Security Protection – Harry Waldron MVP Rotating Header Image

April 28th, 2012:

Mobile Security – How can you tell your phone is infected?

A good article documenting the need to review phone bills in detail each month:

Mobile Security – How can you tell your phone is infected? http://securitywatch.pcmag.com/none/296919-how-to-tell-if-your-phone-is-infected

QUOTE:  On a PC the signs are pretty obvious. Your computer slows to a near-screeching halt, your browser re-directs you to random websites, your friends are suddenly calling asking about your career change to become a Viagra distributor (since your email has probably been hacked). Your IT guy can often tell by looking at your process names, as malware authors might name their malicious process ‘svchsot.exe’ to look like a legit one ‘svhost.exe’ (see what I did there?). 

Harder To Tell On a Phone  — According to Kaspersky malware researcher Tim Armstrong, users usually don’t discover something’s wrong until they look at their phone bills and don’t recognize the numbers of text message recipients. Premium rate SMS Trojans are the most common type of mobile malware. This malware disguises itself in a legit-looking app, and secretly sends SMS short codes that bill the caller. Nor will an average user really be able to tell by checking app permissions. Android developers can choose from dozens of permissions, and as Armstrong notes, it’s often impossible to guess which are legitimate and which are warning signs.

FlashBack – New variant attacks both Mac and Windows PCs using Java vulnerability

Both Windows and Mac users are protected if they are up-to-date on security patches.

http://securitywatch.pcmag.com/hacking/297184-new-multi-layer-malware-attack-uses-same-exploit-as-flashback

QUOTE: A malware attack called Flashback infested well over a half-million Macs last week by exploiting a Java vulnerability. All Mac users have since updated to Apple’s recently-released Java update, thereby rendering all Flashback variants powerless. Right. In your dreams! In the real world, hundreds of thousands of Macs remain infested, and a new threat has surfaced that gains entry using the same exploit but goes on to wreak even more havoc.

According to a post by Graham Cluley on Sophos’s Naked Security blog, Sophos researchers determined that this new threat is attacking both Mac and Windows computers through the same Java vulnerability Flashback used. Windows users who permit automatic updates should be safe, as Microsoft patched the vulnerability in mid-February. Windows and Mac users who haven’t updated are vulnerable.

Apple Security – Flashback Removal Tool

ISC highlights recent security update and the creation of a removal tool for the Flashback Trojan attacks circulating in-the-wild. 

Apple Security – Flashback Removal Tool http://isc.sans.edu/diary.html?storyid=12991

QUOTE:  Earlier in the week Apple released a Java update which included software to remove the Flashback Trojan from OS X Lion machines running Java.  The Flashback Trojan removal tool is now also available for OS X Lion machines not running Java. This Flashback malware removal tool is available through the OS X Software Update tool, or from Apple’s download site

Oracle – Critical security advisory for April 2012

DBAs and security teams should apply these patches promptly as numerous products were updated

http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html

QUOTE: Affected Products and Versions Patch Availability

Oracle Database 11g Release 2, versions 11.2.0.2, 11.2.0.3 Database
Oracle Database 11g Release 1, version 11.1.0.7 Database
Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5 Database
Oracle Application Server 10g Release 3, version 10.1.3.5.0 Fusion Middleware
Oracle BI Publisher, versions 10.1.3.4.1, 10.1.3.4.2 Fusion Middleware
Oracle DB UM Connector for Oracle Identity Manager, Version 9.1.0.4 Fusion Middleware
Oracle Identity Manager 11g, versions 11.1.1.3, 11.1.1.5 Fusion Middleware
Oracle JDeveloper, version 10.1.3.5.0 Fusion Middleware
Oracle JRockit versions, R28.2.2 and earlier, R27.7.1 and earlier Fusion Middleware
Oracle Outside In Technology, versions 8.3.5, 8.3.7 Fusion Middleware
Oracle WebCenter Forms Recognition, version 10.1.3.5 Fusion Middleware
Enterprise Manager Grid Control 11g Release 1, version 11.1.0.1 Enterprise Manager
Enterprise Manager Grid Control 10g Release 1, version 10.2.0.5 Enterprise Manager
Oracle E-Business Suite Release 12, versions 12.0.4, 12.0.6, 12.1.1, 12.1.2, 12.1.3 E-Business Suite
Oracle E-Business Suite Release 11i, version 11.5.10.2 E-Business Suite
Oracle Agile, version 6.0.0 Supply Chain
Oracle AutoVue version 20.0.2 Supply Chain
Oracle PeopleSoft Enterprise CRM, version 9.1 PeopleSoft
Oracle PeopleSoft Enterprise HCM, version 9.1 PeopleSoft
Oracle PeopleSoft Enterprise HRMS, versions 8.9, 9.0, 9.1 PeopleSoft
Oracle PeopleSoft Enterprise FCSM, versions 9.0, 9.1 PeopleSoft
Oracle PeopleSoft Enterprise PeopleTools, versions 8.50, 8.51, 8.52 PeopleSoft
Oracle PeopleSoft Enterprise Portal version 9.1 PeopleSoft
Oracle PeopleSoft Enterprise SCM, versions 9.0, 9.1 PeopleSoft
Oracle Siebel Life Sciences, versions 8.0.0, 8.1.1, 8.2.2 Health Sciences
Oracle FLEXCUBE Direct Banking, versions 5.0.2, 5.3.0-5.3.4, 6.0.1, 6.2.0 Contact Oracle Customer Support
Oracle FLEXCUBE Universal Banking, versions 10.0.0-10.5.0, 11.0.0-11.4.0 Contact Oracle Customer Support
Primavera P6 Enterprise Project Portfolio Management, versions 6.2.1, 8.0, 8.1, 8.2 Primavera
Oracle Sun Product Suite Oracle Sun Product Suite
Oracle MySQL Server, versions 5.1, 5.5

