Comcast passwords leaked onto the Web

A list of thousands of user names and passwords for Comcast customers was removed from document sharing Web site Scribd on Monday, two months after it was posted there.

Scribd removed the list of more than 8,000 passwords and user names after being contacted by Brad Stone at The New York Times. Stone wrote that he was contacted by a Comcast customer who happened across the list after doing a search on his own e-mail address on search engine Pipl.

Comcast spokeswoman Jennifer Khoury told The New York Times that the list was probably compiled from phishing or some other related type of attack and not from inside Comcast.

Comcast is freezing the e-mail accounts of customers whose data was exposed and is contacting them, she said.

Source:
http://news.cnet.com/8301-1009_3-10197789-83.html

Posted in Internet, Privacy | No Comments

Fake Facebook “dancing girl” Video Leads to Malware

Websense Security Labs ThreatSeeker Network has received reports of spoofed Facebook email messages that contain malicious links. The messages look similar to legitimate Facebook messages and invite recipients to click on the link contained in the message to view a video.

Message subjects seen have been:

FaceBook message: Dancing Girl Drunk In The Pub- facebook Video (Last rated by Betsy Person)
FaceBook message: Dancing girl oriental dance … (Last rated by Abdul Kay)
FaceBook message: Magnificent Striptease Dance (Last rated by Rosalind Lindsey)
FaceBook message: Watch the Oooh! Super Beautiful Girl Dancing (Last rated by Delores Tucker)
FaceBook message: Hot Girl Dancing At Striptease Dance Party

Source and screenshots:
http://securitylabs.websense.com/content/Alerts/3319.aspx

Posted in Internet, Security, Windows | 2 Comments

March MSRT Kills Koobface

Win32/Koobface is a worm that may spread when a user logs into their profile account on the Internet social network sites MySpace, Facebook and others.  The following system changes may indicate the presence of this malware:

Addition of the following files:

• %windir%\bolivar19.exe
• %windir%\bolivar31.exe
• %windir%\bolivar30.exe
• %windir%\ld01.exe
• %windir%\che08.exe
• %windir%\freddy35.exe

And/or the getting the following message box:

March’s edition of the Malicious Software Removal Tool now looks for this infection and attempts to remove it.

(How to run the GUI for an on-demand scan)

Posted in Internet, Privacy, Security, Windows | No Comments

Adobe Patches Zero-Day Vulnerability

Adobe released a patch today for a zero-day vulnerability under attack by hackers.

The patch, available for version 9 of Adobe Reader and Adobe Acrobat, comes a day earlier than the company’s planned release. Patches for earlier versions of the product are still slated for March 18.

The vulnerability is the result of an array indexing error in the processing of JBIG2 streams. Hackers can exploit the bug to corrupt arbitrary memory using a specially-crafted PDF file. If successful, attackers could gain control of a compromised system.

Though security vendors reported attacks may have started as early as January or December, the existence of the vulnerability did not become widely known until last month. Though initial reports indicated disabling JavaScript would solve the issue, it in fact only addressed certain exploits and did not address the underlying vulnerability.

Source:
http://www.eweek.com/c/a/Security/Adobe-Patches-ZeroDay-Vulnerability/

Posted in Coding, Internet, Security | No Comments

No User Action Required In Newly Discovered PDF Attack

Merely storing — without opening — a malicious PDF file can trigger an attack that exploits the new, unpatched zero-day flaw in Adobe Reader, a researcher has discovered. Didier Stevens, a researcher and IT security consultant with Contrast Europe NV, today released a proof-of-concept demonstration that shows how a file infected with the Adobe flaw can trigger a new attack when the machine uses Windows Indexing Services. And the user doesn’t even have to open or select the document.

In addition, Stevens last week released a proof-of-concept demonstrating how PDF files could be exploited with minimal user interaction — just saving it to the hard drive and viewing it in Windows Explorer.

But this latest attack vector is more risky, he says, because the user doesn’t have to do anything with the file at all. “It requires no user interaction, and for the Windows Indexing Service, it can lead to total system compromise [with] privilege escalation,” Stevens says.

Windows Indexing Service is an operating system-level feature that provides an index of files on the system.

Adobe first reported the buffer overflow flaw in Adobe Reader and Acrobat on Feb. 20; initially, security experts advised disabling JavaScript in order to defend against any attacks that exploited the vulnerability. But after further research on the vulnerability, it turns out disabling JavaScript isn’t always enough. “The vulnerability is not in the scripting engine, and, therefore, disabling JavaScript does not eliminate all risk,” Adobe said in a blog post.

Source:
http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=215801319&cid=RSSfeed

Posted in Coding, Internet, Security, Software | No Comments