Iran Targeted In New Malware Attack

Iran is investigating new malware dubbed "Stars" that government officials say is being targeted at the country as part of ongoing cyberattacks.

"The particular characteristics of the Stars virus have been discovered," Gholamreza Jalali, commander of the Iranian civil defense organization, told the Mehr news agency according to Reuters.

"The virus is congruous and harmonious with the (computer) system and in the initial phase it does minor damage and might be mistaken for some executive files of government organizations," he said, declining to specify what equipment the virus targets.

Jalali said efforts to contain last year's Stuxnet infections are ongoing and called on the foreign ministry to take action to stop the "cyber wars" against the country.

Officials in Iran have accused the U.S. and Israel of being behind Stuxnet, which spread through Windows holes and targeted specific Siemens industrial control software. Experts speculate it was written to sabotage Iran's nuclear program.

Source: http://news.cnet.com/8301-27080_3-20057103-245.html#ixzz1KrFJA3Gs

Match.com To Screen For Sex Offenders

(Credit: Chris Matyszczyk/CNET)

Match.com will start checking its members against a national sex offenders registry.

The company expects to start the new policy in 60 to 90 days, Match.com told CNET this morning, and confirmed that the policy will affect both new and existing members.

Match.com has been considering the option for a while, but yesterday's decision was hastened as a result of the attention brought on by a lawsuit filed last week, spokesman Matthew Traub told the Associated Press yesterday.

A woman in California has sued Match.com, claiming she was sexually assaulted by a man that she met through the online dating service. Arguing that the woman had no idea her date had been convicted of sexual battery, the suit is seeking an injunction to stop anyone from joining Match.com until the company sets up a process to screen for convicted sex offenders.

Match.com president Mandy Ginsberg told the AP that the company had been hesitant to implement such screenings due to their "historical unreliability." But discussions with advisers over the past few days convinced Match.com that certain improvements have made sex offender registries more accurate, prompting the dating service to reverse its stance.

To conduct its screening, the company will tap into a national registry of sex offenders set up by the federal government. This registry pulls together information from the 50 states and other U.S. territories and lets users search for sex offenders by name as well as location.

Since the registry relies on coordinating data from a variety of different local sources, Match.com is cautioning that these types of checks can still be highly flawed.

"It is critical that this effort does not provide a false sense of security to our members," Match.com said in a statement sent to CNET. "With millions of members, and thousands of first dates a week, Match.com, like any other large community, cannot guarantee the actions of all its members. Match.com is a fantastic service, having changed the lives of millions of people through the relationships and marriages it has given rise to, but people have to exercise common sense and prudence with people they have just met, whether through an online dating service or any other means."

Match.com advises its members to read and follow the safety tips that it posts on its Web site to better protect themselves both online and offline.

Update at 11:10 a.m. PT: Added statement and information from Match.com.

Source: http://news.cnet.com/8301-1009_3-20054881-83.html#ixzz1JzbtLGBO

New Fake Antivirus Accepts SMS Payments

There's a new twist with some fake antivirus scareware that has cropped up. It accepts payment via SMS, according to antivirus firm CyberDefender.

Typical rogue security programs infect the system first, then display pop ups warning that the computer is infected, and request payment to clean it up. The new programs are seemingly more genteel, asking for the money before the program is installed and infects the system, said Achal Khetarpal, threat research director at CyberDefender. Of course, a payment does nothing to "fix" a system and means criminals now have your money and possibly your credit card information.

When a potential victim happens upon a Web site hosting the malware, a dialog box pops up that looks very much like an installer window for a legitimate antivirus product, according to screenshots from CyberDefender. It says "Welcome to" and names a popular antivirus software and suggests closing other applications. If the victim falls for the ruse, it then displays a message that says "To complete installation, you must go through activation" and offers several ways to pay, including SMS (Short Message Service), WebMoney, and credit card.

If you click "cancel," the program won't install, compared with typical fake antivirus programs that have already infected the system by the time the victim realizes what is happening and keep displaying the annoying pop-up messages, even after reboot, Khetarpal said.

The company has seen five versions of the rogue security programs masquerading as software from Avast, Norton, McAfee, BitDefender, and RootKitBuster, and they, as usual, target Windows systems.

Khetarpal could not say how widespread the malware is but said he has seen it in a "lot of Web sites" and in relation to search results for popular and trending topics.

