Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Australia

Major Australian Retailer Accused of Selling Infected Hard Drives 128

skegg writes "Dick Smith, a major Australian electronics retailer, is being accused of regularly selling used hard drives as new. Particularly disturbing is the claim that at least one drive contained malware-infested pirated movies, causing the unlucky buyer significant data loss. Apparently the Fair Trading Commissioner will be conducting an investigation."
Medicine

Computer Virus Forces Hospital To Divert Ambulances 213

McGruber writes "The Atlanta Journal Constitution newspaper is reporting that a hospital with campuses in Lawrenceville and Duluth, Georgia turned ambulances away after the discovery of 'a system-wide computer virus that slowed patient registration and other operations.' They're only currently accepting patients with 'dire emergencies.' A spokeswoman for the hospital said the diversion happened because 'it's a trauma center and needs to be able to respond rapidly.' The situation began on Thursday afternoon and is expected to last through the weekend."
Botnet

Most Sophisticated Rootkit Getting an Overhaul 104

jfruhlinger writes "TDL4, a rootkit that helps build a powerful botnet, is pegged by security vendor ESET as one of the most sophisticated pieces of malware in the world. But its creators aren't resting on their laurels; they're rewriting some of the code from the ground up to make it difficult for antimalware to detect it, creating a hidden boot partition that guarantees malware code will be loaded even before the operating system is. It's part of a plan to turn TDL4 into a turnkey product that can be sold to other criminal operations."
Government

German Surveillance Trojan Spies On Fifteen Apps 69

itwbennett writes "Researchers from Kaspersky Lab have discovered that the R2D2 surveillance Trojan, which is used by German law enforcement to intercept Internet phone calls, is capable of monitoring traffic from popular browsers and instant messaging applications. 'Amongst the new things we found in there are two rather interesting ones: Firstly, this version is not only capable of running on 32 bit systems; it also includes support for 64 bit versions of Windows,' said Tillmann Werner, a security researcher with Kaspersky in Germany. 'Secondly, the list of target processes to monitor is longer than the one mentioned in the CCC report. The number of applications infected by the various components is 15 in total.'"
China

McAfee Disclaims Claims of Chinese Involvement in 'Shady RAT' 56

hackingbear writes "In an interview with Chinese official Xinhua news agency, McAfee said no direct evidence suggests a particular nation such as China is behind Operation Shady RAT, a five-year cyber campaign discovered by McAfee. Alperovitch told Xinhua that they 'don't have direct evidence that conclusively points to a particular nation state' behind the scheme. So the same online security industry that has propagated Chinese cyber threats in front of Western media denies they made such suggestion of China, another of their major markets." Also on the Shady RAT front, reader kermidge writes with a post from Hon Lau at Symantec containing details lacking in McAfee's Wednesday report; included are examples of the vectors and commands used, along with cogent commentary.
Botnet

Feds To Remotely Uninstall Bot From Some PCs 211

CWmike writes "Federal authorities will remotely uninstall the Coreflood botnet Trojan from some infected Windows PCs over the next four weeks. Coreflood will be removed from infected computers only when the owners have been identified by the DOJ and they have submitted an authorization form to the FBI. The DOJ's plan to uninstall Coreflood is the latest step in a coordinated campaign to cripple the botnet, which controls more than 2 million compromised computers. The remote wipe move will require consent, and the action does come with warnings from the court that provided the injunction against the botnet, however. 'While the 'uninstall' command has been tested by the FBI and appears to work, it is nevertheless possible that the execution of the 'uninstall' command may produce unanticipated consequences, including damage to the infected computers,' the authorization form reads. FBI Special Agent Briana Neumiller said, 'The process does not affect any user files on an infected computer, nor does it ... access any data on the infected computer.' The DOJ and FBI did not say how many machines it has identified as candidates for its uninstall strategy, but told the judge that FBI field offices would be notifying affected people, companies and organizations."
Security

Financial Malware Hijacks Online Banking Sessions 161

Orome1 writes "A new type of financial malware has the ability to hijack customers' online banking sessions in real time using their session ID tokens. The OddJob Trojan keeps sessions open after customers think they have 'logged off,' enabling criminals to extract money and commit fraud unnoticed. This is a completely new piece of malware that pushes the hacking envelope through the evolution of existing attack methodologies. It shows how hacker ingenuity can side-step many commercial IT security applications traditionally used to defend users' digital — and online monetary — assets."
Government

Pentagon Credit Union Database Compromised 108

Trailrunner7 writes "The credit union used by members of the US armed forces and their families has admitted that a laptop infected with malware.was used to access a database containing the personal and financial information of customers. The Pentagon Federal Credit Union (PenFed) issued a statement to the New Hampshire Attorney General that said data, including the names, addresses, Social Security Numbers and PenFed banking and credit card account information of its members were accessed by the infected PC."
Botnet

