Almost 100,000 computers in the U.S. are vulnerable to a malicious software program that could knock them offline if they don’t take steps before July to stave it off, warned a Department of Homeland Security Cyber protection official. 

In a note on the DHS Web Blog on May 8, Rand Beers, under secretary for the National Protection and Programs Directorate (NPPD) warned a cybercrime ring initiated a massive, sophisticated Internet fraud scheme in which it launched malware known as DNSChanger (short for Domain Name System Changer). The FBI secured a court order in March to roll out “clean DNS servers” to fight the fraud.

Six Estonians were arrested last November in the plot, which had apparently been launched as far back as 2007. Beers said the malware had infected more than four million computers in 100 countries worldwide and may have prevented users’ anti-virus software from working correctly.

The malware could take control of the computers’ domain name systems, resulting in Web browsing troubles.  “Please act now,” he said, as the clean servers maintained by the private sector in coordination with the FBI will expire on July 9, 2012.  “Internet users who have the DNSChanger malware and whose Internet Service Provider (ISP) has moved them to one of the clean servers, may not have access to the Internet after this date,” he wrote.

Source: http://www.gsnmagazine.com/node/26341?c=cyber_security

A vague FBI warning about bad actors infecting U.S. computers in foreign hotels is raising questions about whether authorities are withholding information to avoid rattling relations with a foreign country, possibly China.

The bureau’s Internet Crime Complaint Center on May 8 issued an alert about pop-up messages “targeting travelers abroad” that prompt users to download an update for a “widely used software product” that then installs a virus when clicked. The warning does not say American vacationers are at risk — just people conducting business. “The FBI recommends that all government, private industry and academic personnel who travel abroad take extra caution before updating software products on their hotel Internet connection,” the notice states.  One cybersecurity researcher suggested the FBI omitted certain details that could more effectively protect computer users, but such information might unsettle U.S.-China diplomacy.

In October 2011, the Office of the Director of National Intelligence issued a report calling “Chinese actors” the “world’s most active and persistent perpetrators of economic espionage.” The study added U.S. corporations and cybersecurity specialists have reported an onslaught of intrusions traced back to computer addresses in China, with some alleging Chinese government sponsorship, but the intelligence community has not been able to link many of the breaches to a state sponsor. 

“By coincidence, earlier this week, for the first time in almost 10 years, a Chinese defense minister visited the United States,” Graham Cluley, senior technology consultant at antivirus firm Sophos, wrote in a May 10 post on the blog NakedSecurity. “The day before the FBI’s warning was issued, U.S. Defense Secretary Leon Panetta met his Chinese counterpart, Liang Guanglie, in Washington D.C., and told the world’s press that the two countries must work together to avoid cyber war and emphasized the importance of the relationship between China and the USA.

Maybe there was more that the authorities could have said about this hotel malware threat, but thought it undiplomatic to publicize.”  The FBI release does not cite the brand of software that is involved in the scam or the countries where the incidents are occurring. Nor does it inform potential victims of what the “malicious software” does to a computer.

Source: http://www.nextgov.com/cybersecurity/2012/05/ambiguous-fbi-cyber-alert-raises-more-questions-it-answers/55717/?oref=ng-HPtopstory

Christopher Doyon, a.k.a. Commander X, sits atop a hill-side in an undisclosed location in Canada, watching a reporter and photographer make their way along a narrow path to join him, far from the prying eyes of law enforcement. It’s been a few weeks of encrypted emails back and forth, working out the security protocol to follow for interviewing Doyon, one of the brains behind Anonymous, now a fugitive from the FBI. 

Doyon, who readily admits taking part in some of the highest-profile hacktivist attacks on websites last year – from Tunisia to Orlando, Sony to PayPal – was arrested in September for a comparatively minor assault on the county website of Santa Cruz, Calif., where he was living, in retaliation for the town forcibly removing a homeless encampment on the courthouse steps. The “virtual sit-in” lasted half an hour. For that, Doyon is facing 15 years in jail. 

Or at least he was facing 15 years in jail, until he crossed the border into Canada in February to avoid prosecution, using what he calls the new “underground railroad” and a network of safe houses across the country. Thanks to his indictment, Doyon is one of the few Anonymous members whose real name is now publicly known.

