Yahoo Email Account Passwords Stolen

January 30, 2014 – 7:50 PM

Usernames and passwords of some of Yahoo’s email customers have been stolen and used to gather personal information about people those Yahoo mail users have recently corresponded with, the company said Thursday.

Yahoo didn’t say how many accounts have been affected. Yahoo is the second-largest email service worldwide, after Google’s Gmail, according to the research firm comScore. There are 273 million Yahoo mail accounts worldwide, including 81 million in the U.S.

It’s the latest in a string of security breaches that have allowed hackers to nab personal information using software that analysts say is ever more sophisticated. Up to 70 million customers of Target stores had their personal information and credit and debit card numbers compromised late last year, and Neiman Marcus was the victim of a similar breach in December.

“It’s an old trend, but it’s much more exaggerated now because the programs the bad guys use are much more sophisticated now,” says Avivah Litan, a security analyst at the technology research firm Gartner. “We’re clearly under attack.”

Yahoo Inc. said in a blog post on its breach that “The information sought in the attack seems to be names and email addresses from the affected accounts’ most recent sent emails.”

That could mean hackers were looking for additional email addresses to send spam or scam messages. By grabbing real names from those sent folders, hackers could try to make bogus messages appear more legitimate to recipients.

Source:
http://abcnews.go.com/Technology/wireStory/yahoo-email-account-passwords-stolen-22305108

FileZilla warns of large malware campaign

January 29, 2014 – 5:30 AM

Spoofed versions of the popular file transfer program FileZilla that steal data are circulating on third-party websites, the organization behind the software said Tuesday.

FileZilla is an open source application, and hackers have taken its source code and modified it in order to try to steal data for more than a decade. But this campaign, run on third-party websites, is one of the largest FileZilla has seen to date, it said.

“We do not condone these actions and are taking measures to get the known offenders removed,” FileZilla said.

The organization said it is difficult to prevent tainted versions of its software “since the FileZilla Project promotes beneficial redistribution and modifications of FileZilla in the spirit of free open source software and the GNU General Public License.”

The security vendor Avast found that the modified versions are nearly identical to the legitimate application. The icons, buttons and images are the same, and the malware version of the “.exe” file is just slightly smaller than the real one, Avast wrote on its blog.

Inside the tampered FileZilla versions, Avast found code that steals login credentials for servers users are accessing. The username, password, FTP server and port are encoded using a custom base64 algorithm and sent to the attacker’s server, according to Avast.

Source:
http://www.pcadvisor.co.uk/news/security/3499434/filezilla-warns-of-large-malware-campaign/

Java-based malware hits Windows, Mac and Linux

January 29, 2014 – 5:20 AM

Kaspersky Lab researchers have recently analysed a piece of malware that works well on all three of the most popular computer operating systems – the only thing that it needs to compromise targeted computers is for them to run a flawed version of Java.

The Trojan is written wholly in Java, and exploits an unspecified vulnerability (CVE-2013-2465) in the JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier.

Once the malware is launched, it copies itself into the user’s home directory and sets itself to run every time the system is booted. It then contacts the botmasters’ IRC server via the IRC protocol, and identifies itself via a unique identifier it generated.

The malware’s main reason of existence is to make the infected machine flood specified IP addresses with requests when ordered to via a predefined IRC channel. The botmasters simply have to define the address of the computer to be attacked, the port number, the duration of the attack, and the number of threads to be used in it.

At the time of analysis, the botnet formed by machines “zombified” by this particular Trojan was targeting a bulk email service.

Source:
http://www.net-security.org/malware_news.php?id=2693

Possible Card Breach at Michaels Stores

January 25, 2014 – 6:27 PM

Multiple sources in the banking industry say they are tracking a pattern of fraud on cards that were all recently used at Michaels Stores Inc., an Irving, Texas-based arts-and-crafts retailer that maintains more than 1,250 stores across the United States.

On Friday morning, I put a call in to SPM Communications, the public relations company listed as the press contact on michaels.com. After explaining why I was calling, I was referred to aMichael Fox of ICR Inc. When asked what line of business ICR was in, the SPM representative replied that it was a crisis communications firm. Mr. Fox replied via email that he would inquire with Michaels, but so far the company has declined to comment.

Update 1:34 p.m. ET: The U.S. Secret Service confirmed that it is investigating a potential data breach at Michaels. Also, Michaels has just issued a statement stating that it “recently learned of possible fraudulent activity on some U.S. payment cards that had been used at Michaels, suggesting that the Company may have experienced a data security attack.”

Source:
http://krebsonsecurity.com/2014/01/sources-card-breach-at-michaels-stores/

New Windows malware tries to infect Android devices connected to PCs

January 24, 2014 – 4:29 AM

A new computer Trojan program attempts to install mobile banking malware on Android devices when they’re connected to infected PCs, according to researchers from Symantec.

This method of targeting Android devices is unusual, since mobile attackers prefer social engineering and fake apps hosted on third-party app stores to distribute Android malware.

“We’ve seen Android malware that attempts to infect Windows systems before,” Symantec researcher Flora Liu, said Thursday in a blog post. “Android.Claco, for instance, downloads a malicious PE [portable executable] file along with an autorun.inf file and places them in the root directory of the SD card. When the compromised mobile device is connected to a computer in USB mode, and if the AutoRun feature is enabled on the computer, Windows will automatically execute the malicious PE file.”

“Interestingly, we recently came across something that works the other way round: a Windows threat that attempts to infect Android devices,” Liu said.

The new malware, dubbed Trojan.Droidpak by Symantec, drops a DLL file on the Windows computer and registers a new system service to ensure its persistence across reboots. It then downloads a configuration file from a remote server that contains the location of a malicious APK (Android application package) file called AV-cdk.apk.

The Trojan program downloads the malicious APK, as well as the Android Debug Bridge (ADB) command line tool that allows users to execute commands on Android devices connected to a PC. ADB is part of the official Android software development kit (SDK).

The malware executes the “adb.exe install AV-cdk.apk” command repeatedly to ensure that if an Android device is connected to the host computer at any time, the malicious APK is silently installed on it. However, this approach has a limitation — it will work only if an option called “USB debugging” is enabled on the Android device.

Source:
http://news.techworld.com/security/3498704/new-windows-malware-tries-to-infect-android-devices-connected-to-pcs/