New Facebook Clickjacking Worm

Graham blogged about a Facebook clickjacking worm back in May which we dubbed Likejacking — for a number of weeks the threat ran rampant throughout Facebook. Since then, it has calmed down quite a bit and we don’t see much likejacking anymore. However, today we came across a new form of clickjacking where, instead of tricking the user into liking something, it tricks them into using the Facebook “Share” feature without requiring the user to acknowledge the fact that they’re sharing it.

It starts off on a suspicious looking Facebook fan page where they offer the opportunity to see the “Top 10 Funny T-Shirt Fails ROFL.” Once the page is loaded, it loads the appropriate tab and grabs the malicious script from an external domain that silently forces the user automatically share the page on their profile.

Users running the Firefox plugin NoScript who click on the Next button on step 2 will notice the following warning popup.

Had you not been running NoScript you’d notice, or more likely you wouldn’t notice, that your profile page would now have shared content linking users to a malicious domain. Clicking the link sends you to one of many fan pages all serving the exact same content. It seems a fan page is chosen at random.

Complete details with images in

Mozilla: Firefox Security Bug Won’t Fool Users

UPDATED:  Despite the red flag raised by a security researcher, Mozilla says users are not likely to be duped by a bug that can be used to bypass an alert meant for obfuscated URLs in Firefox.

A bug in the Firefox browser that can be used to bypass an alert for obfuscated URLs is unlikely to trick users, according to Mozilla.

The flaw was uncovered by Armorize Technologies researcher Aditya K. Sood, who warned it could be used by purveyors of malware to increase the chance of leading users to malicious sites.

According to the bug report Sood filed to Bugzilla in June, Firefox implements a check when "a URL obfuscation is done in the address bar." Normally, the browser will display a warning if a user clicks on a link that contains a disguised address. However, if IFrames are used with the obfuscated URL, the alert notification is bypassed.

“On performing analysis of various malware, a bug has been noticed in all version[s] of Firefox which fails to generate an alert when [an] obfuscated URL is being placed in IFrames," Sood explained Aug. 16 in a blog post. "In certain cases, it can be used effectively in spreading malware and stealing sensitive information.”

Johnathan Nightingale, Mozilla’s director of Firefox development, however, said it was unlikely the bug could be effectively used by attackers to trick users. For this reason, Mozilla does not plan to issue a fix, according to the company’s Security Blog.

Computer virus hits secretary of state’s computers

SANTA FE, N.M. (AP) – Secretary of State Mary Herrera says her office has been the target of computer system attacks during the past four months, including a virus that places links to pornographic websites into a computer.

Herrera said Tuesday her laptop was among those infected with "malware" or malicious software that was disguised as antivirus software.

Herrera said her office is working with the state Department of Information Technology to safeguard computer equipment.

KOB-TV first reported the computer virus problems.

Herrera said the computer attacks did not jeopardize the state’s voter registration database or personal information about victims of domestic violence, who can have their mail delivered confidentially through a program administered by her office. The confidential information is maintained in paper files, she said.

facebook Hacker – A Dangerous Tool

A do-it-yourself kit that will enable ill-intentioned people to steal usernames and passwords to all kind of accounts

Phishing is known to be the weapon of choice for all cybercriminals that are after login credentials. However, a new attack tool – facebook Hacker – has drawn attention to the ill-intentioned people in need of passwords and usernames that are not theirs.

This do-it-yourself kit helps the wrong doer steal login credentials from whoever was targeted without the user even having to type in any of these desired fruits.

The kit is intuitive, thus extremely easy to configure, just like any do-it yourself hack tool designed with the “skiddie” in mind. There are only two fields that need filling in: a disposable e-mail and a password that will eventually constitute the location where the stolen information is to be delivered to.

After clicking the “build” button, a server.exe file is created and deposited into the facebook Hacker folder along with the initial files. This server.exe file is to be sent to the intended victims.

Once run, the malicious tool will snatch the victim’s Facebook® account’s credentials, along with all the usernames and passwords that we carelessly ask the browser to remember for us. Yes, because facebook Hacker also targets the Internet browser and Instant Messaging clients to pick up the entire list of “remembered” identification data.

In order to successfully collect passwords, the malicious binary includes applications able to squeeze data out of the most popular browsers on the market, as well as of almost all instant messaging clients available. To add insult to injury, the application also enumerates all dialup/VPN entries on the computer and displays their logon details: User Name, Password, and Domain.

To avoid detection, the facebook Hacker will also look for all the processes related to a security suite and kill them upon detection. It is important to mention that it is accessorized with a hard-coded list of processes associated with AV solutions that are to be checked and stopped, if found.

Complete article with screenshots in

Advanced Notice: Microsoft Security Essentials & Forefront Client Security Engine Update

Microsoft is planning to release a new engine version of Microsoft Security Essentials (MSE) and Forefront Client Security (FCS) on August 19, 2010
Engine Version will be in the range of 1.1.610X.0

Dell teams with Juniper, SecureWorks

Dell has partnered with Juniper Networks and SecureWorks to roll out security products aimed and small and medium enterprises (SMEs) to enable them to identify and manage risks, reports IT Channel Planet.

