and although a corresponding iOS version has yet to manifest itself  in the App Store, the company has already noted that iPhone users will not be neglected when it comes to the early 2014 public launch of Google Glass.

In the meantime, the PostOffice tweak will work just fine for those with a jail-broken iPhone, and although there’s not much to it aside from one or two settings, it does what it purports to do in pushing notifications through Glass.  The free tweak is available via the BigBoss repository in Cydia, To configure the way your notifications are re-routed to Glass you navigate to your native Settings and configure the way your notifications are re-routed.  Google Glass currently may only be in the hands of creative individuals, some competition winners and a handful of developers, but that has not prevented the tech world from getting itself excited about the internet giant’s technological headgear. Last month, one such creative individual, Adam Bell, had managed to route iOS notifications through to Google Glass using some kit he has thrown together, and now a tweak has emerged offering a simpler way for such a process to be achieved.

Google Glass

Since Google Glass is based on Android, its hacking potential is huge, and although we are likely to be treated to some interesting and potentially groundbreaking apps, the things that could be achieved when developers work inside Glass’ framework cannot be underestimated.  With support for iOS likely to be a step behind Android and thanks to the jailbreak community, iPhone users with that developer mentality will be able to have large amounts  of fun with Google Glass once it eventually does become available to the general public.  Google has indicated that it’s product will become available early next year, although this could naturally be subject to delays. But as this amazing new technology is so fresh, it is likely going to cost a month’s salary (depending where you work!)

Symantec updates Norton 2013 range to v20.4

NIS IconSymantec has updated its suite of Windows security products with the release of Norton Antivirus 2013 v20.4, Norton Internet Security 2013 v20.4 and Norton 360 2013 v20.4.

Version 20.4 is primarily a bug-fix release, with some notable fixes, but also tweaks the user interface.

One visible change for users who also have Malwarebytes Anti-Malware Free installed as additional protection is a fix that prevents Norton from blocking or flagging up MBAM as incompatible.

The latest update also resolves an issue where the Safe Web annotations for checking search results for safety and privacy were not appearing in the US version of Google.com. Also corrected is an issue whereby Intrusion Prevention was incorrectly flagged as switched off when Norton AntiSpam was being opened from Microsoft Outlook.

English users will find a new widget – Backup – has been added to the main product page, while the Norton Safe Web widget has been removed, although it continues to function and appear within all compatible web browsers. The Backup widget refers to Symantec’s cloud backup, sync and sharing solution, currently called Norton Zone.

Two other fixes include making buttons in high-contrast mode more visible and ensuring the Scan Items tab scroll bar always appears.

You can find the complete release note in Norton Community Forum: Product Update – 20.4 of Norton Internet Security and Norton Antivirus

Facebook Virus That Drains Your Bank Accounts: What You Need to Know

This post has been shared originally by Malwarebytes Blog:

The word about the Zeus Trojan back on Facebook has spread as fast as the malware itself across many news sites.

Awareness and education about online dangers is essential but headlines like “Malware That Drains Your Bank Account Thriving On Facebook” instill fear while at the same time blame Facebook — something that may not be entirely justified.

Malicious links on social networking sites are nothing new (Twitter, Linkedin to name a few). They have been, and continue to be, abused by spammers to peddle fake AV or redirect to exploit sites distributing all sorts of nasties.

So what exactly is all the fuss about? Let’s have a look at this example reported by the New York Times.

FB

 

The fraudulent/spammy posts appear to be from either fake Facebook accounts or ones that were hijacked. The links all seem to have a similar pattern, where the country-code top-level domain name (ccTLD) is “tk”. This ccTLD belongs to Tokelau, a small territory part of New Zealand that’s regarded as a hotbed for all sorts of online fraud. Suricata/Emerging Threats even has a detection rule for “.tk” domains: “ET CURRENT_EVENTS DNS Query to a .tk domain – Likely Hostile”, which sums their trustworthiness rather well.

In this particular case, the “.tk” domain seen here is simply used as a redirector to another domain, 2bestmall . com

counterfeit

Here we have a classic case of counterfeit merchandise where big brand names are advertised at 78% off of MSRP. Visitors who make a purchase have their payment processing done through another intermediary known as billingcheckout . com, which has a rather poor reputation according to Web of Trust (WOT).

checkout

The domain name billingcheckout.com was registered through TODAYNIC.com, INC, a Chinese registrar with unsurprisingly bogus registrant information. Ordering counterfeit goods may not be the smartest of ideas if the parcel is intercepted at the customs, and trusting a “company” like this with your credit card is definitely not something you want to do.

