Mac OS X TrojanCcatches Sophos' Eye

If you see this on your Mac, beware.

(Credit: Sophos)

A new Trojan has cropped up and it's targeting Mac OS X users, one security firm says.

According to Sophos, the Trojan, called "BlackHole RAT" by its author and "MusMinim" by the security firm, is a variant of the Remote Access Trojan on Windows. The author of the Trojan says the malware is not yet completed, but it already does some annoying things.

Overall, Sophos believes that the prevalence of the Trojan is relatively low. The malware can be removed by using antivirus software.

If a Mac becomes infected, the Trojan places text files on the desktop, puts the computer to sleep, commands it to restart or shutdown, and runs "arbitrary shell commands," Sophos says. It also loads a phishing window to get users to input their administrator password. When a full-screen window pops up forcing users to restart their computer, a rather disconcerting message is displayed.

"I am a Trojan Horse, so I have infected your Mac Computer," says the text in the Trojan, according to Sophos. "I know, most people think Macs can't be infected, but look, you ARE Infected! I have full controll (sic) over your Computer and I can do everything I want, and you can do nothing to prevent it.

"So, Im a very new Virus, under Development, so there will be much more functions when I'm finished," the text continues.

The text in the Trojan will surely fuel the long-running debate over whether Mac OS X really is more secure than Windows. Those in the Apple camp point to the numerous Windows security issues that have broken out over the years, compared to the few on Mac OS X, to try and prove that Apple's platform is more secure. Those in the Windows camp believe security is a money game, and malicious hackers have more revenue to generate by targeting all the Windows users in the world, rather than the smaller number of Mac OS X users. It's simply that hackers have ignored Mac OS X, they say.

Sophos says that BlackHole RAT infects computers through downloads over the Web. It might also find its way to the user's Mac through "a vulnerability in your browser, plugins, and other applications."

Source: http://news.cnet.com/8301-13506_3-20037158-17.html#ixzz1FIAb22V9

Report: Canadian Cyberattack Traced To China

A cyberattack against Canada that tried to access classified government information and forced two key departments to go offline has been traced back to China, according to a story today from CBC News.

Sources told the CBC that the attacks were initially discovered in early January but that it's unknown whether the attackers themselves were in China or just directed their attacks through the country to hide their true source.

Specifically, the attacks reached computer systems at the Canadian government's Finance Department and Treasury Board in an attempt to capture passwords for government databases. In response, the government was forced to shut down all Internet access for the two departments, according to the CBC, and only now are public employees slowly getting that access back.

In a brief statement released by the Treasury Board, the Canadian government did confirm an "unauthorized attempt to access its networks," but provided few other details beyond that, according to AFP.

In response to a request for comment, Canada's Public Safety Department e-mailed CNET the following statement on behalf of its minister, Vic Toews:

"We do not comment on the details of security related incidents. That said, our government takes threats seriously and has measures in place to address them. The next phase of our economic action plan is still in development and we have no indication that Budget security has been compromised."

On its end, China has denied any involvement in the attacks.

"What you mentioned is purely fictitious and has an ulterior motive," Chinese Foreign Ministry spokesman Ma Zhaoxu told a new briefing in Beijing, according to Reuters. "China attaches great importance to computer security and consistently opposes and cracks down on hacking activities according to relative laws and regulations."

Though cyberattacks are used as weapons today by many different countries and organizations, China has often been fingered as a major source of online attacks against other nations. A report released in November by the U.S.-China Economic and Security Review Commission pointed to Chinese government involvement in a number of hacking attempts and computer exploits.

Specifically, the USCC found that a Chinese state-run telecommunications provider had redirected traffic for U.S. military and corporate data in April. The group also reported that a China-based spy network was accused of targeting government departments and other groups in India in an attempt to steal sensitive information.

And China was traced as the source behind the cyberattacks launched against Google and other companies in 2009 as a way of targeting human rights activists.

Source: http://news.cnet.com/8301-1009_3-20032813-83.html#ixzz1EjBlLpUI

New Norton CyberCrime Index Rates Rour Risk

A new free tool from the makers of Norton attempts to quantify the real-time state of cybersecurity. It makes its debut today alongside the latest version of Symantec's all-in-one consumer security suite, Norton 360.

The Norton CyberCrime Index lies somewhere between a weather report and the United States' threat level advisory system, and Norton 360 version 5 launches with a direct link to it.

Norton CyberCrime Index (images)

 

The CyberCrime Index uses a statistical model based on information from Symantec's Global Intelligence Network, ID Analytics, and DataLossDB. At the top level, the CyberCrime Index takes this data and creates a number evaluating the relative risk of the threats of the day. However, it also provides a more in-depth look at active threats, threat trends, and provides advice on what kinds of behaviors are being most heavily targeted that day.

Symantec has had the statistical model and algorithm it uses in the CyberCrime Index vouched for by the University of Texas at San Antonio.

The service is set to go live this morning, so check back here later today for a hands-on update.

Symantec isn't forcing the index on any of its users, though the new version of Norton 360 does include a direct link to the service. Version 5 of Norton 360 includes the real-time threat map that debuted in Norton's 2011 consumer suites, along with all the features that were introduced in Norton's 2011 consumer suites last fall. These include updates to Norton's Insight engine, which instantly checks a file's origins and how long it's existed to determine how safe it is. The new version of System Insight also profiles your programs to determine if any of them are slowing down system performance, and automatically alerts users when a program is eating up too many resources.

