ID: IRCNE2013031794
Date: 2013-03-22

According to “CNet”, Spider.io, a security researcher, announced that it has discovered a new botnet, called Chameleon, that's targeting "at least" 202 Web sites. The botnet is made up of over 120,000 host machines running Windows, according to Spider.io. Those machines are connecting to the Web with a Flash-friendly Trident-based browser that executes JavaScript. The vast majority of the machines -- 95 percent -- have come from U.S.-based IP addresses.
The botnets have targeted at least 202 Web sites, hitting them with as little as 9 billion ad impressions. The sites themselves are receiving 14 billion ad impressions, meaning the majority are coming from the botnet.
But here's the crux of the issue: advertisers are paying the sites 69 cents per thousand ad impressions, believing that they're legitimate. The Chameleon botnet, therefore, is able to siphon $6 million per month in cash from the advertisers.
Although botnets have been used to target text ads, they've largely stayed away from display ads because of the more sophisticated way in which advertisers analyze activity. In many cases, that analysis catches botnets before they have a chance to take hold. However, according to Spider.io, Chameleon is extremely sophisticated and act as though they're normal users surfing the Web. Still, the botnet has some hallmarks that give it away. According to Spider.io:
Despite the sophistication of each individual bot at the micro level, the traffic generated by the botnet in aggregate is highly homogenous. All the bot browsers report themselves as being Internet Explorer 9.0 running on Windows 7. The bots visit the same set of websites, with little variation. The bots generate uniformly random click co-ordinates across ad impressions and the bots also generate randomised mouse traces.
The discovery of the Chameleon botnet comes a little over a month after Microsoft and Symantec announced that they had taken down another botnet, known as Bamital, that redirected Web sites.

ID: IRCNE2013031792
Date: 2013-03-22

According to “CNet”, Apple yesterday added an extra layer of security to its Apple ID system that can harden the password people use to log in to various Apple services.
Users with an Apple ID can now sign up for two-step verification of their password, a system that sends a four-digit passcode by text message to a user's phone, and must be used on top of a regular password. In practice, this could keep an account from being compromised by an attacker, unless that person had access to the mobile device too.
The move comes a little less than a year after Apple required users to set up security questions for their online accounts, a common security measure that was notably absent. Once two-step verification is enabled, there are no longer security questions to remember.
"Apple takes customer privacy very seriously, and two-step verification is an even more robust process to ensure our user's data remains protected," an Apple spokesperson told CNET. "We are now offering our users the choice to take advantage of this additional layer of security."
Of note, the feature is currently available only in the U.S., U.K, Ireland, Australia and New Zealand.
Apple is the latest tech company to employ the security feature, which was discovered earlier by 9to5mac, as an option. Google, which has quite a few more online services than Apple, added it as an option in early 2011. Others, including Facebook, Yahoo, PayPal, and Dropbox already had the option.
Apple's user base at its various stores and other online stores continues to grow. Its last official number, released in January, put it at "over 500 million active accounts."

ID: IRCNE2013031793
Date: 2013-03-22

According to "zdnet", another security flaw has been discovered on some Samsung phones that allows complete access to a device.
Discovered by the same mobile enthusiast as the previous flaw, Terence Eden warns that this new bug could allow users to bypass the lock screen entirely through the use of third-party apps.
This affects pattern unlocks, PIN code screens, and face detection security.
The flaw was tested on a Samsung Galaxy Note II running Android 4.1.2 as before — but it does not appear to exist on stock Android from Google, suggesting this is limited to Samsung phones only. This flaw may exist in other Android phones, notably Samsung devices, and users and IT managers alike should test their devices immediately.
The method involves much of the same steps as before, and involves having direct access to the device. Also, the methodology may include repeating some steps, so by far this is not an easy way to gain unauthorized access to a Samsung device.
Samsung did not fix the original lock screen bug, leaving millions of devices potentially at risk from privacy invasion. More worryingly, now a similar flaw can open up the device completely.
For now, only a third-party ROM can prevent such attacks. According to Eden, one software ROM designed for the Galaxy S III claims to have fixed the problem.

ID: IRCNE2013031791
Date: 2013-03-22

According to "zdnet", only two days after Apple released a lock screen fix that allowed unauthorized users to bypass the four-digit PIN code on iPhones and iPads, a new password bypass vulnerability has been discovered.
YouTube user videosdebarraquito was able to bypass the lock screen on an iPhone 4 using nothing more than a paperclip. By locking the device and enabling the Voice Control feature, it is possible to circumvent the lock screen by ejecting the SIM card from its tray at the moment the device starts dialing.
From here, the phone application remains open, allowing access to recent call logs, contacts, and voicemail (if it isn't protected by a separate PIN code). But also from here, photos and video can also be accessed by creating a new contact.
As soon as the screen turns off, the device locks again, but this can be bypassed with the SIM card tray removal trick.
At ZDNet HQ in New York, we were able to reproduce this bug on an iPhone 4. It also appears this affects iPhone 4S and iPhone 5 users (German) with Siri disabled, as this re-enables Voice Control.
In Settings, tap General, then Passcode Lock. From here, disable Voice Dial on older versions of iPhones, or enable Siri (as this replaces Voice Control) if you have an iPhone 4S or older.