Bredolab Botnet Taken Down 187

Leon Buijs writes "Monday a 27-year-old Armenian was arrested at request of the Dutch authorities. The Dutch police think he is the brain behind the infamous, 30 million infected computers large Bredolab network, that was taken down by their Team (in Dutch) High Crime. Bredolab was used to spread virii and spam via the Netherlands. While taking the botnet down at a Dutch ISP, the suspect did several attempts to regain control. When this didn't work out, he did a DDoS attack on the ISP's servers using a 220,000 computers botnet. However, this was also broken off by taking 3 servers offline that the Armanian used for this, in Paris."
Botnet

US Reigns As Most Bot-Infected Country 121

Trailrunner7 writes "The US has by far the highest number of bot-infected computers of any country in the world, with nearly four times as many infected PCs as the country in second place, Brazil, according to a new report by Microsoft. The quarterly report on malicious software and Internet attacks shows that while some of the major botnets have been curtailed in recent months, the networks of infected PCs still represent a huge threat."
Internet Explorer

Nasty Data-Stealing Bug Haunts Internet Explorer 8 151

Trailrunner7 writes "There's an unpatched vulnerability in Internet Explorer 8 that enables simple data-stealing attacks by Web-based attackers and could lead to an attacker hijacking a user's authenticated session on a third-party site. The flaw, which a researcher said may have been known since 2008, lies in the way IE8 handles CSS. The vulnerability can be exploited through an attack scenario known as cross-domain theft, and researcher Chris Evans originally brought the problem to light in a blog post in December. At the time, all of the major browsers were vulnerable to the attack, but since then, Firefox, Chrome, Safari and Opera all have implemented a simple defense mechanism. The upshot of this is that if a victim has visited a given Web site, authenticated himself to the site, and then visits a site controlled by an attacker, the attacker would have the ability to hijack the user's session and extract supposedly confidential data. This attack works on the latest, fully patched release of IE8."
Botnet

Researchers Cripple Pushdo Botnet 129

Trailrunner7 writes with this from ThreatPost: "Researchers have made a huge dent in the Pushdo botnet, virtually crippling the network, by working with hosting providers to take down about two thirds of the command-and-control servers involved in the botnet. Pushdo for years has been one of the major producers of spam and other malicious activity, and researchers have been monitoring the botnet and looking for ways to do some damage to it since at least 2007. Now, researchers at Last Line of Defense, a security intelligence firm, have made some serious progress in crushing the botnet's spam operations. After doing an analysis of Pushdo's command-and-control infrastructure, the researchers identified about 30 servers that were serving as C&C machines for the botnet. Working with the hosting providers who maintained the servers in question, the LLOD researchers were able to get 20 of the C&C servers taken offline, the company said."
The Military

Pentagon Confirms 2008 Computer Breach — 'Worst Ever' 157

jowifi writes "The New York Times reports that the Pentagon has confirmed that, in 2008, a foreign agent instigated 'the most significant breach of US military computers ever' using a USB flash drive. While the breach was previously reported on Wired and the LA Times, this is the first official confirmation of the attack that led to the banning of USB drives on government computers."
Security

Olympus Digital Camera Ships With a Worm 249

An anonymous reader writes "Olympus Japan has issued a warning to customers who have bought its Stylus Tough 6010 digital compact camera that it comes with an unexpected extra — a virus on its internal memory card. The Autorun worm cannot infect the camera itself, but if it is plugged into a Windows computer's USB port, it can copy itself onto the PC, then subsequently infect any attached USB device. Olympus says it 'humbly apologizes' for the incident, which is believed to have affected some 1,700 units. The company said it will make every effort to improve its quality control procedures in future. Security company Sophos says that more companies need to wake up to the need for better quality control to ensure that they don't ship virus-infected gadgets. At the same time, consumers should learn to always ensure Autorun is disabled, and scan any device for malware before they use it on their computer."
Security

Fake Antivirus Peddlers Outpacing Real AV Firms 245

An anonymous reader tips a writeup at KrebsOnSecurity.com detailing how purveyors of fake antivirus or 'scareware' programs have aggressively stepped up their game to evade detection. The posting is based on a report from Google's malware detection team (PDF). "Beginning in June 2009, Google charted a massive increase in the number of unique fake antivirus installer programs, a spike that Google security experts posit was a bid to overwhelm the ability of legitimate antivirus programs to detect the programs. Indeed, the company discovered that during that time frame, the number of unique installer programs increased from an average of 300 to 1,462 per day, causing the detection rate to plummet to below 20 percent. ... In addition, Google determined that the average lifetime of sites that redirect users to Web pages that try to install scareware decreased over time, with the median lifetime dropping below 100 hours around April 2009, below 10 hours around September 2009, and below one hour since January 2010."

Slashdot Top Deals

"355/113 -- Not the famous irrational number PI, but an incredible simulation!"

Working...