Sysinternals – April 2012 Product Releases

This excellent set of Windows utilities was recently updated

ISC: Sysinternals – April 2012 Product Releases http://isc.sans.edu/diary.html?storyid=13006
http://blogs.technet.com/b/sysinternals/archive/2012/04/17/updates-notmyfault-procmon-v-3-01-testlimit-v-5-2-mark-s-webcasts-and-windows-internals-6th-edition-part-1.aspx

QUOTE:    Among the release are updates to the following:

• NotMyFault
• Process Monitor v3.01
• TestLimit v5.2
• Webcasts from Mark R.
• Windows Internals 6th Ed. Part 1

Word Press 3.3.2 security release

The ISC documents an important security release:

Word Press 3.3.2 security release http://isc.sans.edu/diary/WordPress+Release+Security+Update/13024
http://core.trac.wordpress.org/log/branches/3.3?rev=20552&stop_rev=20087
http://wordpress.org/news/2012/04/wordpress-3-3-2/
http://Pluploadwordpress.org/download/

QUOTE: WordPress released a security update (version 3.3.2) that fixes 3 external libraries (Plupload, SWFUpload and SWFObject) as well as privilege escalation and cross-site script (XSS) issues as well as 5 other bugs. Change log posted here. The advisory is posted here and you can download the update here.

Flashback.S – New variant of Mac Malware discovered

As Apple works to resolve current issues with Flashbook, malware authors continue to innovate attacks.

New ‘Flashback.S’ Variant Spotted in the Wild http://securitywatch.pcmag.com/none/296979-new-flashback-variant-spotted-in-the-wild

QUOTE Intego reported on Monday afternoon that Flashback has already evolved into a new variant, exploiting the same Java vulnerability that earlier this month had infected more than half a million Macs.  This time, however the user does not even need to enter a password to complete the install.  “It’s an entirely silent install now,” Intego researcher Lysa Myers told Security Watch. “We’ve seen silent installs on OS X before, but this is the first time we’ve seen something to this extent.”   Flashback.S drops two files in the user’s home folder, then deletes cached Java files to avoid detection

Facebook – Free Regal AMC Movie Tickets scam

Facecrooks security shares a new scam to avoid:

Facebook – Free Regal AMC Movie Tickets scam http://facecrooks.com/Scam-Watch/get-4-free-regalamc-movie-tickets-limited-time-only-facebook-scam.html
QUOTE: Get 4 Free Regal/AMC Movie Tickets (Limited Time Only) … We are giving away 4 Free Regal or AMC movie Tickets to all facebook users!

IMPACT: By reading the Terms and Conditions of the ‘deal,’ you quickly discover that you have to complete a total of 6reward offers. These offers often cost money.  You also have to complete surveys –  keep in mind that your personal data will be shared with other marketers, sponsors, scammers – whatever you want to to call them! You are usually required to provide your name, address, phone numbers and date of birth. This will enable the shady marketers to not only spam your Facebook account, but also harass you via snail mail, phone calls and text messages.