Adobe has released a security update for the Flash Player that fixes a vulnerability that is currently being exploited by the bad guys to hijack Windows PCs. The vulnerability, which is described by Adobe as an “object confusion vulnerability,” exists in the Windows, Mac, Linux and Android versions of the Flash Player.
The FBI is asking Internet companies not to oppose a controversial proposal that would require firms, including Microsoft, Facebook, Yahoo, and Google, to build in backdoors for government surveillance. In meetings with industry representatives, the White House, and U.S. senators, senior FBI officials argue the dramatic shift in communication from the telephone system to the Internet has made it far more difficult for agents to wiretap Americans suspected of illegal activities, CNET has learned.
A judge urged jurors to resume deliberating Oracle Corp's copyright claims against Google over the Android mobile platform, after they indicated there was unanimous agreement on all but one of the questions they must decide. The judge had been prepared to allow the jury to deliver a partial verdict, but he changed his mind after one juror said others on the panel thought further deliberations might be useful.
Silicon Valley companies, hamstrung by patent litigation, are seeking help from the masses. Tech giants like Microsoft Corp. and Apple Inc., along with several start-ups, have tapped Article One Partners LLC to crowd-source evidence that a patent they are being sued for allegedly infringing isn't novel.
Two advertising industry groups proposed measures to keep advertisers from appearing on "rogue" websites that feature pirated content or products. "Ads for iconic and trusted brands can lend inadvertent legitimacy to the illicit business models and can mislead consumers into believing that these 'rogue' websites are offering authentic products and complying with the law," Bob Liodice, president of the Association of National Advertisers, said in a statement.
Apple and Samsung Electronics have until May 7 to further boil down the number of claims to be considered in the sweeping intellectual-property lawsuit concerning their smartphone and tablet products, which is now scheduled to go to trial July 30. Judge Lucy Koh of the U.S. District Court for the Northern District of California ordered the companies to pare down the case, in which Apple and Samsung are suing each other over patent infringement and other claims, so a jury can understand and fairly judge the issues in one trial.
A study commissioned by President Obama to assess the nation’s ability to respond to terrorist attacks and natural disasters has found that state and local officials have the most confidence in their public health and medical services but are the most concerned about their ability to respond to cyberattacks. The report, conducted by the Federal Emergency Management Agency, said that state and local officials also felt unprepared to provide housing in their communities and to recover quickly from natural disasters.
Google Inc, in a long-running legal dispute over its plans to create a digital library of books, argued in court that associations of authors and photographers should not be allowed to sue the company as a group. Manhattan federal judge Denny Chin did not make an immediate decision, but noted during oral arguments that "it would take forever" to resolve cases brought by individual authors and it "seems to make sense" to consider the lawsuits as a group.
The name of a Chicago man already charged in a New York City computer hacking case has been added to an indictment. Jeremy Hammond's name was added to an indictment containing the names of four other defendants in a prosecution revealed in March.
A court in Mannheim ruled that Microsoft infringed Motorola Mobility's patents and ordered Microsoft to remove its popular Xbox 360 gaming consoles and Windows 7 operating system software from the German market. However, Microsoft said that the ruling did not mean that its products would be taken off retailers' shelves because a U.S. district court in Seattle has granted Microsoft a preliminary injunction against Motorola to prevent the phone maker from enforcing any German court order.
Nokia said it filed a complaint with the U.S. International Trade Commission against HTC and filed suits against HTC and Viewsonic in the U.S. District Court in Delaware. It also filed suit against HTC and BlackBerry maker RIM in Düsseldorf, Germany, and against all three companies in German regional courts in Mannheim and Munich. The actions involve 45 Nokia patents in total, the Finland-based phone maker said, on technology regarding dual-function antennas, power management for mobile devices and such software features as multitasking, navigation and mobile email.
Privacy regulators in Britain, Germany and France said that they may reopen or expand their investigations into Google’s illegal collection of Internet data for its Street View service following revelations that the programmer who designed the software had informed coworkers of its capabilities as early as 2007. Google’s disclosure in 2010 that it had illegally collected 600 gigabytes of personal data -- including e-mails, photos, Web histories and passwords -- from Wi-Fi routers around the world was first uncovered in Germany and sparked a series of inquiries by privacy regulators in Europe and around the world.
More counterfeit goods will soon be sold online than on the street, according to the latest report by the U.S. Trade Representative. The increase in Internet access has led to increased access to counterfeit and pirated goods, the annual Special 301 report noted, a trend that has complicated copyright enforcement.
The Advertising Standards Authority has widened its inquiry into the advertising of the Apple iPad. The BBC understands the regulator is not satisfied that Apple has complied with an agreement to amend claims about the latest iPad's 4G capabilities.
The cyber-criminals running the notorious Mac Flashback malware were bringing in as much as $10,000 a day during the height of the botnet's activity, according to security software vendor Symantec. The attackers behind the Flashback malware -- which at one point had infected as many as 700,000 Apple Macs worldwide -- essentially were stealing advertising revenue from Google by redirecting clicks from users of infected systems, members of Symantec’s Security Response group said in a post on the company’s blog.
3
8
2
By: Jeffrey Burt 2012-05-01
There are 0 user comments on this IT Security & Network Security News & Reviews story.
The cyber-criminals behind the botnet stole ad revenue from Google by redirecting clicks from infected Apple Mac systems, according to Symantec researchers.
