http://www.reuters.com/article/2012/05/28/net-us-cyberwar-flame-idUSBRE84R0E420120528?feedType=RSS&feedName=technologyNews&utm_source=dlvr.it&utm_medium=twitter&dlvrit=56505

It is the most complex piece of malicious software discovered to date, said Kaspersky Lab security senior researcher Roel Schouwenberg, whose company discovered the virus. The results of the Lab's work were made available on Monday.

Schouwenberg said he did not know who built Flame.

If the Lab's analysis is correct, Flame could be the third major cyber weapon uncovered after the Stuxnet virus that attacked Iran's nuclear program in 2010, and its data-stealing cousin Duqu, named after the Star Wars villain.

The discovery by one of the world's largest makers of anti-virus software will likely fuel speculation that nations have already secretly deployed other cyber weapons.

"If Flame went on undiscovered for five years, the only logical conclusion is that there are other operations ongoing that we don't know about," Schouwenberg said in an interview.

kissimmee saint cloud osceola county 192 34769 34744 34772 34771 34743 34746

Google plans today to begin warning Internet users if their computers show telltale signs of being infected with the DNSChanger Trojan. The company estimates that more than 500,000 systems remain infected with the malware, despite a looming deadline that threatens to quarantine the sick computers from the rest of the Internet.

Security experts won court approval last year to seize control of the infrastucture that powered the search-hijacking Trojan in a bid to help users clean up infections. But a court-imposed deadline to power down that infrastructure will sever Internet access for PCs that are not rid of the malware before July 9, 2012.

The company said the warning (pictured above) will appear only when a user with an infected system visits a Google search results property (google.com, google.co.uk, etc.), and will include the message, “Your computer appears to be infected.” Google security engineerDamian Menscher said the company expects to notify approximately a half-million users in the first week of the notices.

“In general we want to notify users [of malware infections] anytime we are capable of doing so, but the fact that we don’t do this more often is really just because it’s hard to come across cases where we can do it this accurately,” Menscher said.  “In many cases we only have maybe a 90 percent confidence that someone is infected, and the false positive rate of 10 percent is simply too high to be feasible. But in this case we can be essentially certain that someone is infected.”

kissimmee saint cloud osceola county 192 34769 34744 34772 34771 34743 34746

https://krebsonsecurity.com/

At issue is a program that the author calls “LilyJade,” a browser plugin that usesCrossrider, an emerging programming framework designed to simplify the process of writing plugins that will run on   Google Chrome, Internet Explorer, andMozilla Firefox.  The plugin spreads by posting a link to a video on a user’s Facebook wall, and friends who follow the link are told they need to accept the installation of the plugin in order to view the video. Users who install LilyJade will have their accounts modified to periodically post links that help pimp the program.

kissimmee saint cloud osceola county 192 34769 34744 34772 34771 34743 34746

A fix involving setting the program to Windows XP SP3 computability mode is being reported as the fix.  This may make the problem go away for some users but I have found the real fix is to update the systems Realtek HD Audio drivers.

This is the only source I have found for the new updated Windows 8 Drivers:

http://drivers.softpedia.com/get/SOUND-CARD/REALTEK/Realtek-HD-Audio-Driver-for-Windows-7-Windows-8-x64.shtml

You need to unpack the files then manually update the Realtek HD Audio driver in the Windows Device Manager.

kissimmee saint cloud osceola county 192 34769 34744 34772 34771 34743 34746

http://blogs.oucs.ox.ac.uk/oxcert/2012/04/25/musings-on-mac-malware/

Over the past couple of weeks, OxCERT have been somewhat overwhelmed by Mac malware. This isn’t quite the first time we’ve dealt with problems on Macs – we’ve seen several compromised over the years through weak or exposed ssh credentials, and others infected as a result of installing pirated software. But with Flashback, the game has changed forever. We are seeing huge numbers of attacks of the sort that Windows users have had to contend with for years. Apple users, and indeed Apple themselves, just have not been ready. We are dealing with what is probably the biggest outbreak since Blaster struck the Windows world all the way back in the summer of 2003. That time OxCERT dealt with around 1000 incidents; we have seen several hundred Flashback incidents and they keep on coming.

