by Paul Roberts

The Wikimedia Foundation is warning its millions of visitors that if they're seeing ads appearing on any of the Foundation's Web sites, then their computer is probably infected with malware.

The Foundation issued a statement on Monday clarifying that it never runs ads on the Web site for Wikipedia, the massive, crowd-sourced encyclopedia. Visitors who are seeing ads for for-profit firms have likely been the victim of a Web based attack, including malicious browser plug-ins, the statement reads.

A variety of malicious browser extensions for Chrome, Firefox and Internet Explorer are responsible for the ads, Wikimedia Foundation Director of Community Advocacy Philippe Beaudette explained. Alternatively, users may be accessing the Web by way of a free Internet connection that injects the ads into the Web pages the viewer loads. "But rest assured: you won't be seeing legitimate advertisements on Wikipedia."

The warning from Wikimedia comes amid other reports of widespread attacks from compromised Web sites. Web security firm zScaler reported yesterday that 621 of the one million most trafficked Web sites were serving malicious comments. Many of those were legitimate sites that had been compromised by online scammers and cyber crime groups.

Also, on Tuesday, the group ShadowServer reported that cyber criminals and groups engaged in targeted cyber espionage are increasingly using drive by exploits hosted on legitimate, but compromised Web servers.

Wikimedia advised its readers to disable browser add-ins on any Web browser that they use and to run a malware scan on their machine if they have concerns.

by Graham Cluley on May 14, 2012 | Be the first to comment

Filed Under: Featured, Malware, Spam

Is there anybody who regularly reads Naked Security who isn't familiar with malware attacks posing as email notifications regarding failed parcel deliveries?

Once again, we are seeing a widespread malware campaign spammed out - this time pretending to be regarding an aborted attempt to send a parcel via DHL to the recipient's address.

But on other occasions we've seen very similar threats pretending to be from UPS or Fedex and others.

Here's what a typical email in today's attack looks like, complete with a DHL corporate logo in the header and the subject line "DHL Package delivery status":

8 May 2012, 11:07
Hackers attack space agencies

Unknown hackers claim to have penetrated and stolen data from a range of government agencies and organisations. The US space agency NASA and its European counterpart the ESA have already admitted that an attack did indeed take place. In early May, a group referring to itself as 'The Unknowns' announced that it had hacked its way into systems at ten different organisations and published documents and other data alleged to have originated from the servers in question.

(crve)

More: http://www.h-online.com/security/news/item...es-1569914.html

8 May 2012, 15:58
Cyber attacks on US gas pipeline operators


According to a report in The Christian Science Monitor, a cyber attacker is targeting natural gas pipeline operators in the US. The report states that, since March, the Department of Homeland Security (DHS) has issued at least three confidential warnings at the second highest alert level (Amber) to natural gas suppliers, giving a detailed warning of a wave of attacks.

The attacks have reportedly been ongoing since December of last year. ICS-CERT, which specialises in industrial control system security, has apparently also issued a confidential warning. The attacks are said to have been carried out using spear-phishing techniques, in which criminals use specially crafted virus-infected emails to target specific company employees.

(crve)
http://www.h-online.com/security/news/item...rs-1570440.html

Hacker, rootkit find place in new novel by infosec journalist

By Ryan Naraine | May 9, 2012, 11:31am PDT

Summary: Dennis Fisher finds a way to embed information security subplots into a new novel.

With hacking groups like Anonymous and LulzSec stealing headlines and hackers from China, Brazil and everywhere else stealing secrets and technology, it’s only natural that security and hacking are finding their way into movies and books these days.

The independent, lone wolf hacker makes a good hero, and perhaps a better anti-hero, and that’s what security journalist Dennis Fisher has created with JD, the character at the heart of his new crime novel, Motherless Children.

The book is a classic murder mystery, set in the suburbs of Boston, and it unfolds as two state cops try to work out how the bodies of eight women came to be in an abandoned cranberry bog. Danny Tobin and his partner Frank Teixeira end up needing the help of an old friend, JD, a freelance hacker who gets them into a suspect’s network and leaves behind a little present in the form of a rootkit. That If Tobin is the cop who doesn’t always follow the lighted path, JD makes his own path, just as many real-world hackers and researchers have.

More to read at: http://www.zdnet.com/blog/security/hacker-...ournalist/12027

by Anne Saita

Travelers abroad should be on alert for malware masquerading as a software update when they attempt to connect to the Internet from their hotel rooms.

A warning issued by the Internet Crime Complaint Center says the FBI and other government agencies recently noticed malware that targets guests trying to connect laptops to the Internet in their hotel rooms. In each instance, a pop-up window appearing to be a software update of "a widely-used software product" appeared during the setup. The Intelligence Note does not name the vendor, but did not it frequently releases legitimate updates in a similar manner. IC3 also did not identify the countries where complaints were lodged.

"The FBI recommends that all government, private industry, and academic personnel who travel abroad take extra caution before updating software products on their hotel Internet connection," it said in a message issued Tuesday. "Checking the author or digital certificate of any prompted update to see if it corresponds to the software vendor may reveal an attempted attack. The FBI also recommends that travelers perform software updates on laptops immediately before traveling, and that they download software updates directly from the software vendor’s Web site if updates are necessary while abroad."

IC3 encourages anyone who believes they've encountered this type of attack to contact their local FBI office and promptly report it to them and at www.ic3.gov. The information will be used to identify emerging trends and to build a possible legal case against the attackers.

New malware strain locks up computers unless ransom is paid

A type of "ransomware" hitting users across Europe demands payment for alleged copyright violations, according to a Swiss security blog.

by Lance Whitney | May 7, 2012 8:50 AM PDT


A campaign of "ransomware" is locking people out of their computers unless they pony up the right amount of money.

Spotted by security blog abuse.ch, the malware taps into an exploit kit known as "Blackhole." Sold underground, Blackhole is used by criminals to infect computers through security holes in the browser or third-party plug-ins, such as Java and Adobe Reader.

If the version of Java, for example, is not up to date with the latest patches, the downloaded file will exploit the software's weakness by downloading the Trojan to the PC and then running it. Once the PC is infected, the user will receive a message on the screen saying that the computer has been locked for illegally downloading pirated music.

The message aimed toward those in the U.K. further says that "to unlock your computer and to avoid other legal consequences, your are obligated to pay a release fee of 50 pounds," around $80. The directions instruct the user to submit payment using an online payment system called Paysafecard. The message itself tries to look official with a logo of the Metropolitan Police at the top.

The malware has so far been targeting users in the U.K., Germany, France, Switzerland, Austria, and the Netherlands. The criminal behind this campaign appears to speak German, according to abuse.ch, since the local URLs used in this scam are all in German.

Read more about at: http://news.cnet.com/8301-1009_3-57429139-...ransom-is-paid/