Source: http://www.vancouversun.com/technology/Anonymous+Heroes+terrorists/6616378/story.html

The cameras, used by banks, retailers, hotels, hospitals and corporations, are often configured insecurely — thanks to these manufacturer default settings, according to researcher Justin Cacak, senior security engineer at Gotham Digital Science. As a result, he says, attackers can seize control of the systems to view live footage, archived footage or control the direction and zoom of cameras that are adjustable. …

Cacak and his team were able to view footage as part of penetration tests they conducted for clients to uncover security vulnerabilities in their networks.

Source: http://www.wired.com/threatlevel/2012/05/cctv-hack/]

GFI Labs experts report that while PC users are served broken .jar files, Android customers are tricked into installing a fake antivirus application whose icon replicates a product provided by Kaspersky. First, the cybercriminals post tweets in Russian or English that advertise all sorts of materials, mainly adult content. All the tweets contain a link to a site such as good-graft(dot)tk. Once clicked, the links open a Russian site designed for smartphone and computer owners.

Depending on the device from which the Web site is accessed, the victim is served a file called VirusScanner.jar (for PC), or VirusScanner.apk (for Android). Experts revealed the .jar file appears to be broken, since an error is displayed when it is executed. However, this may change at any time, so users should be cautious when presented with such an element.

VirusScanner.apk is a rogue antivirus application that displays the Kaspersky logo when it is installed. Identified as Trojan.Android.Generic.a by GFI’s VIPRE Mobile Security, the piece of malware reveals its true purpose during the installation process when it asks permission to access phone calls, messages, and services that cost money.

Source: http://news.softpedia.com/news/Fake-Android-Antivirus-Served-Via-Twitter-Spam-269361.shtml

When accessed at the end of the week of May 7, the Web site of the project showed defacement by the attackers and also a second window appeared asking for a Facebook login. It appears the hackers were using the official Facebook API in an attempt to gain access to account credentials from visitors to the site.

Users who actually entered their Facebook credentials could potentially have provided the attackers with persistent access to all functions on their account such as personal information and the ability to post status messages. In this case, users would have to visit their Facebook account settings to revoke these permissions. Simply changing the account password is not sufficient.

Source: http://www.h-online.com/security/news/item/Notepad-web-site-compromised-1575263.html

UGNazi hackers breached the site of the Washington Military Department and leaked data from the Web site’s databases.

The hackers leaked name servers, MX records, and the names and IP addresses of the subdomains used by the State of Washington. They also leaked around 16 user account details, consisting of usernames and password hashes, including the ones of the site’s administrator.

“This is just a continuation of our attack against wa.gov, but other than that, like we said we’re not done with the government or anyone to be exact,” a hacker told Softpedia.

Source: http://news.softpedia.com/news/UGNazi-Hackers-Leak-Data-from-Washington-Military-Department-269244.shtml

Debit card accounts stolen in a recent hacker break-in at card processor Global Payments were showing up in fraud incidents at retailers in Las Vegas and elsewhere, according to officials from one bank impacted by the fraud.

At the beginning of March, Danbury, Connecticut-based Union Savings Bank (USB) began seeing an unusual pattern of fraud on a dozen or so debit cards it had issued. When the bank determined the facility where the purchases took place was a customer of Global Payments, it contacted Visa to alert the card association of a possible breach, according to USB’s chief risk officer. That is when USB heard from a fraud investigator at Vons, a grocery chain in southern California and Nevada.

According to the chief risk officer, the investigator said the fraudsters were coming to the stores to buy low-denomination prepaid cards, and then encoding debit card accounts issued by USB onto them. The thieves then used those cards to purchase additional prepaid cards with much higher values. The risk officer said Visa alerted USB that about 1,000 debit accounts it issued were compromised in the Global Payments breach — including the dozen or so card accounts that initially prompted USB to investigate.

USB officials said the bank suffered about $75,000 in fraudulent charges, and that it has so far spent close to $10,000 reissuing customer cards.

Source: http://krebsonsecurity.com/2012/05/global-payments-breach-fueled-prepaid-card-fraud/

Source: http://news.idg.no/cw/art.cfm?id=F6A00A23-93CE-4ADC-E9CC5545017384EC

Source: http://www.google.com/hostednews/afp/article/ALeqM5jbyx7K5uA9ZIlMM9RFN__2rUSazQ?docId=CNG.913d166f7f05807c7ead3a2fceba444b.151