If you A re victim of the Mac Flashback virus we can help you.

 kissimmee saint cloud osceola county 192 34769 34744 34772 34771 34743 34746

Imagine for a moment that you are the chief financial officer of a small American business.

You are sitting at your desk sometime in 2009. You are doing your job. You are answering emails.

Here's one from the Internal Revenue Service with the subject line “Tax Statement” and a message about underreported income. Don't want to get crosswise with the IRS, you think, and click on a link.

The link leads to nothing. You try again. Still nothing.

Odd, you think. Then you immediately forget about it.

Several weeks or months later, you are sitting at your desk, doing your job, when the phone rings.

It's an agent from the Omaha office of the FBI.

He asks: Did you just authorize a withdrawal of $30,000 into a personal checking account?

No, you say, as your eyes widen and your pulse quickens. Why?

This is how you learn you've been robbed.

And not just robbed, but robbed repeatedly. Robbed so stealthily, so completely, that you didn't even realize the money was missing.

This, roughly, is how dozens of small businesses and nonprofits — even an Iowa Catholic diocese — learned from the Omaha office of the FBI in 2009 and 2010 about a group of Ukrainian hackers, malicious software named Zeus and a plan to steal $70 million seemingly ripped from the pages of a futuristic thriller.

kissimmee saint cloud osceola county 192 34769 34744 34772 34771 34743 34746

Wolfgang Kandek, chief technology officer for vulnerability management firm Qualys, is particularly worried about MS12-027, because the weakness spans an unusually wide range of Microsoft products. Microsoft agrees, calling this patch the highest priority security update this month.

“What makes this bulletin stand out is that Microsoft is aware of attacks in the wild against it and it affects an unusually wide-range of Microsoft products, including Office 2003 through 2010 on Windows, SQL Server 2000 through 2008 R2, BizTalk Server 2002, Commerce Server 2002 through 2009 R2, Visual FoxPro 8 and Visual Basic 6 Runtime,” Kandek said. “Attackers have been embedding the exploit for the underlying vulnerability (CVE-2012-0158) into an RTF document and enticing the target into opening the file, most commonly by attaching it to an e-mail. Another possible vector is through web browsing, but the component can potentially be attacked through any of the mentioned applications.”

 As always users should install these updates immediately and if they have any issue installing updates they are encouraged to schedule an appointment.

kissimmee saint cloud osceola county 192 34769 34744 34772 34771 34743 34746

 

The revelations come from Russian security firm Dr.Web, which reports that the Flashback Trojan has successfully infected more than 550,000 Macs, most which it said were U.S. based systems (hat tip to Adrian Sanabria). Dr.Web’s post is available in its Google translated version here.


Flashback is an increasingly sophisticated malware strain that sniffs network traffic in search of user names and passwords. Early versions of it prompted Mac users to enter their password before it would run, but the most recent strains will happily infect vulnerable Mac systems without requiring a password, writes Ars Technica, among others. F-Secure has additional useful information on this Trojan attack here.

As Ars notes, although Apple stopped bundling Java by default in OS X 10.7 (Lion), it offers instructions for downloading and installing the Oracle-developed software framework when users access webpages that use it. If you need Java on your Mac only for a specific application (such as OpenOffice), you can unplug it from the browser by disabling its plugin. In Safari, this can be done by clicking Preferences, and then the Security tab (uncheck “Enable Java”). In Google Chrome, open Preferences, and then type “Java” in the search box. Scroll down to the Plug-ins section, and click the link that says “Disable individual plug-ins.” If you have Java installed, you should see a “disable” link underneath its listing. In Mozilla Firefox for Mac, click Tools, Add-ons, and disable the Java plugin(s)

kissimmee saint cloud osceola county 192 34769 34744 34772 34771 34743 34746

kissimmee saint cloud osceola county 192 34769 34744 34772 34771 34743 34746

kissimmee saint cloud osceola county 192 34769 34744 34772 34771 34743 34746