As far as the Zeus malware connection, the counterfeit website we identified belongs to an interesting hosting company that has many ties to malware activity:

safebrowsing

What’s more, if you dig deeper you will find the link to Zeus (courtesy of abuse.ch):

zeus

The Zeus Trojan is a rather notorious piece of malware that became extremely popular and inspired offshoots such as the Citadel Trojan. It sits in the background and waits for the user to log into a sensitive site (such as a banking login screen) so that it can steal the password or even display fake pop-ups requiring the victim to enter additional confidential information.

It’s not the first time and it won’t be the last that links posted to Facebook pages and profiles will contain or redirect to malware. But does Facebook really sit idle while its users get infected? Not quite, as the social media platform has partnered with many security companies to offer a safer experience, including both WebSense and WOT.

webs

wot

I also feel this is a bit of a cheap shot because that same spam can be found elsewhere. This same ad has also appeared on Google’s Blogger, a service that I and many other professionals use to maintain their own blogs:

blogger

Facebook happens to be the largest social networking site and as such is one of the most coveted platforms for the bad guys, just like Microsoft’s Windows is for the operating systems.

These kinds of statements made from online news sources on this topic have undermined the incredible amount of work and resources spent on fighting cyber-crime, and fail to show the realities security researchers face every day. Cyber-criminals constantly adapt and up their game to defeat every new security measure put in place. Whether they are financially or politically motivated, cyber attacks will always exist.

End-users need to rely on a layered defense approach to best protect themselves. It is nice to know that Facebook and Google continue to try and protect us from browsing malicious sites, but we cannot expect them to block 100% of attacks. As always, good security software and best practices (such as being careful before clicking links) go a long way towards saving you from all the online dangers out there.

Google cuts grace period for vendors of vulnerable software

new-google-favicon2[4]Google is shortening the amount of time it gives to makers of vulnerable software and web services if there is imminent danger. The Google security team say that if they encounter a zero-day issue that is already being actively used for cyber attacks, it will grant the affected manufacturer just seven days grace to fix the vulnerabilities or publish an advisory with mitigation strategies for users.

After seven days, Google wants to publish details of the vulnerability in such a way that users of the vulnerable software can protect themselves from attacks. Previously, the company had given vendors sixty days before it went public with details of vulnerabilities. Google says, though, that it has found zero-day vulnerabilities being used to target a limited subset of people and this targeting makes the attack more serious than a widespread attack and more important to resolve quickly, especially where political activists are being compromised and the attacks can have “real safety implications” in some parts of the world.

Google admits the seven day period is an “aggressive time frame” but that it offers sufficient time for a vendor to either publish advice on how to, for example, temporarily disable a service, restrict access or offer contact information to provide more direct assistance. “Each day an actively exploited vulnerability remains undisclosed to the public and unpatched, more computers will be compromised” says Google saying it also plans to hold itself to the same standard and hopefully improve the coordination of both web security and vulnerability management.

via http://h-online.com/-1873878

Google Overhauls Gmail to Take On E-Mail Overload

gmail-logoNYTimes posted: On Wednesday, Google introduced a new in-box design for its e-mail service, Gmail.

In a blog post announcing the new design, the company said it wanted to help people quickly sort through their messages to determine which ones were important and which ones could wait until later.

The revamped Gmail automatically sorts incoming messages into categories, which appear as three tabs — primary, social and promotions — that users can toggle between in their in-box. The primary tab contains the e-mails that the service thinks are most important. Social contains message updates from various social networks, like LinkedIn, Tumblr and Yelp. Promotions contains newsletters, party invites and concert announcements. Users can also select to add additional tabs to help manage electronic bills, banking statements and messages from forum boards.

“We get a lot of different types of e-mail: messages from friends, social notifications, deals and offers, confirmations and receipts, and more,” wrote Itamar Gilad, a product manager at Google, in the post. “All of these e-mails can compete for our attention and make it harder to focus on the things we need to get done.”

Mr. Gilad said Google’s new in-box is “organized in a way that lets you see what’s new at a glance and decide which e-mails you want to read when.”

The new in-box will begin rolling out for the desktop first, and eventually be available on mobile and tablet applications.