شماره: IRCNE2013031790
تاريخ:92/01/01

تروجاني جديد سيستم هاي مكينتاش را مورد حمله قرار داده است و بر روي اين سيستم ها يك پلاگين تبليغ افزار را نصب مي كند و با ارائه تبليغات در صفحات وب، براي نويسندگان اين بدافزار توليد درآمد مي كند.
با توجه به شركت آنتي ويروس روسي Dr. Web،نام اين بدافزار Trojan.Yontoo.1 مي باشد كه به طور فزاينده اي در حال گسترش بر روي سيستم هاي مكينتاش مي باشد.
روز گدشته شركت Dr. Web، در بيانيه اي اظهار داشت: مجرمان سايبري از برنامه هاي شبكه اي تبليغ افزارها سود مي برند و سود آن ها روز به روز از سيستم هاي ميكنتاش در حال افزايش مي باشد. اين بدافزار كه اخيرا كشف شده است، يكي از نمونه هاي اين تبليغ افزارها هستند.
اين تروجان از راه هاي متعددي مي تواند نصب شود و يكي از جالب ترين روش هاي نصب اين بدافزار، يك سري از فيلم هاي دستكاري شده خاص است كه شامل يك جعبه ديالوگ مي باشد و از يك خط فرمان براي نصب پلاگين استفاده مي كند. زماني كه بر روي دكمه " نصب پلاگين" كليك شود، قرباني به سمت سايتي كه حاوي تروجان است هدايت مي شود. تروجان Trojan.Yontoo.1 نيز مي تواند از طريق يك مديا پلير دانلود شود.
پس از راه اندازي، اين تروجان يك جعبه ديالوگ را توليد مي كند كه به كاربر پيشنهاد نصب Free Twit Tube را مي دهد. پس از آن كه كاربر دكمه "ادامه" را كليك نمايد، اين تروجان پلاگين تبليغ افزار براي سافاري، كروم و فايرفاكس را دانلود مي كند.

ID: IRCNE2013031790
Date: 2013-03-21

According to "cnet", a new Mac OS X Trojan is making the rounds, installing an adware plug-in that renders ads on Web pages to generate revenue for its author.
Dubbed Trojan.Yontoo.1, it is the most prominent of an increasing number of adware Trojans making the rounds, according to Russian antivirus company Dr. Web, the same company that discovered the Flashback virus last year.
"Criminals profit from affiliate ad network programs, and their interest in users of Apple-compatible computers grows day by day," Dr. Web said yesterday in a statement. "Recently discovered, Trojan.Yontoo.1 can serve as a striking example of such software."
The Trojan has a number of avenues for installation, perhaps the most interesting of which is a series of specially crafted movie trailers that include a dialog box that imitates a common prompt for plug-in installation. Once the "install plug-in" button is clicked, victims are redirected to a site where the Trojan is downloaded.
Trojan.Yontoo.1 can also be downloaded as a media player, a video quality enhancement program, or a download accelerator, Dr. Web said.
Once launched, the Trojan generates a dialog box that offers to install Free Twit Tube. After users presses "continue," the Trojan downloads the Yontoo adware plug-in for Safari, Chrome, and Firefox.