Now included in Norton 360 is the Norton Bootable Recovery Tool, which will clean heavily infected systems enough to get Norton 360 installed, and can create a rescue tool on disc or USB so that your computer can be resuscitated. The backup features in Norton 360 have been improved, too, adding in automatic file encryption to the backup process. Lastly, Norton Safe Web's social-media scanner has been imported from Norton Internet Security 2011. Currently, it still only supports Facebook, though that's a good start: it will check your Facebook wall and news feeds from within Norton.

Norton 360 version 5 (review) comes with a 30-day trial and can be used on up to three computers. A one-year license with 2GB of online storage retails for $79.99. Bumping that up to 25GB of storage costs $99.99.

 

Source: http://download.cnet.com/8301-2007_4-20032077-12.html

Google Extends Two-Step Log-In Process To All

Now all Google users can take advantage of the two-step log-in procedure previously available to Google Apps customers.

 

This screen can be found in Google under "Account Settings," linked on top of a Google page, and used to set up two-step verification.(Credit: Google)

 

The company started rolling out the option to use two-step verification to Google Account holders today, according to a blog post. The idea comes from a classic security tactic, the notion that accounts are more secure when you log in using two factors: something you know, such as a password, and something that only you have, such as your phone.

Google Apps users started using this feature in September. Account holders log in to Google as usual, but the first time they enable the two-step process they will receive a code via a voice call or text message, or they can generate their own code using a mobile app available for iPhone, Android, or BlackBerry. That code can be saved for 30 days.

Obviously it will be much harder for anyone bent on hacking your account to steal a code sent to your phone (unless you're a valuable enough target to warrant stealing your phone and hacking your password). It's an optional feature, but one strongly recommended by security experts.

Source: http://news.cnet.com/8301-30684_3-20031351-265.html#ixzz1DyYU7wnR

iPhone Passwords Succumb To Researchers' Attack

Researchers at the Fraunhofer Institute for Secure Information Technology in Darmstadt, Germany, have found a way to steal passwords found in the Apple iPhone's keychain services within six minutes.

In order to steal passwords, the researchers said, the attacker must have have the actual, physical iPhone in hand--this isn't a remote maneuver. First, the attacker has to jailbreak the iPhone, and from there then must install an SSH server on the smartphone to be able to run unrestricted programs. The researchers also created a "keychain access script" that they then copied to the iPhone. After executing that script, they found that they were able to decrypt and see some passwords saved in the keychain.

Over the past year, several iPhone exploits have been revealed by researchers around the world, including some that attack vulnerabilities in the mobile Safari browser. But at least so far, the issues have affected users who jailbreak their own devices. Even in the Fraunhofer Institute's case, a non-jailbroken iPhone will not reveal keychain passwords. Jailbreaking is the process of bypassing the restrictions that Apple sets up to keep users from tinkering with the device's underlying system software.

Researchers said that this latest issue has to do with how iOS handles encryption--namely, that "encryption is independent of the personal password to protect access to the device properly." In other words, even if a user protects access to the iPhone--or any other iOS-based device--with a passcode, it won't be enough to stop hackers from using this method to access saved passwords in the keychain.

It should be noted that the proof-of-concept maneuver would not reveal passwords for Web sites. Services like Gmail, AOL Mail, Yahoo Mail, and others with "protected" passwords "were available to the script only after entering the passcode to unlock the device, which by assumption, should not be possible for an attacker," the researchers noted.

But the folks at Fraunhofer Institute don't necessarily believe that iPhone owners should assume that they will be safe if they don't jailbreak their iPhones. In their scenario, the researchers assumed that the iPhone was stolen and the person who took it knew how to jailbreak the device and create and run scripts. They said in their evaluation of their proof-of-concept that the difficulty level of exploiting the vulnerability is "low."

"Owners of a lost or stolen iOS device should therefore quickly initiate a change of all stored passwords," the researchers wrote in their report. "Additionally, this should be also done for accounts not stored on the device but which might have equal or similar passwords, as an attacker might try out revealed passwords against the full list of known accounts."

Malicious hackers are increasingly turning towardsthe mobile market to target unsuspecting victims.

Earlier this week, security firm McAfee revealed that mobile malware threats were up 46 percent last year. The company said that it expects "cybercriminal activity" in the mobile market to surge in 2011.



Source: http://news.cnet.com/8301-13506_3-20031297-17.html#ixzz1DatgQ2bL

Microsoft To Seal 22 Security Holes This Month

Microsoft today said it will address 22 vulnerabilities as part of next week's Patch Tuesday, three of which are critical.

Three of the 12 bulletin items released by Microsoft earlier today are classified as critical, and affect Microsoft's Windows operating system, with one affecting Microsoft's Internet Explorer browser as well. The rest are classified as "important."

In a post on Microsoft's Security Response Center blog, the company said it will be making fixes for vulnerabilities in the Windows Graphics Rendering Engine, as well as CSS exploit in Internet Explorer that could allow an attacker to gain remote code execution.

Along with the fixes for the rendering engine and the CSS exploit, Microsoft says it will be addressing zero-day flaws that created vulnerabilities in the FTP service found inside of Internet Information Services (IIS) 7.0 and 7.5.

Not included in this month's batch of announced patches is a fix for the recently-discovered script injection attacks that affect Internet Explorer. Acknowledged by the company last week in Security Advisory 2501696, the exploit targeted the way IE handled MHTML on certain types of Web pages and document objects, and could provide hackers with access to user information. According to Wolfgang Kandek, chief technology officer at Qualys, the best route to prevent those attacks continues to be the workaround Microsoft outlined in its initial security advisory about the problem.

Microsoft has a full list of the pending issues here.



Source: http://www.news.cnet.com/8301-1009_3-20030613-83.html#ixzz1DPGp6pCT