Computer News & Safety – Harry Waldron Rotating Header Image

April, 2014:

Malware – New USTeal variant loads ransomeware payload

QUOTE: The newer variant that we detect as TSPY_USTEAL.USRJ, drops ransomware—detected as TROJ_RANSOM.SMAR—on affected systems. These ransomware files are created by a new toolkit builder that gives the attacker full control over the ransomware’s behavior, from the types of files it will encrypt to the ransom note to be displayed.  We detect this toolkit as TROJ_TOOLKIT.WRN. Below are the features translated from Russian to English. Included are the file types to be encrypted, the ransom note, the appended extension to encrypted file, and the name of the dropped copy of the encoder

Facebook – How to disable video autoplay

Tuning Facebook security and privacy settings offer improved protection.  Another new technique was shared by Facecrooks security team recently.

QUOTE: As you may have noticed, your Facebook News Feed recently began auto-playing videos. This can be annoying on a PC and downright harmful on your mobile device, as it can eat up your data or drain your device’s battery. However, you can disable the auto-play feature on PC and Android devices and save yourself the hassle.  To disable auto-play videos on your mobile device, you’ll need to access the Facebook application ‘Settings.’ (The image below shows the settings on a Samsung Galaxy S4.) From here, check the box under “General Settings” for “Auto-play videos on Wi-Fi only.” The box is unchecked by default, which means videos will continue auto-playing on your Android device until you tell it not to. Unfortunately, you can’t completely turn off the feature on a mobile device, but you can save yourself some precious data.

Smart Home Technology – Improved security controls needed

QUOTE: After installing a smart home kit, you can control and monitor your house in many ways. Turn the air conditioner on before you get home, make sure doors and windows are closed, switch lights on and off; these are just a few of the possibilities. However, researchers at AV-Test found some smart house kits to be extremely lax in their security. A back door in the software might literally let a crook remotely open your back door!

Network Vulnerability Assessment tools – Six free scanners

Network World shares 6 free NVA scanning tools as noted below:

QUOTE: Vulnerability scanners can help you automate security auditing and can play a crucial part in your IT security. They can scan your network and websites for up to thousands of different security risks, producing a prioritized list of those you should patch, describe the vulnerabilities, and give steps on how to remediate them. Some can even automate the patching process.

1. Open Vulnerability Assessment System (OpenVAS) – OpenVAS isn’t the easiest and quickest scanner to install and use, but it’s one of the most feature-rich, broad IT security scanners that you can find for free.

2. Retina CS Community – provides vulnerability scanning and patching for Microsoft and common third-party applications, such as Adobe and Firefox, for up to 256 IPs free. Plus it supports vulnerabilities within mobile devices, web applications, virtualized applications, servers, and private clouds.

3. Microsoft Baseline Security Analyzer (MBSA) – can perform local or remote scans on Windows desktops and servers, identifying any missing service packs, security patches, and common security misconfigurations. The 2.3 release adds support for Windows 8.1, Windows 8, Windows Server 2012 R2, and Windows Server 2012, while also supporting previous versions down to Windows XP

4. Nexpose Community Edition – can scan networks, operating systems, web applications, databases, and virtual environments. The Community Edition, however, limits you to scanning up to 32 IPs at a time. It’s also limited to one-year of use until you must apply for a new license

5. SecureCheq – can perform local scans on Windows desktops and servers, identifying various insecure advanced Windows settings like defined by CIS, ISO or COBIT standards. It concentrates on common configuration errors related to OS hardening, data protection, communication security, user account activity and audit logging.

6. Qualys FreeScan – provides up to 10 free scans of URLs or IPs of Internet facing or local servers or machines. You initially access it via their web portal and then download their virtual machine software if running scans on your internal network. Qualys FreeScan supports a few different scan types; vulnerability checks for hidden malware, SSL issues, and other network-related vulnerabilities.

Facebook – Privacy and Targeted Advertisements

Facebook shares it’s balanced approach of targeting ads and maintaining user privacy.

QUOTE: Facebook chief operating officer Sheryl Sandberg recently defended Facebook’s privacy practices in an interview with the BBC, saying that Facebook is extremely protective of user information. Her response came when concerns were raised about Facebook’s targeted advertising. “Privacy is of the utmost concern and importance to Facebook, and it’s important to us that the people who use our service know that we are very protective of them. It is their data, they have control of it, they share it. When we are able to personalize ads, we are doing that without sharing their private data with any advertisers.