شماره: IRCNE2013031789
تاريخ: 27/12/91

به گزارش شركت امنيت موبايل Lookout، بدافزار NotCompatible كه براي آلوده كردن دستگاه‌هاي اندرويد و تبديل آنها به پراكسي‌هاي وب طراحي شده است، تحركات و فعاليت‌هاي جديدي بروز داده است.
اين بدافزار يك پراكسي شبكه ساده است كه وانمود مي‌كند يك به‌روز رساني سيستم است تا كاربران ناآگاه آن را نصب نمايند. به نظر مي‌رسد كه ايده اين بدافزار، دسترسي به شبكه‌هاي محافظت شده از طريق دستگاه‌هاي اندرويد قربانيان باشد. اين بدافزار به علت سرور كنترل و دستور خود در notcompatibleapp.eu، به اين نام خوانده مي‌شود.
هفته گذشته تعداد آلودگي‌هاي تشخيص داده شده اين بدافزار به عدد 20 هزار در روز افزايش يافت. اين بدافزار در ماه مي سال 2012 كشف شده بود و در اين مدت در حال كمون به سر مي‌برد.
اگرچه گسترش اوليه اين بدافزار از طريق وب‌سايت‌هاي هك شده بود، اما موج اخير آن از طريق هرزنامه‌هاي ايميلي در حال گسترش است. موضوع معمول اين ايميل‌ها hot news است و به نظر مي‌رسد كه پيام‌ها شامل لينك‌هايي به مقالات بي‌ارزش جعلي باشند.
بسته به نسخه و مرورگر اندرويد كاربر، ممكن است در مورد دانلود به وي پيامي نمايش داده شود. بسياري از مرورگرها دانلودي را به مقصد فولدر Downloads آغاز مي‌كنند، درحالي‌كه كروم ابتدا يك پيغام تأييد نمايش مي‌دهد.
به گفته Lookout، احتمال كمي براي صدمه مستقيم به دستگاه‌هاي آلوده وجود دارد و براي اينكه NotCompatible قادر به فعاليت باشد، قربانيان بايد ابتدا مجوز نصب آن را صادر نمايند كه همين مسأله باعث كاهش تهديد براي كاربران اندرويد مي‌گردد. بهترين توصيه امنيتي اين است كه هرگز به هيچ فايل .apk كه از آن مطمئن نيستيد اجازه نصب ندهيد.

شماره: IRCNE2013031788
تاريخ: 27/12/91

اپل روز پنجشنبه و براي اولين بار در شش ماه گذشته، يك به‌روز رساني براي OS X Mountain Lion عرضه كرد كه 14 آسيب‌پذيري امنيتي را اصلاح كرده و تعدادي مسأله ديگر را نيز حل مي‌كند.
اپل علاوه بر به‌روز رساني اين سيستم عامل، مرورگر Safari را نيز به نسخه 6.0.3 ارتقاء داده و 17 نقص امنيتي را در آن برطرف كرده است.
OS X 10.8.3 با نقايص غير امنيتي متعددي از جمله دو نقص مرتبط با Active Directory (تكنولوژي احراز هويت دامنه مايكروسافت) عرضه شده و ويژگي‌هاي جديدي از جمله پشتيباني از Boot Camp براي ويندوز 8 را نيز افزوده است.
آخرين بار اپل OS X Mountain Lionرا در تاريخ 19 سپتامبر 2012 به‌روز رساني كرده بود.
پشتيباني Mountain Lion از Boot Camp، پنج ماه پس از عرضه آن ويرايش توسط مايكروسافت است. پس از آن نيز ترميمي عرضه شد كه به iMac هاي داراي هارد درايوهاي 3TB اجازه مي‌داد ابزاري را كه مجوز سوئيچ كردن بين OS X و ويندوز را صادر مي‌كند، اجرا نمايند. پيش از آن، يك نقص از اجراي همزمان دو سيستم عامل در اين iMac ها جلوگيري مي‌كرد.
به‌روز رساني‌هاي مجزايي براي ارائه درايورهاي لازم ويندوز 7 و ويندوز 8 براي Boot Camp عرضه شده‌اند.
ترميم‌هاي ديگر عرضه شده در 10.8.3، شامل ترميمي براي يك مشكل صفحه نمايش در هنگام خروج سيستم مك از حالت Sleep، ترميمي ديگر براي مشكل صدا در سيستم‌هاي مك 2011، و ترميمي كه قابليت اعتماد Mail را در هنگام واكشي پيام‌ها از Exchange Server افزايش مي‌دهد، مي‌باشند.
از لحاظ امنيتي، فقط 4 آسيب‌پذيري Mountain Lion با عبارت «ممكن است منجر به اجراي كد دلخواه گردد» (توصيف اپل از نقايص حياتي) همراه هستند.
يك نقص امنيتي نيز مربوط به جاوا است كه همواره با افشاي آسيب‌پذيري‌هاي جديد و به‌روز رساني‌هاي فوري همراه بوده است. اپل در راهنمايي امنيتي خود نوشت كه مشاهده يك وب‌سايت خرابكار مي‌تواند به يك برنامه Java Web Start اجازه دهد به‌طور خودكار شروع به كار نمايد، حتي اگر پلاگين جاوا غيرفعال شده باشد.
به گفته اپل، يك نقص امنيتي ديگر نيز مي‌تواند از طريق يك سند PDF فريبكار مورد سوء استفاده قرار گيرد.
مانند اغلب مواقع، تعداد زيادي از اين نقايص در كد متن‌بازي كه اپل به همراه OS X عرضه مي‌كند (از وب‌سرور آپاچي گرفته تا Ruby on Rails) قرار دارند.
مرورگر Safari كه براي هر دو سيستم عامل Mountain Lion و OS X Lion به نسخه 6.0.3 ارتقاء يافته است، 17 اصلاحيه دريافت كرده است كه 15 اصلاحيه، مربوط به موتور متن‌باز اين مرورگر يعني WebKit مي‌باشد. تمامي اين 15 اصلاحيه در رده حياتي قرار گرفته‌اند.
اپل همچنين براي سيستم‌هاي مك Lion و Snow Leopard، به‌روز رساني امنيتي 2013-001 را عرضه كرده است.
OS X 10.8.3 و به‌روز رساني امنيتي 2013-001 از طريق انتخاب Software Update در منوي اپل، يا با باز كردن برنامه Mac App Store و كليك بر روي آيكون Update در گوشه بالاي سمت راست صفحه، در دسترس قرار دارند. اين به‌روز رساني‌ها همچنين به‌صورت دستي از سايت پشتيباني اپل قابل دريافت هستند.

