SECURITY WARNINGS & Notices - Please post them here

[nmb]

Sorry, that was from twitter.

Here it is : http://blog.sucuri.net/2010/04/network-solutions-hacked-again.html

nmb

[Alan Baxter]

Thank you for the link, nmb.  Interesting stuff.  Thank goodness for NoScript and Avast 5 -- and automatic browser and OS updates.

[nmb]

Yes I feel very good that I know about noscript and avast. Both are very efficient in blocking such hacks. Huge thanks to both of 'em.

nmb

[bob3160]

More sites hacked : http://bit.ly/9a8nP2

Could you provide the full URL?  In general, I'm not comfortable clicking on shortened ones because they give me no indication of where I'm supposed to wind up.

Maybe you need this little Firefox add-on:
http://www.lockergnome.com/bob3160/2010/04/14/the-long-and-short-of-urls/

[mkis]

   google Chrome bookmark

[DavidR]

More sites hacked : http://bit.ly/9a8nP2

Could you provide the full URL?  In general, I'm not comfortable clicking on shortened ones because they give me no indication of where I'm supposed to wind up.

Maybe you need this little Firefox add-on:
http://www.lockergnome.com/bob3160/2010/04/14/the-long-and-short-of-urls/

That little add-on is reported as only for old versions of firefox when you get to Mozilla's add-ons section and no link to download the .xpi file. It hasn't been updated for some time and not offered for firefox 3.6.3.

[polonus]

Hi malware fighters,

Well Trojan now posing as a GoogleChrome extension:
http://www.malwarecity.com/blog/trojan-as-fake-google-chrome-extension-797.html

polonus

[Hermite15]

Network Solutions customers hit by mass hack attack
http://www.theregister.co.uk/2010/04/19/network_solutions_mass_hack/

Network Solutions' security team is battling a mysterious attack that has silently infected a "huge" number of the websites it hosts with malicious code.

The mass compromise affects sites running WordPress, Joomla, and plain-vanilla HTML, according to reports here and here from Securi Security and Stop Malvertising. Many of the infected sites include encoded javascript that secretly attempts to install malware on visitors' computers.

>>> Firefox + NS

[polonus]

Hi malware fighters,

A solution for the XSS filter problem in IE8 will be launched next patch round:
http://blogs.technet.com/msrc/archive/2010/04/19/guidance-on-internet-explorer-xss-filter.aspx

polonus

[Hermite15]

1.5M stolen Facebook IDs up for sale

http://www.computerworld.com/s/article/9175936/1.5M_stolen_Facebook_IDs_up_for_sale?source=rss_internet

IDG News Service - A hacker named Kirllos has a rare deal for anyone who wants to spam, steal or scam on Facebook: an unprecedented number of user accounts offered at rock-bottom prices.

Researchers at VeriSign's iDefense group recently spotted Kirllos selling Facebook user names and passwords in an underground hacker forum, but what really caught their attention was the volume of credentials he had for sale: 1.5 million accounts.

IDefense doesn't know if Kirllos' accounts are legitimate, and Facebook didn't respond to messages Thursday seeking comment. If they are legitimate, he has the account information of about one in every 300 Facebook users. His asking price varies from $25 to $45 per 1,000 accounts, depending on the number of contacts each user has.

To date, Kirllos seems to have sold close to 700,000 accounts, according to VeriSign Director of Cyber Intelligence Rick Howard.

social networks

[polonus]

Hi malware fighters,

Now also Fx is vulnerable to the newest Zeus version via HTML injection: http://www.scmagazineus.com/new-zeus-version-targeting-firefox-users-for-bank-fraud/article/168455/


polonus

[polonus]

Emerging threat reported by Symantec UK:

1100 UK Health Service machines infected with Qakbot:
http://www.symantec.com/connect/de/blogs/qakbot-steals-2gb-confidential-data-week

pol

P.S. Manual removal instructions:
1. Temporarily Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Reboot computer in SafeMode
4. Run a full system scan and clean/delete all infected files
5. Delete/Modify any values added to the registry.

Navigate to and delete the following registry entry:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrent VersionRun”[LEGITIMATE APPLICATION NAME]” = “”C:Documents And SettingsAll Users_qbothome_qbotinj.exe” “C:Documents And SettingsAll Users_qbothome_qbot.dll” /c [PATH TO LEGITIMATE APPLICATION]”

6. Exit registry editor and restart the computer.
7. In order to make sure that threat is completely eliminated from your computer, carry out a full scan of your computer using Avast AntiVirus and Antispyware Software like MBAM and SAS,

Damian

[polonus]

This could be an extensive threat:
http://www.enterprise-security-today.com/story.xhtml?story_id=112003V2043K&page=1&full_skip=1

polonus

[JuninhoSlo]

Hi

Mcafee update shutting down Xp machines.- http://www.engadget.com/2010/04/21/mcafee-update--shutting-down-xp-machines/


Have a nice day.

[Jtaylor83]

Blippy users' credit card info exposed on Google - http://news.cnet.com/8301-27080_3-20003283-245.html?tag=mncol;title