Dell says its partnership with SecureWorks provides managed security services to SMEs, including day-to-day security monitoring, management and remediation, designed to improve security, achieve regulatory compliance, and lower IT costs.

Steve Felice, Dell president, consumer, small and medium business, says: “It is difficult and increasingly complex for midsize businesses to assemble the resources to protect against the numerous security threats they face, a data breach through the network, data leakage by employees, malware attacks or lost laptops.” hit in latest mass hack attack

Cupertino succumbs to Jedi server trick

A hack attack that can expose users to malware exploits has infected more than 1 million webpages, at least two of which belong to Apple.

The SQL injection attacks bombard the websites of legitimate companies with database commands that attempt to add hidden links that lead to malware exploits. While most of the sites that fell prey appear to belong to mom-and-pop operations, two of the infections hit pages Apple uses to promote iTunes podcasts, this Google search shows. The malicious links appear to have been removed since Google last indexed the pages in early August.

In all, at least 538,000 pages have been compromised by the same attack. Attacks the bear similar fingerprints but point to different domains, as seen here, here and here – have claimed close to 500,000 more.

“These attacks have been ongoing and are changing pretty often,” said Mary Landesman, a senior researcher with ScanSafe, a Cisco-owned service that provides customers with real-time intelligence about malicious sites. “Interestingly, many of the sites compromised have been involved in repeated compromises over the past few months. It’s not clear whether these are the work of the same attackers or are competing attacks.” […]

The attacks that hit Apple used highly encoded text strings to sneak past web-application filters. SANS handler Manuel Humberto Santander Pelaez has technical details here. They are only the latest in a series of hack attacks to hit large numbers of websites.

Adobe Reader Out-of-band Security Updates on August 19, 2010

Today, Adobe have updated the Security Advisory for Adobe Reader and Acrobat with Vulnerability identifier APSB10-17

Release date: August 5, 2010
Last updated: August 17, 2010

Adobe is planning to release updates for Adobe Reader 9.3.3 for Windows, Macintosh and UNIX, Adobe Acrobat 9.3.3 for Windows and Macintosh, and Adobe Reader 8.2.3 and Acrobat 8.2.3 for Windows and Macintosh to resolve critical security issues, including CVE-2010-2862 discussed at the Black Hat USA 2010 security conference and the Adobe Flash Player update as noted in Security Bulletin APSB10-16. Adobe expects to make these updates available on Thursday August 19, 2010.

Note that these updates represent an out-of-cycle release. Adobe is currently scheduled to release the next quarterly security updates for Adobe Reader and Acrobat on October 12, 2010.

The blog has been edited also:

A Security Advisory has been posted in regards to upcoming Adobe Reader and Acrobat updates scheduled for Thursday, August 19, 2010.

Gartner Says Security Software Market is Poised for 11 Percent Growth in 2010

Worldwide security software revenue is forecast to surpass $16.5 billion in 2010, an 11.3 percent increase from 2009 revenue of $14.8 billion, according to Gartner, Inc. Although the economic downturn slowed security revenue to 7 percent growth in 2009, organizations have indicated an intention to give priority to security budgets.

"Most segments of the security software market will continue to grow over the next few years, although a significant degree of variation is expected between the more-established and less-mature technologies," said Ruggero Contu, principal research analyst at Gartner. "Overall, security will remain one of the fastest-growing areas within the enterprise software market."

Gartner analysts said security software markets will weather the current economic downturn better than in 2001 and 2002, because the market conditions are dramatically different in terms of maturity, penetration, confidence in IT, and geographic and vertical mix.

"Security software vendors that have a balanced mix of channel, new license and maintenance revenue streams and flexibility in contractual terms, such as software as a service (SaaS), open source and outsourcing, have the strongest options for continued growth and to even out the risk," Mr. Contu said. "Shrinking discretionary spending budgets have heightened competition for new maintenance and license revenue streams and placed a renewed emphasis on vendor performance and viability."

The consumer security software market remains the largest security software segment, with 2010 revenue projected to reach $4.2 billion in 2010, up from $3.9 billion in 2009. The endpoint protection platform (enterprise) market is the No. 2 security software segment, with revenue on pace to reach $3 billion in 2010, up from $2.9 billion in 2009.

Use the freeware I think? Microsoft Security Essentials, AntiVir by Avira, Avast by Alwil.

Google Chrome Picked Best Browser for Security, Speed

When it comes to being fast, not crashing and safety and security, which Internet browser is the best? Well according to PCWorld, Google Chrome is.

For security, Chrome opens each site in its own ‘sandbox’ to protect your computer from malware, according to the Detroit News. Chrome was also the last browser standing in a recent annual hacking contest.

I agree of the speed and security thingy on Chrome but there are issues on it.