[CERT-daily] Tageszusammenfassung - Freitag 17-05-2013

Fri May 17 18:11:08 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 16-05-2013 18:00 − Freitag 17-05-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  Robert Waldner


*** Android.RoidSec: This app is an info stealing 'sync-hole'! ***
---------------------------------------------
By Nathan Collier Android.RoidSec has the package name 'cn.phoneSync', but an application name of 'wifi signal Fix'. From a Malware 101′ standpoint, you would think the creators would have a descriptive package name that matches the application name. Not so, in this case.
---------------------------------------------
http://blog.webroot.com/2013/05/16/android-roidsec-this-app-is-a-info-stealing-sync-hole/


*** vBulletin Input Validation Flaw Lets Remote Users Inject SQL Commands ***
---------------------------------------------
The 'index.php/ajax/api/reputation/vote' script does not properly validate user-supplied input in the 'nodeid' parameter. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database.
---------------------------------------------
http://www.securitytracker.com/id/1028543


*** Bank Account Logins for Sale, Courtesy of Citadel Botnet ***
---------------------------------------------
Financial theft is one of the most lucrative forms of cybercrime. Malware authors continue to deliver sophisticated tools and techniques to unlock online bank accounts. Attackers design and develop botnets to perform financial fraud, targeting banks and other institutions for profit.
---------------------------------------------
http://blogs.mcafee.com/mcafee-labs/bank-account-logins-for-sale-courtesy-of-citadel-botnet


*** Apple iTunes Multiple Vulnerabilities ***
---------------------------------------------
Multiple vulnerabilities have been reported in Apple iTunes, which can be exploited by malicious people to conduct spoofing attacks and compromise a user's system.
---------------------------------------------
https://secunia.com/advisories/53471


*** In a sea of malware, viruses make a small comeback ***
---------------------------------------------
Microsoft has noticed a small uptick in viruses that infect files
---------------------------------------------
http://www.csoonline.com/article/733558/in-a-sea-of-malware-viruses-make-a-small-comeback?source=rss_application_security


*** Trying to kill undead Pushdo zombies? Hard luck, Trojan is EVOLVING ***
---------------------------------------------
Malware remains undead, adds double-sneaky stealth mode The crooks behind the Pushdo botnet agent have developed variants of the malware that are more resistant to take-down attempts or hijacking by rival hackers.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/05/17/pushdo_extra_stealth/


*** Hintergrund: Mehr Fakten und Spekulationen zu Skypes ominösen Link-Checks ***
---------------------------------------------
Zu Beginn der Woche berichtete heise Security, dass Links, die in privaten Skype-Chat-Sitzungen verschickt werden, kurze Zeit später von einem System von Microsoft besucht werden. Wir beobachteten ausschließlich Zugriffe auf https-URLs. 
---------------------------------------------
http://www.heise.de/security/artikel/Mehr-Fakten-und-Spekulationen-zu-Skypes-ominoesen-Link-Checks-1865370.html


*** Targeted information stealing attacks in South Asia use email, signed binaries ***
---------------------------------------------
In the past few months, we have analyzed a targeted campaign that tries to steal sensitive information from different organizations throughout the world, but particularly in Pakistan. During the course of our investigations we uncovered several leads that indicate this threat has its origin in India and has been going on for at least two years.
---------------------------------------------
http://www.welivesecurity.com/2013/05/16/targeted-threat-pakistan-india/


*** Fake YouTube page targets Chrome users ***
---------------------------------------------
Fake YouTube pages are one of the favored ways attackers leverage to get users to click on malicious content.
---------------------------------------------
http://research.zscaler.com/2013/05/fake-youtube-page-targets-chrome-users.html


*** CSRF vulnerability in LinkedIn 2013 ***
---------------------------------------------
A security company has found an CSRF vulnerability in LinkedIn and they have uploaded an POC on Youtube to show the impact. The Cross Site Request Forgery attack allows the attacker to access information from an contact without the consent/knowledge of the affected user.
---------------------------------------------
http://cyberwarzone.com/csrf-vulnerability-linkedin-2013?


*** Blog: Malicious PACs and Bitcoins ***
---------------------------------------------
Malicious PACs used by Brazilian bad guys aiming to steal bitcoins
---------------------------------------------
http://www.securelist.com/en/blog/208195033/Malicious_PACs_and_Bitcoins


*** April 2013 virus activity review from Doctor Web ***
---------------------------------------------
May 13, 2013 IT security experts will remember April 2013 for several remarkable events. At the beginning of the month, Doctor Webs analysts hijacked a rapidly growing botnet comprised of computers infected with BackDoor.Bulknet.739. The middle of April saw the discovery of a new Trojan of the most common family 'Trojan.Mayachok' and an upsurge of spam containing subject matter related to the terrorist acts that occurred in Boston. 
---------------------------------------------
http://news.drweb.com/show/?i=3516&lng=en&c=9