ID: IRCNE2013031789
Date: 2013-03-17

According to “TechWorld”, the "NotCompatible" malware, designed to infect Android devices and turn them into unwitting Web proxies, is suddenly showing a sharp uptick in activity, according to mobile security vendor Lookout.
The malware is essentially a simple network proxy, which pretends to be a system update in order to get unwitting users to install it. The idea seems to be gaining access to protected networks through victims' infected Android devices. It was named for its apparent command-and-control server, at notcompatibleapp.eu.
Last weekend saw the number of detections for NotCompatible rise to 20,000 per day as of last Sunday and Monday, wrote researcher Tim Strazzere, who said that the malware had been largely dormant since it was discovered in May 2012.
But while the initial discovery saw the malware being installed by hacked websites, the latest wave of NotCompatible is being spread by email spam. The usual subject line is "hot news," and the infected messages appear to contain links to fake weight-loss articles.
"Depending on the user's Android OS Version and browser, they may be prompted about the download. Many stock browsers will transparently trigger a download to the device /Downloads folder whereas Chrome displays a confirmation dialog," wrote Strazzere.
Lookout said there is little chance of direct harm to infected devices, and victims must allow NotCompatible to be installed for it to function, further minimizing the overall threat to the majority of Android users. The best advice for safety is simply to never allow any .apk whose provenance you're even a little bit unsure of to be installed on your phone.

ID: IRCNE2013031788
Date: 2013-03-17

According to “Computerworld”, Apple yesterday updated OS X Mountain Lion for the first time in six months, patching 14 security vulnerabilities and addressing a host of other issues.
Alongside the operating system update, Apple also upgraded the Safari browser to version 6.0.3, fixing 17 security flaws.
OS X 10.8.3 dealt with several non-security flaws, including a pair related to Active Directory, Microsoft's domain authentication technology, and added new features that ranged from Boot Camp support for Windows 8 to letting users redeem app gift cards by holding the card in front of their Mac's built-in camera.
The last time Apple updated OS X Mountain Lion was Sept. 19, 2012, about two months after its debut.
Mountain Lion's new-found support for Boot Camp came five months after Microsoft launched that edition, and was accompanied by a fix that allowed iMacs with 3TB hard drives to run the utility that lets users switch between OS X and Windows. Previously, a bug prevented iMacs with drives that size to run the dual-boot software.
Separate updates were posted to provide the necessary Windows 7 and Windows 8 drivers for Boot Camp.
Other fixes addressed in 10.8.3 included one for a screen problem when the Mac woke from sleep, another for audio stuttering on 2011 Macs, and a third that reportedly improved Mail's reliability when fetching messages from an Exchange server.
On the security side, only four of the 14 Mountain Lion vulnerabilities were accompanied with the phrase "may lead to ... arbitrary code execution," Apple's way of classifying the bug as critical.
One flaw involved Java, the Oracle software that has been plagued by a rash of zero-day disclosures and emergency updates. "Visiting a maliciously crafted website could allow a Java Web Start application to be launched automatically, even if the Java plug-in is disabled," Apple said in its advisory.
Another could be exploited by a rigged PDF document, said Apple.
As often is the case, several of the flaws were in open-source code that Apple includes or integrates with OS X, ranging from the Apache Web server to Ruby on Rails.
Safari, which was updated to 6.0.3 for both Mountain Lion and OS X Lion, received 17 patches, 15 of them in WebKit, the open-source browser engine that powers Apple's browser as well as Google's Chrome. All 15 were rated critical.
Apple also patched Macs running Lion and Snow Leopard with Security Update 2013-001.
OS X 10.8.3 and Security Update 2013-001 are available by selecting "Software Update..." from the Apple menu, or by opening the Mac App Store application and clicking the Update icon at the top right of the screen. The updates can also be downloaded manually from Apple's support site.