Facebook – partners with Storyful News Verification services


Facebook has partnered with Storyful’s News Verification service to stop Fake news from circulating in scams, pranks, or malware attacks

QUOTE: Luckily, Storyful has developed a news verification technology and process that can distinguish between real and fake news. It digs to identify the original source of the news, and then reviews the content and collects evidence to determine its trustworthy. Factors it looks at include:

* Are the source’s accounts registered near where the news occured? * How long have the accounts existed? * Does WHOIS information on affiliated websites match the sources name? * Does their social graph indicate the source had access to the news? * Do the source’s other online presences contain clues that support the content’s authenticity? * Has the source scraped or falsified content in the past, or been citable by reputable outlets? * Can the content’s location be verified through landmarks, or topographical details, and does it match maps of the area? * Do weather and lighting conditions match where and when the content was supposedly produced? * Can the source be reached directly for confirmation?

Mozilla Firefox 29 release – Major UI changes and security fixes

Firefox 29 was launched today and includes the following changes in the new version:

QUOTE: Key new features include:

* Significant new customization mode makes it easy to personalize your Web experience to access the features you use the most (learn more)

* A new, easy to access menu sits in the right hand corner of Firefox and includes popular browser controls

* Sleek new tabs provide an overall smoother look and fade into the background when not active

* An interactive onboarding tour to guide users through the new Firefox changes

* The ability to set up Firefox Sync by creating a Firefox account (learn more)

* Gamepad API finalized and enabled

* HTTPS used for Yahoo Searches performed in en-US locale


Fixed in Firefox 29

MFSA 2014-47 Debugger can bypass XrayWrappers with JavaScript MFSA 2014-46 Use-after-free in nsHostResolve MFSA 2014-45 Incorrect IDNA domain name matching for wildcard certificates MFSA 2014-44 Use-after-free in imgLoader while resizing images MFSA 2014-43 Cross-site scripting (XSS) using history navigations MFSA 2014-42 Privilege escalation through Web Notification API MFSA 2014-41 Out-of-bounds write in Cairo MFSA 2014-40 Firefox for Android addressbar suppression MFSA 2014-39 Use-after-free in the Text Track Manager for HTML video MFSA 2014-38 Buffer overflow when using non-XBL object as XBL MFSA 2014-37 Out of bounds read while decoding JPG images MFSA 2014-36 Web Audio memory corruption issues MFSA 2014-35 Privilege escalation through Mozilla Maintenance Service Installer MFSA 2014-34 Miscellaneous memory safety hazards (rv:29.0 / rv:24.5)

Android Security – iBanking Mobile Bot uses Facebook web injection techniques

ESET documents the iBanking and Qadars mobile security threats:

QUOTE:  iBanking is a malicious Android application that when installed on a mobile  phone is able to spy on its user’s communications. This bot has many interesting phone-specific capabilities, including capturing incoming and outgoing SMS messages, redirecting incoming voice calls, and even capturing audio using the device’s microphone. As reported by independent researcher Kafeine, this mobile application was for sale in underground forums and was used by several banking Trojans in an attempt to bypass a mobile two-factor authentication method put forth by some financial institutions. This method, usually called “mobile transaction authorization number” (mTAN) or mToken in the financial realm, is used by several banks throughout the world to authorize banking operations, but is now also increasingly used by popular internet services such as Gmail, Facebook and Twitter.

Through our monitoring of the banking Trojan Win32/Qadars, first discussed on our blog here, we have witnessed a type of webinject that was totally new for us: it uses JavaScript, meant to be injected into Facebook web pages, which tries to lure the user into installing an Android application.  Once the user logs into his Facebook account, the malware tries to inject the following fake security verification screen into the webpage

Adobe Flash Player – April 2014 Security update

A critical zero day vulnerability has been patched in Adobe Flash.  Corporate and home users should update as soon as possible.

QUOTE: Adobe has released a security advisory regarding a zero-day vulnerability (CVE-2014-0515) found in the program Adobe Flash. According to the advisory, the updates pertain to “Adobe Flash Player and earlier versions for Windows, Adobe Flash Player and earlier versions for Macintosh and Adobe Flash Player and earlier versions for Linux.”  Adobe has also acknowledged that an exploit for this zero-day exists, targeting Flash players on the Windows platform. If exploited, the zero-day could allow a remote attacker to take control of the system.

Mobile Security – Top Five Mobile Banking Trojans in 2014

PC Magazine shares recap of the 5 most active mobile banking threats during 2014 so far

QUOTE: Mobile banking Trojans are very active, targeting user devices to gain access to your bank accounts. Just as you protect your PCs to prevent malware infections, be careful what you do with your mobile devices. Be careful about what apps you are downloading, and watch out for suspicious SMS or email messages asking you to for personal information

Top Five Mobile Banking Trojans in 2014

1. Zeus 2. SpyEye 3. Carberp 4. Hesperbot 5. Qadar