Fake AV scammers aren't the only ones to hop on the SMS payment bandwagon. Scammers were found to be seeking payment by SMS for fake browser updates earlier this year, according to GFI Labs.

Source: http://news.cnet.com/8301-27080_3-20052203-245.html#ixzz1JFJAj0pp

McAfee: Cybercrooks Target Corporate Trade Secrets

Cybercriminals are increasingly moving from stealing just personal data to capturing trade secrets and other corporate intellectual capital that they can easily sell through the underground market, according to a new report from McAfee and the SAIC.

In today's release of a new study, "Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency" (PDF), McAfee and the Science Applications International Corporate find that the theft of trade secrets, marketing plans, R&D data, and even source code is on the rise, especially as such information is often unprotected.

Based on a global survey of IT professionals, the report uncovered a number of findings.

A quarter of the companies surveyed said a data breach or just the threat of one has put a halt on plans for a merger or new product launch. Among those that actually suffered a data breach, only half of them took the necessary steps to prevent it from happening again.

Among companies that have been hit by cyberattacks, only about 3 in 10 have reported all such breaches, while 6 in 10 picked and chose which ones they reported. Along those lines, many organizations specifically look to store their data in countries where the laws are more lax over reporting data breaches to customers.

Hit by the recent economy downturn, many companies have been looking at cheaper ways of processing and storing their information abroad despite the potential risks, the report said. Across the world, China, Russia, and Pakistan are thought to be the least secure areas for storing critical data, while the U.S., U.K., and Germany are perceived to the safest. Currently, companies in the U.S., China, and India spend about $1 million a week to secure their sensitive data outside their own countries, the report said.

The information technology industry itself continues to be challenged trying to secure the wave of iPhones, iPads, and Android devices that employees are increasingly using on the job for sharing data, the report found.

"Cybercriminals have shifted their focus from physical assets to data-driven properties, such as trade secrets or product planning documents," said Simon Hunt, vice president and chief technology officer for endpoint security at McAfee. "We've seen significant attacks targeting this type of information. Sophisticated attacks such as Operation Aurora, and even unsophisticated attacks like Night Dragon, have infiltrated some of the of the largest, and seemingly most protected corporations in the world. Criminals are targeting corporate intellectual capital and they are often succeeding."

To generate the report, McAfee and the SAIC worked with Vanson Bourne to survey more than 1,000 senior IT decision makers across the U.S., U.K, Japan, China, India, Brazil, and the Middle East during November and December of last year. This latest report is a follow-up to a 2008 report entitled "Unsecured Economies," which at the time found that cybercrime was costing companies more than $1 trillion globally.

Source: http://news.cnet.com/8301-1009_3-20047876-83.html#ixzz1HvdyapDY

Sony: PS3 Hacker GeoHot Fled To South America

date, 7:01 p.m. PT:with Hotz saying he is on a long-planned vacation.

If you've been following the drama between Sony and hacker GeoHot (aka George Hotz) then you're in for a fun twist today: Sony is accusing Hotz of fleeing the country, but Hotz says he's just enjoying spring break.

Sony makes the allegation in a court filing (PDF, see page 2, line 24) dated Friday.

After news stories began appearing today, Hotz wrote a blog post to set the record straight.

"Actually, it's true I'm in South America, on a vacation I've had planned and paid for since November. I mean, it is spring break; hacking isn't my life," he writes. "Rest assured that not a dime of legal defense money would ever go toward something like this. And of course [Sony-employed law firm Kilpatrick Townsend & Stockton] loves the idea of painting me as an international fugitive. I have been in contact with my lawyers almost every day; I would not let the case suffer."

George Hotz telling Sony how he feels.

(Credit: YouTube)

Hotz is well known for reverse-engineering the multi-digit code that allows the installation and execution of non-Sony-recognized code onPlayStation 3s, essentially allowing anyone with a PS3 to run homebrew software, or even pirated games.

A federal magistrate a couple weeks ago OK'd Sony's request for Hotz to hand over his hacking gear--his PS3 consoles, computers, and other equipment--untouched. It seems that before turning the stuff in, he allegedly made edits, deleting key evidence that Sony likely planned to use against him.

What's more, Hotz was allegedly caught lying about having a PlayStation Network (PSN) account. But Sony says it was able to prove that in February of last year, Hotz allegedly purchased a new PS3 and, tracing the serial number, Sony says it concluded that he had set up a PSN account under the screen name "blickmanic," which is also a name Hotz used on previous Web forums oniPhone jailbreaking.