The cyber-criminals running the notorious Mac Flashback malware were bringing in as much as $10,000 a day during the height of the botnet's activity, according to security software vendor Symantec.
The attackers behind the Flashback malware—which at one point had infected as many as 700,000 Apple Macs worldwide—essentially were stealing advertising revenue from Google by redirecting clicks from users of infected systems, members of Symantec’s Security Response group said in an April 30 post on the company’s blog. The ad revenue for those clicks went to the cyber-criminals, not Google, Symantec said.
“The Flashback ad-clicking component is loaded into Chrome, Firefox and Safari where it can intercept all GET and POST requests from the browser,” the company said in the blog post. “Flashback specifically targets search queries made on Google and, depending on the search query, may redirect users to another page of the attacker's choosing, where they receive revenue from the click. (Google never receives the intended ad click.)”
“The ad click component parses out requests resulting from an ad click on Google Search and determines if it is on a whitelist. If not, it forwards the request to the malicious server.”
The Flashback malware started off last fall as a Trojan horse masquerading as an update to Adobe Flash. It morphed into a drive-by exploit that infected unprotected systems that visited a compromised or malicious Website.
The exploit leveraged a flaw in Java that Oracle in February had patched in Windows PCs and other systems, but that Apple didn’t address until issuing a patch in early April. By that time, more than 600,000 Macs—more than 1 percent in use globally—had become infected, and a botnet of that size could have netted the Flashback operators as much as $10,000 a day, according to Symantec.
Symantec researchers reverse-engineered the OSX.Flashback.K variant to see how the malware operated, according to the company. If a user of an unpatched Mac visited a compromised Website, the browser would be redirected to an exploit site hosting various Java exploits, and the initial Flashback component would be installed onto the system. That component would then download a loader and an ad-clicking component, Symantec said.
“Not much detail has been said about the ad-clicking component, so we will reveal the true motivation behind the malware: the end goal of this Trojan is revenue generation,” the Symantec Security Response team wrote.
The researchers ran a search for “toys” on an infected system. After doing so, they said that they could “clearly see a value of 0.8 cents for the click and the redirection URL highlighted in red. This redirected URL is subsequently written into the browser so that the user is now directed to the new site, in effect hijacking the ad click Google should have received. … This ultimately results in lost revenue for Google and untold sums of money for the Flashback gang.”
Apple officials have been criticized for their slow response to the Flashback malware—particularly rolling out a patch for the Java vulnerability two months after Oracle had issued one—and the Symantec researchers again noted that in their blog post.
“Unfortunately for Mac users, there was a large window of exposure since Apple’s patch for this vulnerability was not available for six weeks,” they wrote. “This window of opportunity helped the Flashback Trojan to infect Macs on a large scale. The Flashback authors took advantage of the gap between Oracle and Apple's patches by exploiting vulnerable Websites using Wordpress and Joomla to add malicious code snippets.
Since the extent of the Mac infections was reported in early April, a host of security software vendors and Apple itself have launched tools designed to detect and remove the Flashback malware from Macs. However, there has been some disagreement over how strong the exploit still is. Symantec officials reported in mid-April that the number of infected Macs had dropped to 140,000, while Kaspersky Lab researchers estimated the number was about 30,000.
However, Russian antivirus firm Dr. Web, which first reported the extent of the Flashback infections, said April 20 that the number of infected Macs was still at more than 650,000, and after hearing how the company came up with its figures, Symantec officials agreed, as did Mac security software vendor Intego.
3
8
2
Click here to find out more!
Post a new comment Login
Post 0 Comments
>>> More IT Security & Network Security News & Reviews Articles >>> More By Jeffrey Burt
Email Article To Friend ♦ Print Version Of Article ♦ PDF Version Of Article
Jurors began deliberating about whether Google Inc violated Oracle Corp's copyright on parts of the Java programming language, part of a high stakes trial over smartphone technology with more than $1 billion in play. Oracle is suing Google in federal court, claiming the search engine giant's Android mobile platform violated its patents and copyright to Java, and is seeking roughly $1 billion in copyright damages.
The number of malicious cyber attacks jumped 81 percent in 2011, according to new data from Symantec, with the firm noting a huge leap in mobile breaches, particularly on the Android OS. Social networks, meanwhile, are the new frontier for cyber scammers as they move on from spam, which decreased by 20 percent last year.
Organizations taking part in the most ambitious expansion of the Internet so far will find out next week whether their applications for new domain names could have been viewed by competitors as a result of a software bug. "We're very apologetic for the inconvenience to any applicants," ICANN chief executive Rod Beckstrom told Reuters.
Apple and Microsoft will be among technology companies asked to explain to Parliament why Australians pay much more for music and game downloads from iTunes, for example, than overseas customers. Federal Labor politicians are hoping the publicity generated by calling the companies to account for their pricing policies will result in prices dropping.
File-sharing site The Pirate Bay must be blocked by UK internet service providers, the High Court has ruled. The Swedish website hosts links to download mostly-pirated free music and video.
About : Legal Services | Doug Isenberg | Cases & Clients | Firm News
Resources : YouTube Channel | Daily News | Blog | Masterclass | Domain Dispute Digest
The GigaLaw Firm helps companies of all sizes protect their brands online, using domain name dispute policies – such as the Uniform Domain Name Dispute Resolution Policy (UDRP) – and other legal tools available to copyright and trademark owners on the Internet.