Besides jailbreaking PS3s for non-sanctioned use on PSN, Hotz was a very vocal and active member of the iPhone/iOS jailbreaking community, bringing several key userland jailbreaks to the devices, including blackra1n and limera1n. While Apple consistently moved to patch the exploits Hotz used in its software, it never went overtly litigious as Sony has.

It's unclear what will happen in this case next. It's not publicly known where in South America Hotz is staying, what gear he has with him, and what assets he has access to. Recently, a court granted Sony access to Hotz's donation-based PayPal account, so that cash source may well be totally unavailable.

Whatever the case, we expect this to be far from over. There are egos, weird and obscure copyright laws, and potentially millions of dollars still at stake. If you're like me, you might want to make some metaphorical popcorn as well.

Source: http://news.cnet.com/8301-17938_105-20046386-1.html#ixzz1HdF1RaLX

Microsoft And Feds Bring Down Spam Giant Rustock

Rustock, purveyor of more e-mail spam than any other network in the world, was felled last week by Microsoft and federal law enforcement agents.

A lawsuit by Microsoft that was unsealed at the company's request late today triggered several coordinated raids last Wednesday that took down Rustock, a botnet that infected millions of computers with malicious code in order to turn them into a massive spam-sending network.

"This botnet is estimated to have approximately a million infected computers operating under its control and has been known to be capable of sending billions of spam mails every day," Richard Boscovich, senior attorney in the Microsoft Digital Crimes Unit, wrote in a blog post today.

The Wall Street Journal first reported that it was Microsoft's digital crimes unit, working in concert with U.S. marshals, that raided seven hosting facilities across the country and seized the command-and-control machines that ran the network. Those are the servers that send instructions to the fleet of infected computers to dish out spam messages hawking such items as phony lottery scams and fake and potentially dangerous prescription drugs.The takedown was known internally as Operation b107.

Hard drives seized yesterday at a hosting facility in Kansas City, Mo.(Credit: Microsoft)

Shutting down Rustock could put a huge dent in spam worldwide. Tech security giant Symantec estimated last year that Rustock was responsible for 39 percent of the world's spam. Global spam levels dropped 12 percent after Dutch authorities took down a Trojan horse named Bredolab last November.

Rustock's demise surprised the cybersecurity community last week, which often works in unison to corral spammers. According to an earlier Journal blog post, spam monitors didn't know why the botnet's activity halted. It was clear at the time that the effort was coordinated and complete.

Microsoft's digital crimes unit has long worked with law enforcement to track down and eliminate spammers, botnets, and other malicious code creators. Government authorities rarely have the resources to spend on the investigations, something Microsoft willingly finances since it has a vested interest in keeping people e-mailing.

Source: http://news.cnet.com/8301-10805_3-20044480-75.html#ixzz1HG6VXOoH

Critical Flash Flaw Won't Be Fixed Until Next Week

Adobe Systems has discovered a "critical vulnerability" in its Flash Player that might cause all kinds of trouble for users.

The company said yesterday that the flaw could cause a user's computer or mobile device to crash--and, more concerning, that the vulnerability could "potentially allow an attacker to take control of the affected system." So far, the company has discovered that the vulnerability is being exploited in Flash files, as well as through Microsoft Excel. Adobe said that the issue hasn't affected Reader or Acrobat.

The flaw affects Adobe Flash Player 10.2.152.33 and earlier versions of the platform running on every major operating system, including Windows, Macintosh, Linux, and Solaris. It's also an issue on Android devices running Flash 10.1 and earlier.

That last point is destined to spark some controversy.

Unlike Android, Apple's iOS mobile operating system has never supported Flash. Instead, iOS supports HTML5, a standard that Apple believes will eventually overtake Flash. But it goes beyond just getting behind an alternative to Flash. Apple's big issue with Adobe's offering stems from the potential security headaches.

Writing last year in an open letter on his company's Web site, Apple CEO Steve Jobs said that "Flash is the No. 1 reason Macs crash." He also cited a report from security firm Symantec, saying that it "highlighted Flash for having one of the worst security records in 2009."

"We don't want to reduce the reliability and security of our iPhones, iPods, and iPads by adding Flash," Jobs wrote.

Adobe plans to release a fix for the vulnerability sometime next week. Until then, the company warned users to "follow security best practices by keeping their anti-malware software and definitions up to date."

Source: http://news.cnet.com/8301-13506_3-20043248-17.html#ixzz1GyQYzbnp